- Provides continuous analysis on logfiles:
- VPC Flow logs
- DNS logs
- Integrated threat intelligence, machine learning to identify threats
- Review findings in console, or w/ event management
Can it be an eventbridge trigger?
- You bet your bottom dollar
Where can results go?
- S3 bby
How’s it different from Inspector?
- Guardduty = Overall account, logs
- Inspector = specific applications
How’s it different from Macie?
- Macie is more about s3 data security / privacy
- GuardDuty = whole account