Remediating security issues discovered by GuardDuty

Amazon GuardDuty generates findings that indicate potential security issues. In this release of GuardDuty, the potential security issues indicate either a compromised EC2 instance or container workload, or a set of compromised credentials in your Amazon environment. The following sections describe the recommended remediation steps for these scenarios. If there are alternative remediation scenarios they will be described in the entry for that specific finding type. You can access the full information about a finding type by selecting it from the Active findings types table.

Remediating a potentially compromised Amazon EC2 instance
Remediating a potentially compromised S3 bucket
Remediating a potentially compromised ECS cluster
Remediating potentially compromised Amazon credentials
Remediating a potentially compromised standalone container
Remediating EKS Audit Log Monitoring findings
Remediating Runtime Monitoring findings
Remediating a potentially compromised database
Remediating a potentially compromised Lambda function

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Reporting false positives in Malware Protection

Remediating a potentially compromised Amazon EC2 instance

Remediating security issues discovered by GuardDuty

Contents