Configure the webhook in AWS GuardDuty
Subscribe your endpoint webhook to a topic so that the endpoint receives messages published to that topic.
Before you begin
Ensure you have an account in AWS and have created a topic.
Role required: Responder, Manager, or Administrator
About this task
Note: While this integration with a third-party product is
supported, the documentation here is based upon information provided by that third-party.
More current information about the operation of that third-party’s system may be available
from them directly.
Procedure
What to do next
Create Rule in EventBridge and add SNS Topic as a Target.
- Navigate to .
- On the left navigation pane, select .
- In the Rules section, click Create rule.
- In the Name field, enter the name of the rule.
- Ensure Rule type is Rule with an event pattern.
- Click Next.
- Ensure Event Source is AWS events or EventBridge partner events.
- In the Event Pattern section, do the following:
- Select Event Source as AWS services.
- Select AWS Service as GuardDuty.
- Select Event type as GuardDuty Findings.
If you want to make any changes to the Event pattern, click Custom patterns (JSON editor).
- Click Next.
- Under Target types, select AWS service.
- Under Select a target, select SNS topic.
- Under Topic, select the topic for which you have created the subscription.
- Click Next and then click Create
Rule.
GuardDuty findings are automatically sent to EventBridge. Depending on the rules, EventBridge will filter out the findings coming from GuardDuty and forward them to create alerts in Incident Response via SNS.