Start protecting AWS accounts & workloads

AWS accounts enabling GuardDuty for the first time are auto-enrolled in a 30-day free trial

How it works


Amazon GuardDuty can be enabled with a few clicks in the AWS Management console. Once enabled, the service immediately starts analyzing billions of events from AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs.  

The primary detection categories include account compromise, instance compromise, and malicious reconnaissance. The detections, rule sets, and threat intelligence are created, maintained, and updated by AWS Security so you do not have to write rules or detection logic.

When a potential threat is detected, Amazon GuardDuty delivers a detailed security finding to the GuardDuty console and AWS CloudWatch Events. This makes alerts actionable and easy to integrate into existing event management or workflow systems. The findings include the category, resource affected, meta-data associated with the resource. Meta-data might include tags, a severity level, an explanation of the finding, and suggested remediation path.

Discover more Amazon GuardDuty resources

Visit the resources page
Ready to get started?
Sign up
Have more questions?
Contact us