What is GuardDuty? Amazon GuardDuty is a continuous threat detection service that monitors, analyses, and processes data sources and logs across your AWS environment. It uses threat intelligence feeds (such as lists of malicious IP addresses, domains, and file hashes) combined with machine learning models to identify suspicious and potentially malicious activity without requiring you to deploy or manage any additional security software. When enabled, GuardDuty automatically begins ingesting foundational data sources including AWS CloudTrail management events, VPC Flow Logs, and DNS query logs.…