Ensure GuardDuty is Enabled


Amazon GuardDuty is a security monitoring service which is a continuous monitor. It analyzes and processes the data sources like AWS CloudTrail event logs, VPC Flow,  DNS logs Logs for malicious or unauthorized behavior. It monitors for activity such as unusual API calls, potentially compromised EC2 instances or potentially unauthorized deployments that indicate a possible AWS account compromise. This service uses threat intelligence feeds, like lists of malicious IPs and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment.


Perform the following steps to enable AWS GuradDuty:

  1. Sign in to the AWS Management Console.
  2. Navigate to AWS GuardDuty home page at
  3. Click the Get started button to initiate the setup process.
  4. On the Enable GuardDuty page, within Service permissions section, click View service role permissions to view the access policy with the permissions that GuardDuty service requires to generate findings for your AWS environment, then click Enable GuardDuty to activate the service. Once the service is enabled, it should immediately start to pull and analyze independent streams of data from AWS CloudTrail, VPC flow logs, and DNS logs in order to generate findings.







We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!