Amazon GuardDuty

Protect your AWS accounts with intelligent threat detection

Start your 30-day free trial

with the AWS Free Tier

Continuously monitor your AWS accounts, instances, serverless and container workloads, users, databases, and storage for potential threats.

Expose threats quickly using anomaly detection, ML, behavioral modeling, and threat intelligence feeds from AWS and leading third parties.

Mitigate threats early by initiating automated responses.

Quickly and easily scale threat detection across your environment.

How it works

Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

Amazon GuardDuty for AWS workload protection

Amazon GuardDuty analyzes and processes data from foundational data sources to detect anomalies involving AWS Identity and Access Management (IAM) access keys and Amazon Elastic Compute Cloud (Amazon EC2). You can also activate GuardDuty protection plans to analyze additional data from other AWS services in your AWS environment to protect workloads using Amazon S3, Amazon EKS, Amazon RDS, and AWS Lambda.

Use cases

Improve security operations visibility

Gain insight of compromised credentials, unusual data access in Amazon Simple Storage Service (S3), suspicious logins in Amazon Aurora, and API calls from known malicious IP addresses.

Assist analysts in investigations and automate remediation

Receive findings with context, metadata, and impacted resource details. Determine root cause with Amazon Detective. Route findings to AWS Security Hub and Amazon EventBridge.

Identify files containing malware

Scan Amazon Elastic Block Store (EBS) for files that might have malware creating suspicious behavior on instance and container workloads running on Amazon Elastic Compute Cloud (EC2).

Detect and mitigate threats in your container environment

Identify and profile possible malicious or suspicious behavior in container workloads by analyzing Amazon EKS audit logs and container runtime activity.

How to get started

Find out how Amazon GuardDuty works

Learn more about the features and capabilities that GuardDuty offers.

Explore GuardDuty features »

Learn about customers using GuardDuty

See how global companies are using GuardDuty to protect their AWS accounts with intelligent threat detection.

Learn more »

Get started with GuardDuty on the AWS Free Tier

Try GuardDuty for 30 days at no cost and get full access to GuardDuty features and detection findings.

Free trial »

Explore more of AWS