What is AWS guard duty used for?
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, Amazon Elastic Compute Cloud (EC2) workloads, container applications, Amazon Aurora databases (Preview), and data stored in Amazon Simple Storage Service (S3).
Use Cases
Improve security operations visibility
Gain insight into compromised credentials, unusual data access in Amazon Simple Storage Service (S3), suspicious Amazon Aurora (Preview) logins, and API calls from known malicious IP addresses.
Assist security analysts in investigations
Receive security event findings with context, metadata, and impacted resource details, and determine their root cause using GuardDuty console integration with Amazon Detective.
Identify files containing malware
Scan Amazon Elastic Block Store (EBS) for files with malware creating suspicious behavior on instances and container workloads running on Amazon Elastic Compute Cloud (EC2).
Route insightful information on security findings
Route findings to your preferred operational tools using integrations with AWS Security Hub and Amazon EventBridge.