# Amazon GuardDuty
[Amazon GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html) is a continuous security monitoring service that analyzes and processes data sources, such as AWS CloudTrail data events for Amazon S3 logs, CloudTrail management event logs, DNS logs, Amazon EBS volume data, Amazon EKS audit logs, and Amazon VPC flow logs.
### How to integrate Amazon GuardDuty with Squadcast
1. Navigate to **Services** -> **Service Overview** -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click **Add**.
2\. Select **Amazon GuardDuty**. Copy the displayed **Webhook URL** to [configure](#in-aws-configure-sns-endpoint) it within **Amazon GuardDuty**. Finish by clicking **Add Alert Source** -> **Done**.
{% hint style="warning" %} **Important****:**
When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source.
An Alert Source is active if there is a recorded incident via that Alert Source for the Service.
{% endhint %}
### In AWS: Configure SNS Endpoint
1. Log in to your AWS account and proceed to **SNS**
2. Click on **Create topic**
3. Within the dialog box, fill in the details as per your requirements and then click on **Create topic**
4. Inside the topic, click on **Create Subscription**
5. Select the protocol as **HTTPS** and in the endpoint enter the URL you obtained from the previous step.
6. Finally, click on **Create Subscription** to create the subscription
{% hint style="warning" %} **Important****:**
The **Subscription ID** for the subscription should immediately change to **Confirmed** from **PendingConfirmation**. Click on the refresh button to verify the same.
{% endhint %}
### In AWS: Configure GuardDuty
1. If you have not enabled **GuardDuty**, please [follow Amazon’s documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html#guardduty_enable-gd).
Or, if you have already enabled **GuardDuty**, skip to step 2
2. Once you have enabled **GuardDuty**, you can begin building EventBridge Rules to send alerts to **Squadcast**. Search and select EventBridge from the Services search bar
3. Select Rules from the left menu, then click **Create Rule**. One or more rules can be created to send specific events to **Squadcast** when a **GuardDuty finding** is opened
4. On the next page, perform the following:
* **Name**: Enter a **name** that can be easily identified
* **Description** (optional): Enter a **description** of the rule, pattern, and target(s)
* **Event Bus**: Select **Default**
* **Enable the rule on the selected event bus**: Toggle to the **on** position
* **Rule with an event pattern**: This will automatically be preselected
* Click **Next** to continue
5. On the next page, perform the following:
* **Event source**: Select **AWS events or EventBridge partner events**
* **Sample event** (optional): If you would like to view sample events, you may do so in this section
* **Event Source**: Select **AWS services**
* **AWS Service**: Select **GuardDuty**
* **Event type**: Select **GuardDuty Finding**
* Click **Next** to continue
6. On the next page, perform the following:
* **Target types**: Select **AWS service**
* **Select a target**: Search and select **SNS topic**
* **Topic**: Search and select the topic created in previous steps
* Configure other additional settings to your preference
* Click **Next** to continue
7. On the next page, optionally add tags to your preference. Click **Next** to continue
8. On the final page, review your settings and click **Create Rule**. If you would like to create more rules, repeat steps 3-7
That's it, you are good to go!
* Your Amazon GuardDuty integration is complete. Now, whenever an event is triggered that matches your Event Rules, an incident will be created in Squadcast for it.
*Have any questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.*
