Amazon GuardDuty Playbook

As a starting point for a variety of Use Cases, the Alert Processing – Amazon GuardDuty playbook template enables the ingestion and processing of findings from Amazon GuardDuty into ThreatConnect. The Playbook is triggered each time a new Finding is generated by a GuardDuty Detector. The Finding details and context are saved as a Case and the relevant Indicators are parsed and saved as Artifacts. The Amazon GuardDuty Service app is required to be installed and configured prior to activating this Playbook.

This Playbook template can be found in the ThreatConnect app catalog under the name: Alert Processing – Amazon GuardDuty

Categories:

ThreatConnect

Amazon GuardDuty Playbook

Developers

Company

Categories:

ThreatConnect

Amazon GuardDuty Playbook

Related Playbooks

Devo

SIEM and Analytics

Elastic Security

SIEM and Analytics

ElasticSearch

SIEM and Analytics

Developers

Company