https://youtu.be/Dn9dJVKhKWw
#SaxcatsGamingCorner #guardduty #adventuregame #adventuregames #pointandclick

Guard Duty (3) Well, this game got serious pretty quick!
https://www.youtube.com/watch?v=p0d2Cxr3Hgk&ab_channel=Saxcat%27sGamingCorner
#SaxcatsGamingCorner #GuardDuty #SickChickenStudios #AdventureGame #AdventureGames #PointandClick

Guard Duty (2) Zoinks, we've got a mystery on our hands!
https://www.youtube.com/watch?v=9dn9AMUk98A&ab_channel=Saxcat%27sGamingCorner
#SaxcatsGamingCorner #GuardDuty #SickChickenStudios #AdventureGame #AdventureGames #PointandClick

Guard Duty (1) Partied to hard?
https://www.youtube.com/watch?v=uEZehsUonII&ab_channel=Saxcat%27sGamingCorner
#SaxcatsGamingCorner #GuardDuty #SickChickenStudios #AdventureGame #AdventureGames #PointandClick

GuardDuty supports Lambda
https://aws.amazon.com/about-aws/whats-new/2023/04/amazon-guardduty-aws-lambda/
Amazon GuardDuty expands threat detection coverage to continuously monitor network activity logs, starting with VPC Flow Logs, generated from the execution of AWS Lambda functions to detect threats to Lambda such as functions maliciously repurposed for unauthorized cryptocurrency mining, or compromised Lambda functions that are communicating with known threat actor servers.

#AWS #GuardDuty #Lambda #AwsLambda

Updated AWS::GuardDuty::Detector

Use Features property to configure a GuardDuty feature. For more information about features, see Feature activation in GuardDuty.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html #guardduty #cloudformation

Amazon GuardDuty RDS Protection for Amazon Aurora is now generally available https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-guardduty-rds-protection-aurora-generally-available/ @awscloud #aws #cloud #security #guardDuty

Also some big improvements to the way you configure #GuardDuty https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-feature-object-api-changes-march2023.html

Exciting launch from my team: #GuardDuty #RDS Protection is now GA https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-guardduty-rds-protection-aurora-generally-available/ #aws #cybersecurity

How to detect security issues in Amazon #EKS clusters using Amazon #GuardDuty https://aws.amazon.com/blogs/security/how-to-detect-security-issues-in-amazon-eks-clusters-using-amazon-guardduty-part-1/
- and -
How to investigate and take action on security issues in Amazon #EKS clusters with #AmazonDetective https://aws.amazon.com/blogs/security/how-to-investigate-and-take-action-on-security-issues-in-amazon-eks-clusters-with-amazon-detective-part-2/

AWS GuardDuty will have RDS protection to provide intrusion detection system coverage in AWS’ PaaS databases. Quite nice for PCI DSS compliance and such.

https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-guardduty-rds-protection-preview/

#aws #guardduty #pcidss

Container runtime threat detection now in #guardduty. #reInvent #keynote announcements

201 winners for Owners Group and my 19th win as an owner!
Well done, Guard Duty. I love this horse!

RT @ownersgroupuk@twitter.com

What a start for Guard Duty! It’s an http://ownersgroup.co.uk double on the day @Southwell_Races@twitter.com - this time for @ELavelleracing@twitter.com and jockey Jack Wildman. Congratulations to all 👏🏻 🏆 #guardduty #ownersgroup

🐦🔗: https://twitter.com/ownersgroupuk/status/1597595064053923840

New region 'ap-south-2' launched by AWS a week ago, but there are no GuardDuty support for this region :( Meaning attackers can do whatever they want in this region without being detected by GuardDuty :facepalm-emoji:

(yes, ideally you should restrict regions with AWS SCPs)

#aws #guardduty #ap-south-2 #cloud #security

@dob
We have #GuardDuty -> #sns -> #sqs -> #lambda

The lambda decodes the and sends to slack. We add a priority ( adding !here or !channel etc) based on the Guard Duty levels. I think we filter a couple out. We have the option to send to a #PagerDuty email as well.

We're a pretty small(ish) startup so we don't have a SOC etc, just a couple of people hanging out in slack :sadglasses:

@dob That's a big scope.

Some things we do to make our lives easier and doesn't cost $$$.

Enable #guardduty and pipe all the alerts into a slack channel (+email as well).

Enable #cloudtrail log everything to an #S3 bucket in another account. #cloudwatch alerts on auth failures (to slack + email (some go to pagerduty #infosec contact).
We also have some alerts on updates when a cidr is added to a #SecurityGroup.

Don't use #ssh or #bastion/#JumpHosts use #ssm to run automations on the hosts (package install, service restarts etc) also to get a shell on a box (if needed at all). (you can use #TransitiveTags with #RoleAssumption to give granular access).
Using #ssm for console access also logs the entire session (including someone doing sudo su - root etc!) into #S3

Use #MicroSegmentation within our #vpc. Instances behind an #alb will only accept traffic from the #alb #SecurityGroup etc.. #rds, #elasticache willl only accept traffic from instances in the appropriate #SecurityGroup. (Basically we don't use cidr ingress rules, we use security group ids) (this works across accounts in the same region with peering, but not across regions however).

#aws

"AWS GuardDuty Exfiltration Bypass with VPC Endpoints"

https://notdodo.medium.com/aws-guardduty-exfiltration-bypass-4720f6ed16a4

#security #aws #guardduty