GuardDuty

Guard Duty is an automatic threat detection service which reviews data from supported services and attempts to identify any events outside of the 'norm' for a given AWS account or Accounts.

• Intelligent threat detection service

• Detects account compromise, instance compromise, malicious reconnaissance, and bucket compromise

• Continuous monitoring for events across:

  • AWS CloudTrail Management Events

  • AWS CloudTrail S3 Data Events

  • Amazon VPC Flow Logs

  • DNS Logs