Skip to content

lrakai/amazon-guardduty-ec2-threat-detection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
infrastructure
infrastructure
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

amazon-guardduty-ec2-threat-detection

Illustrate the capabilities of Amazon GuardDuty to detect EC2 threats

Final Environment

Getting Started

Deploy the CloudFormation infrastructure/cloudformation.json template. The template creates a user with the following credentials and minimal required permisisons to complete the Lab:

  • Username: student
  • Password: password

Instructions

  1. Enable GuardDuty in the AWS Management Console

  2. Save the public IPv4 address of the EC2 instance named Malicious Instance to a plain text file named threat-list.txt

  3. Upload threat-list.txt to the S3 bucket with threatlist in its name

  4. In the GuardDuty Console, navigate to Lists and activate a new threat list by using the S3 link to threat-list.txt. Ensure you check Activate to instruct GuardDuty to use the threat list.

  5. Periodically refresh the GuardDuty findings table to view the findings related to the Lab environment. It may take up to 10 minutes to view all three.

Cleaning Up

Delete the CloudFormation stack to remove all the resources used in the Lab.

About

Illustrate the capabilities of Amazon GuardDuty to detect EC2 threats

Topics

aws-security guardduty

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published