GuardDuty Centralized Enablement.
More Info:
This rule checks if Amazon GuardDuty is enabled in your AWS account and AWS Region. If you provide an AWS account for centralization, the rule evaluates the GuardDuty results in the centralized account. The rule is COMPLIANT when GuardDuty is enabled.Risk Level
LowAddresses
SecurityCompliance Standards
CBP,RBI_MD_ITFTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of GuardDuty Centralized Enablement for AWS Shield using the AWS console, follow these step-by-step instructions:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to the AWS Management Console using your credentials.
- Navigate to the GuardDuty Service: In the AWS Management Console, search for “GuardDuty” in the search bar at the top of the page and select the GuardDuty service from the search results.
- Enable GuardDuty: If GuardDuty is not already enabled, click on the “Enable GuardDuty” button to enable the service in your AWS account.
- Configure GuardDuty: Follow the on-screen instructions to configure GuardDuty for your account. Make sure to select the appropriate settings based on your requirements.
- Enable Centralized Management: In the GuardDuty console, navigate to the “Settings” tab on the left-hand side menu.
- Enable Centralized Management: In the Settings page, locate the “Enable Centralized Management” option and click on the “Edit” button next to it.
- Enable Centralized Management: In the Edit Centralized Management Settings page, select the option to enable centralized management for GuardDuty.
- Save Changes: Click on the “Save” button to save the changes and enable centralized management for GuardDuty.
- Verify Centralized Management: Once the changes are saved, verify that centralized management is enabled by checking the status in the GuardDuty console.
Using CLI
Using CLI
To remediate the misconfiguration of GuardDuty Centralized Enablement for AWS Shield using AWS CLI, follow these steps:
- List all regions where GuardDuty is not enabled:
- Enable GuardDuty in the desired region:
-
Enable Centralized GuardDuty Management:
- Open the AWS Management Console.
- Go to the GuardDuty service.
- Click on the “Settings” tab.
- Enable the “Enable GuardDuty Centralized Management” option.
-
Enable AWS Shield Advanced:
- Open the AWS Management Console.
- Go to the AWS Shield service.
- Click on “Activate AWS Shield Advanced”.
- Follow the on-screen instructions to complete the activation.
-
Verify GuardDuty and AWS Shield configuration:
- Use the following command to verify that GuardDuty is enabled in all regions:
- Use the following command to verify that AWS Shield Advanced is enabled:
Using Python
Using Python
To remediate the “GuardDuty Centralized Enablement” misconfiguration for AWS Shield using Python, you can follow these steps:By following these steps, you can remediate the “GuardDuty Centralized Enablement” misconfiguration for AWS Shield using Python.
- Import the necessary Python libraries:
- Connect to AWS using the Boto3 library:
- Disable GuardDuty Centralized Enablement:
- Verify that GuardDuty Centralized Enablement has been successfully disabled: