AWS GuardDuty

Crawler Crawler
docs>integrations>AWS GuardDuty

Overview

Datadog integrates with AWS GuardDuty through a Lambda function that ships GuardDuty findings to Datadog’s Log Management solution.

Setup

Log collection

Enable logging

  1. Create a new rule in Cloudwatch with the GuardDuty Finding Event type:

    aws gd 1

  2. If you haven’t already, set up the Datadog log collection AWS Lambda function.

  3. Once the Lambda function is created, define the Datadog Lambda function as the target:

    aws gd 2

  4. Save your rule.

Send your logs to Datadog

  1. If you haven’t already, set up the Datadog log collection AWS Lambda function.

  2. After setting up the Lambda function, add GuardDuty as a trigger by choosing CloudWatch Events as a trigger and creating a GuardDutyRule:

    aws gd 3

  3. Once done, see the Datadog Log section to start exploring your logs!