AWS Guard Duty : Intelligent Threat Detection Service
Alerting & Monitoring
AWS Guard Duty can send alert to the Guard Duty console or trigger Cloud Watch events based on the findings making the alerts actionable and easy to integrate to the event management & workflow systems.
Ease of Use & Cost
AWS Guard Duty is an easy & cost effective service which is not required to deploy and maintain software or security infrastructure. Also it come with a 30 day free trial for new accounts. After that the charge is based on the events analysed.
Feed for Analysis
There are 3 types of logs which need to be setup to enable Guard Duty,
- DNS Logs
- VPC Flow Logs
- Cloud Trail Logs
How it works
Benefits of Use
- Intelligent Threat Detection
- Collecting, analyzing, and correlating events from AWS CloudTrail, Amazon VPC Flow Logs, and DNS Logs
- Made more accurate by incorporating threat intelligence
- Detect anomalous account and network activities
- Centralize Analysis & Monitoring
- Centralize threat detection by enabling Amazon Guard Duty across all AWS accounts
- Strengthens security through automation
- Set up scripts or AWS Lambda functions to trigger based on findings
Next Article : Enabling AWS Guard Duty - Step by Step Guide
Reference & Image Credit
https://aws.amazon.com/guardduty/
