Amazon GuardDuty

Amazon GuardDuty API

The Amazon GuardDuty API provides programmatic access to manage detectors, findings, filters, trusted IP sets, and threat intelligence for continuous threat detection across AWS...

Amazon GuardDuty Threat Detection

Workflow capability for security teams using Amazon GuardDuty for AWS threat detection and response. Covers finding management, detector configuration, threat intelligence integ...

Uses ML and anomaly detection to identify threats without manual configuration or rule management.

Incorporates curated threat intelligence feeds from AWS, CrowdStrike, and Proofpoint for enhanced detection.

Monitor all accounts in an AWS Organization from a central administrator account.

Analyzes CloudTrail, VPC Flow Logs, DNS logs, and S3 access logs 24/7 without performance impact.

Automatically prioritizes findings by severity (Low, Medium, High) for efficient response.

Scans EC2 instance volumes and S3 objects for malware and known threats.

Detect compromised AWS credentials and unauthorized API calls using ML-based anomaly detection.

Identify suspicious behavior from privileged users or compromised internal accounts.

Detect and alert on unauthorized cryptocurrency mining using EC2 or Lambda resources.

Scan workloads and data for malware and ransomware threats.

Identify unusual data access patterns and potential exfiltration from S3 buckets.

Automatically send GuardDuty findings to Security Hub for centralized security management.

Trigger automated responses to findings using EventBridge rules and Lambda functions.

Enable GuardDuty organization-wide for centralized multi-account threat monitoring.

Investigate GuardDuty findings in depth using Detective for root cause analysis.

Combine with Macie for comprehensive data security and threat detection.

Amazon Guardduty Context

247 classes · 297 properties

Amazon GuardDuty API Rules

8 rules · 5 errors 2 warnings 1 info