AWS Guardduty Detector
Deploys an Amazon GuardDuty Detector to an AWS region as a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and sends emails about security findings for visibility and remediation.
Deployments
32
Made by
Massdriver
Official
Yes
No
Compliance
Clouds
Tags
Operator Guide
This is the guide for your bundle. It will appear
under the guide button
in Massdriver.
Use it to describe to users how the bundle works, use cases for the bundle, and examples.
| Variable | Type | Description |
|---|---|---|
| detector.region | string | AWS Region to provision in. |
| features.ebs_malware | boolean | Enable scanning of EBS volumes for malware |
| features.eks_audit | boolean | Enable monitoring of EKS audit logs to detect suspicious activity in your EKS clusters |
| features.eks_runtime | boolean | Enable monitoring of EKS runtimes to detect suspicious activity in EKS workloads |
| features.lambda_network | boolean | Enable monitoring of AWS lambda invocations |
| features.rds_login | boolean | Enable monitoring successful and unsuccessful login attempts to RDS databases |
| features.s3_data | boolean | Enable monitoring of S3 get/put/list/delete events |
| monitoring.mode | string | Enable and customize CloudWatch metric alarms. |
| notifications.email | string | Specify email to be notified at in case of findings |
| notifications.frequency | string | Select the frequency to export events to EventHub for notifications |
| notifications.severity.high | boolean | A High severity level indicates that the resource in question is compromised and is actively being used for unauthorized purposes. |
| notifications.severity.low | boolean | A low severity level indicates attempted suspicious activity that did not compromise your network |
| notifications.severity.medium | boolean | A Medium severity level indicates suspicious activity that deviates from normally observed behavior and, depending on your use case, may be indicative of a resource compromise. |
