GuardDuty

Parny supports direct integration with GuardDuty alerts. GuardDuty is a network and system monitoring tool that can create alarms to detect and prevent potential problems. This documentation explains how to redirect alarms created in GuardDuty to a webhook using Parny.

Parny Settings

1. Go to the Parny interface.

2. Navigate to the "Services" section of your organization.

3. Click on the "New Services" option in the upper right corner.

4. Enter the relevant service name.

Service Name Usage: The service name here is independent of the structure and can be chosen according to the preferences of the organization.

5. Select GuardDuty from the list of integrations.

6. Click "Add".

7. After the service is created, the following screen will appear.

• You can now click on the token section of your service and copy your GuardDuty Webhook URL.

AWS GuardDuty Configuration

In this section, we will guide you through "Creating a Rule in AWS EventBridge" and "Redirecting Alarms".

Step 1: Creating a Rule in AWS EventBridge

1. Sign in to the AWS Management Console and open the Amazon EventBridge console at https://console.aws.amazon.com/events/.

   
   

2. In the left navigation pane, click on "Event buses."

   
   

3. Choose the event bus you want to create a rule for or create a new event bus if necessary.

   
   

4. Click on the "Create rule" button.

5. Provide a name and description for the rule.

   
   

6. Under the "Define pattern" section, choose "Event pattern."

7. Select "Pre-defined pattern by service."

   
   

8. Choose "AWS" as the service provider.

   
   

9. Select "GuardDuty" as the service name.

   
   

10. Choose the specific event type you want to trigger alerts, for example, "Finding".

    
    

11. Click on "Save" to create the rule.

Step 2: Redirecting Alarms

1. In the "Select targets" section of the rule you just created, click on "Add target."

   
   

2. Choose target type and then if there is no api destination, create one.

   
   

3. Type the "API destination endpoint" which is the Parny API URL, which is included in the Parny settings step and contains your service token that you have received on the Parny portal. Then choose POST as a "HTTP method".

4. Then choose destination part as others and define authorization type. After that choose execution role.

   
   

5. Optionally, tags can be added, the step after that, review your target and click "save" button.

   
   

With these settings, your AWS GuardDuty alarms will be forwarded to Parny, allowing you to manage them alongside your other alerts within your organization's Parny interface.