diff --git a/matchers/matchers.py b/matchers/matchers.py
index bea8026f9..a1200f08f 100644
--- a/matchers/matchers.py
+++ b/matchers/matchers.py
@@ -16,3 +16,7 @@
 from stream_alert.rule_processor.rules_engine import StreamRules
 
 matcher = StreamRules.matcher()
+
+@matcher
+def guard_duty(record):
+    return record['detail-type'] == 'GuardDuty Finding'
diff --git a/rules/community/guardduty/__init__.py b/rules/community/guardduty/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/rules/community/guardduty/guard_duty_all.py b/rules/community/guardduty/guard_duty_all.py
new file mode 100644
index 000000000..7227228c4
--- /dev/null
+++ b/rules/community/guardduty/guard_duty_all.py
@@ -0,0 +1,22 @@
+"""Alert on GuardDuty"""
+from stream_alert.rule_processor.rules_engine import StreamRules
+
+rule = StreamRules.rule
+disable = StreamRules.disable()
+
+
+@rule(logs=['cloudwatch:events'],
+      matchers=['guard_duty'],
+      outputs=['slack:sample-channel'])
+def guard_duty_all(*_):
+    """
+    author:         spiper
+    description:    Alert on GuardDuty events
+    playbook:       (a) identify the AWS account in the log
+                    (b) identify what resource(s) are impacted
+                    (c) contact the point-of-contact for the account
+    testing:        From the GuardDuty AWS page (https://console.aws.amazon.com/guardduty/home)
+                    click the button to "Generate Sample Findings"
+    """
+
+    return True
diff --git a/tests/integration/rules/guardduty/guard_duty_all.json b/tests/integration/rules/guardduty/guard_duty_all.json
new file mode 100644
index 000000000..23fd70f78
--- /dev/null
+++ b/tests/integration/rules/guardduty/guard_duty_all.json
@@ -0,0 +1,24 @@
+{
+  "records": [
+    {
+      "data": {
+          "version": "0",
+          "id": "00000000-0000-0000-0000-000000000000",
+          "detail-type": "GuardDuty Finding",
+          "source": "aws.guardduty",
+          "account": "111111111111",
+          "time": "2018-02-13T18:25:01Z",
+          "region": "us-east-1",
+          "resources": [],
+          "detail": {}
+      },
+      "description": "GuardDuty",
+      "log": "cloudwatch:events",
+      "service": "kinesis",
+      "source": "prefix_cluster1_stream_alert_kinesis",
+      "trigger_rules": [
+        "guard_duty_all"
+      ]
+    }
+  ]
+}
\ No newline at end of file