Query: GuardDuty ECS runtime monitoring should be enabled

Description

This control checks whether the Amazon GuardDuty automated security agent is enabled for runtime monitoring of Amazon ECS clusters on AWS Fargate. For a standalone account, the control fails if the security agent is disabled for the account. In a multi-account environment, the control fails if the security agent is disabled for the delegated GuardDuty administrator account and all member accounts.

Query

Tables used in this query:

• aws_guardduty_detector

Controls using this query:

• 12 GuardDuty ECS Runtime Monitoring should be enabled
• GuardDuty ECS runtime monitoring should be enabled

SQL