Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for AWS GuardDuty

AWS GuardDuty
AWS GuardDuty icon

Out-of-the-Box Security For AWS GuardDuty Includes:

Dashboards - 1

Gain instantaneous visualization of all your AWS GuardDuty data.

GuardDuty Overview
GuardDuty Overview

Alerts - 4

Stay on top of AWS GuardDuty key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

No Logs from AWS GuardDuty

This alert triggers if there are no logs seen from GuardDuty in your account in the past 24 hours. Impact An adversary may disable logging capabilities and integrations to limit what data is collected on their activities and avoid detection. Mitigation Investigate the root cause of this behavior and re-enable the logging, if it is disabled. Additionally, administrators can manage policies to ensure only necessary users have permission to make changes to logging policies. MITRE Tactic: TA0005 MITRE Technique: T1562

High Severity Event

This alert triggers whenever GuardDuty assigns high severity to an event/a finding. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A high severity level indicates that the resource in question is compromised and is actively being used for unauthorized purposes. Mitigation It is recommended to treat any high-severity findings as a priority and take immediate remediation steps to prevent further unauthorized use of your resources. To investigate further, check the field names such as 'type', 'description', 'title', etc. for more detail.

Medium Severity Event

This alert triggers whenever GuardDuty assigns medium severity to an event/a finding. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A medium severity level indicates suspicious activity that deviates from normally observed behavior and, depending on your use case, may be indicative of a resource compromise. Mitigation To investigate further, check the field names such as 'type', 'description', 'title', etc.

Low Severity Event

This alert triggers whenever GuardDuty assigns low severity to an event/a finding. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A low severity level indicates attempted suspicious activity that did not compromise your network, for example, a port scan or a failed intrusion attempt. Mitigation To investigate further, check the field names such as 'type', 'description', 'title', etc.

Documentation

Learn more about Coralogix's out-of-the-box integration with AWS GuardDuty in our documentation.

Read More
Schedule Demo