GuardDuty Detector Disabled

  • Query id: a25cd877-375c-4121-a640-730929936fac
  • Query name: GuardDuty Detector Disabled
  • Platform: CloudFormation
  • Severity: Medium
  • Category: Observability
  • URL: Github

Description

Make sure that Amazon GuardDuty is Enabled
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
  mydetector3:
    Type: AWS::GuardDuty::Detector
    Properties:
        Enable: False
        FindingPublishingFrequency: FIFTEEN_MINUTES
Postitive test num. 2 - json file
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "mydetector4": {
      "Properties": {
        "Enable": false,
        "FindingPublishingFrequency": "FIFTEEN_MINUTES"
      },
      "Type": "AWS::GuardDuty::Detector"
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Resources:
    mydetector:
      Type: AWS::GuardDuty::Detector
      Properties:
          Enable: True
          FindingPublishingFrequency: FIFTEEN_MINUTES
Negative test num. 2 - json file
{
  "document": [
    {
      "AWSTemplateFormatVersion": "2010-09-09",
      "Resources": {
        "mydetector2": {
          "Properties": {
            "Enable": true,
            "FindingPublishingFrequency": "FIFTEEN_MINUTES"
          },
          "Type": "AWS::GuardDuty::Detector"
        }
      },
      "id": "f63e21c6-c58e-45cf-b7b4-6b548d9f7674",
      "file": "C:\\Users\\pedrom\\Desktop\\Data\\yaml\\yaml.yaml"
    }
  ]
}