InboundCloud Platforms

AWS GuardDuty + Alert24

Stream events from AWS GuardDuty into Alert24 to correlate changes with incidents and shorten time to resolution.

Start Free Trial See Pricing

Receive AWS GuardDuty threat detection findings via SNS/EventBridge.

Auto-detected payloads

Alert24 recognizes AWS GuardDuty webhooks out of the box and maps fields to incidents automatically.

On-call routing & escalations

Page the right engineer over SMS, voice, push, email, or chat with policy-driven escalations.

Auto-updating status pages

Promote incidents to a public or private status page with one click and keep customers informed.

Change correlation & AI RCA

Recent deploys, infra updates, and feature flag flips surface alongside the incident for faster root cause.

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for AWS GuardDuty.

Configure AWS GuardDuty

Add the webhook URL in your AWS GuardDuty settings.

Auto-Detected

Alert24 auto-detects AWS GuardDuty payloads and maps them to incidents.

Step-by-Step Setup Instructions

AWS GuardDuty Webhook Setup

1.Create an SNS Topic in AWS for GuardDuty findings

2.In EventBridge, create a rule matching GuardDuty finding events

3.Set the target to your SNS topic

4.Add an HTTPS subscription to the SNS topic using the webhook URL above

5.Confirm the subscription when you receive the confirmation request

Example Webhook Payload

This is a sample payload that AWS GuardDuty sends to Alert24 when an alert fires.

{
  "version": "0",
  "source": "aws.guardduty",
  "detail-type": "GuardDuty Finding",
  "detail": {
    "schemaVersion": "2.0",
    "accountId": "123456789012",
    "region": "us-east-1",
    "type": "UnauthorizedAccess:EC2/MaliciousIPCaller.Custom",
    "title": "EC2 instance i-0abcd1234 is communicating with a known malicious IP",
    "severity": 8,
    "resource": {
      "resourceType": "Instance",
      "instanceDetails": {
        "instanceId": "i-0abcd1234"
      }
    }
  }
}