
AWS GuardDuty
Integration Documentation
AWS GuardDuty Integration
Overview
AWS GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.
Prerequisites
Configuration Steps
1. Enable AWS GuardDuty
2. Navigate to GuardDuty service
3. Click "Get started" to enable GuardDuty
4. Choose your master account and member accounts
5. Select the regions where you want to enable GuardDuty
2. Create IAM Role
Create an IAM role with the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"guardduty:GetFindings",
"guardduty:ListFindings",
"guardduty:GetDetector",
"guardduty:ListDetectors"
],
"Resource": "*"
}
]
}
3. Configure Bloo Integration
2. Navigate to Integrations > AWS GuardDuty
3. Click "Configure Integration"
4. Enter your AWS credentials:
- Access Key ID
- Secret Access Key
- Region
5. Test the connection
6. Save the configuration
4. Set Up Alerting
Configure alert rules in Bloo:
Supported Finding Types
Monitoring and Maintenance
Regular Tasks
2. Update Rules: Keep GuardDuty rules updated
3. Monitor Costs: Track GuardDuty usage costs
4. Test Integration: Verify connectivity monthly
Troubleshooting
Common Issues:
- Verify IAM credentials
- Check role permissions
- Ensure GuardDuty is enabled
2. No Findings Received
- Verify region configuration
- Check GuardDuty detector status
- Review IAM permissions
3. High Latency
- Check network connectivity
- Verify AWS service status
- Review API rate limits
Best Practices
2. Use dedicated IAM roles for integration access
3. Implement least privilege access controls
4. Regularly review and update finding filters
5. Monitor GuardDuty costs and adjust as needed
Support
For additional support: