GuardDuty is an intelligent threat detection service
identifies malicious activity or unauthorised activities, such as anomalous behaviour, credential exfiltration, or command and control infrastructure (C2) communication is detected.
GuardDuty provides broad security monitoring of your AWS accounts, workloads, and data to help identify threats, such as attacker reconnaissance; instance, account, bucket, or Amazon EKS cluster compromises; and malware
GuardDuty is a regional service
GuardDuty analyses CloudTrail data events for Amazon S3 logs, CloudTrail management event logs, DNS logs, Amazon EBS volume data, Kubernetes audit logs, Amazon VPC flow logs, and RDS login activity.
Able to send notifications using cloudwatch events.
produces security reports called findings.
GuardDuty does not look at historical data,
GuardDuty operates completely independent of your AWS resources and therefore should have no impact on the performance or availability of your accounts or workloads.
GuardDuty does not manage or retain your logs
Not capable of doing any resource changes, like rate-limiting protection or DDOS attack migration.
https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html.
Unauthorised infra, unusual api calls, password strengths etc,,,
No comments:
Post a Comment