Skip to content
This repository has been archived by the owner on Jun 2, 2022. It is now read-only.

InteractorOSS/aws-guardduty

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.json
config.json
 
 

Repository files navigation

Summary

Extract data from AWS Guard Duty

API AutoFlow Version:

Configuration config.json was created using AutoFlow version 0.2.5# Storing data:

Need help?

Is you have questions about this example, feel free to post your question on the community "Ask Questions" website.

Extracting data from AWS Guard Duty:

Step 1. Create flow

  • Create an HTTP Server
  • Create an endpoint
    • NOTE: under properties the method must be GET
  • From the right panel, press Action tab -> Service -> Aws, Drag and drop action REST to the end of the flow
  • From the right panel, press Action tab -> Service -> Aws, drag and drop another action REST to the end of the flow
  • From the right panel, press Action tab -> json, Drag and drop decode to the end of the flow

Step 2. Get Guard Duty Issues List

Service/Aws/Rest Action

This action extracts just the issues list from AWS Guard Duty by using the API /detector/detector_id/findings

Properties:

  • service: guardduty
  • method: POST
  • path: /detector/your-detectorId/findings
  • action:
  • parameters:
  • body:
  • string
  • region: us-west-2
  • access-key-id: your-aws-secret-access-key
  • secret-access-key: your-aws-access-key-id
  • se-mock-result:
  • mock-result:

Output:

  • output-location: result

How to get access-key-id and secret-access-key https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/

Guard Duity Actions https://docs.aws.amazon.com/guardduty/latest/APIReference/API_GetFindings.html

Step 3. Get Guard Duty Issues Lists

Using the Guard Duty issues list from the previous step, this action retrieves the details of each issue by using the API /detector/detector_id/findings/GET. Note that this API takes in the issues list in the request body (which was obtain from previous action). The output is stored back into the variable result.

  • service: guardduty
  • method: POST
  • path: /detector/your-detectorId/findings/get
  • action:
  • parameters:
  • body: [R][S] result
  • string
  • region: us-west-2
  • access-key-id: your-aws-secret-access-key
  • secret-access-key: your-aws-access-key-id
  • se-mock-result:
  • mock-result:

Output:

  • output-location: result

Step 4. Decode Data for easier access

Json/decode

Properties:

  • json: drag drop the result body from right data panel

Output:

  • At-location: drag and drop the response body from the right panel

AWS Guard Duty API reference

https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListFindings.html

About

No description or website provided.

Topics

aws guardduty

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 1

v1.0.0 Latest
Sep 6, 2021

Packages

No packages published