Skip to main content

Prometheus exporter for AWS GuardDuty

Project description

Prometheus exporter for AWS GuardDuty

Features

  • Exports the number of current (unarchived) findings from AWS GuardDuty, splitted by region and severity
  • Supports multiple AWS regions

Exported metrics

The exporter exports the following metrics:

Metric name Type Labels Description
aws_guardduty_exporter_up gauge None Always 1: can be used to check if it's running
aws_guardduty_current_findings gauge region, severity The current number of unarchived findings
aws_guardduty_scrape_errors_total counter region, severity The total number of scrape errors

How to run it

You have two options to run it:

  1. Manually install and run the prometheus-aws-guardduty-exporter Python package

    pip3 install prometheus-aws-guardduty-exporter
    
    prometheus-aws-guardduty-exporter --region us-east-1
    
  2. Use the Docker image available on Docker hub

    docker run --env AWS_ACCESS_KEY_ID="id" --env AWS_SECRET_ACCESS_KEY="secret" spreaker/prometheus-aws-guardduty-exporter --region us-east-1
    

The cli supports the following arguments:

Argument Required Description
--region REGION [REGION ...] yes AWS GuardDuty region (can specify multiple space separated regions)
--exporter-host The host at which the Prometheus exporter should listen to. Defaults to 127.0.0.1
--exporter-port The port at which the Prometheus exporter should listen to. Defaults to 9100
--log-level LOG_LEVEL Minimum log level. Accepted values are: DEBUG, INFO, WARNING, ERROR, CRITICAL. Defaults to INFO

Required IAM privileges

In order to successfully run, this application requires the following IAM privileges:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid":    "ListDetectorsAndGetFindingsStatisticsInAnyRegion",
      "Effect": "Allow",
      "Action": [
        "guardduty:ListDetectors",
        "guardduty:GetFindingsStatistics"
      ],
      "Resource": "*"
    }
  ]
}

Development

Run the development environment:

docker-compose build dev && docker-compose run --rm dev

Run tests in the dev environment:

python3 -m unittest

License

This software is released under the MIT license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for prometheus-aws-guardduty-exporter, version 1.1.2
Filename, size File type Python version Upload date Hashes
Filename, size prometheus-aws-guardduty-exporter-1.1.2.tar.gz (4.7 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page