GuardDuty

Rocky Warren
Rocky Warren
November 21, 20221 min read
  • Active finding types
  • Only listens for CloudTrail, VPC Flow, and DNS logs
  • Can add trusted IPs from penetration testing servers, etc. and add known bad IPs to threat list
  • Use Accounts tab to forward findings to Master account