Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: GuardDuty should be enabled

Ensure GuardDuty is enabled to meet high severity compliance standards.

RuleGuardDuty should be enabled
FrameworkFedRAMP Moderate Revision 4
Severity
High

Rule Description

The rule states that GuardDuty should be enabled for FedRAMP Moderate Revision 4. GuardDuty is a threat detection service offered by Amazon Web Services (AWS). Enabling GuardDuty helps to monitor and detect malicious activity within your AWS environment. FedRAMP, which stands for Federal Risk and Authorization Management Program, is a government-wide program that provides a standardized approach for assessing and authorizing cloud products and services. FedRAMP Moderate determines the security impact level and security control requirements for moderate risk systems.

Enabling GuardDuty for FedRAMP Moderate Revision 4 ensures that your AWS environment meets the security requirements set forth by the FedRAMP program. It helps to identify and respond to security threats, enhancing the overall security posture of your cloud infrastructure.

Troubleshooting Steps

If GuardDuty is not enabled for FedRAMP Moderate Revision 4, you may encounter the following issues:

  1. 1.

    Non-compliance: Failure to enable GuardDuty for FedRAMP Moderate Revision 4 can lead to non-compliance with the security standards required for moderate risk systems.

  2. 2.

    Increased vulnerability: Without GuardDuty, your AWS environment may be susceptible to various threats, including unauthorized access, data breaches, and malicious activities.

  3. 3.

    Lack of threat detection: Without GuardDuty enabled, you may miss out on crucial insights and threat intelligence necessary for proactive threat detection and response.

Necessary Codes

To enable GuardDuty for FedRAMP Moderate Revision 4, you need to execute the following AWS CLI command:

aws guardduty create-detector --enable --finding-publishing-frequency SIX_HOURS --no-enable-cloud-watch

This command creates a GuardDuty detector, enables it, and sets the finding publishing frequency to every six hours. However, the

--no-enable-cloud-watch
flag helps to avoid enabling CloudWatch.

Step-by-Step Guide for Remediation

Follow the steps below to enable GuardDuty for FedRAMP Moderate Revision 4:

  1. 1.

    Install and configure the AWS CLI: Ensure that you have the AWS CLI (Command Line Interface) installed and properly configured on your system.

  2. 2.

    Open your preferred terminal or command prompt.

  3. 3.

    Enter the following command to create and enable the GuardDuty detector:

aws guardduty create-detector --enable --finding-publishing-frequency SIX_HOURS --no-enable-cloud-watch
  1. 1.

    Wait for the command to execute successfully. Once the command finishes executing, GuardDuty will be enabled for your AWS environment.

  2. 2.

    Verify the status of GuardDuty by running the following command:

aws guardduty list-detectors

This command will display a list of detectors, their states, and other relevant information. Ensure that the GuardDuty detector is listed and its state is "ENABLED."

Congratulations! You have successfully enabled GuardDuty for FedRAMP Moderate Revision 4 in your AWS environment. GuardDuty will now start monitoring your AWS resources for potential security threats and provide you with actionable findings.

Conclusion

Enabling GuardDuty for FedRAMP Moderate Revision 4 is crucial for maintaining the security and compliance of your AWS environment. By following the provided troubleshooting steps and using the necessary codes, you can effectively enable GuardDuty and enhance your threat detection capabilities. Regularly monitor GuardDuty findings and take appropriate actions to mitigate identified risks, ensuring the overall security of your cloud infrastructure.

Is your System Free of Underlying Vulnerabilities?
Find Out Now