AWS GuardDuty #2751
Description
Description
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
Architecture
GuardDuty supports export of active findings to CloudWatch events, and optionally to an S3 bucket. More information on export options available here.
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.
All changes
- Change follows the contributing guidelines
- Supported versions of the monitoring target are documented
- Supported operating systems are documented (if applicable)
- Integration or System tests exist
- Documentation exists
- Fields follow ECS and naming conventions
- At least a manual test with ES / Kibana / Agent has been performed.
- Required Kibana version set to:
New Package
- Screenshot of the "Add Integration" page on Fleet added
Dashboards changes
- Dashboards exists
- Screenshots added or updated
- Datastream filters added to visualizations
Log dataset changes
- Pipeline tests exist (if applicable)
- Generated output for at least 1 log file exists
- Sample event (
sample_event.json) exists