Published On Nov 9, 2022
In this lab, we will configure GuardDuty to generate findings and then use Security Hub to remediate those findings:
1. Amazon GuardDuty Detects Findings; AWS Security Hub Remediates those findings.
2. AWS GuardDuty - Provides automated finding generation for EC2 Malicious IP, EC2 Brute Force Attacks
3. AWS Security Hub - Automated Remediations for AWS GuardDuty Findings with AWS Security Hub Custom Actions
Custom Lambda Function:-
----
from _future_ import print_function
from botocore.exceptions import ClientError
import boto3
import json
import os
def handler(event, context):
try:
ec2 = boto3.client('ec2')
instanceID = os.environ['INSTANCE_ID']
response = ec2.stop_instances(
InstanceIds=[
instanceID,
],
)
except ClientError as e:
print(e)
return response
----
Event Rule:-
----
{
"source": ["aws.guardduty"],
"detail": {
"type": ["Recon:EC2/Portscan"]
}
}
----
If you like the video please like, comment, share and subscribe to the channel to get more updates on technical videos.
Channel Link:- https://www.youtube.com/c/Cloud4DevOp...
Join Me on the LinkedIn Group for More updates:- / 13859292
Happy Learning !!!