Split GuardDuty Checks for Foundational Security into Standard GuardDuty Enabled and S3 Logging Enabled #357
Assignees
Labels
enhancement
New feature or request
Comments
|
Hey @twratl , thanks for suggestion! Looking at the control for GuardDuty.1, it recommends enabling GuardDuty in the region, but I'm not sure if it specifically mentions S3. @rajlearner17 Do you recall why we check for S3 logging? Is it based on a detail in the Config rule associated with that control? |
|
@cbruno10 @twratl After checking in detail, as suggested by @twratl, there is no need of checking S3 logging, which seems to be an additional unwanted check. I can't recall the circumstances during that time. While working 100s of compliance controls, which differ slightly in some places, we might have used this one. We will be fixing this soon for release. |
rajlearner17
added a commit
that referenced
this issue
Apr 13, 2022
…uty Enabled and S3 Logging Enabled Closes #357
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Today the check is reporting in alarm if the S3 logging is not enabled. I think it would be better to split this into 2 checks. 1 for regular GuardDuty enabled and one for S3 Logging enabled.
Describe the solution you'd like
Split 1 check into 2.
Describe alternatives you've considered
No real alternatives exist except ignoring the finding if S3 logging is not enabled but regular GuardDuty is.
Additional context
Existing logic is here.
(https://github.com/turbot/steampipe-mod-aws-compliance/blob/main/query/guardduty/guardduty_enabled.sql)
The text was updated successfully, but these errors were encountered: