Guardduty

Basics

• Continuous security monitoring service
• IT is integrated with supported security data sources which include DNS Logs, VPC Flow Logs, CloudTrail Even Logs, CloudTrail Management Events & CloudTrail Data Events
• Uses AI/ML and threat intelligence feeds to identify unexpected or unauthorized activity
• The user can whitelist findings as acceptable
• Multiple accounts are supported as Master & Member accounts
• The account in which GuarDuty is enabled becomes Master account