Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following Data sources: VPC Flow Logs, AWS CloudTrail management event logs, Cloudtrail S3 data event logs, and DNS logs. It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within the AWS environment.
Questions tagged [amazon-guardduty]
19 questions
0
votes
1 answer
Boto3 Guard Duty Put Target is having error while executing
I am creating boto3 for Cloudwatch rule and I have the following error when i use client.put_targets function.
https://boto3.amazonaws.com/v1/documentation/api/1.9.42/reference/services/events.html#CloudWatchEvents.Client.put_targets
raiseā¦
Arun
- 81
- 1
- 9
0
votes
0 answers
Monitoring Linux logs for an ec2 instance
How do I monitor Linux logs for an ec2 instance? I was thinking of using guard duty but came to know that it doesn't scan the os logs. How do I ensure that if any kind of attack/security threat happens into the ec2 instance I get notifiedā¦
Murchana Adhikary
- 15
- 6
0
votes
1 answer
AWS GuardDuty invitation
Do I need to enable GuardDuty in the "monitored" account before receiving the invitation?
I am trying to figure out whether or not the admin of the monitored account will be able to receive the invitation at all if the service is not enabled.
Hector Lugo
- 23
- 4
-1
votes
2 answers
Guard duty and vpc flow log
We have enabled vpc flow logs which are stored in s3 bucket. We have also enabled guard duty and i see it analyze vpc logs.
Anybody have suggestions, do we still need Athena table to point to S3 bucket for analyzing logs Or guard duty is sufficient
chandni mirchandani
- 121
- 1
- 13