Skip to main content
  1. Projects/
  2. AWS DevOps Pro Certification/
  3. 4: Incident and Event Response/

2: GuardDuty

·1 min

What’s GuardDuty?

  • Provides continuous analysis on logfiles:
    • VPC Flow logs
    • CloudTrail
    • DNS logs
  • Integrated threat intelligence, machine learning to identify threats
  • Review findings in console, or w/ event management

Can it be an eventbridge trigger?

  • You bet your bottom dollar

Where can results go?

  • S3 bby

How’s it different from Inspector?

  • Guardduty = Overall account, logs
  • Inspector = specific applications

How’s it different from Macie?

  • Macie is more about s3 data security / privacy
  • GuardDuty = whole account