Guard duty and vpc flow log

1.4k Views Asked by chandni mirchandani At 20 October 2024 at 08:07

We have enabled vpc flow logs which are stored in s3 bucket. We have also enabled guard duty and i see it analyze vpc logs.

Anybody have suggestions, do we still need Athena table to point to S3 bucket for analyzing logs Or guard duty is sufficient

Original Q&A

There are 2 best solutions below

alexis-donoghue On 01 June 2020 at 14:06 BEST ANSWER

It depends on what you want to achieve.

Guardduty is a detection system, it will produce findings based on its heuristics. If you are fine just with that, that would be enough.

If you expect to have to dig deeper (i.e. not only "hey, this happened", but also "what is the pattern here"), then manual analysis might be in order. I would say both things are complimentary and since you don't pay for Athena if you're not using it, have some queries prepared and run them if you can't get full picture from Guardduty.

Chris Williams On 01 June 2020 at 14:19

GuardDuty will perform threat detection based on the contents of the VPC Flow Logs. If it finds a threat it has support to attempt to remediate the security concern.

If you're looking to investigate your network traffic and debug you'll still want Athena.

Guard duty and vpc flow log

There are 2 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-VPC

Related Questions in AMAZON-GUARDDUTY

Trending Questions

Popular # Hahtags

Popular Questions