Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable GuardDuty Rule

This rule specifies the requirement to enable GuardDuty for enhanced security measures.

RuleGuardDuty should be enabled
FrameworkNIST 800-53 Revision 4
Severity
High

Rule Description

The rule states that GuardDuty must be enabled for NIST 800-53 Revision 4 compliance. GuardDuty is an intelligent threat detection service provided by AWS that continuously monitors and analyzes network activity within your AWS environment. Enabling GuardDuty helps to detect and respond to potential security threats, ensuring compliance with NIST 800-53 Revision 4 requirements.

Troubleshooting Steps

If GuardDuty is not enabled for NIST 800-53 Revision 4, you can follow these troubleshooting steps to enable it:

  2. 1.

    Verify GuardDuty Status: First, check the current status of GuardDuty in your AWS account. You can use the AWS Management Console, AWS CLI (Command Line Interface), or AWS SDKs (Software Development Kits) to retrieve the GuardDuty status.

  4. 2.

    Review NIST 800-53 Revision 4 Controls: Familiarize yourself with the applicable controls from NIST 800-53 Revision 4 that pertain to GuardDuty. These controls outline the specific security requirements that must be met.

  6. 3.

    Enable GuardDuty: If GuardDuty is not already enabled, you can enable it using the AWS Management Console or AWS CLI. The following steps outline the process for enabling GuardDuty through the console:

    • Sign in to the AWS Management Console.
    • Navigate to the GuardDuty service.
    • Click on "Enable GuardDuty" or "Get Started" to initiate the setup process.
    • Select the appropriate AWS regions for GuardDuty to monitor.
    • Configure the settings according to your requirements, ensuring compliance with NIST 800-53 Revision 4.
    • Review the chosen settings and click on "Enable GuardDuty" to activate the service.
  8. 4.

    Monitor GuardDuty Findings: Once GuardDuty is enabled, regularly monitor the findings produced by the service. The findings will highlight potential security threats or compliance violations related to NIST 800-53 Revision 4. Take necessary actions based on these findings to rectify any issues and enhance your overall security posture.

Necessary Codes

No specific codes are required for this rule. However, you may utilize the following AWS CLI command to check the status of GuardDuty:

aws guardduty list-detectors

This command will provide information about the detectors available in your AWS account, which includes the status of GuardDuty.

Remediation Steps

To enable GuardDuty for NIST 800-53 Revision 4 compliance, follow these step-by-step instructions:

  2. 1.
    Sign in to the AWS Management Console.
  4. 2.
    Navigate to the GuardDuty service.
  6. 3.
    Click on "Enable GuardDuty" or "Get Started" to initiate the setup process.
  8. 4.
    Select the appropriate AWS regions for GuardDuty to monitor. Consider the regions where your critical assets are hosted.
  10. 5.
    Review the default settings and adjust them according to your requirements, ensuring compliance with NIST 800-53 Revision 4 controls.
  12. 6.
    Configure the thresholds and frequency for notifications and alerts.
  14. 7.
    Enable CloudTrail integration if desired for enhanced threat detection.
  16. 8.
    Review the chosen settings and click on "Enable GuardDuty" to activate the service.
  18. 9.
    Once enabled, regularly monitor GuardDuty findings and take appropriate actions for remediation based on the identified threats or compliance violations.

Congratulations! GuardDuty is now enabled for NIST 800-53 Revision 4 compliance. By successfully implementing and monitoring GuardDuty, you enhance your AWS environment's security and ensure compliance with NIST 800-53 Revision 4 requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now