Software Development

Amazon GuardDuty

Intelligent Threat discovery to protect your AWS Account
Uses Machine Learning algorithms, anomaly detection, 3rd party data
One click to enable (30 days trial), no need to install software
Input data includes:
- CloudTrail Events Logs – unusual API calls, unauthorized deployments
  - CloudTrailManagement Events – create VPC subnet, create trail,...
  - CloudTrail S3 Data Events – get object, list objects, delete object,...
- VPC Flow Logs – unusual internal traffic, unusual IP address
- DNS Logs – compromised EC2 instances sending encoded data within DNS queries
- Optional Features – EKS Audit Logs, RDS & Aurora, EBS, Lambda, S3 Data Events...
Can setup EventBridge rules to be notified in case of findings
EventBridge rules can target AWS Lambda or SNS
Can protect against CryptoCurrency attacks (has a dedicated “finding” for it)

PreviousAWS Artifact (not really a service)NextAmazon Inspector

Last updated 1 year ago