Reviewing the Findings in GuardDuty If you went through the exercise in the previous section, you will see the findings appear inside the GuardDuty console after about 8 to 10 minutes. At the top of the screen, the colored ovals that previously contained all zeros will now have one in the medium-severity category and two […]

Enabling Amazon GuardDuty Amazon GuardDuty is a regional service. You must first select the region where you will enable the service; once that is done, it is effortless to enable it. Just complete the following steps: After enabling GuardDuty, you will be brought to the main GuardDuty page (that is, the Findings page) by default. […]

How GuardDuty Works After enabling the GuardDuty service, data is collected from the aforementioned three sources and begins to be analyzed. The service can analyze tens of billions of events from multiple data sources, which are vetted for threat intelligence; it looks for abnormal activity on your account in this manner. If GuardDuty notices anomalous […]

Key Features of GuardDuty As a managed threat detection service, GuardDuty provides the following key features: Now that you have an idea of the key features that GuardDuty offers, the next sections will help you dive deeper into those features. Data Sources for GuardDuty The Amazon GuardDuty service derives most of its information from three […]

In the process of creating your infrastructure and granting user access to your account, you need to be on the lookout for the security of your environment. There’s a good possibility that your environment will be changing constantly. This means that the security status of your environment could change as well, potentially leading to new […]

Summary In this chapter, you examined the AWS Config service in detail. You saw how to start the configuration recorder to begin inventorying the resources in our AWS account, and reviewed the different types of rules available for AWS Config and how the rules get triggered inside an account. You also learned how to use […]

Real-Life Example of Using Automated Remediations Suppose you are part of a company that has developed an organization-wide policy that no EBS volume can be created without encryption. This would be the perfect opportunity for automatic remediation. First, you would create a rule to check whether a volume was encrypted and would be triggered when […]

Evaluating Config Rules Once the rules have been configured in the account and the specified triggers have been set, the AWS Config service will flag the resources that do not comply with those rules. As you initially set your rules, especially in the case of custom rules, you may have to review the items that […]

AWS Config Managed Rules AWS provides lists of AWS managed rules. These are predefined yet customizable rules that the Config service can use to evaluate your resources and determine whether they comply with the standard best practices that that rule set has laid out. You do not need to write a corresponding Lambda function to […]

Resource Relationship AWS Config allows you to find, for any of your resources, what other AWS resources they are connected to or associated with. You can obtain this information from either the AWS Management Console or via commands from the CLI. Since you are already in the Management Console looking at the dashboard, try viewing […]