To ingest AWS GuardDuty to Defense.com via CloudTrail you must first integrate CloudTrail into Defense.com.
Log into the AWS Management Console - GuardDuty service
If GuardDuty isn’t already enabled, click Get started.
Click Enable GuardDuty to activate the service.
A notification on the Summary page will show confirmation that you've successfully enabled GuardDuty.
Once enabled, GuardDuty automatically begins analysing data from supported sources, such as.
CloudTrail Events: GuardDuty uses CloudTrail management and data events (if configured) to detect suspicious activity.
VPC Flow Logs: It analyses network traffic logs if they’re available.
DNS Logs: It examines DNS request patterns for potential threats.
Other Data Sources: Depending on your AWS setup, it may also integrate with services like S3 data events if enabled.
That's it! 🎉 You've integrated AWS GuardDuty logs and alerts into Defense.com.