AWS-014 Amazon Web Services (AWS)

Amazon GuardDuty is enabled.

Amazon GuardDuty is enabled.

Domain
Amazon Web Services (AWS)
Area
Logging
Automated / manual
Automated

Risk if it fails

No threat detection = slow or no response.

GuardDuty spots things like credential theft and crypto-mining. Without it, malicious behaviour runs for weeks before anyone notices the bill or the breach.

How Tess tests it

1 test — each concludes only on cited evidence.

Amazon GuardDuty is enabled.

Automated
Procedure
Confirm a detector exists and is enabled in each active region.

Read-only command 

aws guardduty list-detectors
aws guardduty get-detector --detector-id <id>

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-003 Root account is not used for day-to-day activity. AWS-004 Strong IAM password policy is enforced.

Want Tess to test AWS-014 against your evidence?

Book a demo