[Workshop Alert] Mastering Observability with OpenTelemetry Fundamentals - Register Now!

Start Free Trial Get a Demo
Start Free Trial Request Demo

Quick Start Security for AWS GuardDuty

AWS GuardDuty
AWS GuardDuty icon

Coralogix Extension For AWS GuardDuty Includes:

Dashboards - 1

Gain instantaneous visualization of all your AWS GuardDuty data.

GuardDuty Overview
GuardDuty Overview

Alerts - 4

Stay on top of AWS GuardDuty key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

No Logs From AWS GuardDuty

'Summary This alert triggers if there are no logs seen from GuardDuty in your account. Note- This alert should configured with relevant app & subsystem. Define timeframes/conditions that directly align with business objectives. Impact An adversary may disable logging capabilities and integrations to limit what data is collected on their activities and avoid detection. Mitigation Investigate the root cause of this behavior and re-enable the logging, if it is disabled. Additionally, administrators can manage policies to ensure only necessary users have permission to make changes to logging policies. MITRE Tactic: TA0005 MITRE Technique: T1562'

High Severity Event

This alert triggers whenever GuardDuty assigns high severity to an event/a finding. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A high severity level indicates that the resource in question is compromised and is actively being used for unauthorized purposes. Mitigation It is recommended to treat any high-severity findings as a priority and take immediate remediation steps to prevent further unauthorized use of your resources. To investigate further, check the field names such as 'type', 'description', 'title', etc. for more detail.

Medium Severity Event

This alert triggers whenever GuardDuty assigns medium severity to an event/a finding. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A medium severity level indicates suspicious activity that deviates from normally observed behavior and, depending on your use case, may be indicative of a resource compromise. Mitigation To investigate further, check the field names such as 'type', 'description', 'title', etc.

Low Severity Event

This alert triggers whenever GuardDuty assigns low severity to an event/a finding. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A low severity level indicates attempted suspicious activity that did not compromise your network, for example, a port scan or a failed intrusion attempt. Mitigation To investigate further, check the field names such as 'type', 'description', 'title', etc.

Integration

Learn more about Coralogix's out-of-the-box integration with AWS GuardDuty in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3