Amazon GuardDuty continuously monitors and identifies threats by analyzing several types of activity in your AWS account and any invited member accounts that you link to. GuardDuty can notify you of a wide variety of threats including unauthorized access, trojans, communication with Tor anonymizing, or cryptocurrency networks.

In this Lab, you will learn how to use Amazon GuardDuty to automatically uncover malicious EC2 activity, and configure threat lists to improve the security of an AWS Lab environment.

Lab Objectives

Upon completion of this Lab, you will be able to:

Enable, disable, and suspend Amazon GuardDuty for AWS accounts
Activate threat lists and trusted IP lists, and understand when to use each
Understand the types of security findings GuardDuty can detect
Prioritize and interpret GuardDuty findings in a live environment

Lab Prerequisites

You should be familiar with:

Core AWS services, particularly EC2, VPC, and S3

Environment before

PREVIEW

Environment after

PREVIEW

About the Author

Logan Rakai

Lead Content Developer - Labs

Students9578

Labs66

Courses6

Learning paths3

Logan has been involved in software development and research for over eleven years, including six years in the cloud. He is an AWS Certified DevOps Engineer - Professional, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, and Certified Kubernetes Administrator (CKA). He earned his Ph.D. studying design automation and enjoys all things tech.

Covered Topics

Security AWS Security for AWS Amazon GuardDuty