Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

From Cramsession
< Study Guides‎ | AWS Cybersecurity Notes
Revision as of 01:14, 22 May 2026 by Mflavell (talk | contribs) (Created page with " = Amazon Guard Duty = This is a managed threat detection service. :* Uses machine learning :* Can process millions of events, captured by: ::* CloudTrail ::* DNS (Route 53) ::* VPC Flow longs This service learns what is normal in the account to find abnormal actions. :* Can detect connections with unisal sources. :* EG: data been exfiltrated to a remote FTP server This is a ''always on'' service: :* Issues can be found without incurring a performance hit....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials

Amazon Guard Duty

This is a managed threat detection service.

  • Uses machine learning
  • Can process millions of events, captured by:
  • CloudTrail
  • DNS (Route 53)
  • VPC Flow longs


This service learns what is normal in the account to find abnormal actions.

  • Can detect connections with unisal sources.
  • EG: data been exfiltrated to a remote FTP server


This is a always on service:

  • Issues can be found without incurring a performance hit.
  • No local agentds are requires - this is Security as a Service.
  • No upfront costs with GuardDuty.
  • Installs in One Click no configuration nightmares.


Additionally:

  • Coverage is global.
  • Can detect intel-based well known threats
  • Can find behaviour based threats
  • Can monitor security over different accounts


VPC Flow logs

Retrieved from "https://cramsession.net/index.php?title=Study_Guides/AWS_Cybersecurity_Notes/Security_Hub_%26_Guard_Duty&oldid=1623"