A comprehensive security monitoring solution that automatically analyzes Amazon GuardDuty findings using Anthropic Claude 3 Sonnet model available on Amazon Bedrock and delivers detailed security alerts via Amazon SES.
This project streamlines security monitoring by processing GuardDuty findings through AI analysis and delivering formatted reports containing:
- Severity assessment
- Finding details
- Resource information
- Network analysis
- AI-generated insights and recommendations
- Automated GuardDuty findings processing
- AI-powered analysis using Amazon Bedrock
- Formatted email alerts via Amazon SES
- Detailed resource and network information
- Severity-based categorization
- Region-specific monitoring
- AWS Account
- GuardDuty enabled
- Amazon Bedrock access
- Configured Amazon SES
- IAM permissions for Lambda execution
AWS Services Used:
- AWS GuardDuty: Threat detection
- Amazon Bedrock: AI analysis
- Amazon SES: Email delivery
- AWS Lambda: Processing
- Amazon EventBridge: Event routing
- Clone the repository
git https://github.com/aws-samples/analyze-aws-guardduty-findings-with-bedrock
cd analyze-aws-guardduty-findings-with-bedrock- Deploy using CloudFormation
aws cloudformation deploy \
--template-file guardduty_findings_analyzer_ses.yml \
--stack-name guardduty-analyzer \
--parameter-overrides \
[email protected] \
[email protected]Update the CloudFormation parameters:
- SenderEmail: Verified SES email address
- RecipientEmail: Security team email address
The solution creates:
- Lambda execution role
- Permissions for GuardDuty access
- SES sending privileges
- Bedrock model invocation rights
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
Project is licensed under the MIT-0 License.
