GuardDuty
- It is a managed threat detection service
- Continuously monitors multiple AWS accounts for malicious activity or unusual behavior
- Detection types
- Reconnaissance attacks - brute force, port scans, port probes, etc
- Instance compromises - malicious communications, spambot activities, outbound SSH brute force attacks, EC2 credential exfiltration, etc
- Account compromises - malicious API calls, disabled CloudTrail, password compromises
- Simple dashboard view
- CloudWatch event triggers, with further partner integrations: Splunk, CrowdStrike, SumoLogic, etc.
- Behavioral anomalies
- Monitors CloudTrail, VPC flow logs and more
- Continually updated
- Public Security intelligence feeds
- Malicious IP addresses
- Partner intelligence feeds
- Machine learning models
- Abnormal behavior
Last modified 2yr ago
Copy link