Rule: GuardDuty Should Be Enabled
This rule enforces the necessity of enabling GuardDuty for system and information integrity.
| Rule | GuardDuty should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description:
The rule requires enabling Amazon GuardDuty for compliance with the NIST 800-53 Revision 5 security standard. GuardDuty is a managed threat detection service that continuously monitors AWS resources for suspicious activity and unauthorized behavior. Enabling GuardDuty enhances the security posture and helps in identifying potential security issues.
Remediation Steps:
To enable GuardDuty for NIST 800-53 Revision 5 compliance, follow the step-by-step guide below:
Step 1: Sign in to the AWS Management Console
- Go to the AWS Management Console at https://console.aws.amazon.com/console/.
Step 2: Navigate to Amazon GuardDuty
- In the AWS Management Console, search for "GuardDuty" using the search bar at the top.
- Click on "Amazon GuardDuty" from the search results.
Step 3: Create a New Detector
- In the GuardDuty dashboard, click on "Get Started" if you haven't set up GuardDuty before.
- On the "Create a new detector" page, select the AWS region where you want to enable GuardDuty and click on "Create".
Step 4: Enable Monitoring
- Once the detector is created, click on the detector ID to open the detector details page.
- In the detector details page, click on "Enable GuardDuty" to start monitoring for the selected region.
- Review the payment information and click on "Enable GuardDuty" again to confirm.
Step 5: Configure Settings
- On the GuardDuty settings page, set up the following options based on the NIST 800-53 Revision 5 requirements:
- Select the AWS accounts and regions you want to monitor.
- Choose appropriate Auto archive settings and threat intelligence options.
- Configure email notifications for findings.
- Once the settings are configured, click on "Save changes".
Step 6: Verify Monitoring Status
- After saving the changes, check the status of GuardDuty monitoring to ensure it is active.
- The GuardDuty dashboard should display the status of the detector as "Monitoring enabled" for the selected regions.
Troubleshooting Steps:
If you encounter any issues during the GuardDuty enablement process, follow the troubleshooting steps below:
- 1.
Issue: Unable to find GuardDuty in the AWS Management Console.
- Troubleshooting: Double-check that you are signed in to the correct AWS account. Ensure that you have the necessary permissions to access GuardDuty.
- 2.
Issue: Error during the creation of a detector.
- Troubleshooting: Make sure that you have selected the correct AWS region for GuardDuty. Check if there are any issues with your AWS account billing information.
- 3.
Issue: GuardDuty shows an inactive status even after enabling.
- Troubleshooting: Wait for a few minutes and refresh the GuardDuty dashboard. Sometimes, it can take a short while for the monitoring to become active. If the issue persists, check the GuardDuty documentation or contact AWS support for further assistance.
Additional Information:
No additional codes or command line interface (CLI) steps are required to enable GuardDuty for NIST 800-53 Revision 5 compliance. The process can be completed entirely within the AWS Management Console.