Amazon GuardDuty is a detective service. It monitors continuously for unauthorized behavior to help you to protect your AWS account and workloads. It monitors for activities such as API calls or unauthorized developments that indicate a possible account comparison. AWS GuardDuty also protects instances by attackers.
How it Works
GuardDuty analyzes AWS CloudTrail logs, VPC Flow Logs, and DNS query logs to generate security findings. Amazon GuardDuty then uses this data to look for incorrect patterns within our AWS account that could indicate the potential threats to our environment. These threats are behavioral-based where a resource has been compromised by an account, API calls that site outside, or even communication for the suspicious resource.
It provides automatic and continuous security analysis for safeguarding your entire AWS environment. Any finding generates by the services ae present and issues with priority levels that enables you to investigate the issue further to ensure that your environment is not unexposed unnecessarily.
The more you work with your account, the more the amazon will able to distinguish between intend operation changes and that of unusual behavior that site outside of your normal parameter operations.
TO ACCESS GUARD DUTY – Demo
Go to AWS Management console, type “GuardDuty” and select it.
Click on “Get Started”
Click on “Enable GuardDuty”
Thus, in this way GuardDuty enables. Once GuardDuty enables it started picking input from AWS CloudTrail logs, VPC Flow Logs, and DNS query log etc. GuardDuty provided suggestion based on these logs.