AWS GuardDuty
Supported version: Cloud
Pre-requisites:
- Python Script Integration Service deployed on the Gathr Analytics.
- Below libraries available on the Gathr Analytics: a. jsonpath_ng b. boto3
- All the required roles and permissions for the AWS GuardDuty.
- Client Id, Client Secret and AWS hosted region for the AWS GuardDuty.
Note : Permission required for AWS GuardDuty is : AmazonGuardDutyFullAccess IMPORTANT: Please make sure your AWS GuardDuty instance must be accessible from the Gathr Analytics Machine.
Operation Details:
Below are the list of all the python scripts operation for the AWS GuardDuty:
| S.No. | Operation Name | Description |
|---|---|---|
| 1 | List All Findings | Get all the Findings corresponding to Detector in AWS GuardDuty. |
| 2 | List Detectors | Get all the Detectors in AWS GuardDuty. |
| 3 | List IpSets | Get all the IpSets corresponding to Detector in AWS GuardDuty. |
| 4 | List Filters | Get all the Filters corresponding to Detector in AWS GuardDuty. |
| 5 | List Publishing Destinations | Get all the Publishing Destinations corresponding to Detector in AWS GuardDuty. |
| 6 | List Threat Intel Sets | Get all the Threat Intel Sets corresponding to Detector in AWS GuardDuty. |
| 7 | Get Findings Information | Get Details about the Findings corresponding to Detector in AWS GuardDuty. |
| 8 | Get Detector Details | Get Details about the Detectors in AWS GuardDuty. |
| 9 | Get Filter Details | Get Details about the Filters corresponding to Detector in AWS GuardDuty. |
| 10 | Get IpSet Details | Get Details about the IpSets corresponding to Detector in AWS GuardDuty. |
| 11 | Get ThreatIntelSet Details | Get Details about the ThreatIntelSets corresponding to Detector in AWS GuardDuty. |
| 12 | Get Publishing Destination Details | Get Details about the Publishing Destination corresponding to Detector in AWS GuardDuty. |
Steps to use AWS GuardDuty on the Gathr Analytics:
The user needs to follow the below steps:
- The user needs to upload the GuardDuty App on the Gathr Analytics and in return it will auto-register all the python scripts on the Gathr Analytics.
- The user needs to right click on the floor and needs to go to the Scripts->Operations-> AWS GuardDuty.
- It will expose all the scripts operations here and the user can run any operation of his/her choice.
If you have any feedback on Gathr documentation, please email us!