![]() Instance compromise: Activity indicating an instance compromise, such as cryptocurrency mining, malware using domain generation algorithms (DGAs), outbound denial of service activity, an unusually high volume of network traffic, unusual network protocols, outbound instance communication with a known malicious IP, temporary EC2 credentials used by an external IP address, and data exfiltration using DNS.Reconnaissance: Activity suggesting reconnaissance by an attacker, such as unusual API activity, intra-VPC port scanning, unusual patterns of failed login requests, or unblocked port probing from a known bad IP. ![]() The primary detection categories include the following: The detection algorithms are maintained and continually improved upon by GuardDuty Engineers. GuardDuty gives you access to built-in detection techniques developed and optimized for the cloud.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |