Amazon GuardDuty is a fully managed threat detection service. GuardDuty uses both known and unknown threat detection systems to protect one or more AWS accounts from malicious or unauthorized activity. GuardDuty examines your CloudTrail, VPC Flow Logs, and DNS Query logs for threats identified by AWS and trusted partners and produces detailed, actionable findings.
- Use CloudWatch Events and Lambda Collect Logs for Amazon GuardDuty on Sumo Logic
- Feb 5, 2018: Amazon GuardDuty Enhances Multi-Account Functionality
- Nov 28, 2017: Announcing Amazon GuardDuty – Intelligent Threat Detection