Contribution Proposal: Automating Incident Response with GuardDuty #7
Comments
|
I would be interested in seeing this CFN if you are willing to share. |
|
Please share if it is fine by you. |
|
Oh sorry, I didn't see these responses. Yes, let me share it here next week. Thanks for responding. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I have a solution that takes incidents in GuardDuty, fed into CloudWatch Events and using an Event Rule, triggers an SNS notification and fires a Lambda function that drops a ring fence security group around the instance and tags it as quarantined. This is based on a session that I have been running with AWS customers in ANZ and the feedback has been positive. I use the session to highlight some other nice features in CloudWatch Events, such as applying transforms and customizing SNS messages based on the JSON input received in the event and filtering options when creating CloudWatch Events rules for GuardDuty events.
I've been working with a colleague who has packaged this up into a CloudFormation template, and we've also incorporated the high-level design schematic that I use in the aforementioned presentation.
We'd like to contribute this solution to this repository, as it seems like the most logical home for it.
Please let me know if you need additional information, files, etc.
The text was updated successfully, but these errors were encountered: