AWS GuardDuty
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts, workloads, and data. It analyzes VPC Flow Logs, CloudTrail events, and DNS logs to identify threats.
Findings
No description available.
attack_sequence_findings
AWS GuardDuty Extended Threat Detection attack sequence findings detecting multi-stage attacks across EKS, ECS, EC2, IAM, and S3 resources using proprietary correlation algorithms
ec2_findings
AWS GuardDuty EC2 finding types including backdoor communications, cryptocurrency mining, brute force attacks, port scans, malicious domain queries, Tor network usage, and defense evasion activities
eks_protection_findings
AWS GuardDuty EKS Protection finding types detecting threats against Amazon EKS clusters through Kubernetes audit logs analysis, including malicious file execution, privilege escalation, credential access, container escape, cluster deletion, and defense evasion activities
iam_findings
AWS GuardDuty IAM finding types including anomalous behaviors for credential access, defense evasion, privilege escalation, data exfiltration, root credential usage, API calls from malicious IPs or Tor nodes, and CloudTrail logging manipulation
lambda_protection_finding
AWS GuardDuty Lambda Protection finding types detecting threats against AWS Lambda functions through network activity monitoring, including command and control communications, cryptocurrency mining, trojan activity, malicious IP access, and Tor network usage
malware_protection_backup_finding
AWS GuardDuty Malware Protection for Backup finding types detecting malicious files in EBS snapshots, EC2 AMIs, AWS Backup EC2 Recovery Points, and AWS Backup S3 Recovery Points through backup scanning, including trojans, backdoors, viruses, ransomware, spyware, rootkits, miners, worms, and potentially unwanted applications
malware_protection_ec2_finding
AWS GuardDuty Malware Protection for EC2 finding types detecting malicious and suspicious files on EC2 instances, ECS clusters, Kubernetes clusters, and containers through EBS volume scanning, including trojans, backdoors, viruses, adware, spyware, ransomware, rootkits, miners, and worms
malware_protection_s3_finding
AWS GuardDuty Malware Protection for S3 finding type detecting malicious files in S3 objects during upload-triggered scans, including trojans, backdoors, viruses, ransomware, spyware, rootkits, miners, worms, and adware
rds_protection_finding
AWS GuardDuty RDS Protection finding types detecting anomalous login behavior, malicious IP access, and Tor network usage on Amazon Aurora, Amazon RDS, and Aurora Limitless databases through RDS login activity monitoring, including successful logins, failed logins, brute force attacks, and database probing
runtime_monitoring_findings
AWS GuardDuty Runtime Monitoring finding types detecting threats based on operating system-level behavior from Amazon EC2 hosts and containers in Amazon EKS clusters, Amazon ECS workloads, and Fargate tasks, including malicious file execution, privilege escalation, container escape, process injection, cryptocurrency mining, command and control activity, and defense evasion techniques
s3_protection_findings
AWS GuardDuty S3 Protection finding types detecting threats against S3 buckets and data through CloudTrail S3 data events and management events, including discovery, exfiltration, policy modifications, and malicious access attempts