Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Regarding Guard Duty

0

I have followed document and tried to configure the guard duty service for forwarding the logs to s3 bucket, everythings seems well but logs are not getting stored in bucket. Need help.

  • Gary Mclean EXPERTO
    hace 9 meses

    Please can you provide the bucket policy (removing any thing sensitive) pls

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Amazon GuardDuty
Idioma
English
Developing Team
preguntada hace 9 meses253 visualizaciones
1 Respuesta
2

Does your KMS key policy grant guardduty as stated in Guardduty Setup Documentation. KMS key policy would be as below:

   {    
       "Sid": "AllowGuardDutyKey",
       "Effect": "Allow",
       "Principal": {
           "Service": "guardduty.amazonaws.com"
       },
       "Action": "kms:GenerateDataKey",
       "Resource": "arn:aws:kms:Region1:444455556666:key/KMSKeyId",
       "Condition": {
           "StringEquals": {
               "aws:SourceAccount": "111122223333",
               "aws:SourceArn":    "arn:aws:guardduty:Region2:111122223333:detector/SourceDetectorID"	
           }
       }
   }

For bucket policy, follow the section Granting GuardDuty permissions to a bucket in the above mentioned documentaion.

Bucket and KMS key policy are two most common places, which prevents guarduty to write logs.

Hope you find this useful.

Comment here for additional questions.

Abhishek

profile pictureAWS
EXPERTO
secondabhi_aws
respondido hace 9 meses
profile picture
EXPERTO
Gary Mclean
revisado hace 9 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante