GuardDuty Announcements

CredentialAccess:IAMUser/CompromisedCredentials

Amazon GuardDuty now delivers findings for compromised IAM credentials. When abnormal credential activity is detected, you will receive notification through GuardDuty's standard channels.

UnauthorizedAccess:IAMUser/ResourceCredentialExfiltration.OutsideAWS

This finding informs you that a host outside of AWS has attempted to run AWS API operations using temporary AWS credentials that were created on a Lambda resource in your AWS environment.

Amazon GuardDuty now supports wildcard characters (* and ?) in finding suppression rules. Wildcards are supported through new Matches and NotMatches o

Amazon GuardDuty now supports wildcard characters (* and ?) in finding suppression rules. Wildcards are supported through new Matches and NotMatches operators, giving you more flexibility in managing security findings. The findings that match this criteria are automatically archived. Suppressed findings are also excluded from Extended Threat Detection sequencing, further helping you customize your security alerts.

GuardDuty introduces two new critical-severity findings: AttackSequence:EC2/CompromisedInstanceGroup and AttackSequence:ECS/CompromisedCluster. These

GuardDuty introduces two new critical-severity findings: AttackSequence:EC2/CompromisedInstanceGroup and AttackSequence:ECS/CompromisedCluster. These findings provide attack sequence information, allowing you to spend less time on initial analysis and more time responding to critical threats, minimizing business impact. For example, GuardDuty can identify suspicious processes followed by persistence attempts, crypto-mining activities, and reverse shell creation, representing these related events as a single, critical-severity finding. To improve attack sequence coverage and threat analysis of Amazon EC2 instances, enable Runtime Monitoring for EC2. To enable detection of compromised ECS clusters, enable Runtime Monitoring for Fargate or EC2 depending on your infrastructure.

DefenseEvasion:IAMUser/BedrockLoggingDisabled

Amazon GuardDuty has added a new finding type that notifies you when logging for Amazon Bedrock model invocations is disabled. This finding helps detect attempts to evade detection by disabling audit logs that track AI workload activity.

Amazon GuardDuty announces Malware Protection for AWS Backup. This fully managed feature simplifies malware scanning of your backups where it automati

Amazon GuardDuty announces Malware Protection for AWS Backup. This fully managed feature simplifies malware scanning of your backups where it automatically scans new backups upon creation, lets you run on-demand scans of existing backups, and allows you to verify integrity of backups before restoration. Using this feature, you can now perform full and incremental malware scans on your EBS Snapshots, EC2 AMIs, and Backup Recovery Points by using the StartMalwareScan API. The feature publishes scan results to Amazon EventBridge. You can use this feature without enabling the foundational GuardDuty in your account.

Amazon GuardDuty announces Scan on Demand for Malware Protection for S3. Using this feature you can use the new SendObjectMalwareScan API to trigger s

Amazon GuardDuty announces Scan on Demand for Malware Protection for S3. Using this feature you can use the new SendObjectMalwareScan API to trigger scans on any already existing objects stored in your S3 buckets.

Amazon GuardDuty Malware Protection for S3 enhances archive processing to support up to 10,000 files per archive (up from 1,000 files).

Customers can now use their own trusted and threat domain lists to customize how GuardDuty generates and alerts on findings, along with several other

Customers can now use their own trusted and threat domain lists to customize how GuardDuty generates and alerts on findings, along with several other improvements, extending the existing support for trusted and threat IP lists.

Amazon GuardDuty is now available in Asia Pacific (Taipei) Region

Amazon GuardDuty Malware Protection for S3 now supports scanning objects up to 100 GB, increased from 5 GB. This includes both individual objects and

Amazon GuardDuty Malware Protection for S3 now supports scanning objects up to 100 GB, increased from 5 GB. This includes both individual objects and extracted archive files.

GuardDuty Extended Threat Detection connects individual findings and signals into an attack sequence, a critical severity finding. This capability now

GuardDuty Extended Threat Detection connects individual findings and signals into an attack sequence, a critical severity finding. This capability now includes coverage for multi-stage attacks targeting Amazon EKS clusters in your AWS environment. GuardDuty correlates multiple security signals across Amazon EKS audit logs, runtime behavior of processes, and AWS API activity to detect sophisticated attack patterns. Enable EKS Protection, Runtime Monitoring (EKS), or both to maximize your detection coverage. Feature availability varies in AWS GovCloud (US) and AWS China Regions.

Amazon GuardDuty Malware Protection has added limited support for scanning instances with marketplace product codes in AWS Commercial Regions. This ap

Amazon GuardDuty Malware Protection has added limited support for scanning instances with marketplace product codes in AWS Commercial Regions. This applies to both GuardDuty-initiated and on-demand malware scans.

Now available: (1) New GuardDuty agent versions featuring security updates for Amazon EKS, Amazon EC2, and Amazon ECS Fargate; (2) Enhanced visibility

Now available: (1) New GuardDuty agent versions featuring security updates for Amazon EKS, Amazon EC2, and Amazon ECS Fargate; (2) Enhanced visibility into underlying runtime coverage issues. For assessing coverage across computes and troubleshooting steps, check https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring-assessing-coverage.html in the Amazon GuardDuty User Guide.

Amazon GuardDuty is now available in AWS Mexico (Central) Region

Amazon GuardDuty is now available in AWS Asia Pacific (Thailand) Region

Amazon GuardDuty is now available in AWS Asia Pacific (Malaysia) Region

Now available: Amazon GuardDuty Extended Threat Detection automatically detects multi-stage attacks sequences. An attack sequence is a critical severi

Now available: Amazon GuardDuty Extended Threat Detection automatically detects multi-stage attacks sequences. An attack sequence is a critical severity finding that identifies a sophisticated attack across time and AWS resources. Extended Threat Detection connects individual findings and signals into a cohesive attack narrative. An attack sequence involves multiple steps, such as gaining initial access, escalating privileges, moving laterally, and exfiltrating data. Additionally, enable GuardDuty S3 Protection to further enhance the security value of the attack sequences.

Amazon GuardDuty Malware Protection for EC2 has added three Runtime Monitoring finding types that invoke automatic (GuardDuty-initiated) malware scans

Amazon GuardDuty Malware Protection for EC2 has added three Runtime Monitoring finding types that invoke automatic (GuardDuty-initiated) malware scans - Execution:Runtime/MaliciousFileExecuted, Execution:Runtime/SuspiciousShellCreated, and PrivilegeEscalation:Runtime/ElevationToRoot. AWS accounts that have the Malware Protection for EC2 feature enabled may observe malware scans being initiated when these findings are generated.

Amazon GuardDuty expands its generally available RDS Protection feature to now also support monitoring login activity from Amazon Aurora PostgreSQL Li

Amazon GuardDuty expands its generally available RDS Protection feature to now also support monitoring login activity from Amazon Aurora PostgreSQL Limitless Databases. As a part of this expansion, GuardDuty will automatically begin monitoring login data from Aurora PostgreSQL Limitless Databases for accounts that currently have RDS Protection enabled. For accounts that have not yet enabled RDS Protection, enable the feature with a single step in the GuardDuty console. This will begin continuous monitoring of existing and new databases in your account.

GuardDuty Malware Protection for S3 launches zero-click role creation when enabling protection on a bucket. GuardDuty now allows you to use a pre-exis

GuardDuty Malware Protection for S3 launches zero-click role creation when enabling protection on a bucket. GuardDuty now allows you to use a pre-existing role or can automatically create a new role with permissions scoped down to perform actions on that specific bucket.

AWS PrivateLink now available with GuardDuty. You can now establish a private connection between your VPC and Amazon GuardDuty.

Amazon GuardDuty adds new functionality to the GetFindingsStatistics API. Customers can now query aggregate finding counts broken down by: account, da

Amazon GuardDuty adds new functionality to the GetFindingsStatistics API. Customers can now query aggregate finding counts broken down by: account, daily counts, finding type, finding severity and affected resources. Link: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_GetFindingsStatistics.html

Amazon GuardDuty Malware Protection for S3 has increased the quota for the number of Amazon S3 buckets that you can protect, from 10 to 25 buckets per

Amazon GuardDuty Malware Protection for S3 has increased the quota for the number of Amazon S3 buckets that you can protect, from 10 to 25 buckets per AWS account in each AWS Region.

Pay increased threat awareness regarding DNS-related findings

Amazon GuardDuty observed a trend where threat actors are setting up malicious domains to compromise organizations working on software patching related to CrowdStrike's recent sensor issue. Currently, GuardDuty is observing an uptick in Command and Control (C&C) Activity findings that correspond with domains identified in CrowdStrike CSA-240832. As a proactive measure, we strongly advise all customers to increase vigilance regarding DNS-related findings. Recommended steps include: 1. Monitor DNS-related findings: Pay close attention to alerts such as Backdoor:EC2/ C&CActivity.B!DNS findings and Backdoor:Runtime/C&CActivity.B!DNS (if using GuardDuty's runtime protection for EKS, ECS Fargate, and EC2). They indicate potential communication with suspicious and malicious command and control (C&C) activities, which could be part of or evolve into a broader attacks targeting your workloads. 2. Validate and evaluate findings: Get started with the GuardDuty console, API, or other preferred method to review findings promptly. Start with a finding's severity label, which would be marked as “High” for more important ones. GuardDuty continually updates its threat intelligence from CrowdStrike and other AWS internal and external sources, which helps ensure a current list of suspicious and malicious domains. 3 Take action on suspicious activity: If the flagged activity is unexpected, your instance may be compromised. Consider quickly taking action on affected resources, conducting a thorough investigation, and remediating any identified threats. For more information, see remediating a potentially compromised Amazon EC2 instance. Maintaining heightened awareness and promptly responding to GuardDuty findings can help you reduce the risk of malicious actors compromising your environments. For further assistance, refer to the AWS GuardDuty documentation or contact AWS Support.

Now available: Extending operating systems support to Ubuntu and Debian OS for Amazon GuardDuty for EC2 runtime monitoring. Get visibility into operat

Now available: Extending operating systems support to Ubuntu and Debian OS for Amazon GuardDuty for EC2 runtime monitoring. Get visibility into operating system-level, network and file activities and container-level context of the identified threats.

Amazon GuardDuty announces Malware Protection for S3 that automatically scans newly uploaded objects to your selected Amazon S3 buckets for potential

Amazon GuardDuty announces Malware Protection for S3 that automatically scans newly uploaded objects to your selected Amazon S3 buckets for potential malware, viruses, and other suspicious uploads. The feature provides an option to add tags to your scanned objects and publishes the S3 object scan result to Amazon EventBridge. You can further build downstream workflows, such as isolation to a quarantine bucket, or define bucket policies using tags that prevent users or applications from accessing certain objects. You can use this feature without enabling the GuardDuty service in your account.

Amazon GuardDuty expands its generally-available RDS Protection feature to now also support RDS for PostgreSQL login activity monitoring, in addition

Amazon GuardDuty expands its generally-available RDS Protection feature to now also support RDS for PostgreSQL login activity monitoring, in addition to already monitoring Amazon Aurora databases. As part of this expansion, GuardDuty will automatically begin monitoring login data from RDS for PostgreSQL databases for accounts that are currently enabled with GuardDuty RDS Protection monitors. For new accounts that are not enabled with GuardDuty RDS Protection yet, customers can enable the feature with a single step in the GuardDuty console that will begin continuous monitoring for existing and new Amazon Aurora and RDS for PostgreSQL database workloads.

GuardDuty Malware Protection has increased the EBS volume size limit for malware scanning from 1 TB to 2TB. This applies to both GuardDuty-initiated a

GuardDuty Malware Protection has increased the EBS volume size limit for malware scanning from 1 TB to 2TB. This applies to both GuardDuty-initiated and on-demand malware scans.

GuardDuty Runtime Monitoring for ECS workloads deployed on Fargate now also supports batch tasks.

Execution:Runtime/MaliciousFileExecuted

This finding informs you that a known malicious executable has been executed on Amazon EC2 instance or a container within your AWS environment. This is a strong indicator that the instance or container has been potentially compromised and that malware has been executed.

Now available: Detect potential runtime security threats to your EC2 workloads with Amazon GuardDuty. Get visibility into operating system-level, netw

Now available: Detect potential runtime security threats to your EC2 workloads with Amazon GuardDuty. Get visibility into operating system-level, network, file activities and container-level context of the identified threats. Try it for 30 days at no cost.

Starting with the GuardDuty Runtime Monitoring EKS addon v1.5.0, you can set custom values for the following configurable parameters: CPU and memory s

Starting with the GuardDuty Runtime Monitoring EKS addon v1.5.0, you can set custom values for the following configurable parameters: CPU and memory settings, PriorityClass and dnsPolicy during creation or update of the addon. The custom values of the configurable parameters will be honored during addon update to future releases. With this update, you can ensure the agent performance impact, as well as its scheduling priority and DNS policy, conforms with your organizational guidance. For more information, refer to the documentation.

Amazon GuardDuty is now available in AWS Canada West (Calgary) Region

Amazon GuardDuty Runtime Monitoring, which detects potential runtime-based threats, now protects workloads running in shared virtual private cloud (VP

Amazon GuardDuty Runtime Monitoring, which detects potential runtime-based threats, now protects workloads running in shared virtual private cloud (VPCs) across all supported compute services. With this launch, customers who are already opted into automated agent management in GuardDuty will benefit from a renewed 30-day trial of GuardDuty Runtime Monitoring where we will automatically start monitoring the resources (clusters) deployed in shared VPC setup. Customers also have the option to manually manage the agent and provision the VPC endpoint in their shared VPC environment.

Amazon GuardDuty extends Malware Protection for EC2 instance and container workloads by now also supporting malware scan of EBS volumes encrypted with

Amazon GuardDuty extends Malware Protection for EC2 instance and container workloads by now also supporting malware scan of EBS volumes encrypted with an AWS managed key. Scans can be initiated by GuardDuty, or by the user through the GuardDuty console, or programmatically via the API, without the need to deploy security software and with no impact to running workloads.

Amazon GuardDuty Runtime Monitoring is now generally available for Amazon Elastic Containers Service (Amazon ECS), including AWS Fargate, and in previ

Amazon GuardDuty Runtime Monitoring is now generally available for Amazon Elastic Containers Service (Amazon ECS), including AWS Fargate, and in preview for other Amazon Elastic Compute Cloud (Amazon EC2) instances. Runtime Monitoring uses an agent that is deployed as a sidecar container on Fargate and a service on the EC2 instance. Runtime Monitoring supports only automated deployment on ECS Fargate and manual deployment on EC2 instance. You can also deploy the agent on EC2 instance automatically by using RPM via AWS Systems Manager (SSM). The agent collects security telemetry from your workloads on ECS Fargate and EC2 to identify suspicious activity. GuardDuty customers can enable Runtime Monitoring on the Amazon GuardDuty console Runtime Monitoring page, which includes the optional automated agent configuration for all the Fargate tasks in an account, across an AWS organization, or only for tagged ECS clusters. A 30-day free trial starts for an account when an agent sends the telemetry to GuardDuty for the first time. EKS Runtime Monitoring is now a part of Runtime Monitoring. You can now migrate from using EKS Runtime Monitoring to Runtime Monitoring and your agent configuration will remain the same. Runtime Monitoring includes the same runtime finding types previously released for EKS Runtime Monitoring.

Amazon GuardDuty has incorporated new machine learning techniques to more accurately detect anomalous activities indicative of threats to your Amazon

Amazon GuardDuty has incorporated new machine learning techniques to more accurately detect anomalous activities indicative of threats to your Amazon Elastic Kubernetes Service (Amazon EKS) clusters.

For all DNS_REQUEST findings a new finding field containing the finding's 'domain' truncated to the top level and second level domain is now available

For all DNS_REQUEST findings a new finding field containing the finding's 'domain' truncated to the top level and second level domain is now available. This new field called 'domainWithSuffix' is available for use in finding filters and suppression rules.

Amazon GuardDuty announces a new capability in GuardDuty EKS Runtime Monitoring that allows you to selectively configure the EKS clusters that are to

Amazon GuardDuty announces a new capability in GuardDuty EKS Runtime Monitoring that allows you to selectively configure the EKS clusters that are to be monitored for threat detection.

Amazon GuardDuty now available in AWS Israel (Tel Aviv) Region

Amazon GuardDuty announces a new capability to help customers streamline and simplify how they set up and administer protection plan coverage across a

Amazon GuardDuty announces a new capability to help customers streamline and simplify how they set up and administer protection plan coverage across all member accounts in an organization. Delegated administrators can now enable one or more GuardDuty features for all existing and newly-added members within the same region.

Amazon GuardDuty EKS Runtime Monitoring security agent now supports Amazon EKS workloads that use the Bottlerocket operating system, AWS Graviton proc

Amazon GuardDuty EKS Runtime Monitoring security agent now supports Amazon EKS workloads that use the Bottlerocket operating system, AWS Graviton processors, and AMD64 processors.

Amazon GuardDuty introduces Malware Protection on-demand scanning for Amazon EC2 instances and container workloads. Scans can be initiated using the G

Amazon GuardDuty introduces Malware Protection on-demand scanning for Amazon EC2 instances and container workloads. Scans can be initiated using the GuardDuty console, or programmatically via the API, without the need to deploy security software and with no impact to running workloads. When potential malware is identified, actionable security findings are generated with information such as the threat and file name, the EC2 instance ID, resource tags and, in the case of containers, the container ID and the container image used.

Amazon GuardDuty adds threat detection for AWS Lambda. After you enable Lambda Network Activity Monitoring, GuardDuty starts monitoring network activi

Amazon GuardDuty adds threat detection for AWS Lambda. After you enable Lambda Network Activity Monitoring, GuardDuty starts monitoring network activity, starting with VPC flow logs, for existing and new Lambda functions in your account. Current GuardDuty users can enable Lambda Network Activity Monitoring with a single step in the GuardDuty console for all the accounts in an organization by using AWS Organizations.

Amazon GuardDuty now available in AWS Asia Pacific (Melbourne) Region

Amazon GuardDuty adds threat detection for AWS Lambda. After you enable Lambda Network Activity Monitoring, GuardDuty starts monitoring network activi

Amazon GuardDuty adds threat detection for AWS Lambda. After you enable Lambda Network Activity Monitoring, GuardDuty starts monitoring network activity, starting with VPC flow logs, for existing and new Lambda functions in your account. Current GuardDuty users can enable Lambda Network Activity Monitoring with a single step in the GuardDuty console for all the accounts in an organization by using AWS Organizations.

Amazon GuardDuty now available in AWS Asia Pacific (Melbourne) Region

DefenseEvasion:EC2/UnusualDNSResolver

This findings informs you that the listed EC2 instance in your AWS environment is behaving in a way that deviates from the established baseline. This EC2 instance has no recent history of communications with this public DNS resolver. The unusual field in the finding details can provide information on which DNS resolver was queried.

Starting April 5th, 2023, three new finding types will be added to Amazon GuardDuty. The new finding types will provide detections for the unusual usa

Starting April 5th, 2023, three new finding types will be added to Amazon GuardDuty. The new finding types will provide detections for the unusual usage of external DNS resolvers and encrypted DNS services (DNS-over-HTTPS and DNS-over-TLS). Detection for the use of unusual external DNS resolvers will be available in all GuardDuty supported AWS regions. Findings related to the use of encrypted DNS services will be available in all regions except the AWS Asia Pacific (Seoul), AWS Asia Pacific (Osaka), AWS Asia Pacific (Jakarta), AWS China (Beijing), and AWS China (Ningxia) Regions. Following are the new finding types: 1. DefenseEvasion:EC2/UnusualDNSResolver 2. DefenseEvasion:EC2/UnusualDoHActivity 3. DefenseEvasion:EC2/UnusualDoTActivity. The changes will be completed by April 7th, 2023.

Amazon GuardDuty EKS Runtime Monitoring, previously announced at re:Invent 2022, is now generally available. EKS Runtime Monitoring uses an agent depl

Amazon GuardDuty EKS Runtime Monitoring, previously announced at re:Invent 2022, is now generally available. EKS Runtime Monitoring uses an agent deployed as an Amazon Elastic Kubernetes Service (Amazon EKS) add-on to collect security telemetry from your container workloads on Amazon EKS and identify suspicious activity. GuardDuty customers can enable their 30-day EKS Runtime Monitoring free trial with a few clicks on the Amazon GuardDuty console EKS Protection page, including configuring optional automated management of the GuardDuty agent add-on on all EKS clusters in an account or across an organization. This new feature includes 28 new EKS finding types.

New improvements have been added to Amazon GuardDuty multi-account management. With a single click, an AWS Organization’s Delegated Administrator can

New improvements have been added to Amazon GuardDuty multi-account management. With a single click, an AWS Organization’s Delegated Administrator can now specify that ’all’ member accounts should have GuardDuty activated. Previously this capability was restricted to new members joining the AWS Organization. To get started, go to Settings > Accounts in the GuardDuty console.

Important update on GuardDuty RDS Protection preview conclusion and general availability launch: On Thursday, March 16 (US Pacific Time), GuardDuty RD

Important update on GuardDuty RDS Protection preview conclusion and general availability launch: On Thursday, March 16 (US Pacific Time), GuardDuty RDS Protection will transition from preview to general availability. If you are participating in the preview, your account(s) will no longer be enabled for GuardDuty RDS Protection when we conclude the transition to general availability. If you wish to continue using GuardDuty RDS Protection, please send an email to amazon-guardduty-rds-protection-preview@amazon.com by 9:00AM, Thursday, March 16, 2023 (US Pacific Time) with the AWS account ID of the account(s) where you want to continue using this feature. When the preview concludes, these account(s) will automatically transition to a 30-day GuardDuty RDS Protection free trial period, followed by an automatic transition to paid usage. Alternatively, you can visit the RDS Protection page in the Amazon GuardDuty console to activate the feature after general availability is announced. During the 30-day free trial period, you can view estimated GuardDuty RDS Protection spend for your account(s) in the Usage page of the Amazon GuardDuty console.

Amazon GuardDuty Now Available in AWS Asia Pacific (Hyderabad) Region

Amazon GuardDuty Now Available in AWS Europe (Spain) Region

Amazon GuardDuty Now Available in Europe (Zurich) Region

Discovery:S3/AnomalousBehavior

This finding informs you that an IAM entity has invoked an S3 API to discover S3 buckets in your environment, such as ListBuckets. This type of activity is associated with the discovery stage of an attack wherein an attacker gathers information to determine if your AWS environment is susceptible to a broader attack. This activity is suspicious because the IAM entity invoked the API in an unusual way. For example, an IAM entity with no previous history invokes an S3 API, or an IAM entity invokes an S3 API from an unusual location.

Starting July 5, 2022, five new finding types will be added to Amazon GuardDuty, and one existing finding type will be deprecated. The new finding typ

Starting July 5, 2022, five new finding types will be added to Amazon GuardDuty, and one existing finding type will be deprecated. The new finding types will provide broader, and more accurate security coverage for highly suspicious access to data stored in Amazon S3 buckets. The new finding types will also include new fields that provide enriched contextual information to help triage and investigate the anomalous activity. The changes will be applied in all GuardDuty supported AWS regions except the AWS Asia Pacific (Osaka), AWS Asia Pacific (Jakarta), AWS GovCloud (US-East), AWS GovCloud (US-West), AWS China (Beijing), and AWS China (Ningxia) Regions. Following are the new finding types: 1. Discovery:S3/AnomalousBehavior 2. Exfiltration:S3/AnomalousBehavior 3. Impact:S3/AnomalousBehavior.Write 4. Impact:S3/AnomalousBehavior.Delete 5. Impact:S3/AnomalousBehavior.Permission. Following is the deprecated finding type: Exfiltration:S3/ObjectRead.Unusual. The changes will be completed by July 7th, 2022.

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service(Amazon EKS) cluster activity is now live in AWS Asia Pacific(Jakarta) Region.

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service(Amazon EKS) cluster activity is now live in AWS Asia Pacific(Jakarta) Region. GuardDuty EKS Protection monitors EKS control plane activity by analyzing Kubernetes audit logs from existing and new Amazon EKS clusters in your accounts.

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity is now also available in the Amazon Web Services

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity is now also available in the Amazon Web Services China (Beijing) and Amazon Web Services China (Ningxia) Region. GuardDuty EKS Protection monitors EKS control plane activity by analyzing Kubernetes audit logs from existing and new Amazon EKS clusters in your accounts.

Amazon GuardDuty is now available in AWS Asia Pacific (Jakarta) Region

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity is now live in all supported commercial and GovC

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity is now live in all supported commercial and GovCloud (US) AWS Regions. GuardDuty EKS Protection monitors EKS control plane activity by analyzing Kubernetes audit logs from existing and new Amazon EKS clusters in your accounts.

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity is now live in all supported commercial and GovC

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity is now live in all supported commercial and GovCloud (US) AWS Regions. GuardDuty EKS Protection monitors EKS control plane activity by analyzing Kubernetes audit logs from existing and new Amazon EKS clusters in your accounts.

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity is now live in all supported commercial and GovC

The new Amazon GuardDuty coverage for Amazon Elastic Kubernetes Service (Amazon EKS) cluster activity is now live in all supported commercial and GovCloud (US) AWS Regions. GuardDuty EKS Protection monitors EKS control plane activity by analyzing Kubernetes audit logs from existing and new Amazon EKS clusters in your accounts.