Help Center
Go back to application
Help Center
Go back to application
Platform Terms Glossary
Task Management
Task Management explained Creating Tasks Setting up Task NotificationsGiving permissions to team members
Organization
Working together in KertosInviting UsersCreating rolesAssigning System AccessCreating Departments and Assigning Users
Integrations
Discovery
Tasks
Device Management
Human Resource Information Systems
Inventory
Inventorization of vendorsInventorization of systemsInventorization of assetsEU AI Act: Inventorization of AI use cases
Risks
Managing risksApplying controls to risks
Trust Center
Setting up your trust center
Incidents
Reporting incidents
KAIA
KAIA explainedPrinciples of AI at Kertos
Interacting with KAIA
Compliance
Frameworks explainedManaging & implementing controlsCreating & managing policiesCompleting & assigning trainings
Privacy Management
Creating a RoPACreating TOMsCreating DPIAs
Data Subject Requests
API Reference
Ingress API Docs for DSRs Webhook API Docs for DSRs
Auto Checks
Auto Checks explainedAuto Checks: AWS Auto Checks: GCPAuto Checks: AzureAuto Checks Integration Guide for AzureAuto Checks Integration Guide for GCP
AWS Auto Checks Detailed Explanations
Enforce MFA on the AWS Root AccountVerify CloudTrail is logging management events across all AWS regionsEnsure no IAM AWS-managed policies grant full administrative accessConfirm that Amazon GuardDuty is enabled for threat detectionEnsure the root account does not have any active access keysConfirm IAM Access Analyzer is enabled to monitor access permissionsConfigure a log metric filter and alarm for unauthorized API callsConfigure a log metric filter and alarm for root account usageEnsure customer-managed IAM policies do not grant full administrative accessPrevent IAM identities from having inline policies with unrestricted accessMaintain accurate and up-to-date AWS account contact informationRegister a valid security contact in the AWS account settingsBlock IAM Inline Policies That Enable Privilege EscalationPrevent IAM Inline Policies from Granting Full CloudTrail AccessAvoid Full KMS Access in Inline IAM PoliciesPrevent Overly Permissive Role Assumption in Custom IAM PoliciesPrevent Privilege Escalation via Customer-Managed IAM PoliciesAvoid IAM Policies Granting Full CloudTrail AccessAvoid IAM Policies Granting Unrestricted KMS AccessPrevent IAM Roles from Assigning ReadOnlyAccess Permissions to External AWS AccountsProtect IAM Service Roles from Confused Deputy Attacks Using Proper Trust PoliciesAvoid Provisioning Access Keys During Initial IAM User Creation When Console Login is EnabledDetect IAM Users with Multiple Active Access Keys and Enforce Key Rotation

Confirm that Amazon GuardDuty is enabled for threat detection

Framework Reference: A.8.16 (Monitoring Activities) Integration: AWS – GuardDuty / Security Hub

Why this matters

Amazon GuardDuty is a key AWS service that monitors your environment for suspicious activity and signs of compromise, such as unusual API calls or potentially unauthorized deployments.

By integrating GuardDuty with AWS Security Hub, you gain a centralized view to:

Detect, prioritize, and respond to security threats faster

Combine findings from other AWS services like Inspector and Macie

Ensure visibility into security issues across accounts and regions

Without GuardDuty enabled, your ability to identify real-time threats in your AWS environment is severely limited.

Best practice: Enable GuardDuty across all accounts and regions and use Security Hub to consolidate and triage findings.

What this check does

This Auto Check confirms whether:

Amazon GuardDuty is activated in the AWS account

Findings are integrated into AWS Security Hub for centralized threat monitoring

The check passes if GuardDuty is enabled and producing findings.

How to fix it

You can enable GuardDuty and Security Hub via the AWS Console or CLI.

From the AWS Console

Go to the AWS Security Hub Console

Click Go to Security Hub

In the Security Standards section, select and enable relevant standards (e.g. AWS Foundational Security Best Practices)

Click Enable Security Hub

GuardDuty will be automatically integrated if it’s already enabled in your account.

If GuardDuty is not yet enabled, you can activate it via the GuardDuty Console

Using AWS CLI

# Enable Security Hub with default standards aws securityhub enable-security-hub --enable-default-standards # Enable GuardDuty (if not already enabled) aws guardduty create-detector --enable 

Exceptions

If your organization uses centralized logging or a delegated administrator model, make sure GuardDuty and Security Hub are enabled at the management account level and findings are aggregated across member accounts.

Further Resources

Getting started with AWS Security Hub

Enable Security Hub using CLI

GuardDuty documentation

Was this article helpful?

Powered by Product Fruits