iLert Documentation
WebsiteAPI ReferenceLoginFree Trial
Search…
Getting Started
Core concepts
On-call schedules
Stakeholder engagement
iLert domains, ips, emails & phone numbers
FAQ
Incident comms
Getting started
Services
Incidents
Status pages
User Administration
User roles and permissions
Team-based organisation
Singe sign on
Call Routing
Getting started with call routing
Routing calls based on support hours
Voicemail only mode
Managing call routing alerts
Adding webhooks and outbound chat messages
Uptime & Heartbeat Monitors
Uptime Monitoring
Heartbeat Monitoring
REST API
iLert REST API
API Version History
Rate Limiting
Client Libraries
Terraform
API Samples
Developing iLert Apps
Integrations
Amazon CloudWatch Integration
Amazon EventBridge Integration
Amazon SNS Integration
Azure Alerts Integration
API Fortress Integration
AppDynamics Integration
AppSignal Integration
AWS Budget Integration
AWS GuardDuty Integration
AWS Lambda Integration
AWS Personal Health Dashboard Integration
Autotask Integration
Auvik Integration
Azure Function Integration
Checkmk Integration
Cisco Webex
Cloudflare Integration
Connectwise Manage Integration
Cortex XSOAR (formerly Demisto) Integration
CrowdStrike Integration
Datadog Integration
Discord Integration
DingTalk Integration
Dynatrace Integration
Email Integration
Email Outbound Integration
FreshService Integration
GitHub Integration
GitLab Integration
Google Cloud Function Integration
Google Cloud Monitoring (formerly Stackdriver) Integration
Grafana Integration
HashiCorp Consul
Humio Integration
IBM Cloud Functions Integration
Icinga Integration
Instana Integration
IXON Cloud Integration
Jira Integration
JumpCloud Integration
Kapacitor Integration
Kentix AlarmManager
Kubernetes Integration
Lightstep Integration
Mattermost Integration
Microsoft Teams Integration
MongoDB Atlas Integration
MXToolBox Integration
N-central Integration
Nagios Integration
New Relic Integration
Oh Dear Integration
Pingdom Integration
Prometheus Integration
PRTG Network Monitor Integration
Push Notifications
Raygun Integration
Salesforce Integration
Search Guard Integration
Sematext Integration
Sensu Integration
Sentry Integration
Server Density
ServiceNow Integration
SignalFx Integration
Single Sign-On Setup
Slack Integration
SMS Integration
SolarWinds Integration
Splunk Integration
StatusCake Integration
StatusHub Integration
StatusPage Integration
Sumologic Integration
Sysdig Integration
TOPdesk Integration
Terraform Cloud / Terraform Enterprise
UptimeRobot Integration
Webhook Integration
X-Pack Alerting (Elasticsearch Watcher) Integration
Zabbix Integration
Zammad Integration
Zapier Integration
Zendesk Integration
Zoom Integration
Contact us
iLert Release Notes
iLert Mobile Release Notes
Powered By GitBook
AWS GuardDuty Integration
AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

In iLert

  • Go to the "Alert sources" tab and click "Create new alert source"
  • Enter a name and select your desired escalation policy.
  • Select "AWS GuardDuty" as the Integration Type and click Save.
  • On the next page, an AWS GuardDuty URL is generated. You will need the URL for the webhook configuration

In AWS Dashboard

  • Use the search bar and select Simple Notification Service (SNS). Select Topics and click Create Topic in the SNS Dashboard.
  • Input a Topic name and Display name and Create topic. After the topic has been created, Select Subscriptions in the left hand menu and click Create Subscription.
  • Select HTTPS Protocol and put the URL that was received from iLert side into the Endpoint field, keep the Enable raw message delivery checkbox unchecked and Create Subscription.
  • The subscription would be confirmed automatically on iLert side, but make sure the Subscription ID is not in PendingConfirmation state.
  • Search and select the Amazon GuardDuty console in the Service Search. Search for GuardDuty click Enable GuardDuty if this is the first time enabling Amazon GuardDuty.
  • If the GuardDuty is enabled, CloudWatch Event Rules can be configured to send alerts to iLert and please navigate to the CloudWatch console.
  • To create a rule, select Rules under Events and then click Create Rules. Select GuardDuty as the Service Name and then choose GuardDuty Finding as the Event Type.
  • Click Add a target and select SNS topic, select Your Topic Name that has been created earlier and then click Configure Details.
  • Assign a Name like ilert-incidents and click Create Rule.
  • In order to test this, go back to the Amazon GuardDuty console and generate sample findings, to create event in iLert.
  • Select Settings, then select Generate Sample Findings and then click Findings in the left navigation bar.
  • The sample findings should have been generated, and it will create the event in the iLert automatically.
Integrations - Previous
AWS Budget Integration
Next - Integrations
AWS Lambda Integration
Last modified 3mo ago
Copy link
Edit on GitHub
Contents
In iLert
In AWS Dashboard