Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: GuardDuty Should Be Enabled

This rule ensures that GuardDuty is enabled to enhance security measures.

RuleGuardDuty should be enabled
FrameworkFedRAMP Moderate Revision 4
Severity
High

#Rule Description: This rule states that GuardDuty, a threat detection service provided by Amazon Web Services (AWS), should be enabled for environments that are required to comply with the FedRAMP (Federal Risk and Authorization Management Program) Moderate security level, as per Revision 4 of the FedRAMP guidelines.

GuardDuty continuously monitors and analyzes AWS resources and accounts for potential security threats, providing real-time alerts and insights to help organizations identify and respond to security risks in their systems.

#Troubleshooting Steps:

  2. 1.
    Ensure that the AWS account associated with your environment accords to the FedRAMP Moderate security level. Verify that it meets all the necessary controls and requirements outlined in Revision 4 of the FedRAMP guidelines.
  4. 2.
    Check if GuardDuty is already enabled for your AWS account. If it is, ensure that its configuration aligns with the requirements of FedRAMP Moderate Revision 4. If not, proceed to the next step.
  6. 3.
    Make sure you have the necessary permissions to enable GuardDuty. To enable GuardDuty, you need to be an AWS Identity and Access Management (IAM) user with appropriate privileges.
  8. 4.
    Verify if the required GuardDuty service is available in the AWS region where your environment is hosted. Some AWS services may not be available in all regions.
  10. 5.
    If you have followed the above steps and still encounter issues, consider contacting AWS Support for further assistance.

#Code Snippet (AWS CLI): To enable GuardDuty for the AWS account, use the following AWS CLI command:

aws guardduty create-detector --enable --region <region-name>

Replace 

<region-name>
with the AWS region code where you want to enable GuardDuty (e.g., us-west-2 for US West Oregon). Ensure that your AWS CLI is configured with appropriate credentials and permissions.

#Remediation Steps:

  2. 1.
    Log in to the AWS Management Console using your IAM user credentials.
  4. 2.
    Open the GuardDuty service dashboard.
  6. 3.
    Click on "Create detector" to create a new GuardDuty detector.
  8. 4.
    Enable GuardDuty by selecting the checkbox or using the CLI command mentioned above.
  10. 5.
    Review the detector settings and adjust them according to your requirements. Ensure that the detector is configured to comply with the FedRAMP Moderate Revision 4 guidelines.
  12. 6.
    Save the configuration and start monitoring your environment for potential security threats.
  14. 7.
    Regularly review the GuardDuty findings and take appropriate actions to mitigate any identified risks.
  16. 8.
    Periodically validate the GuardDuty settings and make necessary adjustments to ensure continuous compliance with FedRAMP Moderate Revision 4.

Please note that enabling GuardDuty may incur additional costs. Familiarize yourself with the pricing details and evaluate the impact on your budget before enabling the service.

Is your System Free of Underlying Vulnerabilities?
Find Out Now