GuardDuty – AWS’s threat detection service.
Amazon GuardDuty is a threat detection service that continuously monitors AWS accounts and workloads for malicious activity. It uses machine learning, anomaly detection, and integrated threat intelligence to identify unexpected behavior. The service features automated response through EventBridge, supports multi-account management, and provides detailed findings with remediation guidance. GuardDuty includes malware protection, supports customization of threat detection, and enables automated remediation through Lambda functions. It analyzes various data sources including VPC Flow Logs, DNS logs, and CloudTrail events.
