
GuradDuty is one of the most important services you can use for your enterprise solution. These services really work on the OS layer and listen to events across your server infrastructure.
Guard duty then creates patterns based on events gathered. Thus thereafter looking out for any outliers and anti-patterns. These outliers are then segmented into levels of threat based on the predefined security standards.
That is a brief overview of guarduty and how it works. We have been using Guardduty for our product and infrastructure and it serves as a faithful gatekeeper.
Now that we have covered how useful Guardduty is and the fact that it is very cost-effective since it accounts for only 0.l% of our total bill per month, its time to move to the meat part.
Slack Alert.
Now to send all events from AWS GuardDuty to Slack Channel we have to perform a couple of straightforward steps. We need 3 services to get this done.
— Cloudwatch
— Lambda
— Guradduty

1. Create a Lambda Function.
Create a lambda function and name it. We need to upload a zip as we will also be needing a node-modules folder as we have used the slack-node npm module.
— Create a dir for your project
— Copy the package.json and index.js
— run npm install ( Make sure we have Nodejs installed on your system )
— once done move all the contents of folders to a zip
— upload to Lamda via the AWS Console UI
— The slack webhook Url is taken from env config so make sure to replace that. Refer to this if you don't have one already.
Note*- Replace the yourChannelName and webhookUri variables from the index.js to make sure the code works properly for you.
2. Create Cloudwatch Rules
Create a Cloudwatch Rules that listens to all Guard duty events. We selected all events as we wanted proactive alerts and sort them on our side.

You also can see a sample event of the particular event invocation. But for this guide, you can ignore that as we have already taken care of that in the lambda code.
And that's all folks. You should get all Guardduty events on Slack channels.