[aws]: Guardduty dashboard enhancements

[buzzdeee]

Integration Name

AWS [aws]

Dataset Name

aws.guardduty

Integration Version

2.43.0

Agent Version

8.17.3

OS Version and Architecture

Ubuntu

User Goal

• only show guardduty related events listed in the guardduty related dashboards

• Discover saved search at the bottom of each of the guardduty related dashboards

  • The Guardduty findings severity dashboard is missing a Saved Discover search at the bottom to ease diggin in

• links between the Guardduty related dashboards to ease navigation

  • like a link menu on top, included in all three dashboards, linking each of the dashboards, to ease switching between the three dashboards

Existing Features

The three Guardduty related dashboards:

• [Logs AWS] Guardduty Findings Overview
  • shows lots of unrelated events, from other clouds, at least these three visualizations:
    • Top 10 Account ID [Logs Guardduty]
    • Distribution of Findings by Action Type [Logs Guardduty]
    • Top 10 Highest Findings by Type [Logs Guardduty]
  • all should probably filter for data_stream.dataset: aws.guardduty, like it exists for the Discover saved search at the bottom
• [Logs AWS] Guardduty Findings Severity
  • it's missing a Discover saved search at the bottom, like the other two dashboards actually have
• [Logs AWS] Guardduty Findings Threat

It would be nice, if all three dashboard have a shared menu on top or somewhere, with links to each of the other Guardduty related dashboards, to ease navigation between the three

What did you see?

as described above.

Anything else?

with above mentioned enhancements, or maybe even considering the missing filtering at least on the [Logs AWS] Guardduty Findings Overview a bug, these dashboards could be more useful.

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)