Deploy and Configure Security Incident Response - AWS Security Incident Response User Guide

Deploy and Configure Security Incident Response

  1. Access Security Incident Response from the Management Account console

  2. Choose Sign up

    AWS services send events to the EventBridge default event bus. If the event matches a rule's event pattern, EventBridge sends the event to the targets specified for that rule.

  3. Select a security tooling account as Delegated Administrator from the Management Account.

  4. Log into the delegated administrator account

  5. Enter membership details and associate accounts

    AWS services send events to the EventBridge default event bus. If the event matches a rule's event pattern, EventBridge sends the event to the targets specified for that rule.

  6. Enable proactive response

Note

Enabling proactive response creates a service-linked role allowing our CIRT to ingest GuardDuty findings and create proactive investigation cases.

AWS services send events to the EventBridge default event bus. If the event matches a rule's event pattern, EventBridge sends the event to the targets specified for that rule.