ThreatConnect and Amazon GuardDuty: Protection for your AWS Environment

Amazon GuardDuty

ThreatConnect has built 3 new Apps to work seamlessly with Amazon GuardDuty. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in your AWS accounts, workloads, and data stored in Amazon S3. With these Apps, any known IP addresses (good and bad) can be set up for monitoring and alerting. This integration consists of 3 different Apps – each with a  different job:

  • Playbook App – allows you to take actions on Threat Intel Sets and Findings
  • Service App – allows you to ingest Findings from GuardDuty on a schedule and trigger a Playbook for each
  • Job App – allows you to add and remove Indicators on Threat Intel Sets on a schedule

Amazon GuardDuty ScreenshotAmazon GuardDuty Playbook App

The following actions are available in the Playbook App:

  • Create Intel Set – Creates a new Intel Set which the user will determine whether the Intel Set Type is Threat Intel Set or Trusted IP Set
  • Update Intel Set – Updates the Intel Set specified by its Intel Set ID
  • Delete Intel Set – Deletes a Threat Intel Set
  • List Findings – Lists Amazon GuardDuty findings for a detector ID
  • Get Finding – Describes Amazon GuardDuty findings specified by finding IDs
  • Update Finding Feedback – Marks the specified GuardDuty findings as useful or not useful and optionally add comment
  • Archive Finding – Archives a finding by its Threat Intel Set ID.

Together, ThreatConnect and Amazon GuardDuty help security teams monitor for malicious activity and protect their AWS accounts and data. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on deploying the Amazon GuardDuty Apps. If you’re not yet a customer and are interested in ThreatConnect and this integration, please contact us at

Jeff Quist
About the Author
Jeff Quist

Jeff Quist, Product Marketing Manager at ThreatConnect, has 9 years of experience in Sales, Marketing, Product Management, and Product Marketing, mainly in technology and financial services. His professional experience and empathy for customers and partners help him to develop engaging marketing content and empower sales teams. Jeff lives in New York City and in his free time, he enjoys sketching, reading sci-fi novels, and supporting the Boston Bruins.