From the course: AWS Essential Training for Administrators
Join today to access over 23,200 courses taught by industry experts.
Amazon GuardDuty - Amazon Web Services (AWS) Tutorial
From the course: AWS Essential Training for Administrators
Amazon GuardDuty
- [Instructor] AWS has a service known as GuardDuty that allows you to continuously analyze information from multiple sources to identify unexpected and potentially malicious activity in your account. It processes information from VPC flow logs, CloudTrail management event logs, CloudTrail S3 data event logs, and DNS logs. It correlates information from these sources with threat intelligence feeds to identify issues such as malicious IP addresses, privilege escalation, and use of exposed credentials. A potential security issue detected in your account is represented as a finding. Each finding has a severity level within the range of 0.1 to 8.9, that reflects the potential risk the finding could have in your network. A higher value indicates a higher security risk. For EC2 instances, some of the findings that GuardDuty detects include backdoors, unusual behavior, cryptocurrency related activity, Trojans, unauthorized…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.