AWS GuardDuty Threat Detection Service

 Amazon guard-duty could be a managed service that will threat detection showing the intelligence to safeguard the AWS accounts and workloads. It ceaselessly monitors for malicious or unwanted activities sort of a port scan, unauthorized penetration takes a look at etc. guard duty detects surprising behavior within the AWS atmosphere and generates notifications referred to as Findings that details the underlying security issue. AWS GuardDuty collects its inputs from 3 log streams. VPC Flow Logs, DNS logs, and CloudTrail events. Also, It will associate one AWS account with another account in order that you'll be able to read and manage their guard duty Findings on their behalf.

About the Experiment

I have added my laptop’s public informatics address to the AWS GuardDuty’s Threat list. Then I attempted to access AWS console associate degreed did an SSH to at least one of the EC2 instances of the AWS account, assumptive that guard duty will discover it. And it did it on behalf of me !!!

Configuration

Create a file associate degreed add the “attacker” informatics address ( you'll be able to add multiple informatics addresses/CIDRs in every line) and transfer to an S3 Bucket. I actually have used file1.txt and uploaded to a bucket only-50, thereby uniform resource locator of the file s3://tly-50/file1.txt. ( I actually have hidden 1st 2 octets of the informatics address, however, you've got to put in writing in full)
2) Enable AWS guard duty by following screenshots below








3) In the guard duty console click “Lists” and then “Add a threat list” like below



4) Create the threat list like below and add List Name, Location, and Format.



5) Make sure that List is activated. Now you are ready for testing



Testing the Setup

6) Login to AWS web Console from your the system whose IP address was listed within the threat list. Then you are trying to try to SSH to at least one of the EC2 instances within the AWS account. These are the 2 activities guard duty is predicted to notice.

7)After many minutes click the Findings. allow us to see the EC2 access Finding



8) Now let us see how the AWS web console access is detected by GuardDuty.




Conclusion

AWS guard duty can detect and report malicious activities in the AWS account and workload. This is a managed service which identifies and reports undesired activities to the administrator. We have configured guard duty for threat detection and tested how it works.

Facebook
Twitter
Linkedin
Pinterest
Google+
Youtube

Altf9 Technology Solutions Pvt.Ltd
5/181, J4A Third Floor
Periyar Street, Medavakkam
Chennai, India
Pincode:600100.

  INDIA: +91 8056005901

  USA: +1 (845) 576-5295

  Australia : +61291880753

  info@altf9.in




Comments

Post a Comment

Popular posts from this blog

AWS EFS vs EBS vs S3 (difference,price & use)

Image
AWS EFS vs EBS vs S3 (difference,price & use) S3vsEBSvsEFG EFS May not nonetheless be out there in each region It may have a lot of latency More options however at the next value The regions it's out there, there you'll decide it as extremely out there service It is potential to connect EFS storage to associate degree EC2 Instance Multiple instances will access it at the same time (EC2) Now it's potential to connect your EFS storage on to on-premise servers via Direct Connect Accessible via many EC2 machines and AWS services Web and classification system interface Object storage Scalable Faster than S3, slower than EbS Amazon EFS pricing: $0.30 GB-month ($6.00 per provisioned MB/s-month) EBS  Think of it as block storage. this suggests you're able to opt for which sort of classification system you wish. As it's block storage, you'll be able to use Raid one (or zero or 10) with multiple block storages It is extremel
Read more

How does AD DS differ from Microsoft Azure Active Directory?

Image
How does AD DS differ from Microsoft Azure Active Directory? Active Directory was introduced as a hierarchic authentication and authorization database system to interchange the file Domain system in use on NT4 and previous servers. The NT4 domain model in 2000 was straining at the seams to stay up with evolving company structures, hampered by some quite severe limitations – most of twenty six,000 objects in a very file “bucket”, solely five varieties of fixed objects whose structure (properties etc.) couldn't be modified, most size of the information of 40Mb etc. NT4 Domains additionally primarily used NetBIOS (another file, Microsoft specific system) for its name resolution. For plenty of larger organizations, this necessitated multiple domain databases with terribly restricted and sophisticated interactions between those domains. Active Directory Directory Services (just referred to as Active Directory in those days) was free with Windows Server 2000 and was primarily ba
Read more

AWS IAM securing your Infrastructure

Image
AWS IAM securing your Infrastructure The trend to move to the cloud seems to be unstoppable that raises additional and additional security concerns. AWS will be thought-about the leader within the market of cloud service suppliers. It offers quite a hundred completely different cloud services and it's employed by over a million corporations. Given such a massive volume of business, it ought to return as no surprise that AWS has its dedicated service to assist developers to keep their cloud infrastructure more secure. This service is called IAM that stands for Identity and Access Management. Although IAM makes cloud management more well-off, secure and fail-safe, there are still varied pitfalls to avoid. Root account The most dangerous entity in AWS is the root user. Why? If associate degree unauthorized person gains access thereto, they're going to be able to do something within your account no matter any configurations. No ought to make a case for, it's im
Read more