To setup the Guardduty pre-requisites please refer to the following links (still to be done)

  1. Choose Guardduty from the services menu

2. Click the Get started button

3. Click Enable GuardDuty to start monitoring the AWS account by Guardduty

4. The next step is to click on Settings option

5. If needed configure the findings to be exported in S3 bucket and if needed update the frequency findings to 15 mins or 1 hour

6. The next step is to configure the S3 bucket in which the guardduty findings are saved by clicking Configure now

7. Choose whether a new or existing bucket will be used. In our case an existing bucket/kms key will be used. Once finished click save

8. For testing findings click Generate Sample findings from the settings options (if needed)

To access the sample findings click on the findings option

9. Click Lists

9. Create a trusted list IP list (Allowed list) by clicking Add a trusted IP List

10. Type list name and specify the S3 location and Format type,

11. Choose the appropriate format in our case I used plaintext. Click I agree to the list addition and click Add list

12. Once this trusted list is added click the active button

13. Once the Trusted IP lists is created, we need to create the Threat list if needed. Click Add a threat list

14. Once the threat list is created click the active button

15. The next configuration required is to check the S3 protection by Click S3 protection under the settings section

12. Ensure that S3 protection is enabled on this account. If disabled click Enable

By default, it should be enabled

 

16. The last step required is to check the usage costs by clicking the Usage menu

For the usage values to be active several hours are needed once the service is activated

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.