Questions tagged with Amazon GuardDuty
Content language: English
Sort by most recent
I am using AWS GuardDuty and EKS. Recently I got couple of alerts from AWS GuardDuty for DefenseEvasion:EC2/UnusualDNSResolver mentioning one of the EKS nodes are connecting to 1.1.1.1. When I check...
I'm using our Management account to do this. The main GuardDuty service is enabled on a vast majority of our Organization accounts already. I do not need to enable GuardDuty itself, just turn on the...
I'm working on analyzing CloudTrail events as they come in and when I was setting up a filter ( ignore events that are readOnly ) I was surpised to see the above events coming through. is that...
Hi Team,
Im aware Guardduty is used for threat detection based on the API calls.
Im struck where not all logs are appearing in the Guardduty.
I have a control tower setup with organization enabled...
Hello Team,
I want to import our internal third-party intelligence feeds into guard duty. Is there any manual way or automated way to do so? Please let me know if any unconventional solutions are...
I have a task where I'm required to make sure all my GuardDuty logs from multiple accounts are logged to one account using a centralized logging solution.
At the moment, I'm trying to find a way...
Hello,
I am trying to export GuardDuty logs to S3 and I am getting errors with the policy. I am receiving message above **'findings export options' to an S3 bucket`**.
I am following the...
I am using AWS GuardDuty integration to Slack.
Integration works like this, Cloudwatch Event --> SNS --> Lambda --> Slack.
Last week I got an alert for one finding and I did take action on that. But...
Hi, all,
New to the community so will do my best to follow the dos and don't but a bit of a AWS novice so bear with me.
It was noticed that the new "Malware Protection" trial had started in our AWS...
Hi,
AWS Guardduty is reporting: "ec2 instance is communicating with a remote host on an unusual server port 43582" from and EC2 instance that does not exist. We have autoscaling group that terminates...
Hi,
We're going through an Audit (It is my first year at this company) and I'm trying to find evidence, if we have any, that we monitor for data exfiltration attempts specifically (or other intrusion...
We enabled GuardDuty at the Org-level and delegated the primary/management Account. However, in the GD console at the delegated account, the primary/management Account isn't listed. It seems as though...