Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. GuardDuty also detects potentially compromised instances or reconnaissance by attackers.

FILTERS
 
GuardDuty
Enable GuardDuty with Notifications and Compliance Checks
AWS
A configuration package to enable Amazon GuardDuty in an AWS account as well as email notifications for GuardDuty findings (using a CloudWatch Event Rule), and an AWS Config Rule to verify that GuardDuty is continuously enabled.
GuardDuty
CloudWatch Event
Config Rule
Enable GuardDuty
AWS
Configuration to enable Amazon GuardDuty.
GuardDuty Master Account: Invite Member Accounts
AWS
Configuration to enable Amazon GuardDuty as a Master account and send invitations to member accounts
GuardDuty Member Account: Accept Invitation from Master Account
AWS
Configuration to enable Amazon GuardDuty as a member account and accept an invitation from a master GuardDuty account
CloudWatch Events
detect-guardduty-findings
GuardDuty
A CloudWatch Event Rule that triggers on Amazon GuardDuty findings and publishes findings to an SNS topic. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.
Config Rule
GuardDuty Enabled and Centralized (optional) Check
GuardDuty
A Config rule that checks whether Amazon GuardDuty is enabled in your AWS account and region. If you provide an AWS account for centralization, the rule evaluates the Amazon GuardDuty results in the centralized account. The rule is compliant when Amazon GuardDuty is enabled.
GuardDuty Untreated Findings
GuardDuty
A config rule that checks whether GuardDuty has untreated findings.