Back to All Checks
Medium GuardDuty Regional

GuardDuty EC2 Runtime Monitoring should be enabled

FSBP

Description

This control checks whether the Amazon GuardDuty automated security agent is enabled for runtime monitoring of Amazon EC2 instances. For a standalone account, the control fails if the security agent is disabled for the account. In a multi-account environment, the control fails if the security agent is disabled for the delegated GuardDuty administrator account and all member accounts. GuardDuty Runtime Monitoring observes and analyzes operating system-level, networking, and file events to help detect potential threats in specific AWS workloads within your environment. It utilizes GuardDuty security agents that provide visibility into runtime behavior, such as file access, process execution, command line arguments, and network connections.

Remediation

To enable GuardDuty EC2 Runtime Monitoring, you need to configure the EC2 Runtime Monitoring settings in GuardDuty.

Steps

  1. Navigate to the Amazon GuardDuty console
  2. Go to 'Settings' in the left navigation
  3. Select 'Runtime Monitoring'
  4. Enable 'EC2 Runtime Monitoring'
  5. Configure security agents for EC2 instances
  6. Set up monitoring for EC2 workloads
  7. Save the configuration
  8. Verify that EC2 Runtime Monitoring is active

Compliance

FSBP
Start Your Free Security Check