Fortinet black logo

AWS Administration Guide

Testing the setup

Copy Link
Copy Doc ID 9e3b59dc-ba0b-11e9-a989-00505692583a:492889
Download PDF

Testing the setup

When all services have been created and configured properly, execute this simple test to verify your work.

  1. Create and run the test event from the Lambda function:
    1. From the Test Event dropdown list, select Configure test events.
    2. Select Create new test event to add a test event with the content as the code snippet below.

      {

      "id": "fa9fa4a5-0232-188d-da1c-af410bcfc344",

      "detail": {

      "service": {

      "serviceName": "guardduty",

      "action": {

      "networkConnectionAction": {

      "connectionDirection": "INBOUND",

      "remoteIpDetails": {

      "ipAddressV4": "192.168.123.123"

      }

      }

      },

      "additionalInfo": {

      "threatListName": "GeneratedFindingThreatListName">

      },

      "eventLastSeen": "2018-07-18T22:12:01.720Z"

      },

      "severity": 3

      }

      }

    3. From the Test Event dropdown list again, select the event you have just created, then click Test to execute this Lambda function with the given event.
  2. Verify the test result.
    1. If everything was set up correctly, you will see Execution result: succeeded on the top of the page of this Lambda function.
    2. Check and see a record with finding_id - fa9fa4a5-0232-188d-da1c-af410bcfc344 and ip - 192.168.123.123 is in the DynamoDB table - my-aws-lambda-guardduty-db.
    3. Check and see the file ip_blocklist resides in the S3 bucket my-aws-lambda-guardduty.
    4. Check that the ip_blocklist file has a Read object permission for Everyone under the Public access section.
    5. Check that the ip_blocklist is accessible through its link in browser (e.g. https://s3-us-east-1.amazonaws.com/***my-aws-lambda-guardduty***/ip_blocklist)
    6. Check that the ip_blocklist file contains 192.168.123.123 in a single line in its content.

Testing the setup

When all services have been created and configured properly, execute this simple test to verify your work.

  1. Create and run the test event from the Lambda function:
    1. From the Test Event dropdown list, select Configure test events.
    2. Select Create new test event to add a test event with the content as the code snippet below.

      {

      "id": "fa9fa4a5-0232-188d-da1c-af410bcfc344",

      "detail": {

      "service": {

      "serviceName": "guardduty",

      "action": {

      "networkConnectionAction": {

      "connectionDirection": "INBOUND",

      "remoteIpDetails": {

      "ipAddressV4": "192.168.123.123"

      }

      }

      },

      "additionalInfo": {

      "threatListName": "GeneratedFindingThreatListName">

      },

      "eventLastSeen": "2018-07-18T22:12:01.720Z"

      },

      "severity": 3

      }

      }

    3. From the Test Event dropdown list again, select the event you have just created, then click Test to execute this Lambda function with the given event.
  2. Verify the test result.
    1. If everything was set up correctly, you will see Execution result: succeeded on the top of the page of this Lambda function.
    2. Check and see a record with finding_id - fa9fa4a5-0232-188d-da1c-af410bcfc344 and ip - 192.168.123.123 is in the DynamoDB table - my-aws-lambda-guardduty-db.
    3. Check and see the file ip_blocklist resides in the S3 bucket my-aws-lambda-guardduty.
    4. Check that the ip_blocklist file has a Read object permission for Everyone under the Public access section.
    5. Check that the ip_blocklist is accessible through its link in browser (e.g. https://s3-us-east-1.amazonaws.com/***my-aws-lambda-guardduty***/ip_blocklist)
    6. Check that the ip_blocklist file contains 192.168.123.123 in a single line in its content.