Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable GuardDuty Rule for Risk Assessment (RA)

In order to achieve compliance with Risk Assessment (RA) benchmark, ensure GuardDuty is enabled.

RuleGuardDuty should be enabled
FrameworkNIST 800-53 Revision 4
Severity
High

Rule Description

The GuardDuty service should be enabled for compliance with the NIST 800-53 Revision 4 security framework. GuardDuty is a threat detection service offered by Amazon Web Services (AWS) that continuously monitors AWS environments for malicious activities or unauthorized behavior. Enabling GuardDuty ensures that your AWS infrastructure is protected against potential security threats and helps to achieve compliance with the NIST 800-53 Revision 4 security controls.

Troubleshooting Steps (if any)

If you face any issues while enabling GuardDuty or encounter any errors during the process, follow these troubleshooting steps:

  1. 1.

    Verify your IAM permissions: Ensure that the IAM user or role attempting to enable GuardDuty has the necessary permissions to do so. The user/role should have the

    guardduty:CreateDetector
    permission granted in their IAM policy.

  2. 2.

    Check your GuardDuty quota: AWS imposes a limit on the number of GuardDuty detectors that can be enabled per region. Verify if there is any existing detector enabled in the region to ensure the quota is not exceeded. If needed, request a quota increase by contacting AWS Support.

  3. 3.

    Review CloudTrail configuration: GuardDuty relies on CloudTrail service for collecting logs and generating findings. Ensure that CloudTrail is properly configured and its logs are enabled for the desired AWS account and region.

  4. 4.

    Verify VPC flow logs (optional): If you want GuardDuty to analyze VPC flow logs, ensure that flow logs are enabled for the relevant VPCs. You can check the flow log configuration in the VPC management console.

  5. 5.

    Validate AWS permissions: Verify that the IAM role being used to enable GuardDuty has the required permissions to access and collect relevant data from AWS services and resources.

Necessary Codes (if any)

No specific codes are required for enabling GuardDuty for NIST 800-53 Revision 4 compliance. The process can be accomplished through the AWS Management Console or the AWS Command Line Interface (CLI).

Step-by-Step Guide for Remediation

Follow these step-by-step instructions to enable GuardDuty for compliance with NIST 800-53 Revision 4:

  1. 1.

    Sign in to the AWS Management Console using your AWS account credentials.

  2. 2.

    Open the GuardDuty service by searching for "GuardDuty" in the AWS Management Console search bar.

  3. 3.

    If you have multiple AWS accounts, choose the desired account to enable GuardDuty for.

  4. 4.

    Click on the "Get started" button to create a new GuardDuty detector.

  5. 5.

    Review the available detector options and select the desired region for GuardDuty to monitor.

  6. 6.

    If you wish to enable GuardDuty analysis of VPC flow logs, select the relevant VPCs for analysis.

  7. 7.

    Choose "Enable" to create the GuardDuty detector.

  8. 8.

    GuardDuty will now start analyzing logs and monitoring your AWS environment for threats and unauthorized behavior.

  9. 9.

    Review the generated findings and alerts within the GuardDuty service console, or configure notifications to receive real-time alerts through Amazon SNS or other methods.

By following these steps, you will have successfully enabled GuardDuty for compliance with NIST 800-53 Revision 4. GuardDuty will continuously monitor your AWS environment for potential security threats, helping to protect your infrastructure and enhance your compliance efforts.

Is your System Free of Underlying Vulnerabilities?
Find Out Now