AWScloud~30 mins

GuardDuty for threat detection in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

GuardDuty for threat detection

📖 Scenario: You are a cloud security engineer setting up threat detection for your AWS environment. You want to enable GuardDuty, a service that continuously monitors for malicious or unauthorized behavior to protect your AWS accounts and workloads.

🎯 Goal: Enable AWS GuardDuty in your AWS account and configure it to monitor your environment for potential security threats.

📋 What You'll Learn

Create a GuardDuty detector

Enable GuardDuty with default settings

Verify the detector is active

💡 Why This Matters

🌍 Real World

GuardDuty helps detect threats like unusual API calls or unauthorized access in your AWS environment, improving security.

💼 Career

Cloud security engineers and AWS administrators use GuardDuty to monitor and protect cloud resources from attacks and vulnerabilities.

Progress0 / 4 steps

Create a GuardDuty detector

Write the AWS CLI command to create a GuardDuty detector and save the output to a variable called detector. Use the command aws guardduty create-detector --enable.

AWS

# Use AWS CLI to create GuardDuty detector and assign to detector
# Your code here

Need a hint?

Use the AWS CLI command aws guardduty create-detector --enable and capture the DetectorId output.

Check GuardDuty detector status

Write the AWS CLI command to get the status of the GuardDuty detector using the variable detector. Use aws guardduty get-detector --detector-id $detector.

AWS

detector=$(aws guardduty create-detector --enable --query 'DetectorId' --output text)
# Check the status of the GuardDuty detector
# Your code here

Need a hint?

Use the AWS CLI command aws guardduty get-detector --detector-id $detector to check the detector status.

Enable GuardDuty findings publishing

Write the AWS CLI command to enable publishing of GuardDuty findings to CloudWatch Logs for the detector stored in detector. Use aws guardduty create-publishing-destination with appropriate parameters.

AWS

detector=$(aws guardduty create-detector --enable --query 'DetectorId' --output text)
aws guardduty get-detector --detector-id $detector
# Enable publishing of findings to CloudWatch Logs
# Your code here

Need a hint?

Use aws guardduty create-publishing-destination with --detector-id $detector and --destination-type CLOUDWATCH_LOGS.

Verify GuardDuty is active and monitoring

Write the AWS CLI command to list all active GuardDuty detectors and confirm your detector $detector is listed. Use aws guardduty list-detectors.

AWS

detector=$(aws guardduty create-detector --enable --query 'DetectorId' --output text)
aws guardduty get-detector --detector-id $detector
aws guardduty create-publishing-destination --detector-id $detector --destination-type CLOUDWATCH_LOGS --destination-properties logGroupArn=arn:aws:logs:us-east-1:123456789012:log-group:GuardDutyLogs
# List all active GuardDuty detectors
# Your code here

Need a hint?

Use aws guardduty list-detectors to see all active detectors.