Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Regarding Guard Duty

0

I have followed document and tried to configure the guard duty service for forwarding the logs to s3 bucket, everythings seems well but logs are not getting stored in bucket. Need help.

  • Gary Mclean EXPERTE
    vor 9 Monaten

    Please can you provide the bucket policy (removing any thing sensitive) pls

Themen
Sicherheit, Identität & Konformität
Tags
Amazon GuardDuty
Sprache
English
Developing Team
gefragt vor 9 Monaten253 Aufrufe
1 Antwort
2

Does your KMS key policy grant guardduty as stated in Guardduty Setup Documentation. KMS key policy would be as below:

   {    
       "Sid": "AllowGuardDutyKey",
       "Effect": "Allow",
       "Principal": {
           "Service": "guardduty.amazonaws.com"
       },
       "Action": "kms:GenerateDataKey",
       "Resource": "arn:aws:kms:Region1:444455556666:key/KMSKeyId",
       "Condition": {
           "StringEquals": {
               "aws:SourceAccount": "111122223333",
               "aws:SourceArn":    "arn:aws:guardduty:Region2:111122223333:detector/SourceDetectorID"	
           }
       }
   }

For bucket policy, follow the section Granting GuardDuty permissions to a bucket in the above mentioned documentaion.

Bucket and KMS key policy are two most common places, which prevents guarduty to write logs.

Hope you find this useful.

Comment here for additional questions.

Abhishek

profile pictureAWS
EXPERTE
secondabhi_aws
beantwortet vor 9 Monaten
profile picture
EXPERTE
Gary Mclean
überprüft vor 9 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt