Amazon GuardDuty
- 08 Dec 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Amazon GuardDuty
- Updated on 08 Dec 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Amazon GuardDuty is a threat detection service that continuously monitors AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
Integration Method: API
Tables: Detection Finding
Event Types: Unauthorized Access, Backdoor Activity, Data Exfiltration, CryptoMining, Portscan
AWS Keys
DataBee fetches findings logs via API. AWS client access key and secret key are required for configuration. Follow the instructions mentioned here to get access and secret key.
DataBee Configuration
Log into the DataBee console, navigate to Data > Data Sources and click on Add New Data Source.
Search for AWS GuardDuty and click it
Select API Ingest
Enter contact information for this data source and click Next
In the configuration dialog box, fill in the following:
Authorization Method: AWS Signature
Access key: Paste the AWS client access key
Secret key: Paste the AWS client secret key
Session token can be left empty
AWS region – region
Service name: “guardduty”
API_URL: Replace the <aws-region> placeholder with the region
Click Submit
Was this article helpful?