Skip to main content
Sumo Logic

View the Amazon GuardDuty Benchmark App Dashboards

This page provides examples and descriptions of the  Sumo Logic App for Amazon GuardDuty Benchmark dashboards.

availabilityTrialandEnterprise.png

This page provides examples and descriptions for the Sumo Logic App for Amazon Guard Duty Benchmark.

Dashboard filters  

Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.

GuardDuty_BM_Dashboard_filter.png

Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

GuardDuty_BM_Panel_filter.png

1. Amazon GuardDuty - Threat Overview

The Amazon GuardDuty - Threat Overview dashboard provides a high-level view of threats to your AWS environment. Panels display information on threats by location, type, severity, IP address, and trend.

Use this dashboard to:

  • Find geographic location of threats to determine if you are being attacked from a particular region or actor around the globe.
  • Locate and assess high severity threats found by Amazon GuardDuty in your AWS environment.
  • Find spikes in threats with the Severity Trend graph.
  • Analyze threats by different dimensions, such as IPs, AWS Account, Region, Severity and AWS Resource Groups.

GuardDuty_BM_Threat_Overview.png

2. Amazon GuardDuty - Threat Details

The Amazon GuardDuty - Threat Details dashboard provides detailed and summary information on threat outliers, trends, severity, threat type, and threat count comparisons.

Use this dashboard to:

  • Determine the number of outlier threats in your AWS Account.
  • Understand the types of threats in your AWS account and the various threat properties.
  • Review one-day time comparison of your threat posture.
  • Analyze GuardDuty Threats by resource type, purpose, and AWS Security Group.

GuardDuty_Benchmark_Threat_Details-2.png

3. Amazon GuardDuty - Global Threat Activity Benchmark

The Amazon GuardDuty - Global Threat Activity Benchmark dashboard provides a high-level baseline of global malicious threats that you can use as a comparison for your AWS environment. Panels display graphs for threat and severity distribution, targeted resources, and detailed information on rare medium and high severity threats.

Use this dashboard to:

  • View global threat activity within AWS.  
  • Assess the types of threats that are active and types of resources are being attacked.
  • Review threat severities and the distribution of specific active threats.  
  • Assess rare threats that are active.

GuardDuty_BM_Global_Threat_Activity.png

4. Amazon GuardDuty - Threat Posture Benchmark

The Amazon GuardDuty - Threat Posture Benchmark dashboard provides a high-level view of the integrity of your AWS environment in comparison to the global threat baseline. Panels then compare high, medium, and low severity global threats to those in your AWS environment. Also shown are the number of rare global threats found in your environment. 

Use this dashboard to:

  • Assess significant threats based on threats that appear in your environment at a significantly different rate than global baselines and globally rare threats that appear in your environment.
  • Analyze the details of specific occurrences of rare threats with account IDs, targeted resource IDs, and the AWS region where the resource is located to name a few.

GuardDuty_BM_Threat_Posture.png

5. Amazon GuardDuty - Threat Details Benchmark

The Amazon GuardDuty - Threat Details Benchmark dashboard provides a high-level view of threats in your AWS environment versus a baseline of global threats, paired with detailed information on severity rankings. Panels also show information on the globally rare threats found in your AWS environment.

Use this dashboard to:

  • Compare global baselines with your GuardDuty threat activity to assess how your threat profile compares with global Amazon GuardDuty threat detection and protect your AWS account.  
  • Review which rare threat types are active in their account.  
  • Analyze how your profile changes over time to determine if your account has been attacked.  
  • Determine which threat categories, targeted resources, and level of threat severity differ from global baselines, for focused investigations.

GuardDuty_BM_Threat_Details.png