To setup the Guardduty pre-requisites please refer to the following links (still to be done)
- Choose Guardduty from the services menu
2. Click the Get started button
3. Click Enable GuardDuty to start monitoring the AWS account by Guardduty
4. The next step is to click on Settings option
5. If needed configure the findings to be exported in S3 bucket and if needed update the frequency findings to 15 mins or 1 hour
6. The next step is to configure the S3 bucket in which the guardduty findings are saved by clicking Configure now
7. Choose whether a new or existing bucket will be used. In our case an existing bucket/kms key will be used. Once finished click save
8. For testing findings click Generate Sample findings from the settings options (if needed)
To access the sample findings click on the findings option
9. Click Lists
10. Type list name and specify the S3 location and Format type,
11. Choose the appropriate format in our case I used plaintext. Click I agree to the list addition and click Add list
12. Once this trusted list is added click the active button
13. Once the Trusted IP lists is created, we need to create the Threat list if needed. Click Add a threat list
15. The next configuration required is to check the S3 protection by Click S3 protection under the settings section
12. Ensure that S3 protection is enabled on this account. If disabled click Enable
By default, it should be enabled
16. The last step required is to check the usage costs by clicking the Usage menu
For the usage values to be active several hours are needed once the service is activated