39 lines
1.5 KiB
YAML
39 lines
1.5 KiB
YAML
id: guardduty-not-enabled
|
|
|
|
info:
|
|
name: GuardDuty Not Enabled
|
|
author: DhiyaneshDK
|
|
severity: info
|
|
description: |
|
|
Ensure that Amazon GuardDuty service is currently enabled in all regions in order to protect your AWS environment and infrastructure (AWS accounts and resources, IAM credentials, guest operating systems, applications, etc) against security threats.
|
|
impact: |
|
|
GuardDuty disabled leaves your AWS environment vulnerable to undetected threats, such as unauthorized access, anomalous activities, and potential security breaches, compromising the overall security posture.
|
|
remediation: |
|
|
Enable GuardDuty to continuously monitor and detect security threats in your AWS environment.
|
|
reference:
|
|
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/guardduty-enabled.html
|
|
- https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html
|
|
tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config
|
|
|
|
variables:
|
|
region: "us-west-2"
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
aws guardduty list-detectors --region $region --query 'DetectorIds' --output json
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "[]"
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- '"GuardDuty Is Not Enabled"'
|
|
# digest: 4b0a00483046022100a4b4d58c1c63e777f526ea729b0606c9778e22d31303546c4dd802e07f6adbaf022100b6259e9ecca607e4a4a59f5783407a2624c810904acde7de240c6b371fbf65c0:922c64590222798bb761d5b6d8e72950 |