Giters

lrakai / amazon-guardduty-ec2-threat-detection

Illustrate the capabilities of Amazon GuardDuty to detect EC2 threats

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

aws-securityguardduty

amazon-guardduty-ec2-threat-detection

Illustrate the capabilities of Amazon GuardDuty to detect EC2 threats

Final Environment

Getting Started

Deploy the CloudFormation infrastructure/cloudformation.json template. The template creates a user with the following credentials and minimal required permisisons to complete the Lab:

  • Username: student
  • Password: password

Instructions

  1. Enable GuardDuty in the AWS Management Console

  2. Save the public IPv4 address of the EC2 instance named Malicious Instance to a plain text file named threat-list.txt

  3. Upload threat-list.txt to the S3 bucket with threatlist in its name

  4. In the GuardDuty Console, navigate to Lists and activate a new threat list by using the S3 link to threat-list.txt. Ensure you check Activate to instruct GuardDuty to use the threat list.

  5. Periodically refresh the GuardDuty findings table to view the findings related to the Lab environment. It may take up to 10 minutes to view all three.

Cleaning Up

Delete the CloudFormation stack to remove all the resources used in the Lab.

About

Illustrate the capabilities of Amazon GuardDuty to detect EC2 threats

aws-securityguardduty

License:MIT License