Skip to main content

AWS GuardDuty

aws

Version: 1.2
Updated: Jun 15, 2023

Interact with AWS GuardDuty during incident investigation.

Actions

  • List Detectors (Enrichment) - Lists detectorIds of all the existing Amazon GuardDuty detector resources.
  • Get Detector (Enrichment) - Retrieves an Amazon GuardDuty detector specified by the detectorId.
  • List IP Set (Enrichment) - Lists the IPSets of the GuardDuty service specified by the detector ID.
  • Get IP Set (Enrichment) - Retrieves the IPSet specified by the ipSetId.
  • List ThreatIntel Sets (Enrichment) - Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.
  • Get ThreatIntel Set (Enrichment) - Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
  • List Findings (Enrichment) - Lists Amazon GuardDuty findings for the specified detector I.
  • Get Findings (Enrichment) - Describes Amazon GuardDuty findings specified by finding IDs.
  • Create Detector (Containment) - Creates a single Amazon GuardDuty detector.
  • Update Detector (Containment) - Updates the Amazon GuardDuty detector specified by the detectorId.
  • Delete Detector (Containment) - Deletes a Amazon GuardDuty detector specified by the detector ID.
  • Create IP Set (Containment) - Creates a new IPSet, called Trusted IP list in the consoler user interface.
  • Update IP Set (Containment) - Updates the IPSet specified by the IPSet ID.
  • Delete IP Set (Containment) - Deletes the IPSet specified by the ipSetId.
  • Create ThreatIntel Set (Containment) - Create a new ThreatIntelSet.
  • Update ThreatIntel Set (Containment) - Updates the ThreatIntelSet specified by ThreatIntelSet ID.
  • Delete ThreatIntel Set (Containment) - Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
  • Create Sample Findings (Containment) - Generates example findings of types specified by the list of finding types.
  • Update Findings Feedback (Containment) - Marks the specified GuardDuty findings as useful or not useful.
  • Archive Findings (Containment) - Archives GuardDuty findings specified by the list of finding IDs.
  • Unarchive Findings (Containment) - Unarchives GuardDuty findings specified by the findingIds.

External Libraries

Configure AWS GuardDuty in Automation Service and Cloud SOAR

Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.

  1. Access App Central and install the integration.
  2. Select the installed integration in the Integrations page.
    Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
    New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
  3. Select the integration.
  4. Hover over the resource name and click the Edit button that appears.
    Edit a resource
  5. In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.

For configuration information specific to AWS integrations, see the AWS integrations section.

For information about AWS GuardDuty, see GuardDuty documentation.

Change Log

  • January 24, 2020 - First upload
  • March 10, 2022 - Logo
  • June 15, 2023 (v1.2) - Updated the integration with Environmental Variables
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.