-
Clone this repo
-
Create a channel called #guardduty
-
Enter your web hook in var.py
-
Bootstrap and Launch the project
cdk bootstrap aws://<ACCT_ID>/<REGION>
cdk deploy --all --require-approval never
- Spin up an EC2 instance and run the following command to generate a sample GuardDuty Alert:
dig GuardDutyC2ActivityB.com any
- Wait up to about an hour for your message to appear (this is the normal time GuardDuty takes to report a finding)
- If you need to create a webhook see: https://api.slack.com/messaging/webhooks