AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
GuardDuty Centralized Enablement.
More Info:
This rule checks if Amazon GuardDuty is enabled in your AWS account and AWS Region. If you provide an AWS account for centralization, the rule evaluates the GuardDuty results in the centralized account. The rule is COMPLIANT when GuardDuty is enabled.
Risk Level
Low
Addresses
Security
Compliance Standards
CBP,RBI_MD_ITF
Triage and Remediation
Remediation
To remediate the misconfiguration of GuardDuty Centralized Enablement for AWS Shield using the AWS console, follow these step-by-step instructions:
-
Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to the AWS Management Console using your credentials.
-
Navigate to the GuardDuty Service: In the AWS Management Console, search for “GuardDuty” in the search bar at the top of the page and select the GuardDuty service from the search results.
-
Enable GuardDuty: If GuardDuty is not already enabled, click on the “Enable GuardDuty” button to enable the service in your AWS account.
-
Configure GuardDuty: Follow the on-screen instructions to configure GuardDuty for your account. Make sure to select the appropriate settings based on your requirements.
-
Enable Centralized Management: In the GuardDuty console, navigate to the “Settings” tab on the left-hand side menu.
-
Enable Centralized Management: In the Settings page, locate the “Enable Centralized Management” option and click on the “Edit” button next to it.
-
Enable Centralized Management: In the Edit Centralized Management Settings page, select the option to enable centralized management for GuardDuty.
-
Save Changes: Click on the “Save” button to save the changes and enable centralized management for GuardDuty.
-
Verify Centralized Management: Once the changes are saved, verify that centralized management is enabled by checking the status in the GuardDuty console.
By following these steps, you will be able to remediate the misconfiguration of GuardDuty Centralized Enablement for AWS Shield using the AWS console.
To remediate the misconfiguration of GuardDuty Centralized Enablement for AWS Shield using AWS CLI, follow these steps:
- List all regions where GuardDuty is not enabled:
aws guardduty list-detectors --region <region-name>
- Enable GuardDuty in the desired region:
aws guardduty create-detector --enable --region <region-name>
-
Enable Centralized GuardDuty Management:
- Open the AWS Management Console.
- Go to the GuardDuty service.
- Click on the “Settings” tab.
- Enable the “Enable GuardDuty Centralized Management” option.
-
Enable AWS Shield Advanced:
- Open the AWS Management Console.
- Go to the AWS Shield service.
- Click on “Activate AWS Shield Advanced”.
- Follow the on-screen instructions to complete the activation.
-
Verify GuardDuty and AWS Shield configuration:
- Use the following command to verify that GuardDuty is enabled in all regions:
aws guardduty list-detectors- Use the following command to verify that AWS Shield Advanced is enabled:
aws shield describe-attack
By following these steps, you can remediate the misconfiguration of GuardDuty Centralized Enablement for AWS Shield using AWS CLI.
To remediate the “GuardDuty Centralized Enablement” misconfiguration for AWS Shield using Python, you can follow these steps:
- Import the necessary Python libraries:
import boto3
- Connect to AWS using the Boto3 library:
client = boto3.client('shield')
- Disable GuardDuty Centralized Enablement:
response = client.update_subscription(
AutoRenew=True,
Enabled=False
)
- Verify that GuardDuty Centralized Enablement has been successfully disabled:
if response['ResponseMetadata']['HTTPStatusCode'] == 200:
print("GuardDuty Centralized Enablement has been successfully disabled.")
else:
print("Failed to disable GuardDuty Centralized Enablement.")
By following these steps, you can remediate the “GuardDuty Centralized Enablement” misconfiguration for AWS Shield using Python.