Configuration details for enabling Amazon GuardDuty, inviting member accounts or accepting invitations from master accounts. Also included are configuration items to enable manual whitelists or threat lists. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform.
A configuration package to enable Amazon GuardDuty in an AWS account as well as email notifications for GuardDuty findings (using a CloudWatch Event Rule), and an AWS Config Rule to verify that GuardDuty is continuously enabled.
Configuration to enable Amazon GuardDuty.
Configuration to enable Amazon GuardDuty as a Master account and send invitations to member accounts
Configuration to enable Amazon GuardDuty as a member account and accept an invitation from a master GuardDuty account
This template creates a GuardDuty Filter resource. The filter is used to specify criteria for filtering findings in GuardDuty.
Creates an IPSet for Amazon GuardDuty, allowing you to specify a list of IP addresses to monitor for potential threats. The IPSet is activated and linked to a specific GuardDuty detector using the provided DetectorId.
This template creates an Amazon GuardDuty Threat Intel Set, which allows you to import a list of IP addresses or domains that you want GuardDuty to monitor for potential threats. The template activates the Threat Intel Set and specifies the detector ID, format, location, and name.
A CloudWatch Event Rule that triggers on Amazon GuardDuty findings and publishes findings to an SNS topic. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.
A Config rule that checks whether Amazon GuardDuty is enabled in your AWS account and region. If you provide an AWS account for centralization, the rule evaluates the Amazon GuardDuty results in the centralized account. The rule is compliant when Amazon GuardDuty is enabled.
A config rule that checks whether GuardDuty has untreated findings.