Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help customers protect their AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise.
It is highly recommended that GuardDuty is enabled in all supported AWS regions. This tool allows AWS to generate findings of unauthorized or unusual activity even in regions that customers are not actively using. If GuardDuty is not enabled in all supported regions, its ability to detect activity that involves global services is reduced, while there is little to no additional cost to monitor a region where there are no active workloads deployed.
How it works
Step by Step
Follow these steps below to activate the service:
- Click on GuardDuty in the AWS web console.
- Select the AWS Availability zone, from where you want to enable GuardDuty.
- Enable GuardDuty for the selected AZ, by clicking on the Enable GuardDuty button.
- At any time you can retrieve the estimation of costs, by navigating to Settings > Free-trial. GuardDuty comes with a free 30-day trial, the service is only charged after this test period.
- To disable GuardDuty:
- Go to Settings and mark the checkbox Disable GuardDuty.
- Click on Save Settings.
- Click on Disable button when the confirmation box appears.
Content Author: Gustavo Argentino