Detect threats with Amazon GuardDuty - Amazon Secrets Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Detect threats with Amazon GuardDuty

Amazon GuardDuty is a threat detection service that helps you protect your accounts, containers, workloads, and the data with your Amazon environment. By using machine learning (ML) models and anomaly and threat detection capabilities, GuardDuty continuously monitors different log sources to identify and prioritize potential security risks and malicious activities in your environment. For example, GuardDuty will detect potential threats such as unusual or suspicious access to secrets, and credential exfiltration in case it detects credentials that were created exclusively for an Amazon EC2 instance through an instance launch role but are being used from another account within Amazon. For more information, see the Amazon GuardDuty User Guide.

Another example use-case for detection is anomalous behavior. For example, if Amazon Secrets Manager typically gets create-secret, get-secret-value, describe-secret, and list-secrets calls from an entity using the Java SDK, and then a different entity begins calling batch-get-secret-value and get-secret-value using the Amazon CLI from outside of the VPN, GuardDuty can report a finding that the second entity is anomalously invoking APIs. For more information, see GuardDuty IAM finding type CredentialAccess:IAMUser/AnomalousBehavior.