• Intelligent threat discovery to protect your AWS Account.
• Uses ML Algorithm, Anamoly detection, 3rd party data.
• One click to enable (30 days trial), no need to install software!
• Input Data Includes:

- CloudTrail Event Logs - unusal API calls, Unauthorised deployments.
- CloudTrail Management Email - Create VPC subnet, Create Trail
- CloudTrail Data Events - Get Object, List Object, Unusual IP Traffic
- DNS Logs - Compromised EC2 instance sending encoded data within DNS Queries.
- Optional Features - EKS audit logs, RDS & arora, EBS, Lambda, S3 Data Events.

• Can setup EventBridge rules to be notified in case of finding.
• Can protect against cryptocurrency attacks as well.

• Whenever you read “ML Based Security” think of GuardDuty.
• Guard Duty continiously monitors your data (logs,etc).