Skip to content
learning path

Implementing intelligent threat detection with Amazon GuardDuty

Intermediate
Up to 2h 14m
34
Enroll
Enhance your skill setDevelop essential skills for thriving in real-world scenarios.
Stay focused, stay committedBoost your learning journey by enrolling: stay focused, consistent and achieve your goals with ease.
Earn a certificate of completionShow your skills and build your credibility when you include them in your resume and LinkedIn profile.

Training content

4
1
COURSE
Intermediate
Duration: 29 minutes and 24 seconds
Intelligent Threat Detection with Amazon GuardDuty
Learn the fundamentals of the Amazon GuardDuty service as well as its features and how to configure it.
COURSE
Beginner
Duration: 22 minutes and 34 seconds
Configuring Accounts and Permissions in Amazon GuardDuty
In this lesson, we look at how to configure Amazon GuardDuty to work across multiple AWS accounts and the different permissions required and used when working with Amazon GuardDuty.
COURSE
Beginner
Duration: 15 minutes and 12 seconds
Managing and Remediating Findings in Amazon GuardDuty
In this lesson, we are going to explain how to manage and remediate findings in Amazon GuardDuty.
COURSE
Beginner
Duration: 17 minutes and 7 seconds
Understanding the Benefits and Cost of Amazon GuardDuty
In this lesson, we're going to explain the benefits and cost factors of using Amazon GuardDuty.
HANDS-ON LAB
Beginner
Duration: Up to 50 minutes
Detecting EC2 Threats with Amazon GuardDuty
Learn how to use Amazon GuardDuty to automatically uncover malicious EC2 activity and configure threat lists to improve the security of your AWS environments.

Amazon GuardDuty is an intelligent threat-detection service, which enables you to monitor your AWS accounts for unusual and unexpected behavior. It does this by analyzing AWS CloudTrail Event Logs, VPC Flow Logs, and DNS Logs. It can also optionally analyze Kubernetes audit logs, RDS login activity, S3 logs, EBS volumes, Runtime monitoring, and Lambda network activity logs. It then uses the data from logs and assesses it against multiple security and threat detection feeds, looking for anomalies and known malicious sources, such as IP addresses and URLs.

This course path will introduce you to Amazon GuardDuty and explain how it works and how to configure it, enabling you to use this service within your own AWS accounts to provide automatic and continuous security analysis for safeguarding your entire AWS environment.

You will learn:

  • What GuardDuty is and the benefit it provides
  • The different data sources that feed into Amazon GuardDuty
  • The core components of the service
  • How to configure the service
  • The terminology for using a multi-account strategy with Amazon GuardDuty
  • How to connect multiple AWS accounts to centralize findings 
  • How to ensure you have the correct permissions in place to work with Amazon GuardDuty successfully
  • How to archive and export findings in GuardDuty
  • How to filter findings based on specific criteria
  • How to create suppression rules and saved filters
  • How to remediate findings based on the finding details
  • The benefits of using Amazon GuardDuty
  • The costs and price factors associated with GuardDuty
  • Partners that integrate with Amazon GuardDuty


Intended Audience

  • Security consultants or specialists
  • Security analysts
  • Security auditors
  • Cloud architects
  • Cloud operational support analysts
  • Anyone looking to learn more about security and threat detection in AWS


Prerequisites

Familiarity with the following will be beneficial but is not required:

  • An understanding of the fundamentals of AWS
  • An awareness of security measures and mechanisms offered by AWS services, specifically IAM policies and IAM roles
  • AWS Organizations

The following content can be used to fulfill the prerequisites:

Your certificate for this learning path

About the Author

Avatar
Alana Layton, opens in a new tab
Sr. AWS Content Creator
Students
5,940
Courses
45
Learning paths
9

Alana Layton is an experienced technical trainer, technical content developer, and cloud engineer living out of Seattle, Washington. Her career has included teaching about AWS all over the world, creating AWS content that is fun, and working in consulting. She currently holds six AWS certifications. Outside of Cloud Academy, you can find her testing her knowledge in bar trivia, reading, or training for a marathon.

Covered Topics

Security
Amazon Web Services
Security for AWS
Amazon GuardDuty