GuardDuty

It is a managed threat detection service
Continuously monitors multiple AWS accounts for malicious activity or unusual behavior
Detection types
- Reconnaissance attacks - brute force, port scans, port probes, etc
- Instance compromises - malicious communications, spambot activities, outbound SSH brute force attacks, EC2 credential exfiltration, etc
- Account compromises - malicious API calls, disabled CloudTrail, password compromises
Simple dashboard view
CloudWatch event triggers, with further partner integrations: Splunk, CrowdStrike, SumoLogic, etc.
Behavioral anomalies
Monitors CloudTrail, VPC flow logs and more
Continually updated
- Public Security intelligence feeds
- Malicious IP addresses
- Partner intelligence feeds
- Machine learning models
- Abnormal behavior

Last updated 5 years ago

Was this helpful?

It is a managed threat detection service
Continuously monitors multiple AWS accounts for malicious activity or unusual behavior
Detection types
- Reconnaissance attacks - brute force, port scans, port probes, etc
- Instance compromises - malicious communications, spambot activities, outbound SSH brute force attacks, EC2 credential exfiltration, etc
- Account compromises - malicious API calls, disabled CloudTrail, password compromises
Simple dashboard view
CloudWatch event triggers, with further partner integrations: Splunk, CrowdStrike, SumoLogic, etc.
Behavioral anomalies
Monitors CloudTrail, VPC flow logs and more
Continually updated
- Public Security intelligence feeds
- Malicious IP addresses
- Partner intelligence feeds
- Machine learning models
- Abnormal behavior

Last updated 5 years ago

Was this helpful?