GuardDuty & InsightIDR

Achieve Unmatched Visibility of Your Cloud Environment

Amazon GuardDuty is a continuous security monitoring service that analyzes AWS logs to detect potentially unauthorized, malicious activity. This includes events such as privilege escalation, misuse of credentials, and communication with malicious URLs. Rapid7 InsightIDR empowers you to detect intruders earlier in the attack chain with advanced user behavior analytics (UBA), giving you the SIEM you always wanted. By integrating Amazon GuardDuty with InsightIDR, you will be able to investigate GuardDuty alerts more comprehensively, create dashboards and reports using GuardDuty data to operationalize your AWS security, and contextualize and triage InsightIDR alerts. The result? Unmatched visibility of your cloud environment.

Why use the cloud over on-premise computing? You gain the ability to instantaneously change the entire makeup of your infrastructure. There’s just one catch—the challenge of securing your environment to keep pace with the speed of the cloud. By using the powerful combination of Amazon GuardDuty and Rapid7 InsightIDR, you are able to spot misconfigurations in your cloud and get alerted to malicious user activity more efficiently than ever before.

How It Works

1. Begin operating Amazon GuardDuty
2. Create an event source within InsightIDR to start ingesting logs
3. GuardDuty logs will now be stored within InsightIDR log search
4. Use built-in dashboards in InsightIDR to investigate GuardDuty findings