What are some of the IoCs that GuardDuty can detect?

• Unauthorized Access Attempts, Compromised EC2 Instances, Reconnaissance Activities, Account Compromise Indicators, and Unusual Network Traffic

What are some of the data sources which GuardDuty can use?

• It can use VPC Flow Logs, CloudTrail Event Logs, and DNS Logs.

How does GuardDuty use access behavior to spot potential malicious activity?

• By analyzing and correlating this information, GuardDuty can provide timely and accurate alerts about potential security threats, allowing AWS users to quickly respond to mitigate risks.

Resource: https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html https://www.youtube.com/watch?v=czsuZXQvD8E