![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
The AWS GuardDuty integration enables Adoptech to automatically collect threat detection findings from your AWS environment.
Once connected, Adoptech imports GuardDuty findings and uses them to provide evidence for security monitoring, threat detection, incident identification, and ongoing compliance monitoring activities.
This integration helps organisations:
- Continuously monitor AWS environments for threats
- Demonstrate active security monitoring
- Provide automated audit evidence
- Support ISO 27001, SOC 2 and NIST 800-53 compliance activities
- Track security findings over time
Prerequisites
Before configuring the integration, ensure you have:
- An active AWS account
- AWS GuardDuty enabled in the target AWS account
- AWS administrative permissions
- Permission to create IAM roles
What Data We Collect
Once connected, Adoptech retrieves read-only information from AWS GuardDuty, including:
- GuardDuty findings
- Finding severity levels
- Finding types
- Affected AWS resources
- Detection timestamps
- AWS account information
- Finding status
Adoptech does not modify your AWS environment or GuardDuty configuration.
What We Use the Data For
The imported findings are used to:
- Verify threat detection capabilities are operating
- Demonstrate continuous monitoring activities
- Provide audit evidence
- Support security investigations
- Generate compliance reports
Before you get started you will need:
The following configuration items are required to integrate AWS GuardDuty with Adoptech:
- AWS API access key
- AWS API secret key
- AWS API region
- AWS GuardDuty detector id
Can I use the same API key for all of my AWS integrations?
You may find this article useful to determine whether it would be beneficial to have a single AWS account or multiple accounts for the various AWS services. It also describes how to set up AWS access permissions.
Where can I find my AWS GuardDuty detector id?
The AWS GuardDuty detector id can be found on your GuardDuty settings page.
How do I set up user permissions to access the GuardDuty API?
There are 2 ways to configure user permissions to access the GuardDuty API:
- Set the user as the delegated administrator and grant permissions to configure and access GuardDuty data:
- Grant some user read-only permissions to read GuardDuty data:
-
- Open the IAM console and select the user
- Click on “Add Permissions/Attach policies directly”
- Search for “GuardDuty” and add “AmazonGuardDutyReadOnlyAccess” policy to the user.
- Open the IAM console and select the user
Setting up the integration of AWS GuardDuty with Adoptech
- Go to the Apps and Integrations page in the Adoptech portal.
- On the Apps and Integrations page, find Guard Duty and click Get Started and Connect:
- Enter the credentials and select Connect
- Once Connected you will be shown a list of available tests and be able to enable appropriate tests for your business
How the Integration Works
Adoptech securely assumes the IAM role using AWS cross-account access.
GuardDuty findings are retrieved on a scheduled basis and mapped to compliance controls and evidence records.
All collected information is stored as audit evidence and may be linked to controls, checks, and tests within the Adoptech platform.
Security & Data Privacy
The AWS GuardDuty integration uses read-only access.
Adoptech:
- Cannot modify GuardDuty settings
- Cannot remediate findings
- Cannot make changes within your AWS environment
All data is encrypted in transit and at rest.
Need Help?
If you require assistance configuring AWS GuardDuty, contact:
support@adoptech.co.uk or open a chat