Amazon GuardDuty
Protect your AWS accounts, workloads, and data with intelligent threat detectionBenefits of GuardDuty
What is GuardDuty?
Amazon GuardDuty combines ML and integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data from threats.
How it works
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
GuardDuty for AWS workload protection
Learn more about how you can apply the broad threat detection coverage in GuardDuty to workloads and resources across your AWS environment.
-
GuardDuty S3 Protection
GuardDuty is capable of analyzing over a trillion Amazon Simple Storage Service (Amazon S3) events per day. Continuously monitor and profile Amazon S3 data access events and S3 configurations to detect suspicious activities such as requests coming from an unusual geolocation, disabling of preventative controls like S3 block public access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions.
-
GuardDuty EKS Protection
GuardDuty EKS Protection is a GuardDuty feature that monitors Amazon Elastic Kubernetes Service (Amazon EKS) cluster control plane activity by analyzing Amazon EKS audit logs.
-
GuardDuty EKS Runtime Monitoring
Detect runtime threats from over 30 security findings to protect your Amazon EKS clusters. EKS Runtime Monitoring uses a fully managed EKS add-on that adds visibility into individual container runtime activities, such as file access, process execution, and network connections.
-
GuardDuty ECS Runtime Monitoring
Gain visibility into on-host operating system–level activities and container-level context into potential threats to your Amazon Elastic Container Service (Amazon ECS) workloads—including serverless workloads on AWS Fargate.
-
GuardDuty EC2 Runtime Monitoring
GuardDuty EC2 Runtime Monitoring continuously monitors for malicious activity and unauthorized behavior. It gives you near real-time visibility into on-host, operating system-level activities occurring across your Amazon EC2 workloads.
-
GuardDuty Malware Protection
Scan workloads for malware when GuardDuty detects that one of your EC2 instances or container workloads running on EC2 is doing something suspicious.
-
GuardDuty RDS Protection
Using tailored ML models and integrated threat intelligence, GuardDuty can detect potential threats in Amazon Relational Database Service (Amazon RDS), starting with Amazon Aurora, such as high-severity brute force attacks, suspicious logins, and access by known threat actors.
-
GuardDuty Lambda Protection
Continuously monitor network activity, starting with VPC Flow Logs, from your serverless workloads to detect threats such as AWS Lambda functions maliciously repurposed for unauthorized cryptocurrency mining or compromised Lambda functions that are communicating with known threat actor servers.
GuardDuty for AWS workload protection
Learn more about how you can apply the broad threat detection coverage in GuardDuty to workloads and resources across your AWS environment.
-
GuardDuty S3 Protection
GuardDuty is capable of analyzing over a trillion Amazon Simple Storage Service (Amazon S3) events per day. Continuously monitor and profile Amazon S3 data access events and S3 configurations to detect suspicious activities such as requests coming from an unusual geolocation, disabling of preventative controls like S3 block public access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions.
-
GuardDuty EKS Protection
GuardDuty EKS Protection is a GuardDuty feature that monitors Amazon Elastic Kubernetes Service (Amazon EKS) cluster control plane activity by analyzing Amazon EKS audit logs.
-
GuardDuty EKS Runtime Monitoring
Detect runtime threats from over 30 security findings to protect your Amazon EKS clusters. EKS Runtime Monitoring uses a fully-managed EKS add-on that adds visibility into individual container runtime activities, such as file access, process execution, and network connections.
-
GuardDuty ECS Runtime Monitoring
Gain visibility into on-host operating system–level activities and container-level context into potential threats to your Amazon Elastic Container Service (Amazon ECS) workloads—including serverless workloads on AWS Fargate.
-
GuardDuty EC2 Runtime Monitoring
GuardDuty EC2 Runtime Monitoring continuously monitors for malicious activity and unauthorized behavior. It gives you near real-time visibility into on-host, operating system-level activities occurring across your Amazon EC2 workloads.
-
GuardDuty Malware Protection
Scan workloads for malware when GuardDuty detects that one of your Amazon EC2 instances or container workloads running on Amazon EC2 is doing something suspicious.
-
GuardDuty RDS Protection
Using tailored machine learning models and integrated threat intelligence, GuardDuty can detect potential threats in Amazon Relational Database Service (Amazon RDS), starting with Amazon Aurora, such as high-severity brute force attacks, suspicious logins, and access by known threat actors.
-
GuardDuty Lambda Protection
Continuously monitor network activity, starting with VPC Flow Logs, from your serverless workloads to detect threats such as AWS Lambda functions maliciously repurposed for unauthorized cryptocurrency mining, or compromised Lambda functions that are communicating with known threat actor servers.