Back to All Checks
High GuardDuty Regional

GuardDuty Runtime Monitoring should be enabled

FSBP

Description

This control checks whether GuardDuty Runtime Monitoring is enabled. For a standalone account, the control fails if GuardDuty Runtime Monitoring is disabled. In a multi-account environment, the control fails if the delegated GuardDuty administrator account and all member accounts do not have Runtime Monitoring enabled. GuardDuty Runtime Monitoring observes and analyzes operating system-level, networking, and file events to detect potential threats in specific AWS workloads. It utilizes GuardDuty security agents to provide visibility into runtime behavior, including file access, process execution, command line arguments, and network connections.

Remediation

To enable GuardDuty Runtime Monitoring, you need to configure the Runtime Monitoring settings in GuardDuty.

Steps

  1. Navigate to the Amazon GuardDuty console
  2. Go to 'Settings' in the left navigation
  3. Select 'Runtime Monitoring'
  4. Enable 'Runtime Monitoring'
  5. Configure security agents for your workloads
  6. Set up monitoring for EKS clusters and EC2 instances
  7. Save the configuration
  8. Verify that Runtime Monitoring is active

Compliance

FSBP
Start Your Free Security Check