Enable GuardDuty Rule
This rule emphasizes the necessity to enable GuardDuty for enhanced security measures.
| Rule | GuardDuty should be enabled |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ High |
Rule Description:
It is recommended to enable GuardDuty for Federal Financial Institutions Examination Council (FFIEC) to enhance the overall security of the organization. GuardDuty is an intelligent threat detection service offered by Amazon Web Services (AWS), which continuously monitors AWS accounts for suspicious activity and potential security threats. By enabling GuardDuty for FFIEC, you can proactively detect and respond to security incidents, enable threat intelligence, and gain better visibility into your AWS environment.
Troubleshooting Steps:
In case you face any issues while enabling GuardDuty for FFIEC, follow these troubleshooting steps:
- 1.
Check IAM Permissions: Ensure that the AWS Identity and Access Management (IAM) user or role you are using to enable GuardDuty has the necessary permissions. The user should have the "GuardDutyFullAccess" IAM policy attached, or have custom policies with equivalent permissions.
- 2.
Verify GuardDuty Activation: Confirm that GuardDuty is activated globally in your AWS account. If GuardDuty is not activated globally, it cannot be enabled for FFIEC.
- 3.
Check Region Availability: GuardDuty may not be available in all AWS regions. Verify whether the region you are working in supports GuardDuty. If it is not available, consider moving your FFIEC infrastructure to a supported region or contact AWS support for further assistance.
- 4.
Review CloudTrail Integration: GuardDuty relies on AWS CloudTrail for collecting logs and generating findings. Ensure that CloudTrail is properly configured and integrated with GuardDuty. Check the CloudTrail settings, including the correct selection of S3 bucket and the appropriate IAM permissions.
- 5.
Verify VPC Flow Logs Setup: If you have configured VPC flow logs for network traffic monitoring, ensure that they are correctly set up. GuardDuty relies on VPC flow logs for additional visibility into network-related threats.
Code:
There is no specific code required for enabling GuardDuty for FFIEC, as it is a configuration setting within the AWS Management Console.
Remediation Steps:
Follow the steps below to enable GuardDuty for FFIEC using the AWS Management Console:
- 1.Sign in to the AWS Management Console.
- 2.Open the "GuardDuty" service page.
- 3.Click on the "Get started" button.
- 4.In the "Enable GuardDuty" wizard, select the region where you want to enable GuardDuty.
- 5.Choose the desired threat detection level (Low/Medium/High) based on your security requirements.
- 6.Select the S3 bucket where you want GuardDuty findings to be stored.
- 7.Enable CloudTrail integration by selecting the appropriate CloudTrail trail.
- 8.Review the settings and click on the "Enable GuardDuty" button.
Once GuardDuty is enabled, it will start analyzing the logs and generate findings related to potential threats and anomalies in your AWS environment. You can access the GuardDuty findings from the GuardDuty console, CloudWatch Events, or integrate them with other security tools for further analysis and remediation.
Remember to regularly monitor the GuardDuty findings and take necessary actions based on the severity and potential impact of the detected threats.