Set up and log into your AWS account
Start protecting AWS accounts & workloads
How it works
Amazon GuardDuty can be enabled with a few clicks in the AWS Management console. Once enabled, the service immediately starts analyzing billions of events from AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs.
The primary detection categories include account compromise, instance compromise, and malicious reconnaissance. The detections, rule sets, and threat intelligence are created, maintained, and updated by AWS Security so you do not have to write rules or detection logic.
When a potential threat is detected, Amazon GuardDuty delivers a detailed security finding to the GuardDuty console and AWS CloudWatch Events. This makes alerts actionable and easy to integrate into existing event management or workflow systems. The findings include the category, resource affected, meta-data associated with the resource. Meta-data might include tags, a severity level, an explanation of the finding, and suggested remediation path.