iLert Documentation
WebsiteAPI ReferenceLoginFree Trial
Search…
iLert Documentation
Getting Started
Introduction to iLert
On-call schedules
User roles and permissions
Team-based organisation
Stakeholder engagement
iLert domains, ips, emails & phone numbers
FAQ
Call Routing
Getting started with call routing
Routing calls based on support hours
Voicemail only mode
Managing call routing alerts
Adding webhooks and outbound chat messages
Single Sign On
Setting up SSO with GSuite
Setting up SSO with Microsoft Azure Active Directory
Setting up SSO with Okta
Setting up SSO with Auth0
Auto provisioning users & teams
Uptime & Heartbeat Monitors
Uptime Monitoring
Heartbeat Monitoring
REST API
iLert REST API
API Version History
Rate Limiting
Client Libraries
Terraform
API Samples
Integrations
Amazon CloudWatch Integration
Azure Alerts Integration
AppDynamics Integration
AWS Budget Integration
AWS GuardDuty Integration
AWS Lambda Integration
AWS Personal Health Dashboard Integration
Amazon SNS Integration
Amazon EventBridge Integration
Autotask Integration
Azure Function Integration
Auvik Integration
Cisco Webex
Cloudflare Integration
Connectwise Manage Integration
Cortex XSOAR (formerly Demisto) Integration
Checkmk Integration
Datadog Integration
Discord Integration
DingTalk Integration
Dynatrace Integration
Email Integration
Email Outbound Integration
GitHub Integration
Google Cloud Function Integration
Google Cloud Monitoring (formerly Stackdriver) Integration
Grafana Integration
Icinga Integration
Instana Integration
IXON Cloud Integration
Kapacitor Integration
Kentix AlarmManager
Kubernetes Integration
HashiCorp Consul
Jira Integration
JumpCloud Integration
Mattermost Integration
Microsoft Teams Integration
MXToolBox Integration
N-central Integration
Nagios Integration
New Relic Integration
Pingdom Integration
Prometheus Integration
PRTG Network Monitor Integration
Push Notifications
Raygun Integration
Salesforce Integration
Search Guard Integration
Sematext Integration
Sensu Integration
Sentry Integration
Server Density
ServiceNow Integration
SignalFx Integration
Single Sign-On Setup
Slack Integration
SMS Integration
SolarWinds Integration
Splunk Integration
StatusCake Integration
StatusHub Integration
StatusPage Integration
Sumologic Integration
Sysdig Integration
TOPdesk Integration
Terraform Cloud / Terraform Enterprise
UptimeRobot Integration
Webhook Integration
X-Pack Alerting (Elasticsearch Watcher) Integration
Zabbix Integration
Zapier Integration
Zendesk Integration
Zammad Integration
Zoom Integration
Contact us
iLert Release Notes
iLert Mobile Release Notes
Powered By GitBook
AWS GuardDuty Integration
AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

In iLert

    1.
    Go to the "Alert sources" tab and click "Create new alert source"
    1.
    Enter a name and select your desired escalation policy.
    Select "AWS GuardDuty" as the Integration Type and click Save.
    1.
    On the next page, an AWS GuardDuty URL is generated. You will need the URL for the webhook configuration

In AWS Dashboard

    1.
    Use the search bar and select Simple Notification Service (SNS). Select Topics and click Create Topic in the SNS Dashboard.
    2.
    Input a Topic name and Display name and Create topic. After the topic has been created, Select Subscriptions in the left hand menu and click Create Subscription.
    1.
    Select HTTPS Protocol and put the URL that was received from iLert side into the Endpoint field, keep the Enable raw message delivery checkbox unchecked and Create Subscription.
    2.
    The subscription would be confirmed automatically on iLert side, but make sure the Subscription ID is not in PendingConfirmation state.
    3.
    Search and select the Amazon GuardDuty console in the Service Search. Search for GuardDuty click Enable GuardDuty if this is the first time enabling Amazon GuardDuty.
    4.
    If the GuardDuty is enabled, CloudWatch Event Rules can be configured to send alerts to iLert and please navigate to the CloudWatch console.
    5.
    To create a rule, select Rules under Events and then click Create Rules. Select GuardDuty as the Service Name and then choose GuardDuty Finding as the Event Type.
    1.
    Click Add a target and select SNS topic, select Your Topic Name that has been created earlier and then click Configure Details.
    2.
    Assign a Name like ilert-incidents and click Create Rule.
    1.
    In order to test this, go back to the Amazon GuardDuty console and generate sample findings, to create event in iLert.
    1.
    Select Settings, then select Generate Sample Findings and then click Findings in the left navigation bar.
    2.
    The sample findings should have been generated, and it will create the event in the iLert automatically.
Integrations - Previous
AWS Budget Integration
Next - Integrations
AWS Lambda Integration
Last modified 12d ago
Copy link
Contents
In iLert
In AWS Dashboard