AWS Security Academy · Lesson

How EventBridge Routes Security Events

Understand the event bus that connects findings to actions.

The Event Bus Idea

Amazon EventBridge is a serverless event bus that connects events from AWS services to targets that act on them.

For security, it is the glue between detection and response: a GuardDuty finding becomes an event, EventBridge routes it, and a target like Lambda automatically remediates — all in seconds.

What an Event Is

An event is a JSON message describing something that happened — a finding raised, a resource changed, an API called.

AWS services emit events automatically. Each carries a source, a detail-type, and a detail object with specifics, which together let you match and route precisely.

{
  "source": "aws.guardduty",
  "detail-type": "GuardDuty Finding",
  "detail": { "severity": 8 }
}

All lessons in this course

How EventBridge Routes Security Events
Matching Findings with Event Patterns
Triggering Lambda for Auto-Remediation
Orchestrating Responses with Step Functions

← Back to AWS Security Academy