En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Is GuardDuty inspecting the AWS Firewall flow logs or VPC flow logs only ?

0

In a hub&spoke topology with centralized inspection and egress, and considering the cost of VPC flow logs if enabled in every spoke VPCs, I am tempted to only have the AWS firewall flow logs enabled at all time and only enable spoke VPC flow logs for troubleshooting purposes. On the other hand we have GuardDuty enabled so I am wondering if I also need to have VPC flow logs enabled in the inspection VPCs to have GuardDuty look at it but this sounds like duplicating the flow logs costs just for GD. It would make sense to me that ANFW flow logs be inspected by default if GD is enabled but is it the case or planned to be ?

Thanks !

Sujets
Sécurité, identité et conformité
Balises
Amazon GuardDutyPare-feu réseau AWS
Langue
English
JFN
demandé il y a un mois135 vues
1 réponse
0

No, GuardDuty doesn't directly inspect AWS Firewall logs, enabling VPC flow logs in the inspection VPC can provide comprehensive monitoring without duplicating costs across all spoke VPCs. However, GuardDuty primarily analyzes CloudTrail logs, DNS logs, and VPC flow logs. In a hub-and-spoke topology, enabling VPC flow logs in the inspection VPC can provide comprehensive monitoring without duplicating costs across all spoke VPCs.

Refrence:

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_integrations.html

profile picture
Bhagavan Bollina
répondu il y a un mois
profile picture
EXPERT
Gary Mclean
vérifié il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents