本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# GuardDuty 查找类型
发现是在检测到您的可疑或恶意活动的迹象时 GuardDuty 生成的通知 Amazon Web Services 账户。 GuardDuty 在已启用的账户中生成查找结果 GuardDuty。
有关对 GuardDuty 查找结果类型进行重要更改(包括新添加或已停用的查找类型)的信息,请参见[Amazon 的文档历史记录 GuardDuty](doc-history.md)。
有关查找现已停用的类型的信息,请参阅 [停用的调查发现类型](guardduty_finding-types-retired.md)。
## GuardDuty 按可能受影响的资源查找类型
以下页面按与 GuardDuty 调查结果相关的可能受影响的资源类型分类:
+ [EC2 调查发现类型](guardduty_finding-types-ec2.md)
+ [IAM 调查发现类型](guardduty_finding-types-iam.md)
+ [攻击序列调查发现类型](guardduty-attack-sequence-finding-types.md)
+ [S3 防护调查发现类型](guardduty_finding-types-s3.md)
+ [EKS 防护调查发现类型](guardduty-finding-types-eks-audit-logs.md)
+ [运行时监控调查发现类型](findings-runtime-monitoring.md)
+ [EC2 恶意软件防护调查发现类型](findings-malware-protection.md)
+ [S3 恶意软件防护调查发现类型](gdu-malware-protection-s3-finding-types.md)
+ [Backup 的恶意软件防护查找类型](findings-malware-protection-backup.md)
+ [RDS 保护调查发现类型](findings-rds-protection.md)
+ [Lambda 保护调查发现类型](lambda-protection-finding-types.md)
## GuardDuty 主动查找类型
下表显示按基础数据来源或功能排序的所有处于活动状态的调查发现类型(如果适用)。在下表中,部分调查发现的*调查发现严重性*列值标有星号 (\$1) 或加号 (\$1):
\$1 这些调查发现类型的严重性各不相同。特定类型的调查发现可能具有不同的严重性,具体取决于该调查发现的特定上下文。有关调查发现类型的更多信息,请查看其详细描述。
\$1 使用 VPC 流日志作为数据源的 EC2 发现不支持 IPv6 流量。
| 调查发现类型 | 资源类型 | 基础数据来源/功能 | 调查发现的严重性 |
| --- | --- | --- | --- |
| [Discovery:S3/AnomalousBehavior](guardduty_finding-types-s3.md#discovery-s3-anomalousbehavior) | Amazon S3 | CloudTrail S3 的数据事件 | 低 |
| [Discovery:S3/MaliciousIPCaller](guardduty_finding-types-s3.md#discovery-s3-maliciousipcaller) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [Discovery:S3/MaliciousIPCaller.Custom](guardduty_finding-types-s3.md#discovery-s3-maliciousipcallercustom) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [Discovery:S3/TorIPCaller](guardduty_finding-types-s3.md#discovery-s3-toripcaller) | Amazon S3 | CloudTrail S3 的数据事件 | 中 |
| [Exfiltration:S3/AnomalousBehavior](guardduty_finding-types-s3.md#exfiltration-s3-anomalousbehavior) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [Exfiltration:S3/MaliciousIPCaller](guardduty_finding-types-s3.md#exfiltration-s3-maliciousipcaller) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [Impact:EC2/MaliciousDomainRequest.Custom](guardduty_finding-types-ec2.md#impact-ec2-maliciousdomainrequest-custom) | Amazon EC2 | DNS 日志 | 中 |
| [Impact:S3/AnomalousBehavior.Delete](guardduty_finding-types-s3.md#impact-s3-anomalousbehavior-delete) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [Impact:S3/AnomalousBehavior.Permission](guardduty_finding-types-s3.md#impact-s3-anomalousbehavior-permission) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [Impact:S3/AnomalousBehavior.Write](guardduty_finding-types-s3.md#impact-s3-anomalousbehavior-write) | Amazon S3 | CloudTrail S3 的数据事件 | 中 |
| [Impact:S3/MaliciousIPCaller](guardduty_finding-types-s3.md#impact-s3-maliciousipcaller) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [PenTest:S3/KaliLinux](guardduty_finding-types-s3.md#pentest-s3-kalilinux) | Amazon S3 | CloudTrail S3 的数据事件 | 中 |
| [PenTest:S3/ParrotLinux](guardduty_finding-types-s3.md#pentest-s3-parrotlinux) | Amazon S3 | CloudTrail S3 的数据事件 | 中 |
| [PenTest:S3/PentooLinux](guardduty_finding-types-s3.md#pentest-s3-pentoolinux) | Amazon S3 | CloudTrail S3 的数据事件 | 中 |
| [UnauthorizedAccess:S3/TorIPCaller](guardduty_finding-types-s3.md#unauthorizedaccess-s3-toripcaller) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [UnauthorizedAccess:S3/MaliciousIPCaller.Custom](guardduty_finding-types-s3.md#unauthorizedaccess-s3-maliciousipcallercustom) | Amazon S3 | CloudTrail S3 的数据事件 | 高 |
| [CredentialAccess:IAMUser/AnomalousBehavior](guardduty_finding-types-iam.md#credentialaccess-iam-anomalousbehavior) | IAM | CloudTrail 管理事件 | 中 |
| [CredentialAccess:IAMUser/CompromisedCredentials](guardduty_finding-types-iam.md#credentialaccess-iam-compromisedcredentials) | IAM | CloudTrail S3 的管理事件或 CloudTrail 数据事件 | 高 |
| [DefenseEvasion:IAMUser/AnomalousBehavior](guardduty_finding-types-iam.md#defenseevasion-iam-anomalousbehavior) | IAM | CloudTrail 管理事件 | 中 |
| [DefenseEvasion:IAMUser/BedrockLoggingDisabled](guardduty_finding-types-iam.md#defenseevasion-iam-bedrockloggingdisabled) | IAM | CloudTrail 管理事件 | 中 |
| [Discovery:IAMUser/AnomalousBehavior](guardduty_finding-types-iam.md#discovery-iam-anomalousbehavior) | IAM | CloudTrail 管理事件 | 低 |
| [Exfiltration:IAMUser/AnomalousBehavior](guardduty_finding-types-iam.md#exfiltration-iam-anomalousbehavior) | IAM | CloudTrail 管理事件 | 高 |
| [Impact:IAMUser/AnomalousBehavior](guardduty_finding-types-iam.md#impact-iam-anomalousbehavior) | IAM | CloudTrail 管理事件 | 高 |
| [InitialAccess:IAMUser/AnomalousBehavior](guardduty_finding-types-iam.md#initialaccess-iam-anomalousbehavior) | IAM | CloudTrail 管理事件 | 中 |
| [PenTest:IAMUser/KaliLinux](guardduty_finding-types-iam.md#pentest-iam-kalilinux) | IAM | CloudTrail 管理事件 | 中 |
| [PenTest:IAMUser/ParrotLinux](guardduty_finding-types-iam.md#pentest-iam-parrotlinux) | IAM | CloudTrail 管理事件 | 中 |
| [PenTest:IAMUser/PentooLinux](guardduty_finding-types-iam.md#pentest-iam-pentoolinux) | IAM | CloudTrail 管理事件 | 中 |
| [Persistence:IAMUser/AnomalousBehavior](guardduty_finding-types-iam.md#persistence-iam-anomalousbehavior) | IAM | CloudTrail 管理事件 | 中 |
| [Stealth:IAMUser/PasswordPolicyChange](guardduty_finding-types-iam.md#stealth-iam-passwordpolicychange) | IAM | CloudTrail 管理事件 | 低 [*](#gdu-active-findings-variable-severity) |
| [UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS](guardduty_finding-types-iam.md#unauthorizedaccess-iam-instancecredentialexfiltrationinsideaws) | IAM | CloudTrail 管理事件 | 高 [*](#gdu-active-findings-variable-severity) |
| [Policy:S3/AccountBlockPublicAccessDisabled](guardduty_finding-types-s3.md#policy-s3-accountblockpublicaccessdisabled) | Amazon S3 | CloudTrail 管理事件 | 低 |
| [Policy:S3/BucketAnonymousAccessGranted](guardduty_finding-types-s3.md#policy-s3-bucketanonymousaccessgranted) | Amazon S3 | CloudTrail 管理事件 | 高 |
| [Policy:S3/BucketBlockPublicAccessDisabled](guardduty_finding-types-s3.md#policy-s3-bucketblockpublicaccessdisabled) | Amazon S3 | CloudTrail 管理事件 | 低 |
| [Policy:S3/BucketPublicAccessGranted](guardduty_finding-types-s3.md#policy-s3-bucketpublicaccessgranted) | Amazon S3 | CloudTrail 管理事件 | 高 |
| [PrivilegeEscalation:IAMUser/AnomalousBehavior](guardduty_finding-types-iam.md#privilegeescalation-iam-anomalousbehavior) | IAM | CloudTrail 管理事件 | 中 |
| [Recon:IAMUser/MaliciousIPCaller](guardduty_finding-types-iam.md#recon-iam-maliciousipcaller) | IAM | CloudTrail 管理事件 | 中 |
| [Recon:IAMUser/MaliciousIPCaller.Custom](guardduty_finding-types-iam.md#recon-iam-maliciousipcallercustom) | IAM | CloudTrail 管理事件 | 中 |
| [Recon:IAMUser/TorIPCaller](guardduty_finding-types-iam.md#recon-iam-toripcaller) | IAM | CloudTrail 管理事件 | 中 |
| [Stealth:IAMUser/CloudTrailLoggingDisabled](guardduty_finding-types-iam.md#stealth-iam-cloudtrailloggingdisabled) | IAM | CloudTrail 管理事件 | 低 |
| [Stealth:S3/ServerAccessLoggingDisabled](guardduty_finding-types-s3.md#stealth-s3-serveraccessloggingdisabled) | Amazon S3 | CloudTrail 管理事件 | 低 |
| [UnauthorizedAccess:IAMUser/ConsoleLoginSuccess.B](guardduty_finding-types-iam.md#unauthorizedaccess-iam-consoleloginsuccessb) | IAM | CloudTrail 管理事件 | 中 |
| [UnauthorizedAccess:IAMUser/MaliciousIPCaller](guardduty_finding-types-iam.md#unauthorizedaccess-iam-maliciousipcaller) | IAM | CloudTrail 管理事件 | 中 |
| [UnauthorizedAccess:IAMUser/MaliciousIPCaller.Custom](guardduty_finding-types-iam.md#unauthorizedaccess-iam-maliciousipcallercustom) | IAM | CloudTrail 管理事件 | 中 |
| [UnauthorizedAccess:IAMUser/TorIPCaller](guardduty_finding-types-iam.md#unauthorizedaccess-iam-toripcaller) | IAM | CloudTrail 管理事件 | 中 |
| [Policy:IAMUser/RootCredentialUsage](guardduty_finding-types-iam.md#policy-iam-rootcredentialusage) | IAM | CloudTrail S3 的管理事件或 CloudTrail 数据事件 | 低 |
| [Policy:IAMUser/ShortTermRootCredentialUsage](guardduty_finding-types-iam.md#policy-iam-user-short-term-root-credential-usage) | IAM | CloudTrail S3 的管理事件或 CloudTrail 数据事件 | 低 |
| [UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS](guardduty_finding-types-iam.md#unauthorizedaccess-iam-instancecredentialexfiltrationoutsideaws) | IAM | CloudTrail S3 的管理事件或 CloudTrail 数据事件 | 高 |
| [UnauthorizedAccess:IAMUser/ResourceCredentialExfiltration.OutsideAWS](guardduty_finding-types-iam.md#unauthorizedaccess-iam-resourcecredentialexfiltrationoutsideaws) | IAM | CloudTrail S3 的管理事件或 CloudTrail 数据事件 | 高 |
| [AttackSequence:EKS/CompromisedCluster](guardduty-attack-sequence-finding-types.md#attack-sequence-eks-compromised-cluster) | 攻击序列中涉及的资源 | [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/guardduty/latest/ug/guardduty_finding-types-active.html) | 重大 |
| [AttackSequence:IAM/CompromisedCredentials](guardduty-attack-sequence-finding-types.md#attack-sequence-iam-compromised-credentials) | 攻击序列中涉及的资源 | CloudTrail 管理事件 | 重大 |
| [AttackSequence:S3/CompromisedData](guardduty-attack-sequence-finding-types.md#attack-sequence-s3-compromised-data) | 攻击序列中涉及的资源 | CloudTrail S3 的管理事件和 CloudTrail 数据事件 | 重大 |
| [AttackSequence:ECS/CompromisedCluster](guardduty-attack-sequence-finding-types.md#attack-sequence-ecs-compromised-cluster) | 攻击序列中涉及的资源 | [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/guardduty/latest/ug/guardduty_finding-types-active.html) | 重大 |
| [AttackSequence:EC2/CompromisedInstanceGroup](guardduty-attack-sequence-finding-types.md#attack-sequence-ec2-compromised-instance-group) | 攻击序列中涉及的资源 | [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/guardduty/latest/ug/guardduty_finding-types-active.html) | 重大 |
| [Backdoor:EC2/C&CActivity.B\$1DNS](guardduty_finding-types-ec2.md#backdoor-ec2-ccactivitybdns) | Amazon EC2 | DNS 日志 | 高 |
| [CryptoCurrency:EC2/BitcoinTool.B\$1DNS](guardduty_finding-types-ec2.md#cryptocurrency-ec2-bitcointoolbdns) | Amazon EC2 | DNS 日志 | 高 |
| [Impact:EC2/AbusedDomainRequest.Reputation](guardduty_finding-types-ec2.md#impact-ec2-abuseddomainrequestreputation) | Amazon EC2 | DNS 日志 | 中 |
| [Impact:EC2/BitcoinDomainRequest.Reputation](guardduty_finding-types-ec2.md#impact-ec2-bitcoindomainrequestreputation) | Amazon EC2 | DNS 日志 | 高 |
| [Impact:EC2/MaliciousDomainRequest.Reputation](guardduty_finding-types-ec2.md#impact-ec2-maliciousdomainrequestreputation) | Amazon EC2 | DNS 日志 | 高 |
| [Impact:EC2/SuspiciousDomainRequest.Reputation](guardduty_finding-types-ec2.md#impact-ec2-suspiciousdomainrequestreputation) | Amazon EC2 | DNS 日志 | 低 |
| [Trojan:EC2/BlackholeTraffic\$1DNS](guardduty_finding-types-ec2.md#trojan-ec2-blackholetrafficdns) | Amazon EC2 | DNS 日志 | 中 |
| [Trojan:EC2/DGADomainRequest.B](guardduty_finding-types-ec2.md#trojan-ec2-dgadomainrequestb) | Amazon EC2 | DNS 日志 | 高 |
| [Trojan:EC2/DGADomainRequest.C\$1DNS](guardduty_finding-types-ec2.md#trojan-ec2-dgadomainrequestcdns) | Amazon EC2 | DNS 日志 | 高 |
| [Trojan:EC2/DNSDataExfiltration](guardduty_finding-types-ec2.md#trojan-ec2-dnsdataexfiltration) | Amazon EC2 | DNS 日志 | 高 |
| [Trojan:EC2/DriveBySourceTraffic\$1DNS](guardduty_finding-types-ec2.md#trojan-ec2-drivebysourcetrafficdns) | Amazon EC2 | DNS 日志 | 高 |
| [Trojan:EC2/DropPoint\$1DNS](guardduty_finding-types-ec2.md#trojan-ec2-droppointdns) | Amazon EC2 | DNS 日志 | 中 |
| [Trojan:EC2/PhishingDomainRequest\$1DNS](guardduty_finding-types-ec2.md#trojan-ec2-phishingdomainrequestdns) | Amazon EC2 | DNS 日志 | 高 |
| [UnauthorizedAccess:EC2/MetadataDNSRebind](guardduty_finding-types-ec2.md#unauthorizedaccess-ec2-metadatadnsrebind) | Amazon EC2 | DNS 日志 | 高 |
| [Execution:Container/MaliciousFile](findings-malware-protection.md#execution-malware-container-maliciousfile) | Container | EBS 恶意软件防护 | 因检测到的威胁而异 |
| [Execution:Container/SuspiciousFile](findings-malware-protection.md#execution-malware-container-suspiciousfile) | Container | EBS 恶意软件防护 | 因检测到的威胁而异 |
| [Execution:EC2/MaliciousFile](findings-malware-protection.md#execution-malware-ec2-maliciousfile) | Amazon EC2 | EBS 恶意软件防护 | 因检测到的威胁而异 |
| [Execution:EC2/SuspiciousFile](findings-malware-protection.md#execution-malware-ec2-suspiciousfile) | Amazon EC2 | EBS 恶意软件防护 | 因检测到的威胁而异 |
| [Execution:ECS/MaliciousFile](findings-malware-protection.md#execution-malware-ecs-maliciousfile) | ECS | EBS 恶意软件防护 | 因检测到的威胁而异 |
| [Execution:ECS/SuspiciousFile](findings-malware-protection.md#execution-malware-ecs-suspiciousfile) | ECS | EBS 恶意软件防护 | 因检测到的威胁而异 |
| [Execution:Kubernetes/MaliciousFile](findings-malware-protection.md#execution-malware-kubernetes-maliciousfile) | Kubernetes | EBS 恶意软件防护 | 因检测到的威胁而异 |
| [Execution:Kubernetes/SuspiciousFile](findings-malware-protection.md#execution-malware-kubernetes-suspiciousfile) | Kubernetes | EBS 恶意软件防护 | 因检测到的威胁而异 |
| [Execution:EC2/MaliciousFile\$1Snapshot](findings-malware-protection-backup.md#execution-malware-ec2-maliciousfile-snapshot) | Amazon EBS | 备份恶意软件防护 | 因检测到的威胁而异 |
| [Execution:EC2/MaliciousFile\$1AMI在 EC2 AMI 中检测到恶意文件。](findings-malware-protection-backup.md#execution-malware-ec2-maliciousfile-ami) | Amazon EC2 | 备份恶意软件防护 | 因检测到的威胁而异 |
| [Execution:EC2/MaliciousFile\$1RecoveryPoint](findings-malware-protection-backup.md#execution-malware-ec2-maliciousfile-recoverypoint) | Amazon Backup | 备份恶意软件防护 | 因检测到的威胁而异 |
| [Execution:S3/MaliciousFile\$1RecoveryPoint](findings-malware-protection-backup.md#execution-malware-s3-maliciousfile-recoverypoint) | Amazon Backup | 备份恶意软件防护 | 因检测到的威胁而异 |
| [CredentialAccess:Kubernetes/AnomalousBehavior.SecretsAccessed](guardduty-finding-types-eks-audit-logs.md#credaccess-kubernetes-anomalousbehavior-secretsaccessed) | Kubernetes | EKS 审计日志 | 中 |
| [CredentialAccess:Kubernetes/MaliciousIPCaller](guardduty-finding-types-eks-audit-logs.md#credentialaccess-kubernetes-maliciousipcaller) | Kubernetes | EKS 审计日志 | 高 |
| [CredentialAccess:Kubernetes/MaliciousIPCaller.Custom](guardduty-finding-types-eks-audit-logs.md#credentialaccess-kubernetes-maliciousipcallercustom) | Kubernetes | EKS 审计日志 | 高 |
| [CredentialAccess:Kubernetes/SuccessfulAnonymousAccess](guardduty-finding-types-eks-audit-logs.md#credentialaccess-kubernetes-successfulanonymousaccess) | Kubernetes | EKS 审计日志 | 高 |
| [CredentialAccess:Kubernetes/TorIPCaller](guardduty-finding-types-eks-audit-logs.md#credentialaccess-kubernetes-toripcaller) | Kubernetes | EKS 审计日志 | 高 |
| [DefenseEvasion:Kubernetes/MaliciousIPCaller](guardduty-finding-types-eks-audit-logs.md#defenseevasion-kubernetes-maliciousipcaller) | Kubernetes | EKS 审计日志 | 高 |
| [DefenseEvasion:Kubernetes/MaliciousIPCaller.Custom](guardduty-finding-types-eks-audit-logs.md#defenseevasion-kubernetes-maliciousipcallercustom) | Kubernetes | EKS 审计日志 | 高 |
| [DefenseEvasion:Kubernetes/SuccessfulAnonymousAccess](guardduty-finding-types-eks-audit-logs.md#defenseevasion-kubernetes-successfulanonymousaccess) | Kubernetes | EKS 审计日志 | 高 |
| [DefenseEvasion:Kubernetes/TorIPCaller](guardduty-finding-types-eks-audit-logs.md#defenseevasion-kubernetes-toripcaller) | Kubernetes | EKS 审计日志 | 高 |
| [Discovery:Kubernetes/AnomalousBehavior.PermissionChecked](guardduty-finding-types-eks-audit-logs.md#discovery-kubernetes-anomalousbehavrior-permissionchecked) | Kubernetes | EKS 审计日志 | 低 |
| [Discovery:Kubernetes/MaliciousIPCaller](guardduty-finding-types-eks-audit-logs.md#discovery-kubernetes-maliciousipcaller) | Kubernetes | EKS 审计日志 | 中 |
| [Discovery:Kubernetes/MaliciousIPCaller.Custom](guardduty-finding-types-eks-audit-logs.md#discovery-kubernetes-maliciousipcallercustom) | Kubernetes | EKS 审计日志 | 中 |
| [Discovery:Kubernetes/SuccessfulAnonymousAccess](guardduty-finding-types-eks-audit-logs.md#discovery-kubernetes-successfulanonymousaccess) | Kubernetes | EKS 审计日志 | 中 |
| [Discovery:Kubernetes/TorIPCaller](guardduty-finding-types-eks-audit-logs.md#discovery-kubernetes-toripcaller) | Kubernetes | EKS 审计日志 | 中 |
| [Execution:Kubernetes/ExecInKubeSystemPod](guardduty-finding-types-eks-audit-logs.md#execution-kubernetes-execinkubesystempod) | Kubernetes | EKS 审计日志 | 中 |
| [Execution:Kubernetes/AnomalousBehavior.ExecInPod](guardduty-finding-types-eks-audit-logs.md#execution-kubernetes-anomalousbehvaior-execinprod) | Kubernetes | EKS 审计日志 | 中 |
| [Execution:Kubernetes/AnomalousBehavior.WorkloadDeployed](guardduty-finding-types-eks-audit-logs.md#exec-kubernetes-anomalousbehavior-workloaddeployed) | Kubernetes | EKS 审计日志 | 低 |
| [Impact:Kubernetes/MaliciousIPCaller](guardduty-finding-types-eks-audit-logs.md#impact-kubernetes-maliciousipcaller) | Kubernetes | EKS 审计日志 | 高 |
| [Impact:Kubernetes/MaliciousIPCaller.Custom](guardduty-finding-types-eks-audit-logs.md#impact-kubernetes-maliciousipcallercustom) | Kubernetes | EKS 审计日志 | 高 |
| [Impact:Kubernetes/SuccessfulAnonymousAccess](guardduty-finding-types-eks-audit-logs.md#impact-kubernetes-successfulanonymousaccess) | Kubernetes | EKS 审计日志 | 高 |
| [Impact:Kubernetes/TorIPCaller](guardduty-finding-types-eks-audit-logs.md#impact-kubernetes-toripcaller) | Kubernetes | EKS 审计日志 | 高 |
| [Persistence:Kubernetes/ContainerWithSensitiveMount](guardduty-finding-types-eks-audit-logs.md#persistence-kubernetes-containerwithsensitivemount) | Kubernetes | EKS 审计日志 | 中 |
| [Persistence:Kubernetes/MaliciousIPCaller](guardduty-finding-types-eks-audit-logs.md#persistence-kubernetes-maliciousipcaller) | Kubernetes | EKS 审计日志 | 中 |
| [Persistence:Kubernetes/MaliciousIPCaller.Custom](guardduty-finding-types-eks-audit-logs.md#persistence-kubernetes-maliciousipcallercustom) | Kubernetes | EKS 审计日志 | 中 |
| [Persistence:Kubernetes/SuccessfulAnonymousAccess](guardduty-finding-types-eks-audit-logs.md#persistence-kubernetes-successfulanonymousaccess) | Kubernetes | EKS 审计日志 | 高 |
| [Persistence:Kubernetes/TorIPCaller](guardduty-finding-types-eks-audit-logs.md#persistence-kubernetes-toripcaller) | Kubernetes | EKS 审计日志 | 中 |
| [Policy:Kubernetes/AdminAccessToDefaultServiceAccount](guardduty-finding-types-eks-audit-logs.md#policy-kubernetes-adminaccesstodefaultserviceaccount) | Kubernetes | EKS 审计日志 | 高 |
| [Policy:Kubernetes/AnonymousAccessGranted](guardduty-finding-types-eks-audit-logs.md#policy-kubernetes-anonymousaccessgranted) | Kubernetes | EKS 审计日志 | 高 |
| [Policy:Kubernetes/KubeflowDashboardExposed](guardduty-finding-types-eks-audit-logs.md#policy-kubernetes-kubeflowdashboardexposed) | Kubernetes | EKS 审计日志 | 中 |
| [Policy:Kubernetes/ExposedDashboard](guardduty-finding-types-eks-audit-logs.md#policy-kubernetes-exposeddashboard) | Kubernetes | EKS 审计日志 | 中 |
| [PrivilegeEscalation:Kubernetes/AnomalousBehavior.RoleBindingCreated](guardduty-finding-types-eks-audit-logs.md#privesc-kubernetes-anomalousbehavior-rolebindingcreated) | Kubernetes | EKS 审计日志 | 中等 [*](#gdu-active-findings-variable-severity) |
| [PrivilegeEscalation:Kubernetes/AnomalousBehavior.RoleCreated](guardduty-finding-types-eks-audit-logs.md#privesc-kubernetes-anomalousbehavior-rolecreated) | Kubernetes | EKS 审计日志 | 低 |
| [Persistence:Kubernetes/AnomalousBehavior.WorkloadDeployed\$1ContainerWithSensitiveMount](guardduty-finding-types-eks-audit-logs.md#privesc-kubernetes-anomalousbehavior-workloaddeployed-containerwithsensitivemount) | Kubernetes | EKS 审计日志 | 高 |
| [PrivilegeEscalation:Kubernetes/AnomalousBehavior.WorkloadDeployed\$1PrivilegedContainer](guardduty-finding-types-eks-audit-logs.md#privesc-kubernetes-anomalousbehavior-workloaddeployed-privcontainer) | Kubernetes | EKS 审计日志 | 高 |
| [PrivilegeEscalation:Kubernetes/PrivilegedContainer](guardduty-finding-types-eks-audit-logs.md#privilegeescalation-kubernetes-privilegedcontainer) | Kubernetes | EKS 审计日志 | 中 |
| [Backdoor:Lambda/C&CActivity.B](lambda-protection-finding-types.md#backdoor-lambda-ccactivity-b) | Lambda | Lambda 网络活动监控 | 高 |
| [CryptoCurrency:Lambda/BitcoinTool.B](lambda-protection-finding-types.md#cryptocurrency-lambda-bitcointool-b) | Lambda | Lambda 网络活动监控 | 高 |
| [Trojan:Lambda/BlackholeTraffic](lambda-protection-finding-types.md#trojan-lambda-blackhole-traffic) | Lambda | Lambda 网络活动监控 | 中 |
| [Trojan:Lambda/DropPoint](lambda-protection-finding-types.md#trojan-lambda-drop-point) | Lambda | Lambda 网络活动监控 | 中 |
| [UnauthorizedAccess:Lambda/MaliciousIPCaller.Custom](lambda-protection-finding-types.md#unauthorized-access-lambda-maliciousIPcaller-custom) | Lambda | Lambda 网络活动监控 | 中 |
| [UnauthorizedAccess:Lambda/TorClient](lambda-protection-finding-types.md#unauthorized-access-lambda-tor-client) | Lambda | Lambda 网络活动监控 | 高 |
| [UnauthorizedAccess:Lambda/TorRelay](lambda-protection-finding-types.md#unauthorized-access-lambda-tor-relay) | Lambda | Lambda 网络活动监控 | 高 |
| [Object:S3/MaliciousFile](gdu-malware-protection-s3-finding-types.md#s3-object-s3-malicious-file) | S3Object | S3 恶意软件防护 | 高 |
| [CredentialAccess:RDS/AnomalousBehavior.FailedLogin](findings-rds-protection.md#credaccess-rds-anombehavior-failedlogin) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 低 |
| [CredentialAccess:RDS/AnomalousBehavior.SuccessfulBruteForce](findings-rds-protection.md#credaccess-rds-anombehavior-successfulbruteforce) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 高 |
| [CredentialAccess:RDS/AnomalousBehavior.SuccessfulLogin](findings-rds-protection.md#credaccess-rds-anombehavior-successlogin) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 变量 [*](#gdu-active-findings-variable-severity) |
| [CredentialAccess:RDS/MaliciousIPCaller.FailedLogin](findings-rds-protection.md#credaccess-rds-maliciousipcaller-failedlogin) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 中 |
| [CredentialAccess:RDS/MaliciousIPCaller.SuccessfulLogin](findings-rds-protection.md#credaccess-rds-maliciousipcaller-successfullogin) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 高 |
| [CredentialAccess:RDS/TorIPCaller.FailedLogin](findings-rds-protection.md#credaccess-rds-toripcaller-failedlogin) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 中 |
| [CredentialAccess:RDS/TorIPCaller.SuccessfulLogin](findings-rds-protection.md#credaccess-rds-toripcaller-successfullogin) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 高 |
| [Discovery:RDS/MaliciousIPCaller](findings-rds-protection.md#discovery-rds-maliciousipcaller) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 中 |
| [Discovery:RDS/TorIPCaller](findings-rds-protection.md#discovery-rds-toripcaller) | [支持的 Amazon Aurora、Amazon RDS 和 Aurora Limitless Database](rds-protection.md#rds-pro-supported-db) | RDS 登录活动监控 | 中 |
| [Backdoor:Runtime/C&CActivity.B](findings-runtime-monitoring.md#backdoor-runtime-ccactivityb) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Backdoor:Runtime/C&CActivity.B\$1DNS](findings-runtime-monitoring.md#backdoor-runtime-ccactivitybdns) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [CryptoCurrency:Runtime/BitcoinTool.B](findings-runtime-monitoring.md#cryptocurrency-runtime-bitcointoolb) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [CryptoCurrency:Runtime/BitcoinTool.B\$1DNS](findings-runtime-monitoring.md#cryptocurrency-runtime-bitcointoolbdns) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [DefenseEvasion:Runtime/FilelessExecution](findings-runtime-monitoring.md#defenseeva-runtime-filelessexecution) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [DefenseEvasion:Runtime/KernelModuleLoaded](findings-runtime-monitoring.md#defenseevasion-runtime-kernelmoduleloaded) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [DefenseEvasion:Runtime/ProcessInjection.Proc](findings-runtime-monitoring.md#defenseeva-runtime-processinjectionproc) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [DefenseEvasion:Runtime/ProcessInjection.Ptrace](findings-runtime-monitoring.md#defenseeva-runtime-processinjectionptrace) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [DefenseEvasion:Runtime/ProcessInjection.VirtualMemoryWrite](findings-runtime-monitoring.md#defenseeva-runtime-processinjectionvirtualmemw) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [DefenseEvasion:Runtime/PtraceAntiDebugging](findings-runtime-monitoring.md#defenseevasion-runtime-ptrace-anti-debug) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 低 |
| [DefenseEvasion:Runtime/SuspiciousCommand](findings-runtime-monitoring.md#defenseevasion-runtime-suspicious-command) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Discovery:Runtime/SuspiciousCommand](findings-runtime-monitoring.md#discovery-runtime-suspicious-command) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 低 |
| [Execution:Runtime/MaliciousFileExecuted](findings-runtime-monitoring.md#execution-runtime-malicious-file-executed) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Execution:Runtime/NewBinaryExecuted](findings-runtime-monitoring.md#execution-runtime-newbinaryexecuted) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Execution:Runtime/NewLibraryLoaded](findings-runtime-monitoring.md#execution-runtime-newlibraryloaded) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Execution:Runtime/SuspiciousCommand](findings-runtime-monitoring.md#execution-runtime-suspiciouscommand) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 变量 |
| [Execution:Runtime/SuspiciousShellCreated](findings-runtime-monitoring.md#execution-runtime-suspicious-shell-created) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 低 |
| [Execution:Runtime/SuspiciousTool](findings-runtime-monitoring.md#execution-runtime-suspicioustool) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 变量 |
| [Execution:Runtime/ReverseShell](findings-runtime-monitoring.md#execution-runtime-reverseshell) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Impact:Runtime/AbusedDomainRequest.Reputation](findings-runtime-monitoring.md#impact-runtime-abuseddomainrequestreputation) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Impact:Runtime/BitcoinDomainRequest.Reputation](findings-runtime-monitoring.md#impact-runtime-bitcoindomainrequestreputation) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Impact:Runtime/CryptoMinerExecuted](findings-runtime-monitoring.md#impact-runtime-cryptominerexecuted) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Impact:Runtime/MaliciousDomainRequest.Reputation](findings-runtime-monitoring.md#impact-runtime-maliciousdomainrequestreputation) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Impact:Runtime/SuspiciousDomainRequest.Reputation](findings-runtime-monitoring.md#impact-runtime-suspiciousdomainrequestreputation) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 低 |
| [Persistence:Runtime/SuspiciousCommand](findings-runtime-monitoring.md#persistence-runtime-suspicious-command) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [PrivilegeEscalation:Runtime/CGroupsReleaseAgentModified](findings-runtime-monitoring.md#privilegeesc-runtime-cgroupsreleaseagentmodified) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [PrivilegeEscalation:Runtime/ContainerMountsHostDirectory](findings-runtime-monitoring.md#privilegeescalation-runtime-containermountshostdirectory) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [PrivilegeEscalation:Runtime/DockerSocketAccessed](findings-runtime-monitoring.md#privilegeesc-runtime-dockersocketaccessed) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [PrivilegeEscalation:Runtime/ElevationToRoot](findings-runtime-monitoring.md#privilegeesc-runtime-elevation-to-root) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [PrivilegeEscalation:Runtime/RuncContainerEscape](findings-runtime-monitoring.md#privilegeesc-runtime-runccontainerescape) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [PrivilegeEscalation:Runtime/SuspiciousCommand](findings-runtime-monitoring.md#privilege-escalation-runtime-suspicious-command) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [PrivilegeEscalation:Runtime/UserfaultfdUsage](findings-runtime-monitoring.md#privilegeescalation-runtime-userfaultfdusage) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Trojan:Runtime/BlackholeTraffic](findings-runtime-monitoring.md#trojan-runtime-blackholetraffic) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Trojan:Runtime/BlackholeTraffic\$1DNS](findings-runtime-monitoring.md#trojan-runtime-blackholetrafficdns) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Trojan:Runtime/DropPoint](findings-runtime-monitoring.md#trojan-runtime-droppoint) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Trojan:Runtime/DGADomainRequest.C\$1DNS](findings-runtime-monitoring.md#trojan-runtime-dgadomainrequestcdns) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Trojan:Runtime/DriveBySourceTraffic\$1DNS](findings-runtime-monitoring.md#trojan-runtime-drivebysourcetrafficdns) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Trojan:Runtime/DropPoint\$1DNS](findings-runtime-monitoring.md#trojan-runtime-droppointdns) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 中 |
| [Trojan:Runtime/PhishingDomainRequest\$1DNS](findings-runtime-monitoring.md#trojan-runtime-phishingdomainrequestdns) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [UnauthorizedAccess:Runtime/MetadataDNSRebind](findings-runtime-monitoring.md#unauthorizedaccess-runtime-metadatadnsrebind) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [UnauthorizedAccess:Runtime/TorClient](findings-runtime-monitoring.md#unauthorizedaccess-runtime-torclient) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [UnauthorizedAccess:Runtime/TorRelay](findings-runtime-monitoring.md#unauthorizedaccess-runtime-torrelay) | 实例、EKS 集群、ECS 集群或容器 | 运行时监控 | 高 |
| [Backdoor:EC2/C&CActivity.B](guardduty_finding-types-ec2.md#backdoor-ec2-ccactivityb) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [Backdoor:EC2/DenialOfService.Dns](guardduty_finding-types-ec2.md#backdoor-ec2-denialofservicedns) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [Backdoor:EC2/DenialOfService.Tcp](guardduty_finding-types-ec2.md#backdoor-ec2-denialofservicetcp) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [Backdoor:EC2/DenialOfService.Udp](guardduty_finding-types-ec2.md#backdoor-ec2-denialofserviceudp) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [Backdoor:EC2/DenialOfService.UdpOnTcpPorts](guardduty_finding-types-ec2.md#backdoor-ec2-denialofserviceudpontcpports) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [Backdoor:EC2/DenialOfService.UnusualProtocol](guardduty_finding-types-ec2.md#backdoor-ec2-denialofserviceunusualprotocol) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [Backdoor:EC2/Spambot](guardduty_finding-types-ec2.md#backdoor-ec2-spambot) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [Behavior:EC2/NetworkPortUnusual](guardduty_finding-types-ec2.md#behavior-ec2-networkportunusual) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [Behavior:EC2/TrafficVolumeUnusual](guardduty_finding-types-ec2.md#behavior-ec2-trafficvolumeunusual) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [CryptoCurrency:EC2/BitcoinTool.B](guardduty_finding-types-ec2.md#cryptocurrency-ec2-bitcointoolb) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [DefenseEvasion:EC2/UnusualDNSResolver](guardduty_finding-types-ec2.md#defenseevasion-ec2-unusualdnsresolver) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [DefenseEvasion:EC2/UnusualDoHActivity](guardduty_finding-types-ec2.md#defenseevasion-ec2-unsualdohactivity) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [DefenseEvasion:EC2/UnusualDoTActivity](guardduty_finding-types-ec2.md#defenseevasion-ec2-unusualdotactivity) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [Impact:EC2/PortSweep](guardduty_finding-types-ec2.md#impact-ec2-portsweep) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [Impact:EC2/WinRMBruteForce](guardduty_finding-types-ec2.md#impact-ec2-winrmbruteforce) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 低 [*](#gdu-active-findings-variable-severity) |
| [Recon:EC2/PortProbeEMRUnprotectedPort](guardduty_finding-types-ec2.md#recon-ec2-portprobeemrunprotectedport) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [Recon:EC2/PortProbeUnprotectedPort](guardduty_finding-types-ec2.md#recon-ec2-portprobeunprotectedport) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 低 [*](#gdu-active-findings-variable-severity) |
| [Recon:EC2/Portscan](guardduty_finding-types-ec2.md#recon-ec2-portscan) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [Trojan:EC2/BlackholeTraffic](guardduty_finding-types-ec2.md#trojan-ec2-blackholetraffic) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [Trojan:EC2/DropPoint](guardduty_finding-types-ec2.md#trojan-ec2-droppoint) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [UnauthorizedAccess:EC2/MaliciousIPCaller.Custom](guardduty_finding-types-ec2.md#unauthorizedaccess-ec2-maliciousipcallercustom) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 中 |
| [UnauthorizedAccess:EC2/RDPBruteForce](guardduty_finding-types-ec2.md#unauthorizedaccess-ec2-rdpbruteforce) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 低 [*](#gdu-active-findings-variable-severity) |
| [UnauthorizedAccess:EC2/SSHBruteForce](guardduty_finding-types-ec2.md#unauthorizedaccess-ec2-sshbruteforce) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 低 [*](#gdu-active-findings-variable-severity) |
| [UnauthorizedAccess:EC2/TorClient](guardduty_finding-types-ec2.md#unauthorizedaccess-ec2-torclient) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |
| [UnauthorizedAccess:EC2/TorRelay](guardduty_finding-types-ec2.md#unauthorizedaccess-ec2-torrelay) | Amazon EC2 | VPC 流日志 [+](#gdu-ec2-finding-no-support-ipv6-traffic) | 高 |