Amazon GuardDuty is a security monitoring service which is a continuous monitor. It analyzes and processes the data sources like AWS CloudTrail event logs, VPC Flow, DNS logs Logs for malicious or unauthorized behavior. It monitors for activity such as unusual API calls, potentially compromised EC2 instances or potentially unauthorized deployments that indicate a possible AWS account compromise. This service uses threat intelligence feeds, like lists of malicious IPs and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment.
Perform the following steps to enable AWS GuradDuty: