Added GuardDuty Findings Script

Added GuardDuty Findings Script

Author: jgamblin

GuardDuty/findings.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+#Export all GuardDuty Findigns In All Regions.
+
+for region in $(aws ec2 describe-regions --output text | cut -f3)
+do
+  detector=$(aws guardduty list-detectors --region="$region" --output text | cut -f2)
+    for finding in $(aws guardduty list-findings --detector-id="$detector" --region="$region" | grep -v -e \{ -e "\[" -e \] -e \} | tr -d '"' | tr -d ',' | tr -d ' ')
+       do
+       aws guardduty get-findings --detector-id="$detector" --finding-id="$finding" --region="$region" > "$region-$finding".json
+       printf "Exporting Finding: %s-%s.json \n" "$region" "$finding"
+       done
+done

README.md

@@ -22,7 +22,9 @@ You will need the [AWS-CLI](https://aws.amazon.com/cli/) installed and configure
 
 **_EC2/SecurityGroups/removessh.sh_**: Removes rules allowing SSH access from your current public IP address.
 
-**_GuardDuty/enale.sh_**: Enables GuardDuty in all avalbile regions. 
+**_GuardDuty/enale.sh_**: Enables GuardDuty in all available regions.
+
+**_GuardDuty/findings.sh_**: Exports all GuardDuty findings to .json files. 
 
 ## Important Notice
 *I likely dont know what I am doing and this could be done faster, better and simpler some other way. These scripts could also break your cloud and make you cry.*