Detections
Analytics

Ensure intelligent threat detection is enabled for all regions via AWS GuardDuty Detector

MEDIUM

Description

AWS GuardDuty service is disabled. This may keep AWS resources vulnerable against malware and other more advanced threat actors.

Remediation

In AWS Console -

  1. Sign in to AWS Console and go to the GuardDuty console.
  2. Click on Get Started.
  3. Select Enable GuardDuty.

In Terraform -

  1. In the aws_guardduty_detector resource, set the enabled field to true.

References:
https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/guardduty_detector

Policy Details

Rule Reference ID: AC_AWS_0131
CSP: AWS
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: aws_guardduty_detector
Resource Category: Management
Resource Type: GuardDuty

Frameworks