detecting-aws-guardduty-findings-automation

Featured

Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time incident response, automatic quarantine of compromised resources, and security notification workflows.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Detecting AWS GuardDuty Findings Automation ## Overview Amazon GuardDuty is a threat detection service that continuously monitors AWS accounts for malicious activity and unauthorized behavior. By integrating GuardDuty with Amazon EventBridge and AWS Lambda, security teams achieve automated, real-time responses to threats, reducing mean time to response (MTTR) from hours to seconds. GuardDuty analyzes VPC Flow Logs, CloudTrail management and data events, DNS logs, EKS audit logs, and S3 data events. ## When to Use - When investigating security incidents that require detecting aws guardduty findings automation - When building detection rules or threat hunting queries for this domain - When SOC analysts need structured procedures for this analysis type - When validating security monitoring coverage for related attack techniques ## Prerequisites - AWS account with GuardDuty enabled - IAM roles for Lambda execution - EventBridge configured for GuardDuty events - SNS topic for security notifications - Security Hub integration (recommended) ## Enable GuardDuty ```bash # Enable GuardDuty aws guardduty create-detector --enable --finding-publishing-frequency FIFTEEN_MINUTES # Enable additional data sources aws guardduty update-detector \ --detector-id DETECTOR_ID \ --data-sources '{ "S3Logs": {"Enable": true}, "Kubernetes": {"AuditLogs": {"Enable": true}}, "MalwareProtection": {"ScanEc2InstanceWithFindings": {"EbsVolumes": true}}, "RuntimeMonitoring": {"...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

AWS · Cloud Kubernetes · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

detecting-cloud-threats-with-guardduty

This skill teaches security teams how to deploy and operationalize Amazon GuardDuty for continuous threat detection across AWS accounts and workloads. It covers enabling protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting finding severity levels, and building automated response workflows using EventBridge and Lambda.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

performing-cloud-native-threat-hunting-with-aws-detective

Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty finding correlation, and automated entity profiling across IAM users, EC2 instances, and IP addresses.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

detecting-compromised-cloud-credentials

Detecting compromised cloud credentials across AWS, Azure, and GCP by analyzing anomalous API activity, impossible travel patterns, unauthorized resource provisioning, and credential abuse indicators using GuardDuty, Defender for Identity, and SCC Event Threat Detection.

12,642 Updated today
mukul975
AI & Automation Featured

detecting-s3-data-exfiltration-attempts

Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs, GuardDuty findings, Amazon Macie alerts, and S3 access patterns to identify unauthorized bulk downloads and cross-account data transfers.

12,642 Updated today
mukul975
AI & Automation Solid

detecting-aws-cloudtrail-anomalies

Detect unusual API call patterns in AWS CloudTrail logs using boto3, statistical baselining, and behavioral analysis to identify credential compromise, privilege escalation, and unauthorized resource access.

12,642 Updated today
mukul975