Amazon GuardDuty Tester
#Network & Cloud#Cloud Security
A cloud security solution that provides agentless application mapping and vulnerability prioritization based on business impact across cloud environments.
Scripts and Guidance for Generating Amazon GuardDuty Findings
This repository contains scripts and guidance that can be used as a proof-of-concept to generate Amazon GuardDuty findings related to actual AWS resources.
There are multiple tests available for various findings
There are several tests that can be performed either on their own or in combination, depending on the specific results you are looking to obtain.
These scripts do not generate examples for every possible GuardDuty finding type, but they are helpful
These scripts do not create examples for every type of GuardDuty finding. However, they offer valuable insights that can help you understand how to view and respond to GuardDuty findings related to the resources that are deployed in your environment.
It is advised to deploy these tests in a non-production environment
It is recommended that these tests be carried out in a non-production account. This method ensures that the results produced by these tests can be easily recognized. Additionally, the permissions necessary for deploying these tests are quite extensive, and utilizing a non-production account helps to restrict these permissions to an environment where their potential impact is minimized.
Tests Available in This Repository
This repository includes the following tests: Findings related to EC2 instances and Malware protection; Findings concerning EKS clusters on EC2, which make use of Kubernetes Audit Logs and EKS Runtime protection; and the generation of findings related to EC2 instances and Malware protection.
