Flagship threat detection service for the cloud which continuously monitors and protects AWS accounts, along with the applications and services running within them.
- Detects known and unknown threats (Zero-Days)
- Makes use of artificial intelligence and machine learning from a large sample base
- Integrated threat intelligence
- Fire and forget
- True IaC, preview changes, rollback triggers
- Portable, flexible and repeatable
- Native CI/CD integration
Python 3.6
Python Dependencies:
- virtualenv
- awacs
- troposphere
- requests
- boto3
- S3 Bucket with appropriate permissions, if not IAM permissions assigned CF will assume the logged in deployment users IAM users permissions
- Slack Incoming Webhook has been setup and assigned to a channel. Further info and a setup guide can be found here
- GuardDutyToSlackFunction (
AWS::Lambda::Function): approx 10Mb zip of code and dependancies. - GuardDutyToSlackLambaRole (
AWS::IAM::Role): minimal access to required permissions:
- (
AWSXrayWriteOnlyAccess): gathers meta-data of various requests between compute resources in the application flow - (
AWSLambdaBasicExecutionRole): grants permission to Lambda to run as well as calls from CloudWatch - (
AWSLambdaVPCAccessExecutionRole): allows Lambda to write to CloudWatch logs
- GuardDutyEventRule (
AWS::Events::Rule): routes Guardduty specific event to the Lambda function for processing - APILambdaPermission (
AWS::Lambda::Permission): allows versioning of code updates and abstracting updates from testing environments into production
GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007