Category: HAQM GuardDuty

How quickly you respond to security incidents is key to minimizing their impacts. Automating incident response helps you scale your capabilities, rapidly reduce the scope of compromised resources, and reduce repetitive work by security teams. But when you use automation, you also must manage exceptions to standard response procedures. In this post, I provide a […]

In the weeks leading up to re:Invent 2019, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing. How long have you been at AWS, and what do you do as the VP […]

September 9, 2021: HAQM Elasticsearch Service has been renamed to HAQM OpenSearch Service. See details. July 20, 2020:This post has been updated to reflect the new HAQM GuardDuty support for exporting findings to an S3 bucket. July 12, 2019: Due to a feature name change, we’ve updated some examples throughout the post. Note: This blog […]

For more from Steve, follow him on Twitter Customers continue to tell me that our AWS re:Invent conference is a winner. It’s a place where they can learn, meet their peers, and rediscover the art of the possible. Of course, there is always an air of anticipation around what new AWS service releases will be […]

September 9, 2021: HAQM Elasticsearch Service has been renamed to HAQM OpenSearch Service. See details. HAQM GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help protect your AWS accounts and workloads. Enable GuardDuty and it begins monitoring for: Anomalous API activity Potentially unauthorized deployments and compromised instances […]

HAQM GuardDuty is an AWS threat detection service that helps protect your AWS accounts and workloads by continuously monitoring them for malicious and unauthorized behavior. You can enable HAQM GuardDuty through the AWS Management Console with one click. It analyzes billions of events across your AWS accounts and uses machine learning to detect anomalies in […]

April 25, 2023: We’ve updated this blog post to include more security learning resources. When you’re implementing security measures across your AWS resources, you should use a holistic approach that incorporates controls across multiple areas. In the Cloud Adoption Framework (CAF) Security perspective whitepaper, we define these controls across four categories. Directive controls. Establish the […]

HAQM GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. Given the many log types that HAQM GuardDuty analyzes (HAQM Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and DNS logs), you never know what it might discover in your […]

You can always view and manage your HAQM GuardDuty findings on the Findings page in the GuardDuty console or by using GuardDuty APIs with the AWS CLI or SDK. But there’s a quicker and easier way, you can use HAQM Alexa as a conversational interface to review your GuardDuty findings. With Alexa, you can build […]

Oct 3, 2019: We’ve updated a sentence to clarify that AWS services can be used in compliance with GDPR. Today, I’m very pleased to announce that all AWS services can be used in compliance with the General Data Protection Regulation (GDPR). This means that, in addition to benefiting from all of the measures that AWS […]