Difference between revisions of "Amazon GuardDuty"

From wikieduonline
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[wikipedia:Amazon GuardDuty]] ([[AWS timeline|Nov 2017]]) <ref>https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-amazon-guardduty-intelligent-threat-detection/</ref> [[threat detection]] uses
 
[[wikipedia:Amazon GuardDuty]] ([[AWS timeline|Nov 2017]]) <ref>https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-amazon-guardduty-intelligent-threat-detection/</ref> [[threat detection]] uses
 
* [[AWS CloudTrail]] logs:
 
* [[AWS CloudTrail]] logs:
** CloudTrail management events: activated by default, cannot be disabled.
+
** [[CloudTrail management events]]: activated by default, cannot be disabled.
 
** [[S3 protection]]: S3 data events (Jul 2020)<ref>https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/</ref>, full list https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html
 
** [[S3 protection]]: S3 data events (Jul 2020)<ref>https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/</ref>, full list https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html
 
** [[EC2 Instance Credential Exfiltration]] ([[AWS timeline|Jan 2022]]) <ref>https://aws.amazon.com/blogs/aws/amazon-guardduty-enhances-detection-of-ec2-instance-credential-exfiltration/</ref>
 
** [[EC2 Instance Credential Exfiltration]] ([[AWS timeline|Jan 2022]]) <ref>https://aws.amazon.com/blogs/aws/amazon-guardduty-enhances-detection-of-ec2-instance-credential-exfiltration/</ref>
Line 34: Line 34:
 
* [[AWS Guardrails in AWS Control Tower]]
 
* [[AWS Guardrails in AWS Control Tower]]
 
* <code>[[EC2 instance i-XXXXXXX is communicating with IP address 163.x.x.x.x on the Tor Anonymizing Proxy network marked as an Entry node. Jump to navigationJump to search]]</code>
 
* <code>[[EC2 instance i-XXXXXXX is communicating with IP address 163.x.x.x.x on the Tor Anonymizing Proxy network marked as an Entry node. Jump to navigationJump to search]]</code>
* [[aws-guardduty-agent]]
+
* <code>[[aws-guardduty-agent]]</code>
 
* [[AWS IAM Access Analyzer]]
 
* [[AWS IAM Access Analyzer]]
 +
* [[S3 security]]
  
 
== Activities ==  
 
== Activities ==  

Latest revision as of 08:49, 19 June 2024

wikipedia:Amazon GuardDuty (Nov 2017) [1] threat detection uses

Detection examples[edit]

  • Compromised EC2 instances mining bitcoin
  • An attacker scanning your web servers for known application vulnerabilities
  • GuardDuty does not process requests to objects that you have made publicly accessible, but it does alert you when a bucket is made publicly accessible

Cost[edit]


Formats[edit]

  • TXT
  • STIX
  • OTX_CSV
  • ALIEN_VAULT
  • PROOF_POINT
  • FIRE_EYE

Related[edit]

Activities[edit]

See also[edit]

  • https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-amazon-guardduty-intelligent-threat-detection/
  • https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/
  • https://aws.amazon.com/blogs/aws/amazon-guardduty-enhances-detection-of-ec2-instance-credential-exfiltration/
  • Advertising: