If you use AWS GuardDuty, you will need to add the IP address range associated with your InsightCloudSec instances to the trusted IP list in the AWS accounts you will be scanning. This action must be completed through the AWS console under the GuardDuty service.
You must be a user of a master GuardDuty account to upload and manage trusted IP addresses; users who are members of GuardDuty accounts do not have these privileges.
Required Permissions to Manage Trusted Lists:
1. Log in to the AWS console and navigate to the GuardDuty page. Select "Findings".
2. Select the Finding Type/Resource you wish to trust. Scroll down in the panel that opens on the right and identify the IP address for your resource.
3. Note the IP address.
4. Repeat #2 and #3 above for each Finding Type/Resource you wish to trust.
1. Create a text file in which to log the IP addresses you wish to trust, one IP address per line.
2. Move your list of trusted IP addresses to an S3 bucket. Note the S3 bucket’s name.
1. Navigate to the “Lists” section of the GuardDuty page.
2. Select “Add a trusted IP list”:
- Give your list a name
- Add the file containing your list (Click here for details about creating and uploading lists.)
3. Select “Active” to make your list active.
Note: At any given time, you can have only one uploaded trusted IP list per AWS account per region.
Updated about a month ago