Amazon GuardDuty

aws/security aws/service

💡 Definition

Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and unauthorized behavior to protect your AWS resources.

🔑 Key Concepts

⚙️ How it Works

When enabled, GuardDuty immediately starts monitoring activity across your AWS account using its internal threat intelligence feeds. For example, it can detect if an EC2 instance is communicating with a known malicious IP address, or if there's an unusual API call made from an unauthorized location through CloudTrail. Findings are delivered to the GuardDuty console, AWS Security Hub, and Amazon EventBridge (formerly CloudWatch Events).

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * AWS Security Hub * CloudTrail * VPC Flow Logs * AWS Config