Ensure GuardDuty is enabled for robust security compliance.
Rule | GuardDuty should be enabled |
Framework | CISA-cyber-essentials |
Severity | ✔ High |
GuardDuty Enabled for CISA-Cyber-Essentials
Overview
Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help protect AWS accounts and workloads. It's imperative for compliance with the CISA (Cybersecurity & Infrastructure Security Agency) Cyber Essentials that organizations implement monitoring tools to secure their IT environment against threats.
Enabling GuardDuty
Step-by-Step Guide
Access the GuardDuty Console:
Activate GuardDuty:
Set the Detector:
Configure Settings:
Integrate with Other AWS Services:
Create Sample Findings (Optional):
AWS CLI Commands
To enable a detector in a specific region using the AWS CLI:
aws guardduty create-detector --enable --region your-region
To retrieve the list of detectors:
aws guardduty list-detectors --region your-region
Troubleshooting
Issue: GuardDuty is not showing any findings.
Issue: GuardDuty sample findings are not being generated.
Remediation and Best Practices
Automate GuardDuty Activation:
Account Configuration:
Regular Audit:
Incident Response Plan:
Monitor Continuously:
Training and Awareness:
By adhering to these steps and ensuring GuardDuty is properly configured and integrated, organizations will meet one of the key elements of the CISA Cyber Essentials, which is to “Protect Critical Assets and Applications”. This not only helps in maintaining compliance but also significantly boosts the security posture of the AWS environment, making the infrastructure much less vulnerable to cyber-attacks.