GuardDuty Detector Disabled

Query id: a25cd877-375c-4121-a640-730929936fac
Query name: GuardDuty Detector Disabled
Platform: CloudFormation
Severity: Medium
Category: Observability
URL: Github

Description¶

Make sure that Amazon GuardDuty is Enabled
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Postitive test num. 1 - yaml file

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  mydetector3:
    Type: AWS::GuardDuty::Detector
    Properties:
        Enable: False
        FindingPublishingFrequency: FIFTEEN_MINUTES

Postitive test num. 2 - json file

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "mydetector4": {
      "Properties": {
        "Enable": false,
        "FindingPublishingFrequency": "FIFTEEN_MINUTES"
      },
      "Type": "AWS::GuardDuty::Detector"
    }
  }
}

Code samples without security vulnerabilities¶

Negative test num. 1 - yaml file

Negative test num. 2 - json file

n>

AWSTemplateFormatVersion: "2010-09-09" >Resources: mydetector: Type: AWS::GuardDuty::Detector Properties: Enable: True FindingPublishingFrequency: FIFTEEN_MINUTES n>{ "document": [ { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "mydetector2": { "Properties": { "Enable": true, "FindingPublishingFrequency": "FIFTEEN_MINUTES" }, "Type": "AWS::GuardDuty::Detector" } }, "id": "f63e21c6-c58e-45cf-b7b4-6b548d9f7674", "file": "C:\\Users\\pedrom\\Desktop\\Data\\yaml\\yaml.yaml" } ] class="p">}