- Newest
- Most votes
- Most comments
If Security Hub and GuardDuty are enabled in the same account then Security Hub will receive the GD findings for that account and then send all findings to Security Hub in the delegated admin account for that region. Enabling GuardDuty on all accounts and in all regions is recommended best practice however - there is no cost if there are no workloads or activity in that account and if something WAS to happen then at least you would know about it. In addition it make it so much easier to manage and view all GD findings in a single account. Is there a reason for not enabling GD in your management/delegated admin account? (Note: we recommend making the delegated admin account the same for ALL security services like GD, SH, Inspector, Macie, Detective etc)
Yes, I have tried it in my environment.
You can receive findings from member account B without enabling GaurdDuty on management/delegated admin account A.
Relevant content
- asked 3 months ago
- asked a year ago
- Accepted Answerasked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago