Prowler HUB

Check if GuardDuty Lambda Protection is enabled.

guardduty_lambda_protection_enabled

Severityhigh

GuardDuty Lambda Protection helps you identify potential security threats when an AWS Lambda function gets invoked. After you enable Lambda Protection, GuardDuty starts monitoring Lambda network activity logs associated with the Lambda functions in your AWS account.

Risk

If Lambda Protection is not enabled, GuardDuty will not be able to monitor Lambda network activity logs and may miss potential security threats.

Run this check with Prowler CLI

prowler aws --checks guardduty_lambda_protection_enabled

Run in Prowler Cloud

ARN template

arn:aws:guardduty:region:account-id/detector-id

Recommendation

Enable Lambda Protection in your GuardDuty detector to start monitoring Lambda Network Activity in your account.

Remediation

CLI

aws guardduty update-detector --detector-id <detector-id> --features Name=LAMBDA_NETWORK_LOGS,Status=ENABLED

Other

https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-6

Source Code

Resource Type

AwsGuardDutyDetector

References

https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection.html

Check MetadataEdit

Check CodeEdit