AWS GuardDuty Threat

AWS GuardDuty is a threat detection service. It analyzes CloudTrail logs (API calls), VPC Flow Logs (network traffic), and DNS logs to identify suspicious activity: compromised credentials, malware, brute-force attempts, unauthorized access, cryptomining. GuardDuty uses machine learning trained on AWS security data. It flags threats as "findings," which you investigate and respond to.