Amazon GuardDuty Tester
Amazon GuardDuty Tester is a collection of scripts and guidance designed to generate proof-of-concept Amazon GuardDuty findings for real AWS resources. The repository provides multiple independent tests that can be executed individually or collectively to produce various types of security findings. The tool helps users understand how to view and respond to GuardDuty findings by creating controlled test scenarios in their AWS environment. It includes tests for EC2 instances with malware protection capabilities, EKS clusters utilizing Kubernetes Audit Logs and EKS Runtime protection, and additional EC2-related security scenarios. The scripts are intended for deployment in non-production AWS accounts to ensure clear identification of test-generated findings and to contain the broad permissions required for testing. This approach helps minimize the impact of elevated permissions while providing practical insights into GuardDuty's detection capabilities. The repository does not cover every possible GuardDuty finding type but focuses on providing representative examples that demonstrate the service's functionality and help users develop appropriate response procedures for their security operations.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.
Kube-bench is a security assessment tool that validates Kubernetes deployments against CIS Kubernetes Benchmark standards through automated configuration checks.
LambdaGuard is an AWS Lambda auditing tool that provides security configuration checks, statistical analysis, and service dependency mapping for serverless functions.
A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.
A command-line security auditing tool that performs Lynis-based security assessments across AWS, GCP, Azure, and DigitalOcean cloud platforms.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
S3Scanner is an open-source tool that scans S3 buckets across S3-compatible APIs to identify misconfigurations and security vulnerabilities.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.