Amazon GuardDuty service is enabled

Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. GuardDuty also detects potentially compromised instances or reconnaissance by attackers.

Risk Level: Low
Cloud Entity: Region
CloudGuard Rule ID: D9.AWS.VLN.03
Covered by Spectral: Yes
Category: Global

GSL LOGIC

Region should have guardDutyStatus='Enabled'

REMEDIATION

From Portal
Use following steps to enable Amazon GuardDuty

  1. Open the GuardDuty console at https://console.aws.amazon.com/guardduty/
  2. Choose Get Started.
  3. Choose Enable GuardDuty.

Note: If you previously signed in to the AWS Management Console using AWS account root user credentials, choose Sign in to a different account. If you previously signed in to the console using IAM credentials, choose Sign-in using root account credentials. Then choose Create a new AWS account.

From TF

resource "aws_guardduty_detector" "test" {
	+ enable = true
}

From Command Line
Run following command to create an Amazon GuardDuty detector.

aws guardduty create-detector --region AWS_region_name --enable

Note: Detector is an object to represent the AWS GuardDuty service. A detector must be created to make GuardDuty operational. --enable command syntax specifies that the detector is automatically enabled after creation.

References

  1. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html
  2. https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector
  4. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/guardduty/create-detector.html

Region

Each Amazon EC2 Region is designed to be completely isolated from the other Amazon EC2 Regions. This achieves the greatest possible fault tolerance and stability.

Compliance Frameworks

  • AWS CIS Controls V 8
  • AWS CSA CCM v.4.0.1
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO27001:2022
  • AWS ITSG-33
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5
  • AWS PCI-DSS 4.0
  • CloudGuard AWS All Rules Ruleset