Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Is GuardDuty inspecting the AWS Firewall flow logs or VPC flow logs only ?

0

In a hub&spoke topology with centralized inspection and egress, and considering the cost of VPC flow logs if enabled in every spoke VPCs, I am tempted to only have the AWS firewall flow logs enabled at all time and only enable spoke VPC flow logs for troubleshooting purposes. On the other hand we have GuardDuty enabled so I am wondering if I also need to have VPC flow logs enabled in the inspection VPCs to have GuardDuty look at it but this sounds like duplicating the flow logs costs just for GD. It would make sense to me that ANFW flow logs be inspected by default if GD is enabled but is it the case or planned to be ?

Thanks !

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Amazon GuardDutyAWS Network Firewall
Idioma
English
JFN
preguntada hace un mes135 visualizaciones
1 Respuesta
0

No, GuardDuty doesn't directly inspect AWS Firewall logs, enabling VPC flow logs in the inspection VPC can provide comprehensive monitoring without duplicating costs across all spoke VPCs. However, GuardDuty primarily analyzes CloudTrail logs, DNS logs, and VPC flow logs. In a hub-and-spoke topology, enabling VPC flow logs in the inspection VPC can provide comprehensive monitoring without duplicating costs across all spoke VPCs.

Refrence:

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_integrations.html

profile picture
Bhagavan Bollina
respondido hace un mes
profile picture
EXPERTO
Gary Mclean
revisado hace un mes

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante