Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

More Links

AWS Lambda script for feeding GuardDuty findings to an S3 bucket

Resources

Upgrade Path Tool

AWS Cookbook

6.2.0
Download PDF
Copy Link

Populating threat feeds with GuardDuty

AWS GuardDuty is a managed threat detection service that monitors malicious or unauthorized behaviors/activities related to AWS resources. GuardDuty provides visibility of logs called "findings", and Fortinet provides a Lambda script called "aws-lambda-guardduty", which translates feeds from AWS GuardDuty findings into a list of malicious IP addresses in an S3 location, which a FortiGate-VM can consume as an external threat feed after being configured to point to the list's URL. To use this feature, you must subscribe to GuardDuty, CloudWatch, S3, and DynamoDB.

Installing and configuring GuardDuty requires knowledge of:

  • CLI
  • AWS Lambda function, DynamoDB, S3 bucket, and IAM
  • Node.js

The Lambda script is available to download on GitHub.

More Links

Resources

Populating threat feeds with GuardDuty

AWS GuardDuty is a managed threat detection service that monitors malicious or unauthorized behaviors/activities related to AWS resources. GuardDuty provides visibility of logs called "findings", and Fortinet provides a Lambda script called "aws-lambda-guardduty", which translates feeds from AWS GuardDuty findings into a list of malicious IP addresses in an S3 location, which a FortiGate-VM can consume as an external threat feed after being configured to point to the list's URL. To use this feature, you must subscribe to GuardDuty, CloudWatch, S3, and DynamoDB.

Installing and configuring GuardDuty requires knowledge of:

  • CLI
  • AWS Lambda function, DynamoDB, S3 bucket, and IAM
  • Node.js

The Lambda script is available to download on GitHub.