Integrate with Amazon GuardDuty

Sophos Cloud Optix lets you aggregate Amazon GuardDuty alerts into the Sophos Cloud Optix dashboard, regardless of region.

This integration provides a consolidated view of all the AWS related security events.

When integration is turned on, other tools integrated with Sophos Cloud Optix (for example, Jira, Slack, ServiceNow, Splunk) automatically work for Amazon GuardDuty as well. GuardDuty alerts are sent as tickets or messages to those tools.

In Sophos Cloud Optix, do as follows:

  1. Enable the Amazon GuardDuty service in your desired regions in your AWS Console.
  2. In Sophos Cloud Optix, go to Settings > Integration.
  3. Click AWS GuardDuty.
  4. Find the configuration script provided there and run it via AWS CLI.

Once the script has run, any GuardDuty alerts automatically appear on the Sophos Cloud Optix dashboard.