Enable GuardDuty Rule
Ensure compliance by enabling GuardDuty for system and communications protection.
| Rule | GuardDuty should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description:
This rule states that GuardDuty, an intelligent threat detection service provided by AWS, should be enabled specifically for meeting the security requirements outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-171 Revision 2.
GuardDuty continuously monitors and analyzes AWS logs and network activity for potential security threats and vulnerabilities. Enabling GuardDuty for NIST 800-171 Revision 2 ensures that your AWS environment is being actively monitored for any suspicious or malicious activities that could potentially violate the security requirements specified in the NIST 800-171 framework.
Troubleshooting Steps (if applicable):
Troubleshooting steps are not necessary for this rule, as it is more of a configuration requirement to be met.
Necessary Codes (if applicable):
If you have not already enabled GuardDuty in your AWS account, you can use the AWS Command Line Interface (CLI) to enable it. Here is the necessary CLI command:
aws guardduty create-detector --enable
This command enables GuardDuty in your AWS account and automatically sets up a detector.
Step-by-step Guide for Remediation:
To enable GuardDuty for NIST 800-171 Revision 2, follow these steps:
- 1.Open the AWS Management Console and navigate to the GuardDuty service.
- 2.Click on "Get started" if you see this message, or "Enable GuardDuty" if you don't.
- 3.On the Enable GuardDuty page, choose the AWS Region where you want to enable GuardDuty. Ensure that you choose the same region where your NIST 800-171 compliant resources are deployed.
- 4.Select the detector name or leave it as the default value.
- 5.Configure the S3 bucket for storing GuardDuty findings if you haven't done so already. You can choose an existing S3 bucket or create a new one.
- 6.Choose the IAM role that GuardDuty will use to access your AWS resources. Ensure that the IAM role has the necessary permissions to access the resources that fall under the scope of NIST 800-171 Revision 2.
- 7.Click on "Enable GuardDuty" to enable GuardDuty for the selected AWS Region.
Once GuardDuty is enabled, it will start analyzing your AWS logs and network activity for potential security threats. You can review the findings in the GuardDuty console or set up automatic notifications for any detected threats.
By enabling GuardDuty for NIST 800-171 Revision 2, you are taking a proactive step towards meeting the security requirements outlined in the NIST framework and ensuring the safety of your AWS environment.