GuardDuty

Introduction

  • An intelligent threat discovery (use machine learning algorithms, anomaly detection, 3rd party data) to protect AWS Account.

Feature

  • One-click to enable (30 days trial), no need to install software or set up configurations.

  • Inputs:

    • CloudTrail Logs: unusual API calls, unauthorized deployments.

    • VPC Flow Logs: unusual internal traffic, unusual IP address

    • DNS Logs: compromised EC2 instances sending encoded data within DNS queries.

  • Output:

    • CloudWatch event to send notifications.

PreviousCost Allocation TagsNextSavings Plans

Last updated