Amazon GuardDuty Threat Detection
Managed Threat Detection
ML-powered threat detection using CloudTrail/VPC Flow Logs.
Detection Types
Reconnaissance: - Port scanning - Infrastructure discovery Instance Compromise: - Cryptojacking - Backdoor access Account Compromise: - IAM credential abuse - Suspicious API calls S3 Data Access: - Unusual data access patterns - Data exfiltration
Findings Format
- JSON format with severity (Low/Med/High)
- EventBridge/SNS integration
- Suppression rules
- Multi-account aggregation