Configuring Threat Management for AWS

Configuring Threat Management enables users to receive threat information in real time. This way, whenever a threat is detected, users will be informed about it through notification emails.

Perform the following steps to configure Threat Management in an AWS account:

1. Login and select Governance > Account Governance.
2. Browse to the account for which threat settings need to be made and click VIEW > View Settings.
3. Select Governance Configuration > SECURITY.
4. Select to expand the Threat Management section.
5. Select CONFIGURE.
   
6. On the Threat Management Configuration screen, click to select one of the following options and then click NEXT.
   • Check Existing Configuration: Select this option to check if threat management is enabled or not in Amazon GuardDuty for the selected AWS account.
   • Create New: Select this option to enable threat management for the selected account.
     
7. If selecting Create New, then fill in the following fields and click SAVE and then click FINISH.
   • Select Regions: Select the region and then click Apply. You can select multiple options.
   • Bucket Name: Type the bucket name.
   • KMS Key: Type the KMS key.
     

📘

Note:

Hover your mouse pointer over the field names to know more about the rules for defining these fields.

8. If selecting Check Existing Configuration, then in the Select Regions list, select the region, and then click Apply. You can select multiple options. Finally, click VALIDATE.
   • If the status of Guardduty is ENABLED, then click SAVE & FINISH.
   • If the status of Cloud Guard is DISABLED, then click VERIFY ACCESS step (step one) and select the Create New option.