If Security Hub and GuardDuty are enabled in the same account then Security Hub will receive the GD findings for that account and then send all findings to Security Hub in the delegated admin account for that region. Enabling GuardDuty on all accounts and in all regions is recommended best practice however - there is no cost if there are no workloads or activity in that account and if something WAS to happen then at least you would know about it. In addition it make it so much easier to manage and view all GD findings in a single account. Is there a reason for not enabling GD in your management/delegated admin account? (Note: we recommend making the delegated admin account the same for ALL security services like GD, SH, Inspector, Macie, Detective etc)
Yes, I have tried it in my environment.
You can receive findings from member account B without enabling GaurdDuty on management/delegated admin account A.
Security Hub and Cloudwatch EventsAccepted Answerasked 4 years ago
Best method to send guardduty logs to opensearchasked 6 months ago
Cannot add AWS Management Account as member of Security HubAccepted Answerasked 5 months ago
Security Hub - Disabled in all accountsasked 5 months ago
Security Hub Master Invites Not Receivedasked 2 years ago
Guard Duty with Security Hubasked 16 days ago
Security Hub with Organisationsasked 17 days ago
Security standards in config and security hubasked 15 days ago
Security Hub - AWS Foundational Security Best PracticesAccepted Answerasked 5 months ago
Best practices to deploy GuardDuty, Macie, Sec Hub and Config in a Multi-account environment?asked 9 months ago