Guard Duty with Security Hub


trying to understand relationship between security hub and guard duty in aws organisation sub account

If GuardDuty is enabled on organisation member account B and security hub is enabled on organisation master/delegated admin account A than will the master account A recieve findings from account B even if we don't enable guard duty in master account?

2 Answers
Accepted Answer

If Security Hub and GuardDuty are enabled in the same account then Security Hub will receive the GD findings for that account and then send all findings to Security Hub in the delegated admin account for that region. Enabling GuardDuty on all accounts and in all regions is recommended best practice however - there is no cost if there are no workloads or activity in that account and if something WAS to happen then at least you would know about it. In addition it make it so much easier to manage and view all GD findings in a single account. Is there a reason for not enabling GD in your management/delegated admin account? (Note: we recommend making the delegated admin account the same for ALL security services like GD, SH, Inspector, Macie, Detective etc)

profile pictureAWS
answered a year ago

Yes, I have tried it in my environment.

You can receive findings from member account B without enabling GaurdDuty on management/delegated admin account A.

profile picture
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions