Posted On: Nov 15, 2019

Amazon GuardDuty customers can now export findings to Amazon S3 using the GuardDuty management console and API. With findings export, aggregating findings from across regions is simplified. When configured from the GuardDuty master account, customers can export findings from all associated member accounts and all AWS regions to a single customer owned S3 bucket. The S3 bucket used can be in the same account in which GuardDuty is enabled, or in a different AWS account. Once Findings export is configured in each Region, Amazon GuardDuty findings are automatically exported from GuardDuty to the configured Amazon S3 bucket. This feature enhancement gives customers a simplified way to aggregate all findings to a single customer owned Amazon S3 bucket across all accounts and regions for integration with other AWS services, third-party applications, or for long-term retention.  

To learn more, see Findings export in the GuardDuty User Guide

To receive programmatic updates on new Amazon GuardDuty features and threat detections, please subscribe to the Amazon GuardDuty SNS topic

Available globally, Amazon GuardDuty continuously monitors for malicious or unauthorized behavior to help protect your AWS resources, including your AWS accounts and access keys. GuardDuty identifies unusual or unauthorized activity, like cryptocurrency mining or infrastructure deployments in a region that has never been used. Powered by threat intelligence and machine learning, GuardDuty is continuously evolving to help you protect your AWS environment. 

You can enable your 30-day free trial of Amazon GuardDuty with a single-click in the AWS Management console. Please see the AWS Regions page for all the regions where GuardDuty is available. To learn more, see Amazon GuardDuty Findings and to start your 30-day free trial, see Amazon GuardDuty Free Trial