nuclei-templates/cloud/aws/guardduty/guardduty-not-enabled.yaml

id: guardduty-not-enabled

info:
  name: GuardDuty Not Enabled
  author: DhiyaneshDK
  severity: info
  description: |
    Ensure that Amazon GuardDuty service is currently enabled in all regions in order to protect your AWS environment and infrastructure (AWS accounts and resources, IAM credentials, guest operating systems, applications, etc) against security threats.
  impact: |
    GuardDuty disabled leaves your AWS environment vulnerable to undetected threats, such as unauthorized access, anomalous activities, and potential security breaches, compromising the overall security posture.
  remediation: |
    Enable GuardDuty to continuously monitor and detect security threats in your AWS environment.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/guardduty-enabled.html
    - https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html
  tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config

variables:
  region: "us-west-2"

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      aws guardduty list-detectors --region $region --query 'DetectorIds' --output json

    matchers:
      - type: word
        words:
          - "[]"

    extractors:
      - type: dsl
        dsl:
          - '"GuardDuty Is Not Enabled"'
# digest: 4b0a00483046022100a4b4d58c1c63e777f526ea729b0606c9778e22d31303546c4dd802e07f6adbaf022100b6259e9ecca607e4a4a59f5783407a2624c810904acde7de240c6b371fbf65c0:922c64590222798bb761d5b6d8e72950
updated names 2024-10-28 08:24:39 +00:00			`id: guardduty-not-enabled`
AWS - GuardDuty (4 Templates) 2024-10-18 05:58:26 +00:00
			`info:`
updated names 2024-10-28 08:24:39 +00:00			`name: GuardDuty Not Enabled`
AWS - GuardDuty (4 Templates) 2024-10-18 05:58:26 +00:00			`author: DhiyaneshDK`
updated names 2024-10-28 08:24:39 +00:00			`severity: info`
AWS - GuardDuty (4 Templates) 2024-10-18 05:58:26 +00:00			`description: \|`
			`Ensure that Amazon GuardDuty service is currently enabled in all regions in order to protect your AWS environment and infrastructure (AWS accounts and resources, IAM credentials, guest operating systems, applications, etc) against security threats.`
			`impact: \|`
			`GuardDuty disabled leaves your AWS environment vulnerable to undetected threats, such as unauthorized access, anomalous activities, and potential security breaches, compromising the overall security posture.`
			`remediation: \|`
			`Enable GuardDuty to continuously monitor and detect security threats in your AWS environment.`
			`reference:`
			`- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/guardduty-enabled.html`
			`- https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html`
			`tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config`

			`variables:`
			`region: "us-west-2"`

			`self-contained: true`

			`code:`
			`- engine:`
			`- sh`
			`- bash`
			`source: \|`
			`aws guardduty list-detectors --region $region --query 'DetectorIds' --output json`

			`matchers:`
			`- type: word`
			`words:`
			`- "[]"`

			`extractors:`
			`- type: dsl`
			`dsl:`
chore: sign templates 🤖 2024-10-28 08:47:55 +00:00			`- '"GuardDuty Is Not Enabled"'`
			`# digest: 4b0a00483046022100a4b4d58c1c63e777f526ea729b0606c9778e22d31303546c4dd802e07f6adbaf022100b6259e9ecca607e4a4a59f5783407a2624c810904acde7de240c6b371fbf65c0:922c64590222798bb761d5b6d8e72950`