What is our primary use case?
We are only using it for a client's requirements; we are simply building it and selling it to the client.
Amazon GuardDuty is used on private infrastructure for our clients. The application is not publicly accessible; it is hosted internally.
GuardDuty has been used to set the CloudWatch alarms. Assume that both scans are detected, or something similar, we have just enabled CloudWatch alarms for those use cases so that any such use case is detected. The alert will be triggered, and we have configured and integrated Amazon GuardDuty with all of the other seven accounts to have the central HPU.
What is most valuable?
The correlation back end is the solution's most valuable feature. Like in the backend, it is collecting all the data, which I think is pretty interesting, and coordinating everything, which is another good thing.
What needs improvement?
While sending the alerts to the email, they are not being patched. we have to do the patching and mapping manually. If GuardDuty could include a feature to do this automatically, it will make our job easier. That is something I believe can be improved.
For example, suppose you want to know when an alert is sent to your mailbox. The information is in JSON format. It would be helpful if that could be sent to the mailbox in a human-readable format.
I believe it can be improved in a variety of ways. If we can build our own use cases instead of using Microsoft Sentinel alone, that would be ideal.
For how long have I used the solution?
I have been using Amazon GuardDuty for two to three years.
I have used it for the last 12 months.
Buyer's Guide
AWS GuardDuty
November 2024
Learn what your peers think about AWS GuardDuty. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
Amazon GuardDuty is a stable product.
What do I think about the scalability of the solution?
Amazon GuardDuty is scalable.
How are customer service and support?
We have not had any issues that required us to contact the GuardDuty AWS vendor. It's straightforward and effective.
How was the initial setup?
The initial setup is straightforward. We simply click on the app, and that's it.
The deployment can be done in a few minutes. We don't have to spend a lot of time there. It will take some time, to integrate everything one by one, which is why we did it manually, otherwise everything else was straightforward.
What's my experience with pricing, setup cost, and licensing?
Pricing is determined by the number of events sent. It's fine, and it's not a problem from our perspective.
What other advice do I have?
My recommendation is to go for the master setup that will be beneficial to you.
There are some limitations where we cannot modify use cases to meet our needs; we must do additional work, such as setting up CloudWatch alarms and SNS, and things are not patched. There are some restrictions. I'll just suggest that you have some skilled resources with patching knowledge.
It's good, I would rate Amazon GuardDuty a seven out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.