IuriiO Notebook
Search…
GuardDuty
  • It is a managed threat detection service
  • Continuously monitors multiple AWS accounts for malicious activity or unusual behavior
  • Detection types
    • Reconnaissance attacks - brute force, port scans, port probes, etc
    • Instance compromises - malicious communications, spambot activities, outbound SSH brute force attacks, EC2 credential exfiltration, etc
    • Account compromises - malicious API calls, disabled CloudTrail, password compromises
  • Simple dashboard view
  • CloudWatch event triggers, with further partner integrations: Splunk, CrowdStrike, SumoLogic, etc.
  • Behavioral anomalies
  • Monitors CloudTrail, VPC flow logs and more
  • Continually updated
    • Public Security intelligence feeds
    • Malicious IP addresses
    • Partner intelligence feeds
    • Machine learning models
    • Abnormal behavior
Last modified 2yr ago
Copy link