AWS GuardDuty
Receive AWS GuardDuty threat detection findings via SNS/EventBridge.
Quick Setup
Copy Webhook URL
Go to your Alert24 dashboard and copy the webhook URL for AWS GuardDuty.
Configure AWS GuardDuty
Add the webhook URL in your AWS GuardDuty settings.
Auto-Detected
Alert24 auto-detects AWS GuardDuty payloads and maps them to incidents.
Step-by-Step Setup Instructions
AWS GuardDuty Webhook Setup
Example Webhook Payload
This is a sample payload that AWS GuardDuty sends to Alert24 when an alert fires.
{
"version": "0",
"source": "aws.guardduty",
"detail-type": "GuardDuty Finding",
"detail": {
"schemaVersion": "2.0",
"accountId": "123456789012",
"region": "us-east-1",
"type": "UnauthorizedAccess:EC2/MaliciousIPCaller.Custom",
"title": "EC2 instance i-0abcd1234 is communicating with a known malicious IP",
"severity": 8,
"resource": {
"resourceType": "Instance",
"instanceDetails": {
"instanceId": "i-0abcd1234"
}
}
}
}How Alert24 Maps AWS GuardDuty Data
Status Field
detail.type
Message Field
detail.title
Auto-Create Incidents
Yes
Auto-Resolve Incidents
No
Status Mapping
| Alert24 Status | AWS GuardDuty Values |
|---|---|
| degraded | Recon: |
| down | UnauthorizedAccess:Trojan:CryptoCurrency: |
Connect AWS GuardDuty to Alert24 in minutes
Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.
More Cloud Platforms Integrations
AWS CloudWatch
InboundReceive CloudWatch alarm notifications via SNS webhook.
Azure Monitor
InboundReceive Azure Monitor alerts and log Activity Log changes to correlate infrastructure changes with incidents.
Azure Service Health
InboundReceive Azure Service Health incident, maintenance, and advisory notifications.
Azure Resource Health
InboundReceive Azure Resource Health notifications for individual resource availability.
Google Cloud Monitoring
InboundReceive Google Cloud Monitoring (formerly Stackdriver) alerts.
Google Cloud SCC
InboundReceive Google Cloud Security Command Center threat and vulnerability findings via Pub/Sub.