コンテンツにスキップ

GuardDuty

By enabling the GuardDuty data source, you can collect the results analyzed by GuardDuty in AWS.

What is GuardDuty?
  • AWS GuardDuty is a security service for threat detection provided by AWS.
  • Refer to the official documentation for the supported services in GuardDuty.

Format

When importing data to RISKEN, the following metadata is added:

Field Description
DataSource aws:guard-duty (fixed)
ResourceName GuardDuty Finding ARN
Description Description
Score See Scoring in GuardDuty documentation
Tag aws guard-duty {type} {account ID}

Scoring

GuardDuty has a default scoring based on Severity (1.0 to 10.0). Therefore, this value is standardized to RISKEN's scoring range of 0.0 to 1.0 and imported.

graph TD A[Start] --> B{{Active status?}}; B -->|NO| C[Score: 0.1]:::low; B -->|YES| D[Score: <Severity>]:::unknown; classDef unknown fill:#FFFFFF,stroke:#BDBDBD,stroke-width:4px; classDef low fill:#FFFFFF,stroke:#4DB6AC,stroke-width:4px;