What is AWS GuardDuty?

GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. It uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. GuardDuty analyzes data from AWS CloudTrail, VPC Flow Logs, and DNS logs. It helps protect AWS accounts, workloads, and data by detecting unauthorized behavior, compromised instances, and reconnaissance by attackers.