Query: GuardDuty Malware protection for EC2 should be enabled

Description

This control checks whether GuardDuty Malware protection is enabled. For a standalone account, the control fails if GuardDuty Malware protection is disabled in the account. In a multi-account environment, the control fails if the delegated GuardDuty administrator account and all member accounts don't have Malware protection enabled.

Query

Tables used in this query:

• aws_guardduty_detector

Controls using this query:

• 8 GuardDuty Malware Protection for EC2 should be enabled
• GuardDuty Malware protection for EC2 should be enabled

SQL