- Newest
- Most votes
- Most comments
Hello,
First, I think it’s worth noting the features and intended use between AWS Security Hub and Amazon GuardDuty:
- AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation.
- Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation
GuardDuty can be integrated into Security Hub so that findings generated by GuardDuty can be aggregated into Security Hub for centralized viewing (along with any other enabled security services). Please reference Product integrations in AWS Security Hub and you can take further action.
With regard to the S3 finding you referenced, please see the Amazon S3 Controls for Security Hub, specifically S3.9 - S3 bucket server access logging should be enabled.
Also, please note this is an S3 control you are being notified to action on, per the AWS Foundational Security Best Practices v1 standard you enabled in Security Hub.
For GuardDuty, expect to see any of the following should GuardDuty detect suspicious behavior for your S3 buckets - GuardDuty S3 finding types.
If you are unsure of which source a finding originated from in Security Hub, you can do the following:
- Log into your AWS account that is serving as the delegated security administrator for Security Hub
- Navigate to the Security Hub console
- Select the Findings link on the far left
- Look for the Product filter and you will see the source/service of where a finding originated from
Hope this helps!
Guard duty is an intelligent threat detection service where it monitors things such as DNS request logs, VPC Flow logs, CloudTrail event logs etc.
The S3 bucket findings is NOT part of Guard duty. That will be coming from AWS Config rules.
S3 protection in guard duty will be monitoring API calls and not how buckets are configured.
Security hub aggregates findings from multiple sources such as GuardDuty, Config, Macie, Inspector
Relevant content
- Accepted Answerasked 4 months ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago