Member-only story
Integrating AWS GuardDuty with Atlassian Opsgenie using Lambda
Prioritizing security events quickly becomes a challenge when all events arrive with the same priority. This was the issues that I was faced with after following the instructions for Opsgenie CloudWatch Events Integration. The default integration flow is depicted below.
The Problem
I was able to successfully receive events in Opsgenie, but all the event were set to the same priority. This made it challenging to use any of the business logic like escalations or policies. The priority of an event for Opsgenie is a fixed format and can only be one of he following values: P1, P2, P3, P4, P5. AWS GuardDuty findings aren’t provided in a format that is readily consumed by OpsGenie. Not only are there a lot more severities in GuardDuty as they range if value from .1 to 8.9, the severity levels are also at decimal breaks as follows:
High: 7.0 to 8.9
Medium: 4.0 to 6.9
Low: .1 to 3.9
Though OpsGenie does have a number of string processing functions built in, it doesn’t have a mapping function to map a value or range of values to a single value. I thought of a number of ways of mapping these values from having multiple CloudWatch event filters to using rules in OpsGenie. I gave up on the complexity of both of those…
