It provides an enterprise with comprehensive threat detection, stronger security through automation and centralized management at scale. GuardDuty allows us to automatically send notifications to CloudWatch Events. We use this to notify the security team on Slack by configuring a CloudWatch Event Rule on GuardDuty findings that triggers a Lambda serverless function written in Go called GuardDuty2Slack. This post will walk you through the process and code used to join member accounts to an organization and send GuardDuty findings as Slack notifications. The complete example set of code is available here. GuardDuty is a regional service, so member accounts need to be invited for every region they use. Terraform applied at a regional level (in this example us-west-1) Terraform Lambda module and Go function for notifications Terraform applied at a global level (IAM roles and policies) Terraform snippets for GuardDuty member accounts While there are more sophisticated ways to manage this, for the simplicity of this post, the following directory structure will be used: accounts/ Some accounts may not use the same regions as others.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |