Skip to main content

lacework-global-827

GuardDuty not enabled in account (Automated)

Description

It is highly recommended that you enable GuardDuty in all supported AWS Regions. Doing so allows GuardDuty to generate findings about unauthorized or unusual activity, even in Regions that you do not actively use. This also allows GuardDuty to monitor CloudTrail events for global AWS services such as Identity and Access Management (IAM).

note

The policy returns accounts that do not have GuardDuty enabled for any region.

Remediation

From the AWS Console:

  1. Log into the AWS Management Console.
  2. Click Services.
  3. Click Security, Identity, and Compliance > GuardDuty.
  4. Click Get Started.
  5. Click Enable GuardDuty.
  6. Repeat for all supported Regions.

From CLI:

aws guardduty create-detector --enable --region <region>
note

For compliance with this policy, repeat the preceding command for all supported regions individually by updating the region.

References

https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-1
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#guardduty_enable-gd
https://docs.aws.amazon.com/cli/latest/reference/guardduty/create-detector.html
https://docs.aws.amazon.com/securityhub/latest/userguide/regions-controls.html

Last updated on