By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Purpose of Guardduty

0

Hi Team,

Im aware Guardduty is used for threat detection based on the API calls. Im struck where not all logs are appearing in the Guardduty. I have a control tower setup with organization enabled where all accounts are enabled with guard duty. Im not sure where im missing.

Can someone explain where im lacking

Regards, Vijay

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAmazon GuardDutyAWS Control TowerAWS OrganizationsThreat Detection
Language
English
Vijaya Gokula Vasan
asked a year ago251 views
2 Answers
0

Try the following documentation:

AWS
vtjean
answered a year ago
  • Vijaya Gokula Vasan
    a year ago

    I have aldready enabled Guard duty in an audit account and made that a delegated account. Now i dont see the logs or insights for that account in my audit account. Need to know what type of resource logs should be enabled to get the logs of all accounts.

0

Hey Vijay, All the logging is done on the backend as GuardDuty gets them directly from the relevant services. You do not need to enable any resource logging. GuardDuty analyses CloudTrail management event logs, CloudTrail S3 data event logs, VPC Flow Logs, DNS query logs, and Amazon EKS audit logs without you enabling any resource logs. Please refer to the following for more information: 1/ workshop session showing how to setup GuardDuty in a Control tower environment. https://controltower.aws-management.tools/security/guardduty/ 2/ troubleshooting section as well https://docs.aws.amazon.com/guardduty/latest/ug/troubleshooting.html Do not hesitate to contact AWS Support for further assistance if needed.

AWS
Antony - AWS
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content