< Back to rules searchAWS GuardDuty detector deleted
Set up the cloudtrail integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Overview
Goal
Detect when an attacker is trying to evade defenses by deleting a GuardDuty detector.
Strategy
This rule lets you monitor this CloudTrail API call to detect if an attacker is deleting a GuardDuty Detector:
Triage & Response
- Determine which user in your organization owns the API key that made this API call.
- Contact the user to see if they intended to make this API call.
- If the user did not make the API call:
- Rotate the credentials.
- Investigate if the same credentials made other unauthorized API calls.