CD2H gitForager

aws-samples/amazon-guardduty-to-slack

Name: amazon-guardduty-to-slack

Owner: AWS Samples

Description: Demonstrates integrating Amazon GuardDuty with your Slack Channel

Created: 2018-01-04 00:06:41.0

Updated: 2018-01-04 13:52:25.0

Pushed: 2018-01-04 13:47:49.0

Homepage: null

Size: 13

Language: null

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

amazon-guardduty-to-slack

Demonstrates sending Amazon GuardDuty findings to your Slack Channel

Prerequisites:

You must have your own slack account

Step 1:

Create an incoming webhook in slack

Go to your slack application and select your team on the top left corner as shown:
You will find a popup Menu and you?ll want to click on Manage Apps.
You will then want to select custom integrations on the left and Incoming Webhooks.
Select the slack channel that you?d like to post messages to with this new incoming web hook. An example would be #general.
Press the button to add the incoming web hook at the bottom of the page.
Copy the new Webhook URL so we can use it as input in our CloudFormation template.

Step 2:

Use the CloudFormation service to execute the gd2slack.template in this repository

You will add your incoming web hook as the first parameter in the template
Add the slack channel as a parameter - example #general
Add the minimum severity - example HIGH would only send high severity findings, LOW sends all findings
Acknowledge that the template will create IAM resources and execute it

Thats it! The template will run for about 5 minutes and you are ready to go.

To test the template be sure that you have GuardDuty enabled in the same region. You can then generate some sample findings. In a few minutes, you should see the findings showing up in your slack channel.

Extending the sample and making it your own

This project is intended to be a sample and I embedded the lambda code directly into the CloudFormation template to make it simple to do an initial deployment to any region. The downside of doing this is that the lambda function is limited to 4096 characters and its node.js embedded in JSON which is difficult to work with. If you want to extend the sample, I'd recommend that you package up the lambda code in your own S3 bucket. You would then just replace the ZipFile parameter in the CloudFormation to the S3Bucket and S3Key of your lambda function.

License

This sample application is distributed under the Apache Software License.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.