Amazon GuardDuty Playbook
As a starting point for a variety of Use Cases, the Alert Processing – Amazon GuardDuty playbook template enables the ingestion and processing of findings from Amazon GuardDuty into ThreatConnect. The Playbook is triggered each time a new Finding is generated by a GuardDuty Detector. The Finding details and context are saved as a Case and the relevant Indicators are parsed and saved as Artifacts. The Amazon GuardDuty Service app is required to be installed and configured prior to activating this Playbook.
This Playbook template can be found in the ThreatConnect app catalog under the name: Alert Processing – Amazon GuardDuty