- 최신
- 최다 투표
- 가장 많은 댓글
Hi Orlando,
1/ and 3/: For SNS notification rule, check this example for custom notifications from specific AWS service event types [1]. GuardDuty integrates with Amazon EventBridge, which can be used to send findings data to other applications and services for processing. With EventBridge you can use GuardDuty findings to initiate automatic responses to your findings by connecting finding events to targets such as AWS Lambda functions, Amazon EC2 Systems Manager automation and Amazon Simple Notification Service (SNS) [2].
2/: The S3 bucket used can be in the same account in which GuardDuty is enabled, or in a different AWS account. With multiple buckets you can define individual bucket features like bucket policy, S3 Versioning, S3 Object Lock, as documented here in Security best practices for Amazon S3 [3] . Also, GuardDuty recommends configuring settings to export findings because it allows you to export your findings to an S3 bucket for indefinite storage beyond the GuardDuty 90-day retention period. This allows you to keep records of findings or track issues within your AWS environment over time. [4]
[1] - https://repost.aws/knowledge-center/guardduty-eventbridge-sns-rule
[2] - https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#setup-sns
[3] - https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html
[4] - https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#setup-export
