What should the company do next to meet the requirement?
Ensure that Amazon GuardDuty is enabled. Create an Amazon CloudWatch alarm for detected EC2 and port scan findings. Connect the alarm to the SNS topic.
Ensure that Amazon Inspector is enabled. Create an Amazon EventBridge event for detected network reachability findings that indicate port scans. Connect the event to the SNS topic.
Ensure that Amazon Inspector is enabled. Create an Amazon EventBridge event for detected CVEs that cause open port vulnerabilities. Connect the event to the SNS topic.
Ensure that AWS CloudTrail is enabled. Create an AWS Lambda function to analyze the CloudTrail logs for unusual amounts of traffic from an IP address range. Connect the Lambda function to the SNS topic.
Explanations:
Enabling Amazon GuardDuty provides continuous monitoring for malicious activity and unauthorized behavior, including port scans. Creating a CloudWatch alarm for EC2 and port scan findings allows the company to automatically notify through the SNS topic when such activity is detected.
Amazon Inspector focuses on assessing the security of EC2 instances for vulnerabilities and compliance issues rather than directly detecting port scans. While EventBridge can be used to create events for network reachability, it would not be specific enough for port scan detection.
Amazon Inspector is not designed to detect port scans; it identifies vulnerabilities related to known CVEs (Common Vulnerabilities and Exposures). Creating an EventBridge event for CVEs related to open ports would not directly address the need for notifications about port scanning activity.
While AWS CloudTrail can log API calls and some network traffic, it is not specifically designed to detect network scans or traffic patterns indicative of port scans. Using Lambda for traffic analysis could be complex and may not provide real-time notifications for port scans as effectively as GuardDuty.