Amazon GuardDuty
The QRadar® platform
data source type for Amazon GuardDuty collects Amazon GuardDuty alerts from the log
group of the Amazon CloudWatch logs services.
The following table identifies the specifications for the Amazon GuardDuty
Data source type:
| Specification | Value |
|---|---|
| Manufacturer | Amazon |
| Data source type | Amazon GuardDuty |
| Supported versions | GuardDuty Schema Version 2.0 |
| Connector type |
Amazon Web Services Amazon AWS REST API |
| Event format | JSON |
| Recorded event types |
Alerts |
| Automatically discovered? | No |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | For more information, see the Amazon GuardDuty Documentation (https://aws.amazon.com/documentation/guardduty). |
For information about adding a data source in the QRadar platform, see Adding a data source.