Difference between revisions of "Amazon GuardDuty"

Latest revision as of 09:33, 12 February 2024

Compromised EC2 instances mining bitcoin
An attacker scanning your web servers for known application vulnerabilities
GuardDuty does not process requests to objects that you have made publicly accessible, but it does alert you when a bucket is made publicly accessible

@@ Line 3: / Line 3: @@
 ** CloudTrail management events: activated by default, cannot be disabled.
 ** [[S3 protection]]: S3 data events (Jul 2020)<ref>https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/</ref>, full list https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html
-* [[VPC Flow]] Logs
+** [[EC2 Instance Credential Exfiltration]] ([[AWS timeline|Jan 2022]]) <ref>https://aws.amazon.com/blogs/aws/amazon-guardduty-enhances-detection-of-ec2-instance-credential-exfiltration/</ref>
+* [[VPC Flow Logs]]
 * [[DNS query logs]]
@@ Line 30: / Line 32: @@
 * [[CrowdStrike]]
 * [[AWS CloudTrail Insights]]
+* [[AWS Guardrails in AWS Control Tower]]
+* <code>[[EC2 instance i-XXXXXXX is communicating with IP address 163.x.x.x.x on the Tor Anonymizing Proxy network marked as an Entry node. Jump to navigationJump to search]]</code>
+* [[aws-guardduty-agent]]
 == Activities ==
@@ Line 35: / Line 40: @@
 * Read FAQ: https://aws.amazon.com/guardduty/faqs/
 * Read https://stackoverflow.com/questions/tagged/amazon-guardduty?tab=Votes
+* Alarms: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html
+* https://github.com/aws-samples/amazon-guardduty-for-aws-organizations-with-terraform
 == See also ==