HAQM GuardDuty
Protect your AWS accounts, workloads, and data with intelligent threat detection
Benefits of HAQM GuardDuty
What is GuardDuty?
HAQM GuardDuty uses AI and ML with integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data from threats.
How it works
HAQM GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
GuardDuty for AWS workload protection
Learn more about how you can apply the broad threat detection coverage in GuardDuty to workloads and resources across your AWS environment.
-
GuardDuty S3 Protection
GuardDuty is capable of analyzing over a trillion HAQM Simple Storage Service (HAQM S3) events per day. Continuously monitor and profile HAQM S3 data access events and S3 configurations to detect suspicious activities such as requests coming from an unusual geolocation, disabling of preventative controls like HAQM S3 Block Public Access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions.
-
GuardDuty EKS Protection
GuardDuty EKS Protection monitors HAQM Elastic Kubernetes Service (HAQM EKS) cluster control plane activity by analyzing HAQM EKS audit logs.
-
GuardDuty Runtime Monitoring
Gain visibility into on-host, operating system-level activity and detect runtime threats from over 30 security findings to help protect your HAQM EKS clusters, HAQM ECS workloads—including serverless workloads on AWS Fargate and HAQM EC2 instances.
Learn more about GuardDuty EKS Runtime Monitoring, ECS Runtime Monitoring, and EC2 Runtime Monitoring.
-
GuardDuty Malware Protection for HAQM EC2
Scan EBS volumes attached to HAQM EC2 instances for malware when GuardDuty detects that one of your EC2 instances or container workloads running on HAQM EC2 is doing something suspicious.
-
GuardDuty Malware Protection for HAQM S3
Detect potentially harmful uploads to your HAQM S3 buckets with integrated, scalable, and fully managed malware scanning.
-
GuardDuty RDS Protection
Using tailored ML models and integrated threat intelligence, GuardDuty can detect potential threats in HAQM Relational Database Service (HAQM RDS), starting with HAQM Aurora, such as high-severity brute force attacks, suspicious logins, and access by known threat actors.
-
GuardDuty Lambda Protection
Continuously monitor network activity, starting with VPC Flow Logs, from your serverless workloads to detect threats such as AWS Lambda functions maliciously repurposed for unauthorized cryptocurrency mining or compromised Lambda functions that are communicating with known threat actor servers.
GuardDuty for AWS workload protection
Learn more about how you can apply the broad threat detection coverage in GuardDuty to workloads and resources across your AWS environment.
-
GuardDuty S3 Protection
GuardDuty is capable of analyzing over a trillion HAQM Simple Storage Service (HAQM S3) events per day. Continuously monitor and profile HAQM S3 data access events and S3 configurations to detect suspicious activities such as requests coming from an unusual geolocation, disabling of preventative controls like HAQM S3 Block Public Access, or API call patterns consistent with an attempt to discover misconfigured bucket permissions.
-
GuardDuty EKS Protection
GuardDuty EKS Protection is a GuardDuty feature that monitors HAQM Elastic Kubernetes Service (HAQM EKS) cluster control plane activity by analyzing HAQM EKS audit logs.
-
GuardDuty Runtime Monitoring
Gain visibility into on-host, operating system-level activity and detect runtime threats from over 30 security findings to help protect your HAQM EKS clusters, HAQM ECS workloads—including serverless workloads on AWS Fargate, and HAQM EC2 instances.
Learn more about GuardDuty EKS Runtime Monitoring, ECS Runtime Monitoring, and EC2 Runtime Monitoring.
-
GuardDuty Malware Protection for HAQM EC2
Scan EBS volumes attached to HAQM EC2 instances for malware when GuardDuty detects that one of your EC2 instances or container workloads running on HAQM EC2 is doing something suspicious.
-
GuardDuty Malware Protection for HAQM S3
Detect potentially harmful uploads to your HAQM S3 buckets with integrated, scalable, and fully managed malware scanning.
Learn more »
-
GuardDuty RDS Protection
Using tailored machine learning models and integrated threat intelligence, GuardDuty can detect potential threats in HAQM Relational Database Service (HAQM RDS), starting with HAQM Aurora, such as high-severity brute force attacks, suspicious logins, and access by known threat actors.
-
GuardDuty Lambda Protection
Continuously monitor network activity, starting with VPC Flow Logs, from your serverless workloads to detect threats such as AWS Lambda functions maliciously repurposed for unauthorized cryptocurrency mining, or compromised Lambda functions that are communicating with known threat actor servers.
Use cases
Did you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages.