AWS GuardDuty integration with Incident Response

AWS GuardDuty integration is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

What does Incident Response offer AWS GuardDuty users?

Use AWS GuardDuty integration to send GuardDuty alerts to Incident Response.

Incident Response acts as a handler for these alerts and determines the right people to notify based on escalation policies, previously provided points of contact, and on-call schedules. Users are notified based on their notification preferences. Alerts are escalated until they are acknowledged or closed.

Functionality of the integration

Whenever any new finding is created by AWS GuardDuty, an alert is created on the Lightstep Incident Response.