Monitoring Guardduty findings using CloudWatch
Question
I have been trying to find a way to use aws CloudWatch to monitor Guardduty findings. Looks like there is no simple way to integrate the two services?
So far, I have only been able to create a SNS topic and have it send me an email based on Guardduty findings. I would like to setup a dashboard in Cloudwatch which would show me details of any finding(s) from Guardduty.
Is there a way to create an alarm in Cloudwatch for findings in Guardduty or use Cloudwatch metrics? Any guidance on how best to use Cloudwatch to monitor Guardduty (if its at all possible) would be greatly appreciated.
1 answers
solution1
1 ACCPTED 2021-03-05 05:33:28
There is no direct integration between GuardDuty (GT) and CloudWatch Metrics (CWM). Instead there is integration with CloudWatch Events (CWE).
Thus, you could use CWE to stream the events to CW Logs (CWLs). For that you would setup a rule in CWE with target of a log group in CWL. Then you would setup filter metrics on the log group based on what kind of GT events do you you want to measure. Having the metric filters, you could then setup CW Alarms.
Subsequently, having the metric filters and alarms, you can create your CW Dashboards.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.