learning path

Implementing intelligent threat detection with Amazon GuardDuty

Up to 2h 14m
Enhance your skill setDevelop essential skills for thriving in real-world scenarios.
Stay focused, stay committedBoost your learning journey by enrolling: stay focused, consistent and achieve your goals with ease.
Earn a certificate of completionShow your skills and build your credibility when you include them in your resume and LinkedIn profile.

Amazon GuardDuty is an intelligent threat-detection service, which enables you to monitor your AWS accounts for unusual and unexpected behavior. It does this by analyzing AWS CloudTrail Event Logs, VPC Flow Logs, and DNS Logs. It can also optionally analyze Kubernetes audit logs, RDS login activity, S3 logs, EBS volumes, Runtime monitoring, and Lambda network activity logs. It then uses the data from logs and assesses it against multiple security and threat detection feeds, looking for anomalies and known malicious sources, such as IP addresses and URLs.

This course path will introduce you to Amazon GuardDuty and explain how it works and how to configure it, enabling you to use this service within your own AWS accounts to provide automatic and continuous security analysis for safeguarding your entire AWS environment.

You will learn:

  • What GuardDuty is and the benefit it provides
  • The different data sources that feed into Amazon GuardDuty
  • The core components of the service
  • How to configure the service
  • The terminology for using a multi-account strategy with Amazon GuardDuty
  • How to connect multiple AWS accounts to centralize findings 
  • How to ensure you have the correct permissions in place to work with Amazon GuardDuty successfully
  • How to archive and export findings in GuardDuty
  • How to filter findings based on specific criteria
  • How to create suppression rules and saved filters
  • How to remediate findings based on the finding details
  • The benefits of using Amazon GuardDuty
  • The costs and price factors associated with GuardDuty
  • Partners that integrate with Amazon GuardDuty

Intended Audience

  • Security consultants or specialists
  • Security analysts
  • Security auditors
  • Cloud architects
  • Cloud operational support analysts
  • Anyone looking to learn more about security and threat detection in AWS


Familiarity with the following will be beneficial but is not required:

  • An understanding of the fundamentals of AWS
  • An awareness of security measures and mechanisms offered by AWS services, specifically IAM policies and IAM roles
  • AWS Organizations

The following content can be used to fulfill the prerequisites:

Your certificate for this learning path

About the Author

Alana Layton, opens in a new tab
Sr. AWS Content Creator
Learning paths

Alana Layton is an experienced technical trainer, technical content developer, and cloud engineer living out of Seattle, Washington. Her career has included teaching about AWS all over the world, creating AWS content that is fun, and working in consulting. She currently holds six AWS certifications. Outside of Cloud Academy, you can find her testing her knowledge in bar trivia, reading, or training for a marathon.

Covered Topics