Difference between revisions of "Amazon GuardDuty"

From wikieduonline
Jump to navigation Jump to search
 
(39 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[wikipedia:Amazon GuardDuty]] ([[AWS timeline|Nov 2017]]) <ref>https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-amazon-guardduty-intelligent-threat-detection/</ref> [[threat detection]] uses [[AWS CloudTrail]] logs, [[VPC Flow]] Logs, and [[DNS query logs]].
+
[[wikipedia:Amazon GuardDuty]] ([[AWS timeline|Nov 2017]]) <ref>https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-amazon-guardduty-intelligent-threat-detection/</ref> [[threat detection]] uses
 +
* [[AWS CloudTrail]] logs:
 +
** [[CloudTrail management events]]: activated by default, cannot be disabled.
 +
** [[S3 protection]]: S3 data events (Jul 2020)<ref>https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/</ref>, full list https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html
 +
** [[EC2 Instance Credential Exfiltration]] ([[AWS timeline|Jan 2022]]) <ref>https://aws.amazon.com/blogs/aws/amazon-guardduty-enhances-detection-of-ec2-instance-credential-exfiltration/</ref>
  
 +
* [[VPC Flow Logs]]
 +
* [[DNS query logs]]
 +
 +
* Homepage: https://aws.amazon.com/guardduty/
 +
 +
== Detection examples ==
 +
* Compromised EC2 instances mining bitcoin
 +
* An attacker scanning your web servers for known application vulnerabilities
 +
* GuardDuty does not process requests to objects that you have made publicly accessible, but it does alert you when a bucket is made publicly accessible
 +
 +
== Cost ==
 
* [[AWS free tier]]: 30 days https://aws.amazon.com/guardduty/pricing/
 
* [[AWS free tier]]: 30 days https://aws.amazon.com/guardduty/pricing/
  
  
 +
== Formats ==
 +
* TXT
 +
* STIX
 +
* OTX_CSV
 +
* ALIEN_VAULT
 +
* PROOF_POINT
 +
* FIRE_EYE
  
 
== Related ==
 
== Related ==
 
* [[AWS CloudTrail]] management event analysis
 
* [[AWS CloudTrail]] management event analysis
 
* [[Delegated Administrator]]
 
* [[Delegated Administrator]]
 +
* [[CrowdStrike]]
 +
* [[AWS CloudTrail Insights]]
 +
* [[AWS Guardrails in AWS Control Tower]]
 +
* <code>[[EC2 instance i-XXXXXXX is communicating with IP address 163.x.x.x.x on the Tor Anonymizing Proxy network marked as an Entry node. Jump to navigationJump to search]]</code>
 +
* <code>[[aws-guardduty-agent]]</code>
 +
* [[AWS IAM Access Analyzer]]
 +
* [[S3 security]]
 +
 +
== Activities ==
 +
* https://aws.amazon.com/premiumsupport/knowledge-center/guardduty-cloudwatch-sns-rule/
 +
* Read FAQ: https://aws.amazon.com/guardduty/faqs/
 +
* Read https://stackoverflow.com/questions/tagged/amazon-guardduty?tab=Votes
 +
* Alarms: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html
 +
* https://github.com/aws-samples/amazon-guardduty-for-aws-organizations-with-terraform
  
 
== See also ==
 
== See also ==
* {{AWS compliance}}
+
* {{aws guardduty}}
 +
* {{GuardDuty}}
 
* {{AWS security}}
 
* {{AWS security}}
  

Latest revision as of 08:49, 19 June 2024

wikipedia:Amazon GuardDuty (Nov 2017) [1] threat detection uses

Detection examples[edit]

  • Compromised EC2 instances mining bitcoin
  • An attacker scanning your web servers for known application vulnerabilities
  • GuardDuty does not process requests to objects that you have made publicly accessible, but it does alert you when a bucket is made publicly accessible

Cost[edit]


Formats[edit]

  • TXT
  • STIX
  • OTX_CSV
  • ALIEN_VAULT
  • PROOF_POINT
  • FIRE_EYE

Related[edit]

Activities[edit]

See also[edit]

  • https://aws.amazon.com/about-aws/whats-new/2017/11/announcing-amazon-guardduty-intelligent-threat-detection/
  • https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/
  • https://aws.amazon.com/blogs/aws/amazon-guardduty-enhances-detection-of-ec2-instance-credential-exfiltration/
    • Retrieved from "https://www.wikieduonline.com/index.php?title=Amazon_GuardDuty&oldid=328912"

    Advertising: