Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Detect when an AWS GuardDuty finding has been raised.
AWS GuardDuty is a native threat detection service that monitors:
- CloudTrail management events
- AWS CloudTrail data events for Amazon S3
- DNS logs
- Kubernetes audit logs
- Amazon VPC flow logs
- RDS login activity monitoring
It also analyzes Amazon EBS volume data for Malware Protection in Amazon GuardDuty. With these data sources, GuardDuty generates security findings for your account.
- Investigate the GuardDuty finding to determine if it is malicious or benign.
- If the finding is deemed malicious, follow the remediation guidance provided by Amazon along with any internal incident response processes.
- Otherwise findings can be managed to reduce false positives through:
- 7 September 2023 - Updated group by value for EC2 query.
- 28 November 2023 - Added query for Runtime findings.
- 19 December 2023 - Added query for Runtime findings from ECS clusters.
- 9 December 2024 - Added query for Attack sequence findings and critical severity.
