Questions tagged with Amazon GuardDuty
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Hi Team,
I am getting EC2/UnusualDNSResolve for my private windows Ec2 instance.
DNS IP: 8.8.8.8
network settings are not changed. can you help me to find the this finding is triggered
Regards.
2
answers
0
votes
2716
views
asked a year agolg...
Hi there, I have a quick questions. When I enable VPC flow logs to then be pushed to an S3 bucket, will GuardDuty still be able to review my logs or does it need any specific access to the bucket for...
1
answers
0
votes
508
views
asked a year agolg...
How can suppression rules be disabled for (a) certain account(s) in an organization?
So most accounts should be able to utilize suppression rules, but some accounts should not be able to suppress...
1
answers
0
votes
435
views
asked a year agolg...
I want to integrate my AWS GuardDuty alerts with cloudwatch so that I get such alerts on my PagerDuty if there is any threats…is there any way to do so?
2
answers
0
votes
317
views
asked a year agolg...
Hi,
I just noticed that Amazon GuardDuty EKS Runtime Monitoring has status "Requires activation". I have EKS runtime enabled as per this screen:
![Enter image description...
2
answers
0
votes
542
views
asked a year agolg...
I am using AWS GuardDuty and EKS. Recently I got couple of alerts from AWS GuardDuty for DefenseEvasion:EC2/UnusualDNSResolver mentioning one of the EKS nodes are connecting to 1.1.1.1. When I check...
1
answers
0
votes
565
views
asked a year agolg...
I'm using our Management account to do this. The main GuardDuty service is enabled on a vast majority of our Organization accounts already. I do not need to enable GuardDuty itself, just turn on the...
1
answers
0
votes
367
views
asked a year agolg...
I'm working on analyzing CloudTrail events as they come in and when I was setting up a filter ( ignore events that are readOnly ) I was surpised to see the above events coming through. is that...
1
answers
0
votes
445
views
asked a year agolg...
Purpose of Guarddutylg...
Hi Team,
Im aware Guardduty is used for threat detection based on the API calls.
Im struck where not all logs are appearing in the Guardduty.
I have a control tower setup with organization enabled...
2
answers
0
votes
278
views
asked a year agolg...
Hello Team,
I want to import our internal third-party intelligence feeds into guard duty. Is there any manual way or automated way to do so? Please let me know if any unconventional solutions are...
1
answers
0
votes
296
views
asked a year agolg...
I have a task where I'm required to make sure all my GuardDuty logs from multiple accounts are logged to one account using a centralized logging solution.
At the moment, I'm trying to find a way...
3
answers
0
votes
928
views
asked a year agolg...
Hello,
I am trying to export GuardDuty logs to S3 and I am getting errors with the policy. I am receiving message above **'findings export options' to an S3 bucket`**.
I am following the...
1
answers
0
votes
513
views
asked a year agolg...