Integrate with Amazon GuardDuty

You can aggregate Amazon GuardDuty alerts into Sophos Cloud Optix, regardless of region.

This integration provides a consolidated view of all the AWS-related security events.

When integration is turned on, other tools integrated with Sophos Cloud Optix (for example, Jira, Slack, ServiceNow, Splunk) automatically work for Amazon GuardDuty as well. GuardDuty alerts are sent as tickets or messages to those tools.

In Sophos Cloud Optix, do as follows:

  1. Turn on the Amazon GuardDuty service in your desired regions in your AWS Console.
  2. Go to Sophos Cloud Optix.
  3. Go to Settings and click Integration.
  4. Click Amazon GuardDuty.
  5. Run the configuration script provided, using the AWS CLI.

Once the script has run, any GuardDuty alerts automatically appear on the Sophos Cloud Optix dashboard.