DEV Community

Toony Mustafa
Toony Mustafa

Posted on

AWS GuardDuty

  • Amazon GuardDuty is a continuous security monitoring service that analyzes and processes from different data sources.
  • Data source Including: CloudTrail (Event Logs, Management events, Data event for S3), VPC Flow logs, DNS logs, EBS Volume, Kubernetes audit logs.
  • You don’t have to enable logging at each of those Data sources as GuardDuty will pull all required logs independently without assigning or changing any permissions.
  • It uses threat intelligence feeds, machine learning anomaly detection, and malware scanning.
  • It monitors AWS account access behavior for signs of compromise.
  • Regional Service.
  • Practical examples GuardDuty can detect: Reconnaissance (Gathering information about network), Instance compromise (Cryptocurrency mining), Account compromise, Bucket compromise, Malware detection, Container compromise.
  • This service cost is calculated by the Volume of analyzed service logs and the volume of data scanned for malware.
  • Every account has 30 days trail cost “you have access to You have access to the full feature set and detections during the free trial”, and after 7 days you will have a cost estimation to help you predicate the actual cost after trial period ends.

References:
https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html
Image description

Top comments (0)