Show
GuardDuty with Multiple Accounts
GuardDuty Malware Protection
AWS Certification Exam Practice Questions
ReferencesAmazon_GuardDuty
« Back to Glossary Index Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts, workloads, and data stored in Amazon S3. The managed cloud-hosted service immediately begins analyzing the AWS environment once an IT or security administrator enables GuardDuty within the AWS Management Console. GuardDuty is not a free service, although enabling GuardDuty initiates a 30-day free trial. After that, pricing is based on the number of AWS CloudTrail events analyzed per month and the volume of VPC Flow Log and DNS Log data analyzed per month. How Does It Work?The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs. GuardDuty detects three main types of threats:
The service categorizes its alerts into three severity levels: low, medium and high.
Configuring GuardDutyGuardDuty configuration requires administrators to create an Identity and Access Management (IAM) role to allow GuardDuty to query various services including EC2, S3, VPC Flow, and Organizations. It also enables CloudWatch to query the AWS event bus to read GuardDuty events and put those events into a kinesis data stream. « Back to Glossary Index Which of these AWS service that continuously monitors for malicious activity and unauthorized Behaviour?Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, EC2 workloads, container applications, and data stored in Amazon Simple Storage Service (S3).
What should you use to monitor and detect any unauthorized activity inside your AWS account?One example is using Amazon GuardDuty to monitor AWS accounts and workloads for malicious activity and deliver detailed security findings for visibility and remediation. Another tactic is to deploy decoys, also called honeypots, as an effective way to detect suspicious behavior.
Which AWS service can help secure the application and block the malicious traffic?AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
What does GuardDuty check for?GuardDuty provides broad security monitoring of your AWS accounts, workloads, and data to help identify threats, such as attacker reconnaissance; instance, account, bucket, or Amazon EKS cluster compromises; and malware.
|