En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

GuardDuty and AWS Security Hub - Timing

0

Hi All,

Ive a quick question re: the timings of findings being generated and being accessible in AWS Security Hub via GuardDuty.

Without giving away the trade secrets, Im guessing there various step that take place from the point there is suspicious activity to it being available via the SecurityHub API.

Im guessing the steps would be:

  1. Suspicious activity on the account taking place
  2. GuardDuty observes and stores this finding
  3. GuardDuty then passes this to Security Hub or does Security Hub have the same access to the GuardDuty repository (therefore does it get I the same time as GuardDuty finds it?)
  4. Available to be pulled via the findings API

What are the timeframes of these steps?

Im trying to understand how quickly I can access the finding from the point the suspious activity happened.

Thanks all.

Sujets
Sécurité, identité et conformitéFramework AWS Well-Architected
Balises
Hub de sécurité AWSAmazon GuardDutySécurité
Langue
English
rePost-User-3015122
demandé il y a 2 ans339 vues
1 réponse
1

Guardduty is designed to analyze account and network activity in near real time and at scale. The findings are available for retrieval through Guardduty API.

When GuardDuty creates a new finding, it is usually sent to Security Hub within five minutes. More details about Guardduty and Security Hub integration can be found here.

AWS
raj_b
répondu il y a 2 ans
profile picture
EXPERT
Giovanni Lauria
vérifié il y a 23 jours

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents