AWS GuardDuty
Intelligent threat detection through continuous monitoring and machine learning.
The Data Ingredients
GuardDuty consumes massive streams of metadata to identify patterns.
VPC Flow Logs
Analyzes network traffic patterns entering and leaving your virtual private cloud.
AWS CloudTrail
Monitors API activity and management events to detect unauthorized account access.
DNS Query Logs
Identifies instances communicating with known malicious domains or C&C servers.
S3 Data Events
Detects suspicious access patterns or unusual data volume transfers in S3 buckets.
The Detection Engine
How raw data transforms into actionable security intelligence.
Behavioral Analysis
Uses ML to establish a “normal” baseline for your account and flags deviations.
Threat Intelligence
Integrates AWS and 3rd-party feeds to identify known malicious IP addresses.
Automated Response
Pairs with EventBridge and Lambda for near-real-time threat remediation.