Setting up CloudWatch
In this section, a CloudWatch event rule is created to invoke the Lambda function based on events happening in GuardDuty findings. If you have not subscribed to GuardDuty yet, you must subscribe to it before moving on. For information about GuardDuty, see Amazon GuardDuty.
To create a new event rule:
- For Event Source, choose Event Pattern, and select Events by Service from the dropdown list.
- For Service Name, select GuardDuty from the dropdown list.
- For Event Type, select GuardDuty Finding from the dropdown list.
- Check that the Event Pattern Preview looks like the following code snippet:
{
"source": [
"aws.guardduty"
],
"detail-type": [
"GuardDuty Finding"
]
}
- For the targets, click Add Target* and select Lambda function from the dropdown list.
- For the Function, select the Lambda function you created from the dropdown list.
- Click Configure rule details.
- Name the rule as desired.
- For State, select the Enabled checkbox.
- Click Create Rule.