Purpose of Guardduty

0

Hi Team,

Im aware Guardduty is used for threat detection based on the API calls. Im struck where not all logs are appearing in the Guardduty. I have a control tower setup with organization enabled where all accounts are enabled with guard duty. Im not sure where im missing.

Can someone explain where im lacking

Regards, Vijay

2 Answers
0
  • I have aldready enabled Guard duty in an audit account and made that a delegated account. Now i dont see the logs or insights for that account in my audit account. Need to know what type of resource logs should be enabled to get the logs of all accounts.

0

Hey Vijay, All the logging is done on the backend as GuardDuty gets them directly from the relevant services. You do not need to enable any resource logging. GuardDuty analyses CloudTrail management event logs, CloudTrail S3 data event logs, VPC Flow Logs, DNS query logs, and Amazon EKS audit logs without you enabling any resource logs. Please refer to the following for more information: 1/ workshop session showing how to setup GuardDuty in a Control tower environment. https://controltower.aws-management.tools/security/guardduty/ 2/ troubleshooting section as well https://docs.aws.amazon.com/guardduty/latest/ug/troubleshooting.html Do not hesitate to contact AWS Support for further assistance if needed.

profile pictureAWS
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions