Amazon GuardDuty · Capability

Amazon GuardDuty Threat Detection

Workflow capability for security teams using Amazon GuardDuty for AWS threat detection and response. Covers finding management, detector configuration, threat intelligence integration, and automated response workflows.

Run with Naftiko Amazon GuardDutyThreat DetectionSecurity OperationsIncident ResponseAWS

What You Can Do

GET

List detectors — List all GuardDuty detectors

/v1/detectors

POST

Create detector — Enable GuardDuty for an account

/v1/detectors

GET

List findings — List threat findings

/v1/findings

POST

Archive findings — Archive reviewed findings

/v1/findings

POST

Create filter — Create a finding filter

/v1/filters

GET

List threat intel sets — List threat intelligence sets

/v1/threat-intel

MCP Tools

list-detectors

List all active GuardDuty detectors across the account

read-only

get-detector-status

Get the configuration and status of a GuardDuty detector

read-only

list-threat-findings

List active threat findings detected by GuardDuty with severity filters

read-only

get-finding-details

Get detailed information about specific threat findings including full context

read-only

archive-findings

Archive threat findings that have been reviewed and resolved

create-finding-filter

Create a suppression filter to reduce noise from benign findings

list-finding-filters

List all finding suppression filters

read-only

list-trusted-ip-sets

List trusted IP address sets excluded from threat detection

read-only

create-trusted-ip-set

Create a trusted IP set to exclude known safe IPs from alerts

list-threat-intel-sets

List threat intelligence sets used for enhanced detection

read-only

get-findings-statistics

Get finding statistics and severity counts for security posture overview

read-only

list-members

List member accounts monitored by this GuardDuty administrator account

read-only

APIs Used

amazon-guardduty