- Amazon GuardDuty is a continuous security monitoring service that analyzes and processes from different data sources.
- Data source Including: CloudTrail (Event Logs, Management events, Data event for S3), VPC Flow logs, DNS logs, EBS Volume, Kubernetes audit logs.
- You don’t have to enable logging at each of those Data sources as GuardDuty will pull all required logs independently without assigning or changing any permissions.
- It uses threat intelligence feeds, machine learning anomaly detection, and malware scanning.
- It monitors AWS account access behavior for signs of compromise.
- Regional Service.
- Practical examples GuardDuty can detect: Reconnaissance (Gathering information about network), Instance compromise (Cryptocurrency mining), Account compromise, Bucket compromise, Malware detection, Container compromise.
- This service cost is calculated by the Volume of analyzed service logs and the volume of data scanned for malware.
- Every account has 30 days trail cost “you have access to You have access to the full feature set and detections during the free trial”, and after 7 days you will have a cost estimation to help you predicate the actual cost after trial period ends.
References:
https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html
Top comments (0)