Skip to content
/ guardduty-slack-reporter Public

Reports GuardDuty Findings to Slack out of CloudWatch Events

License

MIT license
2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

whithajess/guardduty-slack-reporter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
finding-reporter
finding-reporter
 
 
LICENSE.md
LICENSE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
serverless.yml
serverless.yml
 
 

Repository files navigation

Serverless Go Report Card License

GuardDuty Slack Reporter

A serverless application for reporting findings from GuardDuty via Cloudwatch events to Slack.

Setup

1. Login to https://api.slack.com/apps and Create New App

  • The App name you use will be the user reporting the guard duty findings
  • The App will need to be installed for you to get an OAuth token.

2. After creating the application in Slack we need to set tokens for the App to use:

  • These are region specific if you haven't set AWS_PROFILE you may want to use the flag --region
  # The verification token
  # can be found under Basic Information in the App on https://api.slack.com/apps
  # This gives us the ability to check the messages sent to the App are actually coming from Slack
  aws ssm put-parameter --name guardBotOAuthAccessToken --type String --value SecretToken

  # The channel we want to post into
  aws ssm put-parameter --name guardChannel --type String --value ChannelID

3. After this is all set you will need to deploy the application

  make
  sls deploy

About

Reports GuardDuty Findings to Slack out of CloudWatch Events

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages