AWS GuardDuty
Incident Management is now generally available! Incident Management is now generally available!

AWS GuardDuty

Crawler Crawler

Overview

Datadog integrates with AWS GuardDuty via a Lambda function that ships GuardDuty findings to Datadog’s Log Management solution.

Setup

Log Collection

Enable GuardDuty logging

  1. Create a new rule in Cloudwatch with the GuardDuty Finding Event type:

    aws gd 1

  2. If you haven’t already, set up the Datadog log collection AWS Lambda function.

  3. Once the Lambda function is created, define the Datadog Lambda function as the target:

    aws gd 2

  4. Save your rule.

Send your Logs to Datadog

  1. If you haven’t already, set up the Datadog log collection AWS Lambda function.

  2. After setting up the Lambda function, add GuardDuty as a trigger by choosing CloudWatch Events as a trigger and creating a GuardDutyRule:

    aws gd 3

  3. Once done, visit your Datadog Log section to start exploring your logs!

edit Edit

On this Page