Configuration details for enabling Amazon GuardDuty, inviting member accounts or accepting invitations from master accounts. Also included are configuration items to enable manual whitelists or threat lists. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform.
A configuration package to enable Amazon GuardDuty in an AWS account as well as email notifications for GuardDuty findings (using a CloudWatch Event Rule), and an AWS Config Rule to verify that GuardDuty is continuously enabled.
Configuration to enable Amazon GuardDuty.
Configuration to enable Amazon GuardDuty as a Master account and send invitations to member accounts
Configuration to enable Amazon GuardDuty as a member account and accept an invitation from a master GuardDuty account
This template creates a GuardDuty Filter resource. The filter is used to specify criteria for filtering findings in GuardDuty.
Creates an IPSet for Amazon GuardDuty, allowing you to specify a list of IP addresses to monitor for potential threats. The IPSet is activated and linked to a specific GuardDuty detector using the provided DetectorId.
This template creates an Amazon GuardDuty Threat Intel Set, which allows you to import a list of IP addresses or domains that you want GuardDuty to monitor for potential threats. The template activates the Threat Intel Set and specifies the detector ID, format, location, and name.
This template enables an AWS GuardDuty detector with specific data sources including S3 logs and EC2 instance EBS volume scans, while disabling Kubernetes audit logs.
This template enables an AWS GuardDuty detector and configures the EKS runtime monitoring feature.
Creates a GuardDuty filter to archive findings based on specific criteria such as region, threat list name, update time, and severity.
This template accepts a pending AWS GuardDuty invitation for a member account and manages the association with the primary account.
This template sets up a GuardDuty member and sends an invitation to join GuardDuty.
Configures an AWS GuardDuty Organization Admin Account, including the necessary organization and detector resources.
This template configures AWS GuardDuty for an organization, enabling it for all members and setting up enhanced security features such as S3 logs, Kubernetes audit logs, and malware protection for EC2 instances.
Configures AWS GuardDuty to monitor EKS runtime and manage EKS add-ons with automatic enablement settings.
Sets up a GuardDuty Publishing Destination with necessary S3 bucket and KMS key configurations.
A Config rule that checks whether Amazon GuardDuty is enabled in your AWS account and region. If you provide an AWS account for centralization, the rule evaluates the Amazon GuardDuty results in the centralized account. The rule is compliant when Amazon GuardDuty is enabled.
A config rule that checks whether GuardDuty has untreated findings.