lacework-global-827
GuardDuty not enabled in account (Automated)
Description
It is highly recommended that you enable GuardDuty in all supported AWS Regions. Doing so allows GuardDuty to generate findings about unauthorized or unusual activity, even in Regions that you do not actively use. This also allows GuardDuty to monitor CloudTrail events for global AWS services such as Identity and Access Management (IAM).
The policy returns accounts that do not have GuardDuty enabled for any region.
Remediation
From the AWS Console:
- Log into the AWS Management Console.
- Click Services.
- Click Security, Identity, and Compliance > GuardDuty.
- Click Get Started.
- Click Enable GuardDuty.
- Repeat for all supported Regions.
From CLI:
aws guardduty create-detector --enable --region <region>
For compliance with this policy, repeat the preceding command for all supported regions individually by updating the region.
References
https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-1
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#guardduty_enable-gd
https://docs.aws.amazon.com/cli/latest/reference/guardduty/create-detector.html
https://docs.aws.amazon.com/securityhub/latest/userguide/regions-controls.html