Automate evidence from AWS GuardDuty for threat detection, security monitoring, malware protection, and incident response. Achieve SOC 2, ISO 27001, and PCI-DSS compliance.
Continuous evidence collection from AWS GuardDuty threat detection and security findings with zero manual exports
Simple IAM role connection with read-only access
In AWS IAM, create a role with read-only GuardDuty permissions (guardduty:Get*, guardduty:List*, guardduty:Describe*). Add LowerPlane as a trusted entity.
Select which AWS regions to monitor for GuardDuty findings. Enable multi-region collection for comprehensive threat detection coverage.
LowerPlane verifies access and begins collecting threat detection findings. Historical findings up to 90 days are imported automatically.
LowerPlane uses read-only AWS IAM access and cannot modify GuardDuty settings, suppress findings, or change detector configurations. IAM roles are configured with least privilege and you can revoke access at any time from AWS IAM console.
Real-time threat detection and security evidence mapped directly to compliance controls
| Control | Evidence Type | Service | Frequency |
|---|---|---|---|
Threat DetectionSOC 2 | Security findings & threat intelligence | GuardDuty Findings | Real-time |
Malware ProtectionISO 27001 | Malware scan results & detections | Malware Protection | Real-time |
Incident DetectionPCI-DSS | Compromise indicators & alerts | Threat Intelligence | Real-time |
Network SecuritySOC 2 | Malicious IP & DNS findings | Network Analysis | Continuous |
Container SecurityISO 27001 | EKS & container threat findings | Runtime Monitoring | Real-time |
Data ProtectionHIPAA | S3 protection & exfiltration alerts | S3 Protection | Real-time |
Security MonitoringPCI-DSS | Detector status & configuration | GuardDuty Config | Daily |
Vulnerability ManagementSOC 2 | Instance vulnerability findings | EC2 Findings | Continuous |
Collecting evidence from all GuardDuty protection features
View complete evidence mappingAWS GuardDuty integration satisfies threat detection and security monitoring controls across multiple compliance frameworks
GuardDuty integration covers 20 out of 64 SOC 2 controls, focusing on Security, Availability, and Monitoring criteria for threat detection and response.
AWS GuardDuty is essential for cloud threat detection compliance
"Our auditors needed proof of continuous threat detection and malware protection. The GuardDuty integration automatically pulled all our security findings, detector configurations, and threat trends. Saved us 40+ hours during our SOC 2 audit."
Everything you need to know about AWS GuardDuty integration
Still have questions?
Contact our security teamBuild comprehensive AWS security and monitoring operations
Connect your AWS GuardDuty in 2 minutes and start collecting threat detection evidence automatically
No credit card required • 14-day free trial • Setup in 2 minutes