Document history for Amazon GuardDuty
The following table describes important changes to the documentation since the last release of the Amazon GuardDuty User Guide. For notification about updates to this documentation, you can subscribe to an RSS feed.
| Change | Description | Date |
|---|---|---|
Support for IPAddressv6 | GuardDuty has added IPAddressv6 support for both local and remote IP details. You can use the associated Filter attributes to filter GuardDuty findings or create suppression rules. | April 18, 2024 |
Updated console experience to configure exporting findings | GuardDuty has updated the console experience to export the findings generated in your Amazon Web Services accounts, to an Amazon S3 bucket. For more information, see Exporting GuardDuty findings. | April 1, 2024 |
Updated functionality in Runtime Monitoring | Runtime Monitoring released a new security agent version 1.1.0 for the Amazon EC2 resource. This version supports GuardDuty automated agent configuration in Runtime Monitoring for Amazon EC2 instances. For information about release notes, see GuardDuty security agent for Amazon EC2 instance. | March 28, 2024 |
General availability of Runtime Monitoring for Amazon EC2 instances | GuardDuty announces general availability(GA) of Runtime Monitoring for Amazon EC2 instances. Now, you have an option to enable automated agent configuration that permits GuardDuty to install and manage the security agent for your Amazon EC2 instances on your behalf. With GuardDuty automated agent, you can also use inclusion or exclusion tags to inform GuardDuty to install and manage the security agent on selected Amazon EC2 instances only. For more information, see How Runtime Monitoring works with Amazon EC2 instances. List of new finding types released along with this GA | March 28, 2024 |
Use Amazon Systems Manager actions to manage SSM associations on Amazon EC2 instances when you enable
GuardDuty Runtime Monitoring with automated agent for Amazon EC2. When GuardDuty automated agent configuration is
disabled, GuardDuty considers only those EC2 instances that have an inclusion tag
(
| March 26, 2024 | |
Updated functionality in Runtime Monitoring | With the latest GuardDuty security agent (add-on) v1.5.0 release for Amazon EKS, Runtime Monitoring now
supports configuring specific parameters of your GuardDuty security agent, such as CPU and
memory settings, | March 7, 2024 |
Updated functionality in Runtime Monitoring | Runtime Monitoring released a new agent version 1.5.0 for Amazon EKS resources. For information about release notes, see EKS add-on agent release history. | March 7, 2024 |
Support for Canada West (Calgary) | Amazon GuardDuty is now available in the Canada West (Calgary) Region. Some of the protection plans within GuardDuty might not be available in this Region. For the latest information, see Regions and endpoints. | March 6, 2024 |
Updated functionality in Runtime Monitoring | The GuardDuty security agent versions 1.0.0 and 1.1.0 for Amazon EKS clusters will no longer be supported starting May 14, 2024. For information about what steps you can take before the end of standard support, see GuardDuty security agent for Amazon EKS clusters. | February 16, 2024 |
Updated functionality in Runtime Monitoring | Runtime Monitoring supports the latest Kubernetes version 1.29 with the existing security agent version 1.4.1. The support has been available since the launch of this Kubernetes version. For information about supported Kubernetes versions, see Kubernetes versions supported by GuardDuty security agent. | February 16, 2024 |
Updated functionality in Runtime Monitoring - Regional availability | GuardDuty Runtime Monitoring now supports shared Amazon VPC within the same Amazon Organizations. GuardDuty service-linked role (SLR) has a new
permission – | February 12, 2024 |
Updated functionality in Runtime Monitoring - Regional availability | GuardDuty Runtime Monitoring now supports shared Amazon VPC within the same Amazon Organizations. GuardDuty service-linked role (SLR) has a new
permission – | February 9, 2024 |
Updated functionality with support for new Amazon Web Services Regions – Malware Protection | Malware Protection now supports scanning the EBS volumes encrypted with Amazon managed keys in the US West (Oregon) Region. | February 6, 2024 |
Updated functionality with support for new Amazon Web Services Regions – Malware Protection | Malware Protection now supports scanning the EBS volumes encrypted with Amazon managed keys in the following Amazon Web Services Regions:
| February 5, 2024 |
Updated functionality in Runtime Monitoring | GuardDuty Runtime Monitoring has released a new GuardDuty security agent version (v1.0.2) for Amazon EC2 instances. This agent version includes support for the latest Amazon ECS AMIs. For more information about agent release history, see GuardDuty security agent for Amazon EC2 instances. | February 2, 2024 |
Updated functionality with support for new Amazon Web Services Regions – Malware Protection | Malware Protection now supports scanning the Amazon EBS volumes encrypted with Amazon managed keys in the following Amazon Web Services Regions:
| January 31, 2024 |
Updated Managing accounts with Amazon Organizations | Reorganized the content under Managing accounts with Amazon Organizations., added steps to change the delegated GuardDuty administrator account, and updated Understanding the relationship between GuardDuty administrator account and member accounts. | January 30, 2024 |
Updated functionality with support for new Amazon Web Services Regions | Malware Protection now supports scanning the EBS volumes encrypted with Amazon managed keys in the following Amazon Web Services Regions:
| January 29, 2024 |
Updated functionality in Malware Protection | Malware Protection now supports scanning the EBS volumes encrypted using Amazon managed keys.
Malware Protection service-linked
role (SLR) has two new permissions – | January 25, 2024 |
Updated functionality in Runtime Monitoring | GuardDuty Runtime Monitoring has released a new GuardDuty security agent version (v1.0.1) with general performance tuning and enhancements. For more information about agent release history, see GuardDuty security agent for Amazon EC2 instances. | January 23, 2024 |
Updated functionality in Runtime Monitoring | Runtime Monitoring released a new agent version 1.4.1 for Amazon EKS resources. For more information, see EKS add-on agent release history. | January 16, 2024 |
Runtime Monitoring released new agent v1.4.0 for Amazon EKS resources | Runtime Monitoring released a new agent version 1.4.0 for Amazon EKS resources. For more information, see EKS add-on agent release history. | December 21, 2023 |
Added S3 and Amazon CloudTrail machine learning (ML)-based findings types to the Europe (Zurich) , Europe (Spain), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), and Israel (Tel Aviv) | The following S3 and CloudTrail findings that identify the anomalous behavior using the GuardDuty's anomaly detection machine learning (ML) model are now available in the Europe (Zurich) , Europe (Spain), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), and Israel (Tel Aviv) Regions: | December 21, 2023 |
GuardDuty supports 50,000 member accounts through Amazon Organizations | A delegated GuardDuty administrator can now manage a maximum of 50,000 member accounts through Amazon Organizations. This also includes a maximum of 5000 member accounts that associated with the GuardDuty administrator account by invitation. | December 20, 2023 |
GuardDuty Runtime Monitoring support expanded to 19 Amazon Web Services Regions | Runtime Monitoring is now available in Asia Pacific (Jakarta), Europe (Paris), Asia Pacific (Osaka), Asia Pacific (Seoul), Middle East (Bahrain), Europe (Spain), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), US West (N. California), Europe (London), Asia Pacific (Hong Kong), Europe (Milan), Middle East (UAE), South America (São Paulo), Asia Pacific (Mumbai), Canada (Central), Africa (Cape Town), Europe (Zurich). | December 6, 2023 |
In addition to detecting threats to your Amazon EKS clusters, GuardDuty announces general availability of Runtime Monitoring to detect threats to your Amazon ECS workloads and a preview release to detect threats to your Amazon EC2 instances. For more information about which Amazon Web Services Regions presently support Runtime Monitoring, see Regions and endpoints. | November 26, 2023 | |
GuardDuty has added new permissions to use Amazon ECS actions to manage and retrieve
information about the Amazon ECS clusters, and manage the Amazon ECS account setting with
| November 26, 2023 | |
GuardDuty added a new permission, | November 16, 2023 | |
EKS Runtime Monitoring released a new agent version 1.3.1 that includes important security patches and updates. | October 23, 2023 | |
GuardDuty has added a new criteria to filter the generated findings. DNS request domain suffix provides the second- and top-level domain involved in the activity that prompted GuardDuty to generate the finding. | October 17, 2023 | |
EKS Runtime Monitoring released new agent v1.3.0 that supports Kubernetes version 1.28 | EKS Runtime Monitoring released a new agent version 1.3.0 that supports Kubernetes version 1.28. Added support for Ubuntu. For more information, see EKS add-on agent release history. | October 5, 2023 |
The following S3 and CloudTrail findings that identify the anomalous behavior using the GuardDuty's anomaly detection machine learning (ML) model are now available in the Asia Pacific (Jakarta) and Middle East (UAE) Regions: | September 20, 2023 | |
GuardDuty EKS Runtime Monitoring introduces managing GuardDuty security agent at the cluster level | EKS Runtime Monitoring adds support to manage the GuardDuty security agent for individual EKS clusters to monitor the runtime events from only these selective clusters. EKS Runtime Monitoring extends this capability with the support of tags. | September 13, 2023 |
GuardDuty Malware Protection extends support to more Amazon Web Services Regions | Malware Protection is now available in Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Zurich), and Europe (Spain). | September 11, 2023 |
Added Israel (Tel Aviv) Region to the list of Amazon Web Services Regions where GuardDuty is now available. The following protection plans are also available in the Israel (Tel Aviv) Region:
For more information about protection plan availability in the Israel (Tel Aviv) Region, see Regions and endpoints. | August 24, 2023 | |
GuardDuty added auto-enable configuration for your organization at protection plan level | Update organization configuration for the protection plans in your Region. Possible configuration options are either enable for all accounts, auto-enable for new accounts, or do not auto-enable for any account in your organization. | August 16, 2023 |
The following findings types are now available in the Asia Pacific (Osaka) Region: | August 10, 2023 | |
EKS Runtime Monitoring is now available in Asia Pacific (Melbourne) | EKS Runtime Monitoring within GuardDuty EKS Protection provides runtime threat detection for your Amazon EKS clusters in Amazon environment. It is now supported in the Asia Pacific (Melbourne) Region. | August 8, 2023 |
Updated the list of GuardDuty findings that invoke GuardDuty-initiated malware scan | Certain EKS Runtime Monitoring finding types can now invoke GuardDuty-initiated malware scan in your Amazon Web Services account. | July 19, 2023 |
GuardDuty supports 10,000 member accounts through Amazon Organizations | A GuardDuty administrator account can now manage a maximum of 10,000 member accounts through Amazon Organizations. This also includes a maximum of 5000 member accounts that associated with the GuardDuty administrator account by invitation. | June 29, 2023 |
EKS Runtime Monitoring supports three new finding types that are based on the process injection technique. The new finding types are DefenseEvasion:Runtime/ProcessInjection.Proc, DefenseEvasion:Runtime/ProcessInjection.Ptrace, and DefenseEvasion:Runtime/ProcessInjection.VirtualMemoryWrite. | June 22, 2023 | |
EKS Runtime Monitoring released new agent v1.2.0 that supports Kubernetes version 1.27 | EKS Runtime Monitoring released a new agent version 1.2.0 that also supports ARM64-based instances. Added support for Bottlerocket. For more information, see EKS add-on agent release history. | June 16, 2023 |
GuardDuty console provides a summarized view of your findings. | The summary dashboard in the GuardDuty console provides an aggregated view of the GuardDuty findings. Presently, the dashboard displays data through various widgets for the last 10,000 findings generated for your account (or member accounts if you're a GuardDuty administrator account) for the current Region. | June 12, 2023 |
Enable EKS Audit Log Monitoring (in EKS Protection) for your accounts to monitor Kubernetes audit logs from your Amazon EKS clusters and analyze them for potentially malicious and suspicious activity. | June 1, 2023 | |
EKS Audit Log Monitoring is now available in Middle East (UAE) | EKS Audit Log Monitoring is now available in Middle East (UAE). Enable EKS Audit Log Monitoring for your accounts to monitor Kubernetes audit logs from your Amazon EKS clusters and analyze them for potentially malicious and suspicious activity. | May 3, 2023 |
GuardDuty Malware Protection announces On-demand malware scan | Malware Protection helps you detect the potential presence of malware in the Amazon EBS volumes attached to your Amazon EC2 instances and container workloads. It now offers two types of scans – GuardDuty initiated and on-demand. GuardDuty-initiated malware scan initiates an agentless scan in the Amazon EBS volumes automatically only when GuardDuty generates one of the Findings that invoke GuardDuty-initiated malware scan. You can initiate an On-demand malware scan for Amazon EC2 instances in your account by providing the Amazon Resource Name (ARN) associated to that Amazon EC2 instance. For more information about how both the scan types differ, see Malware Protection. | April 27, 2023 |
Lambda Protection helps you identify potential security threats in your Amazon Lambda functions. | April 20, 2023 | |
GuardDuty is now available in the Asia Pacific (Melbourne) Region | Added Asia Pacific (Melbourne) to the list of Amazon Web Services Regions where GuardDuty is available. For information about which features are available in this Region, see Regions and endpoints. | April 19, 2023 |
GuardDuty introduces new finding types to detect the use of external DNS resolvers and encrypted DNS technologies. For information about Amazon Web Services Regions where these finding types are supported, see Regions and endpoints. | April 5, 2023 | |
GuardDuty announces EKS Runtime Monitoring in EKS Protection | EKS Runtime Monitoring within EKS Protection provides runtime threat detection for your Amazon EKS clusters
in Amazon environment. It uses an Amazon EKS add-on agent ( | March 30, 2023 |
GuardDuty adds a new functionality –
| Amazon GuardDuty adds a new organization configuration option that helps GuardDuty administrator accounts audit
and enforce (if required) that GuardDuty is enabled for | March 23, 2023 |
The RDS Protection feature in Amazon GuardDuty is now generally available | GuardDuty RDS Protection monitors and profiles RDS login activity to identify suspicious login behavior on your Amazon Aurora database instances. For information about which Amazon Web Services Regions support RDS Protection, see Regions and endpoints. | March 16, 2023 |
Historically, the GuardDuty API allowed configuration of both features and data sources, but now, all new GuardDuty protection types will be configured as features and not as data sources. GuardDuty still supports the data sources via API but will not add a new API. Features activation affects the behavior of the APIs used to enable GuardDuty or a protection type within GuardDuty. If you manage your GuardDuty accounts through API, SDK, or CFN template, see GuardDuty API changes in March 2023. | March 16, 2023 | |
GuardDuty Malware Protection is now available in Middle East (UAE) Region | The Malware Protection feature in GuardDuty is supported in the Middle East (UAE) Region. For more information, see Regions and endpoints. | March 13, 2023 |
GuardDuty added the following new permissions to support the upcoming GuardDuty EKS Runtime Monitoring feature.
| March 8, 2023 | |
The GuardDuty SLR has been updated to allow creation of Malware Protection SLR after Malware Protection has been enabled. | February 21, 2023 | |
To communicate with Amazon resources, GuardDuty requires and supports TLS v1.2 or later. For more information, see Data protection and Infrastructure security. | February 14, 2023 | |
GuardDuty is now available in Asia Pacific (Hyderabad) Region | Added Asia Pacific (Hyderabad) Region to the list of Amazon Web Services Regions where GuardDuty is available. For more information, see Regions and endpoints. | February 14, 2023 |
Amazon GuardDuty User Guide is aligned with IAM best practices | Updated guide to align with the IAM best practices. For more information, see Security best practices in IAM. | February 10, 2023 |
Added Europe (Spain) to the list of Amazon Web Services Regions where GuardDuty is available. For more information, see Regions and endpoints. | February 8, 2023 | |
Added Europe (Zurich) to the list of Amazon Web Services Regions where GuardDuty is available. For more information, see Regions and endpoints. | December 12, 2022 | |
GuardDuty RDS Protection monitors and profiles RDS login activity to identify suspicious login behavior on your Amazon Aurora database instances. Presently, it is available for a preview release in five Amazon Web Services Regions. For more information, see Regions and endpoints. | November 30, 2022 | |
Added Middle East (UAE) to the list of Amazon Web Services Regions where GuardDuty is available. For more information, see Regions and endpoints. | October 6, 2022 | |
Added content for a new feature – GuardDuty Malware Protection | GuardDuty Malware Protection is an optional enhancement to Amazon GuardDuty. While GuardDuty identifies the resources at risk, Malware Protection detects the malware that may be the source of the compromise. With Malware Protection enabled, whenever GuardDuty detects suspicious behavior on an Amazon EC2 instance or a container workload indicative of malware, GuardDuty Malware Protection initiates an agentless scan on the EBS volumes attached to impacted EC2 instance or container workloads to detect the presence of malware. For information about how Malware Protection works and configuring this feature, see GuardDuty Malware Protection.
| July 26, 2022 |
Exfiltration:S3/ObjectRead.Unusual has been retired. | July 5, 2022 | |
Added the following new S3 finding types. These finding types identify if an API request invoked an IAM entity in an anomalous way. The ML model evaluates all API requests in your account and identifies anomalous events that are associated with techniques used by adversaries. To learn more about each of these new findings, see S3 finding types. | July 5, 2022 | |
GuardDuty can now generate findings for your Amazon EKS resources through the monitoring of Kubernetes audit logs. To learn how to configure this feature, see EKS Protection in Amazon GuardDuty. For a list of findings GuardDuty can generate for Amazon EKS resources, see Kubernetes findings. New remediation guidance has been added to support remediating these findings in the Kubernetes finding remediation guide. | January 25, 2022 | |
A new finding UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS has been added. This finding informs you when your instance credentials are accessed by an Amazon account outside your Amazon environment. | January 20, 2022 | |
Updated the finding types to help identify issues related to log4j | Amazon GuardDuty has updated the following finding types to help identify and prioritize issues related to CVE-2021-44228 and CVE-2021-45046: Backdoor:EC2/C&CActivity.B; Backdoor:EC2/C&CActivity.B!DNS; Behavior:EC2/NetworkPortUnusual. | December 22, 2021 |
UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration has been changed to UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS. This improved version of the finding learns the typical locations your credentials are used from to reduce findings from traffic routed through on premise networks. UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS | September 7, 2021 | |
The GuardDuty SLR has been updated with new actions to improve finding accuracy. | August 3, 2021 | |
Finding descriptions now contain information about data sources that GuardDuty uses to generate that finding. | May 10, 2021 | |
13 findings have been retired to be replaced with new AnomalousBehavoir findings. Persistence:IAMUser/NetworkPermissions, Persistence:IAMUser/ResourcePermissions, Persistence:IAMUser/UserPermissions, PrivilegeEscalation:IAMUser/AdministrativePermissions, Recon:IAMUser/NetworkPermissions, Recon:IAMUser/ResourcePermissions, Recon:IAMUser/UserPermissions, ResourceConsumption:IAMUser/ComputeResources, Stealth:IAMUser/LoggingConfigurationModified, Discovery:S3/BucketEnumeration.Unusual, Impact:S3/ObjectDelete.Unusual, Impact:S3/PermissionsModification.Unusual. | March 12, 2021 | |
Added 8 new IAMUser finding types based on anomalous behavior for IAM principals. CredentialAccess:IAMUser/AnomalousBehavior, DefenseEvasion:IAMUser/AnomalousBehavior, Discovery:IAMUser/AnomalousBehavior, Exfiltration:IAMUser/AnomalousBehavior, Impact:IAMUser/AnomalousBehavior, InitialAccess:IAMUser/AnomalousBehavior, Persistence:IAMUser/AnomalousBehavior, PrivilegeEscalation:IAMUser/AnomalousBehavior. | March 12, 2021 | |
Added 4 new Impact finding types based on domain reputation. Impact:EC2/AbusedDomainRequest.Reputation , Impact:EC2/BitcoinDomainRequest.Reputation, Impact:EC2/MaliciousDomainRequest.Reputation. Also added a new EC2 finding for C&CActivity. Impact:EC2/SuspiciousDomainRequest.Reputation | January 27, 2021 | |
Added 3 new S3 MaliciousIPCaller findings. Discovery:S3/MaliciousIPCaller, Exfiltration:S3/MaliciousIPCaller, Impact:S3/MaliciousIPCaller. Also added a new EC2 finding for C&CActivity. Backdoor:EC2/C&CActivity.B | December 21, 2020 | |
Retired the UnauthorizedAccess:EC2/TorIPCaller finding type. | The UnauthorizedAccess:EC2/TorIPCaller finding type is now retired from GuardDuty. Learn more. | October 1, 2020 |
Added a new Impact finding, Impact:EC2/WinRmBruteForce. Learn more. | September 17, 2020 | |
Added a new Impact finding, Impact:EC2/PortSweep. Learn more. | September 17, 2020 | |
GuardDuty is now available in the Africa (Cape Town) and Europe (Milan) Regions. | Added Africa (Cape Town) and Europe (Milan) to the list of Amazon Regions in which GuardDuty is available. Learn more | July 31, 2020 |
You can now use new metrics to query GuardDuty usage cost data for your account and
accounts you manage. A new overview of usage costs is available in the console at
https://console.amazonaws.cn/guardduty/ | July 31, 2020 | |
Added content covering S3 protection through S3 data event monitoring in GuardDuty. | GuardDuty S3 Protection is now available through the monitoring of S3 data plane events as a new data source. New accounts will have this feature enabled automatically. If you are already using GuardDuty you can enable the new data source for yourself or your member accounts. | July 31, 2020 |
14 new S3 finding types have been added for S3 control plane and data plane sources. | July 31, 2020 | |
Added additional support for S3 findings and changed 2 existing finding types names. | GuardDuty findings now include more details for findings involving S3 buckets. Existing finding types that were related to S3 activity have been renamed: Policy:IAMUser/S3BlockPublicAccessDisabled has been changed to Policy:S3/BucketBlockPublicAccessDisabled. Stealth:IAMUser/S3ServerAccessLoggingDisabled has been changed to Stealth:S3/ServerAccessLoggingDisabled. | May 28, 2020 |
GuardDuty now integrates with Amazon Organizations delegated administrators to allow you to manage GuardDuty accounts within your organization. When you set a delegated administrator as your GuardDuty administrator account you can automatically enable GuardDuty for any organization member to be managed by the delegated administrator account. You can also automatically enable GuardDuty in new Amazon Organizations member accounts. Learn more. | April 20, 2020 | |
Added content that describes the Export Findings feature of GuardDuty. | November 14, 2019 | |
Added the UnauthorizedAccess:EC2/MetadataDNSRebind finding type. | Added a new Unauthorized finding, UnauthorizedAccess:EC2/MetadataDNSRebind. Learn more. | October 10, 2019 |
Added the Stealth:IAMUser/S3ServerAccessLoggingDisabled finding type. | Added a new Stealth finding, Stealth:IAMUser/S3ServerAccessLoggingDisabled. Learn more. | October 10, 2019 |
Added the Policy:IAMUser/S3BlockPublicAccessDisabled finding type. | Added a new Policy finding, Policy:IAMUser/S3BlockPublicAccessDisabled. Learn more. | October 10, 2019 |
The Backdoor:EC2/XORDDOS finding type is now retired from GuardDuty.Learn more | June 12, 2019 | |
The PrivilegeEscalation finding type detects when users attempt to assign escalated, more permissive privileges to their accounts. Learn more | May 14, 2019 | |
GuardDuty is now available in the Europe (Stockholm) Region. | Added Europe (Stockholm) to the list of Amazon Regions in which GuardDuty is available. Learn more | May 9, 2019 |
Added a new finding type, Recon:EC2/PortProbeEMRUnprotectedPort. | This finding informs you that an EMR-related sensitive port on an EC2 Instance is not blocked and is being actively probed. Learn more | May 8, 2019 |
These findings inform you of EC2 instances in your environment that are behaving in a manner that may indicate they is being used to perform Denial of Service (DoS) attacks. Learn more | March 8, 2019 | |
Added a new finding type: Policy:IAMUser/RootCredentialUsage | Policy:IAMUser/RootCredentialUsage finding type informs you that the root user sign-in credentials of your Amazon Web Services account are being used to make programmatic requests to Amazon services. Learn more | January 24, 2019 |
UnauthorizedAccess:IAMUser/UnusualASNCaller finding type has been retired | The UnauthorizedAccess:IAMUser/UnusualASNCaller finding type has been retired. You will now be notified about activity invoked from unusual networks via other active GuardDuty finding types. The generated finding type will be based on the category of the API that was invoked from an unusual network. Learn more | December 21, 2018 |
Added two new finding types: PenTest:IAMUser/ParrotLinux and PenTest:IAMUser/PentooLinux | PenTest:IAMUser/ParrotLinux finding type informs you that a computer running Parrot Security Linux is making API calls using credentials that belong to your Amazon account. PenTest:IAMUser/PentooLinux finding type informs you that a machine running Pentoo Linux is making API calls using credentials that belong to your Amazon account. Learn more | December 21, 2018 |
Added support for the Amazon GuardDuty announcements SNS topic | You can now subscribe to the GuardDuty announcements SNS topic to receive notifications about newly released finding types, updates to the existing finding types, and other functionality changes. Notifications are available in all formats that Amazon SNS supports. Learn more | November 21, 2018 |
Added two new finding types: UnauthorizedAccess:EC2/TorClient and UnauthorizedAccess:EC2/TorRelay | UnauthorizedAccess:EC2/TorClient finding type informs you that an EC2 instance in your Amazon environment is making connections to a Tor Guard or an Authority node. UnauthorizedAccess:EC2/TorRelay finding type informs you that an EC2 instance in your Amazon environment is making connections to a Tor network in a manner that suggests that it's acting as a Tor relay. Learn more | November 16, 2018 |
This finding informs you that an EC2 instance in your Amazon environment is querying a domain name that is associated with Bitcoin, or other cryptocurrency-related activity. Learn more | November 9, 2018 | |
Added support for updating the frequency of notifications sent to CloudWatch Events | You can now update the frequency of notifications sent to CloudWatch Events for the subsequent occurrences of existing findings. Possible values are 15 minutes, 1 hour, or the default 6 hours. Learn more | October 9, 2018 |
Added Region support for Amazon GovCloud (US-West) Learn more | July 25, 2018 | |
Added support for Amazon CloudFormation StackSets in GuardDuty | You can use the Enable Amazon GuardDuty template to enable GuardDuty simultaneously in multiple accounts. Learn more | June 25, 2018 |
Customers can now build granular auto-archive rules for suppression of findings. For findings that match an auto-archive rule, GuardDuty automatically marks them as archived. This enables customers to further tune GuardDuty to keep only relevant findings in the current findings table. Learn more | May 4, 2018 | |
GuardDuty is now available in Europe (Paris), allowing you to extend continuous security monitoring and threat detection in this Region. Learn more | March 29, 2018 | |
For more information, see | March 6, 2018 | |
These new finding types are automatically enabled in GuardDuty in all supported Regions. Learn more | February 28, 2018 | |
Added three new threat intelligence detections (finding types). | These new finding types are automatically enabled in GuardDuty in all supported Regions. Learn more | February 5, 2018 |
With this release, you can have up to 1000 GuardDuty member accounts added per Amazon account (GuardDuty administrator account account). Learn more | January 25, 2018 | |
With this release, Users from administrator account GuardDuty accounts can upload and manage trusted IP lists and threat lists. Users from member GuardDuty accounts can't upload and manage lists. Trusted IP lists and threat lists that are uploaded by the administrator account account are imposed on GuardDuty functionality in its member accounts. Learn more | January 25, 2018 |
Earlier updates
| Change | Description | Date |
|---|---|---|
| Initial publication | Initial publication of the Amazon GuardDuty User Guide. | November 28, 2017 |