Back to Integrations
AWS GuardDuty

AWS GuardDuty

Integration Documentation

Documentation

AWS GuardDuty Integration

Overview

AWS GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.

Prerequisites

  • AWS account with GuardDuty enabled
  • IAM permissions to access GuardDuty findings
  • Bloo platform access credentials

    • Configuration Steps

    1. Enable AWS GuardDuty

  • Sign in to the AWS Management Console
  • Navigate to GuardDuty service
  • Click "Get started" to enable GuardDuty
  • Choose your master account and member accounts
  • Select the regions where you want to enable GuardDuty

    • 2. Create IAM Role

    Create an IAM role with the following permissions:

    ``json

    {

    "Version": "2012-10-17",

    "Statement": [

    {

    "Effect": "Allow",

    "Action": [

    "guardduty:GetFindings",

    "guardduty:ListFindings",

    "guardduty:GetDetector",

    "guardduty:ListDetectors"

    ],

    "Resource": "*"

    }

    ]

    }

    ``

    3. Configure Bloo Integration

  • Log into your Bloo platform dashboard
  • Navigate to Integrations > AWS GuardDuty
  • Click "Configure Integration"
  • Enter your AWS credentials:

    • - Access Key ID

    - Secret Access Key

    - Region

  • Test the connection
  • Save the configuration

    • 4. Set Up Alerting

    Configure alert rules in Bloo:

  • High Severity Findings: Immediate notification
  • Medium Severity Findings: Daily summary
  • Low Severity Findings: Weekly summary

    • Supported Finding Types

  • Reconnaissance: Port scanning, unauthorized access attempts
  • Instance Compromise: Malware detection, suspicious API calls
  • Account Compromise: Unusual login patterns, credential abuse
  • Data Exfiltration: Unusual data access patterns

    • Monitoring and Maintenance

    Regular Tasks

  • Review Findings: Check for new findings daily
  • Update Rules: Keep GuardDuty rules updated
  • Monitor Costs: Track GuardDuty usage costs
  • Test Integration: Verify connectivity monthly

    • Troubleshooting

    Common Issues:

  • Authentication Errors

    • - Verify IAM credentials

    - Check role permissions

    - Ensure GuardDuty is enabled

  • No Findings Received

    • - Verify region configuration

    - Check GuardDuty detector status

    - Review IAM permissions

  • High Latency

    • - Check network connectivity

    - Verify AWS service status

    - Review API rate limits

    Best Practices

  • Enable GuardDuty in all regions where you have resources
  • Use dedicated IAM roles for integration access
  • Implement least privilege access controls
  • Regularly review and update finding filters
  • Monitor GuardDuty costs and adjust as needed

    • Support

    For additional support:

  • Bloo Documentation: docs.bloo.com/integrations/aws-guardduty
  • AWS GuardDuty Documentation: docs.aws.amazon.com/guardduty
  • Bloo Support: support.bloo.com

    • We use cookies to provide essential site functionality and, with your consent, to analyze site usage and enhance your experience. View our Privacy Policy