wazuh-documentation
wazuh-documentation copied to clipboard
wazuh
Review and update AWS GuardDuty documentation
For https://github.com/wazuh/wazuh/issues/4950 , GuardDuty implementation is being reviewed to make use of native support to S3 buckets, replacing the current one which requires AWS Kinesis/Firehose/CloudWatch integration to send related logs.
Related documentation should be updated describing the necessary steps to achieve the AWS GuardDuty integration once the refactor of the module is finished.
Added Step by Step guide with images on how to enable or disable S3 Protection using guardDuty native integration.
Amazon S3 Protection
S3 Protection enables Amazon GuardDuty to monitor object-level API operations to identify potential security risks for data within your S3 buckets.
Amazon configuration native integration
Create a new S3 bucket. (If you want to use an already created one, skip this step).
-
Open AWS Guarduty console.
-
In the navigation pane, under Settings, Click on S3 Protection.
-
S3 Protection Pane list the current status of S3 protection for your account, you may enable or disable it at any time selecting Enable or Disable respectively.
-
Confirm your selection.
Issue Update
After reviewing the issue it was found that the current documentation for the Kinesis - Firehose - Cloudwatch integration follows an outdated AWS management console version and also every screenshot it's using pointers and elements that are not following our new guidelines.
Since the new AWS Management Console version includes new features integration had to be tested to guide through only the necessary specifications and parameters.
Next Steps
- [x] Update Kinesis - Firehose - Cloudwatch Step-by-Step Guide
- [x] Update Screenshots for Kinesis - Firehose - Cloudwatch integration/
- [x] Update Screenshots for Native integration.