What is Amazon GuardDuty?

May 13, 2020 / Nirav Shah

When we first read its name, we thought it’ll be like some sort of security guard app that can protect our personal environment on the cloud, but unfortunately we were wrong lol 🙂 (Now don’t start judging us, we were just kidding)

Since the joke is over, in this blog we will let you know:

what is the AWS guard duty,

<ul class=”listing”>
<li>how we can use </li>
<li>what are it’s coolest features </li>
<li>and much more……</li>
</ul>

AWS has launched a new security service called Amazon Guarduty. This service aims to provide threat intelligence for your AWS account and EC2 instances. So that It continuously monitors for malicious or undesired activities like port scan, unauthorized use of your account, and many other potential problems

The Amazon Guarduty collets three logs that is

<ol class=”listing”>
<li>VPC Flow Logs,</li>
<li>DNS logs</li>
<li>CloudTrail events</li>
</ol>

And the coolest thing is you can also add your different AWS accounts so that you can view and manage their GuardDuty Findings on their behalf. The service is as it is made by Machine Learning, which continuously evolves and understands your infrastructure.

How it works

<img src=”https://www.eternalsoftsolutions.com/blog/wp-content/uploads/2020/05/guardduty1.png” class=”img-responsive”>

First GuardDuty determines the issue, it generates a finding. These findings show up in the Amazon GuardDuty Management Console and can be sent to Amazon CloudWatch as an event. This flexibility means that you can easily review findings as well as react to them.

Trust me it’s very easy to set up on console so that i will put the link below so it can be easy for all

Video link

<a href=”https://www.youtube.com/watch?v=OTvMEGEQkvM” target=”_blank” class=”linkcolor”>https://www.youtube.com/watch?v=OMEGE kvM</a>

Using Document

<a href=”https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html” target=”_blank” class=”linkcolor”>https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_settingup.html</a>

Amazon Guard Duty Features

<ol class=”listing”>
<li>Highly available threat detection.</li>
<li>Automate threat response and remediation.</li>
<li>Continuous monitoring across AWS accounts without added cost & complexity.</li>
</ol>

Many more…..

And there are three-way to used AWS Guard duty

<ol class=”listing”>
<li>Using AWS console.</li>
<li>AWS SDK.</li>
<li>GuardDuty HTTPS API.</li>
</ol>

You have to keep in mind that Amazon Guard duty only supports below regions (the list might grow in future):

Asia Pacific: Mumbai, Seoul, Singapore, Sydney and Tokyo
Canada: Central
EU: Frankfurt, Ireland, and London
US East: N. Virginia and Ohio
US West: Oregon and N. California
South America: São Paulo

And now let’s talk about the cost for this service,

Amazon GuardDuty is priced along two dimensions.

<ol class=”listing”>
<li>CloudTrail Event analysis.</li>
<li>VPC Flow Log and DNS Log analysis.</li>
</ol>

But new accounts to Amazon GuardDuty can try the service for 30-days at no cost in each supported region.

<a href=”https://aws.amazon.com/guardduty/pricing/” target=”_blank” class=”linkcolor”>Pricing</a> can be change by region.so just give you example for Mumbai regions,

<img src=”https://www.eternalsoftsolutions.com/blog/wp-content/uploads/2020/05/guardduty2.png” class=”img-responsive”>

<strong>Conclusion,</strong>

AWS GuardDuty can detect and report malicious activities in the AWS account and workload. This is a managed service that identifies and reports undesired activities to the administrator.