amazon-guardduty-ec2-threat-detection
Illustrate the capabilities of Amazon GuardDuty to detect EC2 threats
Getting Started
Deploy the CloudFormation infrastructure/cloudformation.json
template. The template creates a user with the following credentials and minimal required permisisons to complete the Lab:
- Username: student
- Password: password
Instructions
-
Enable GuardDuty in the AWS Management Console
-
Save the public IPv4 address of the EC2 instance named Malicious Instance to a plain text file named
threat-list.txt
-
Upload
threat-list.txt
to the S3 bucket with threatlist in its name -
In the GuardDuty Console, navigate to Lists and activate a new threat list by using the S3 link to threat-list.txt. Ensure you check Activate to instruct GuardDuty to use the threat list.
-
Periodically refresh the GuardDuty findings table to view the findings related to the Lab environment. It may take up to 10 minutes to view all three.
Cleaning Up
Delete the CloudFormation stack to remove all the resources used in the Lab.