GuardDuty
| Owner | |
|---|---|
| Verification | |
| Tags | |
| Last edited time |
Thereat discovery on AWS account for anomaly detection
- Cloud trail logs (management events + S3 data events)
- VPC flow logs
- DNS logs for EC2
- Kubernetes audit logs for EKS
💡
Good for Crypto attacks detection
In Organizations: one account can be delegated account to be an admin of guard duty