amazon-guardduty-tester
amazon-guardduty-tester copied to clipboard
awslabs
This script is used to generate some basic detections of the GuardDuty service
Changing instance-types to T3/M5 to support deployments in af-south-1 and newer regions where legacy instance classes are not available.
Instructions in README.md require use of NetCat with ProxyCommand ("ProxyCommand ssh bastion nc %h %p") this no longer works on the bastion host and results in an error. [bash: nc ...
Hi Team, I have setup the environment which you suggested in README file and ran the script but unable to generate portprobe alerts. here is the script output ``` *****************************************************************************************************...
I would like the ability to generate one type of finding using the script, ideally passed on the command line.
I've used the guardduty-tester.template for creating cloud formation stack and enabled guardduty on the same region. When I run $ ./guardduty_tester.sh from tester instance only **Recon:EC2/Portscan** finding is generated by...
The documentation is missing the step where the scripts are run from the bastion host. It's kind of implied in the README, but I had to look through the script...
The stack creation failed, since CloudFormation was not authorized to use "ami-3204995d" for the windows instance in eu-central-1. Probably all windows amis are not available anymore in all regions.
add to the end of the RedTeam Instance UserData sleep 300; cd /home/ec2-user/; ./guardduty_tester.sh\n
Running the template, I encountered a failure in CloudFormation-Stack because it failed to create `BastionAutoScalingGroup`. The error was `Received 0 SUCCESS signal(s) out of 1. Unable to satisfy 100% MinSuccessfulInstancesPercent...
Is there any appetite to transition away from using SSH to get to the red team box, and instead use SSM to connect?
