Which solution will meet these requirements?
Create a GuardDuty threat list. Configure GuardDuty to reference the list. Create an AWS Lambda function that will update the threat list. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
Configure an AWS WAF web ACL that includes a custom rule group. Create an AWS Lambda function that will create a block rule in the custom rule group. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
Configure a firewall in AWS Network Firewall. Create an AWS Lambda function that will create a Drop action rule in the firewall policy. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
Create an AWS Lambda function that will create a GuardDuty suppression rule. Configure the Lambda function to run in response to new Security Hub findings that come from GuardDuty.
Explanations:
Creating a GuardDuty threat list and referencing it does not automatically deny traffic in the VPC. While the Lambda function could update the threat list, it wouldn’t directly block traffic; GuardDuty does not inherently block traffic itself.
AWS WAF is primarily used for web applications and would not apply across an entire VPC. Moreover, WAF rules would only block HTTP/S traffic and would not affect all types of network traffic in the VPC.
Configuring AWS Network Firewall allows for comprehensive traffic management at the VPC level. The Lambda function can automatically create a Drop action rule in response to GuardDuty findings, effectively blocking the identified suspicious sources across the entire VPC.
Creating a GuardDuty suppression rule would only suppress alerts for known issues and would not take any action to block traffic. This option does not address the requirement of denying traffic from suspicious sources.