Rule: GuardDuty should be enabled
Ensure GuardDuty is enabled to meet high severity compliance standards.
| Rule | GuardDuty should be enabled |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ High |
Rule Description
The rule states that GuardDuty should be enabled for FedRAMP Moderate Revision 4. GuardDuty is a threat detection service offered by Amazon Web Services (AWS). Enabling GuardDuty helps to monitor and detect malicious activity within your AWS environment. FedRAMP, which stands for Federal Risk and Authorization Management Program, is a government-wide program that provides a standardized approach for assessing and authorizing cloud products and services. FedRAMP Moderate determines the security impact level and security control requirements for moderate risk systems.
Enabling GuardDuty for FedRAMP Moderate Revision 4 ensures that your AWS environment meets the security requirements set forth by the FedRAMP program. It helps to identify and respond to security threats, enhancing the overall security posture of your cloud infrastructure.
Troubleshooting Steps
If GuardDuty is not enabled for FedRAMP Moderate Revision 4, you may encounter the following issues:
- 1.
Non-compliance: Failure to enable GuardDuty for FedRAMP Moderate Revision 4 can lead to non-compliance with the security standards required for moderate risk systems.
- 2.
Increased vulnerability: Without GuardDuty, your AWS environment may be susceptible to various threats, including unauthorized access, data breaches, and malicious activities.
- 3.
Lack of threat detection: Without GuardDuty enabled, you may miss out on crucial insights and threat intelligence necessary for proactive threat detection and response.
Necessary Codes
To enable GuardDuty for FedRAMP Moderate Revision 4, you need to execute the following AWS CLI command:
aws guardduty create-detector --enable --finding-publishing-frequency SIX_HOURS --no-enable-cloud-watch
This command creates a GuardDuty detector, enables it, and sets the finding publishing frequency to every six hours. However, the
--no-enable-cloud-watchStep-by-Step Guide for Remediation
Follow the steps below to enable GuardDuty for FedRAMP Moderate Revision 4:
- 1.
Install and configure the AWS CLI: Ensure that you have the AWS CLI (Command Line Interface) installed and properly configured on your system.
- 2.
Open your preferred terminal or command prompt.
- 3.
Enter the following command to create and enable the GuardDuty detector:
aws guardduty create-detector --enable --finding-publishing-frequency SIX_HOURS --no-enable-cloud-watch
- 1.
Wait for the command to execute successfully. Once the command finishes executing, GuardDuty will be enabled for your AWS environment.
- 2.
Verify the status of GuardDuty by running the following command:
aws guardduty list-detectors
This command will display a list of detectors, their states, and other relevant information. Ensure that the GuardDuty detector is listed and its state is "ENABLED."
Congratulations! You have successfully enabled GuardDuty for FedRAMP Moderate Revision 4 in your AWS environment. GuardDuty will now start monitoring your AWS resources for potential security threats and provide you with actionable findings.
Conclusion
Enabling GuardDuty for FedRAMP Moderate Revision 4 is crucial for maintaining the security and compliance of your AWS environment. By following the provided troubleshooting steps and using the necessary codes, you can effectively enable GuardDuty and enhance your threat detection capabilities. Regularly monitor GuardDuty findings and take appropriate actions to mitigate identified risks, ensuring the overall security of your cloud infrastructure.