Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Guard Duty with Security Hub

0

trying to understand relationship between security hub and guard duty in aws organisation sub account

If GuardDuty is enabled on organisation member account B and security hub is enabled on organisation master/delegated admin account A than will the master account A recieve findings from account B even if we don't enable guard duty in master account?

Argomenti
Sicurezza, identità e conformitàAWS Well-Architected FrameworkGestione e amministrazione
Tag
Hub di sicurezza AWSSicurezzaGestore account AWS
Lingua
English
rePost-User-6703621
posta 2 anni fa506 visualizzazioni
2 Risposte
1
Risposta accettata

If Security Hub and GuardDuty are enabled in the same account then Security Hub will receive the GD findings for that account and then send all findings to Security Hub in the delegated admin account for that region. Enabling GuardDuty on all accounts and in all regions is recommended best practice however - there is no cost if there are no workloads or activity in that account and if something WAS to happen then at least you would know about it. In addition it make it so much easier to manage and view all GD findings in a single account. Is there a reason for not enabling GD in your management/delegated admin account? (Note: we recommend making the delegated admin account the same for ALL security services like GD, SH, Inspector, Macie, Detective etc)

profile pictureAWS
Alex_AWS
con risposta 2 anni fa
0

Yes, I have tried it in my environment.

You can receive findings from member account B without enabling GaurdDuty on management/delegated admin account A.

profile picture
hayao-k
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente