AWS GuardDuty Concept




Amazon GuardDuty is a detective service. It monitors continuously for unauthorized behavior to help you to protect your AWS account and workloads. It monitors for activities such as API calls or unauthorized developments that indicate a possible account comparison. AWS GuardDuty also protects instances by attackers.


How it Works


GuardDuty analyzes AWS CloudTrail logs, VPC Flow Logs, and DNS query logs to generate security findings. Amazon GuardDuty then uses this data to look for incorrect patterns within our AWS account that could indicate the potential threats to our environment. These threats are behavioral-based where a resource has been compromised by an account, API calls that site outside, or even communication for the suspicious resource.

It provides automatic and continuous security analysis for safeguarding your entire AWS environment. Any finding generates by the services ae present and issues with priority levels that enables you to investigate the issue further to ensure that your environment is not unexposed unnecessarily.

The more you work with your account, the more the amazon will able to distinguish between intend operation changes and that of unusual behavior that site outside of your normal parameter operations.



Go to AWS Management console, type “GuardDuty” and select it.

AWS GuardDuty

Click on “Get Started

AWS GuardDuty Get Started

Click on “Enable GuardDuty


Another AWS Concept that you should know- SNOWBALL


Thus, in this way GuardDuty enables. Once GuardDuty enables it started picking input from AWS CloudTrail logs, VPC Flow Logs, and DNS query log etc. GuardDuty provided suggestion based on these logs.

Leave a Reply

%d bloggers like this: