In the organization’s management account, designate an AWS account as the Amazon GuardDuty administrator account. Within this GuardDuty administrator account, include the company’s existing AWS accounts as GuardDuty members. Subsequently, in the GuardDuty administrator account, establish an Amazon EventBridge rule configured with an event pattern to detect GuardDuty events and forward them to the designated SNS topic.

In the organization’s management account, set up Amazon GuardDuty to automatically add new AWS accounts by sending invitations to both existing and future accounts. Develop an AWS CloudFormation stack set that accepts the GuardDuty invitation and establishes an Amazon EventBridge rule. This rule should be configured with an event pattern to detect GuardDuty events and relay them to the SNS topic. Deploy the CloudFormation stack set across all AWS accounts in the organization.

In the organization’s management account, initiate an AWS CloudTrail organization trail. Enable this trail across all AWS accounts in the organization. Implement a Service Control Policy (SCP) to activate VPC Flow Logs for each account in the organization. Set up AWS Security Hub for the organization. Create an Amazon EventBridge rule with an event pattern to detect Security Hub events and forward them to the SNS topic.

In the organization’s management account, assign an AWS account as the AWS CloudTrail administrator account. Within this CloudTrail administrator account, create an organization trail. Incorporate the company’s existing AWS accounts into this organization trail. Enact an SCP to enable VPC Flow Logs for each account in the organization. Configure AWS Security Hub for the organization. Establish an Amazon EventBridge rule with an event pattern to detect Security Hub events and forward them to the SNS topic.