Concepts and terminology
You can benefit from learning about Amazon GuardDuty's fundamental concepts as you get started with it.
Account
A typical Amazon Web Services (AWS) account containing your AWS resources. You can enable GuardDuty by logging in to AWS with your account.
You can also invite additional accounts to use GuardDuty and be linked to your AWS account in GuardDuty. If your invitations are accepted, your account becomes the administrator GuardDuty account, and the additional accounts become your member accounts. You may then monitor and control the GuardDuty findings for those accounts.
The administrator account allows users to configure GuardDuty and examine and manage GuardDuty findings for their account and all of their member accounts. GuardDuty allows you to have up to 5000 member accounts.
Members can configure GuardDuty and examine and manage GuardDuty findings in their accounts (either through the GuardDuty management console or GuardDuty API). Users of member accounts cannot examine or manage findings in the accounts of other members.
An AWS account cannot be both a GuardDuty administrator and a member account. AWS accounts can only accept one membership invitation. It is not required to accept a membership invitation.
Data source
The source or origin of a set of data. GuardDuty collects and interprets data from AWS CloudTrail event logs, VPC Flow Logs, and DNS logs to detect unwanted and unexpected activities in your AWS environment.
How Amazon GuardDuty uses its data sources
GuardDuty analyses and processes data from the sources described in this topic to detect unauthorized and unexpected activity in your AWS environment. These data sources are used by GuardDuty to detect anomalies involving the following AWS resource types: EC2 instances, IAM access keys, Amazon EKS resources, and S3 buckets. All log data is encrypted in transit from these data sources to GuardDuty. GuardDuty pulls different fields from these logs for profiling and anomaly detection before discarding the records.
AWS CloudTrail event logs
AWS CloudTrail provides a history of AWS API calls for your account, including API calls made through the AWS Management Console, AWS SDKs, command-line tools, and specific AWS services. CloudTrail also allows identifying which users and accounts called AWS APIs for CloudTrail-enabled services, the source IP address from which the calls were made, and when the calls occurred.
Refer here to know more about How Amazon GuardDuty uses its data sources.
Managing Amazon GuardDuty findings
GuardDuty includes several valuable features that will assist you in sorting, storing, and managing your findings. These features will assist you in tailoring findings to your specific environment, reducing noise from low-value findings, and focusing on threats to your unique AWS environment.
This concludes our topic of Amazon GuardDuty. Let’s move on to Frequently asked questions.
Frequently Asked Questions
What is Amazon GuardDuty?
It is a continuous security monitoring service that analyses and processes the data sources: AWS CloudTrail management event logs, VPC Flow, LogsCloudTrail S3 data event logs, DNS logs, and EKS audit logs.
What is the console?
The console is a browser-based interface for accessing and interacting with GuardDuty.
What is used to detect unauthorized and unexpected activity in your AWS environment?
GuardDuty analyses and processes data from the sources to detect unauthorized and unexpected activity in your AWS environment.
What is AWS SDKs?
AWS offers software development kits (SDKs), which include libraries and sample code for various programming languages and platforms.
What is AWS PrivateLink?
AWS PrivateLink allows you to connect to some AWS services, services hosted by other AWS accounts (known as endpoint services), and supported AWS Marketplace partner services using private IP addresses in your VPC.
Conclusion
This article extensively discussed Amazon GuardDuty. We learned the concept and terminologies of Amazon GuardDuty. We learned about accessing GuardDuty and how Amazon GuardDuty uses its data sources.
After reading about the Amazon GuardDuty, are you not feeling excited to read/explore more articles on AWS? Don't worry; Coding Ninjas has you covered. To learn, see AWS Module, AWS Features, Managing Devices with AWS IoT, AWS Amplify, and AWS Cost & Usage Report.
Refer to our Guided Path on Coding Ninjas Studio to upskill yourself in Data Structures and Algorithms, Competitive Programming, JavaScript, System Design, and many more! If you want to test your competency in coding, you may check out the mock test series and participate in the contests hosted on Coding Ninjas Studio! But if you have just started your learning process and are looking for questions asked by tech giants like Amazon, Microsoft, Uber, etc; you must look at the problems, interview experiences, and interview bundle for placement preparations.
Nevertheless, you may consider our paid courses to give your career an edge over others!
Do upvote our blogs if you find them helpful and engaging!
Happy Learning!
84+ registered