QUESTION

Is there a way to ingest GuardDuty findings via CloudWatch instead of having to export to S3?

 

ANSWER

There should be no problem ingesting your GuardDuty findings via CloudWatch.

To create your log source, go to Configure > Log Sources, select Custom Onboarding located on the left side of the screen, and select AWS CloudWatch Logs. Then, on the next page, under Log Types, select AWS.GuardDuty.

Screenshot 2023-09-14 at 1.10.07 PM.png