Amazon GuardDuty | Enabling GuardDuty Flashcards

1
Q

What partners work with Amazon GuardDuty?

Enabling GuardDuty

Amazon GuardDuty | Security, Identity & Compliance

A

There are many technology partners that have integrated and built on Amazon GuardDuty. There are also consulting, system integrator, and managed security service providers with expertise in GuardDuty. See Amazon GuardDuty partners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do I enable Amazon GuardDuty?

Enabling GuardDuty

Amazon GuardDuty | Security, Identity & Compliance

A

Amazon GuardDuty can be enabled with a few clicks in the AWS Management console. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. There are no additional security software, sensors, or network appliances to deploy or manage. Threat intelligence is pre-integrated into the service and are continuously updated and maintained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can I manage multiple accounts with Amazon GuardDuty?

Enabling GuardDuty

Amazon GuardDuty | Security, Identity & Compliance

A

Yes, Amazon GuardDuty has a multiple account feature that allows you to associate and manage multiple AWS accounts from a single master account. When used, all security findings are aggregated to the administrator or Amazon GuardDuty master account for review and remediation. AWS CloudWatch Events are also aggregated to the Amazon GuardDuty master account when using this configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What data sources does Amazon GuardDuty analyze?

Enabling GuardDuty

Amazon GuardDuty | Security, Identity & Compliance

A

Amazon GuardDuty analyzes AWS CloudTrail, VPC Flow Logs, and AWS DNS logs. The service is optimized to consume large volumes of data for near real-time processing of security detections. GuardDuty gives you access to built-in detection techniques that are developed and optimized for the cloud and maintained and continuously improved upon by AWS Security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How quickly does GuardDuty start working?

Enabling GuardDuty

Amazon GuardDuty | Security, Identity & Compliance

A

Once enabled, Amazon GuardDuty immediately starts analyzing for malicious or unauthorized activity. The timeframe to begin receiving findings depends on the activity level in your account. GuardDuty does not look at historical data, only activity that starts after it is enabled. If GuardDuty identifies any potential threats, you’ll receive a finding in the GuardDuty console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Do I have to enable AWS CloudTrail, VPC Flow Logs, and DNS logs for Amazon GuardDuty to work?

Enabling GuardDuty

Amazon GuardDuty | Security, Identity & Compliance

A

No. Amazon GuardDuty pulls independent streams of data directly from AWS CloudTrail, VPC Flow Logs, and AWS DNS logs. You don’t have to manage Amazon S3 bucket policies or modify the way you may collect and store your logs. GuardDuty permissions are managed as Service Linked Roles that you can revoke at any time by disabling GuardDuty. This makes it easy to enable the service without complex configuration and it eliminates the risk that an AWS IAM permission modification or S3 bucket policy change will affect the operation of the service. It also makes GuardDuty extremely efficient at consuming high-volumes of data in near real-time without affecting the performance or availability of your account or workloads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Is there any performance or availability impact to enabling Amazon GuardDuty on my account?

Enabling GuardDuty

Amazon GuardDuty | Security, Identity & Compliance

A

No. Amazon GuardDuty operates completely independent of your AWS resources and there is no risk of impact to your accounts or workloads. This makes it easy for GuardDuty to be enabled across many accounts in an organization without impacting existing operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Does Amazon GuardDuty manage or keep my logs?

Enabling GuardDuty

Amazon GuardDuty | Security, Identity & Compliance

A

No. Amazon GuardDuty does not manage or retain your logs. All data consumed by GuardDuty is analyzed in near real-time and discarded. This allows GuardDuty to be highly efficient, cost effective, and reduces the risk of data remanence. For delivery and retention of logs, you should use AWS logging and monitoring services directly, which provide full-featured delivery and retention options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly