π Guide to Retrieving AWS GuardDuty API Credentials for Logsign USO Integration
To integrate AWS GuardDuty logs into Logsign USO via API, users need to provide the following credentials:
- Access Key
- Secret Key
- Region
- Detector ID
This guide explains how users can retrieve these credentials from the AWS Management Console.
π 1. Getting the Access Key & Secret Key
To make API calls, an IAM user with appropriate permissions must generate an Access Key and Secret Key.
π― Create an IAM User or IAM Role
- Log in to the AWS Management Console.
- Navigate to the IAM service.
- Go to the Users section and create a new user or select an existing one.
- In the Permissions tab, assign the following permissions:
- AmazonGuardDutyReadOnlyAccess
- AWSGuardDutyFullAccess (if administrative access is needed)
- AWSGuardDutyReadOnlyAccess (if only read access is required)
- Open the Security credentials tab.
- Click Create access key.
- Select Programmatic access.
- Click Create key and save both the Access Key ID and Secret Access Key.
(Secret Key will only be shown onceβstore it securely!)
β Where to Find It?
- AWS Console β IAM β Users β [User Name] β Security Credentials
π 2. Retrieving the AWS Region
GuardDuty operates in specific AWS regions, and users must specify the correct Region for API calls.
π― Find the Active AWS GuardDuty Region
- Log in to the AWS Management Console.
- Open the GuardDuty service.
- Click on the region selector in the upper-right corner.
- Choose the region where GuardDuty is active.
β Example Regions:
- us-east-1 (N. Virginia)
- us-west-2 (Oregon)
- eu-central-1 (Frankfurt)
β Where to Find It?
- AWS Console β Upper-Right Menu β Region Selector
π 3. Finding the Detector ID
Each AWS account can have one or more Detectors in GuardDuty. The Detector ID is required for API requests.
π― Locate the GuardDuty Detector ID
- Log in to the AWS Management Console.
- Open the GuardDuty service.
- Navigate to the GuardDuty Dashboard.
- Click on the Detectors tab.
- Find and copy the Detector ID.
β Where to Find It?
- AWS Console β GuardDuty β Detectors
π Summary
To successfully integrate AWS GuardDuty logs into Logsign USO via API, users need to retrieve specific credentials from the AWS Management Console:
- Access Key & Secret Key: These credentials can be obtained by navigating to the IAM service in AWS. Users should go to the Users section, select the relevant user, and find the Security Credentials tab, where they can create and manage access keys.
- Region: The AWS region where GuardDuty is active can be found in the AWS Management Console at the upper-right corner of the interface. Users should select the appropriate region from the Region Selector menu.
- Detector ID: The unique Detector ID for GuardDuty can be located within the GuardDuty service. Users should open the GuardDuty Dashboard, go to the Detectors section, and copy the relevant Detector ID.
By following these steps, users can obtain the necessary credentials to configure API access for GuardDuty log integration with Logsign USOπ
Settings > Data Collection > API > AWS GuardDuty
You can then add your source to Logsign USO by processing the data you have obtained in the specified fields.