IuriiO Notebook
Home
Search…
Broken Code Notebook
Cloud
AWS
Resources
Compute
Storage & Data Management
Security & Compliance
IAM
Web Identity Federation
Organizations
Service Catalog
Tags and Resource Groups
STS
KMS
GuardDuty
Compliance
Marketplace Security Products
DDOS
Compliance Frameworks
High Availability
Monitoring & Reporting
Networking
Deployment & Provisioning
Automation & Optimization
Application Services
Serverless
Well-Architected Framework
Containers & Services
Docker
Kubernetes
Frontend
Resources
Design
Architecture and Design
Stuff
Japanese
Powered By
GitBook
GuardDuty
It is a managed threat detection service
Continuously monitors multiple AWS accounts for malicious activity or unusual behavior
Detection types
Reconnaissance attacks - brute force, port scans, port probes, etc
Instance compromises - malicious communications, spambot activities, outbound SSH brute force attacks, EC2 credential exfiltration, etc
Account compromises - malicious API calls, disabled CloudTrail, password compromises
Simple dashboard view
CloudWatch event triggers, with further partner integrations: Splunk, CrowdStrike, SumoLogic, etc.
Behavioral anomalies
Monitors CloudTrail, VPC flow logs and more
Continually updated
Public Security intelligence feeds
Malicious IP addresses
Partner intelligence feeds
Machine learning models
Abnormal behavior
Previous
KMS
Next
Compliance
Last modified
2yr ago
Copy link