GuardDutyNovember 21, 2022 Active finding types Only listens for CloudTrail, VPC Flow, and DNS logs Can add trusted IPs from penetration testing servers, etc. and add known bad IPs to threat list Use Accounts tab to forward findings to Master account
