Fortinet Document Library

Version:


Table of Contents

Related Videos

sidebar video

Integrating FortiGate with AWS GuardDuty

  • 1,242 views
  • 2 years ago
6.0.0
Copy Link

Populating threat feeds with GuardDuty

AWS GuardDuty is a managed threat detection service that monitors malicious or unauthorized behaviors/activities related to AWS resources. GuardDuty provides visibility of logs called "findings", and Fortinet provides a Lambda script called "aws-lambda-guardduty", which translates feeds from AWS GuardDuty findings into a list of malicious IP addresses in an S3 location, which a FortiGate can consume as an external threat feed after being configured to point to the list's URL. To use this feature, you must subscribe to GuardDuty, CloudWatch, S3, and DynamoDB.

This feature is available with FortiOS 6.0.0+. See Setting up the FortiGate(s).

Installing and configuring GuardDuty requires knowledge of:

  • CLI
  • AWS Lambda function, DynamoDB, S3 bucket, and IAM
  • Node.js

The Lambda script is available to download on GitHub.

Related Videos

sidebar video

Integrating FortiGate with AWS GuardDuty

  • 1,242 views
  • 2 years ago

Populating threat feeds with GuardDuty

AWS GuardDuty is a managed threat detection service that monitors malicious or unauthorized behaviors/activities related to AWS resources. GuardDuty provides visibility of logs called "findings", and Fortinet provides a Lambda script called "aws-lambda-guardduty", which translates feeds from AWS GuardDuty findings into a list of malicious IP addresses in an S3 location, which a FortiGate can consume as an external threat feed after being configured to point to the list's URL. To use this feature, you must subscribe to GuardDuty, CloudWatch, S3, and DynamoDB.

This feature is available with FortiOS 6.0.0+. See Setting up the FortiGate(s).

Installing and configuring GuardDuty requires knowledge of:

  • CLI
  • AWS Lambda function, DynamoDB, S3 bucket, and IAM
  • Node.js

The Lambda script is available to download on GitHub.