Get to know Amazon GuardDuty Runtime Monitoring for Amazon EC2
Security Blog
This article provides an in-depth overview of Amazon GuardDuty's Runtime Monitoring feature for Amazon EC2 instances. It covers the key capabilities, deployment strategies, and security value of the feature.
Specifically, the article covers:
- Features and functions of Runtime Monitoring, including command argument collection, event correlation, and new finding types related to suspicious tools, commands, and malicious file execution
- Details on the information included in GuardDuty runtime findings, such as impacted AWS resources, process details, and runtime context
- Strategies for responding to runtime findings, such as using Amazon EventBridge for event-based responses and investigating findings through the GuardDuty console
- Speed to detection benefits of Runtime Monitoring compared to log-based threat detection
- Deployment strategies for installing the GuardDuty security agent, including GuardDuty-managed installation, tag-based installation, and manual installation options
- Conclusion emphasizing the security value of Runtime Monitoring for identifying and responding to threats on EC2 instances
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Mar 29
2024
2024
Amazon GuardDuty EC2 Runtime Monitoring is now generally available
Jun 28
2024
2024
Amazon GuardDuty EC2 Runtime Monitoring now supports Ubuntu and Debian OS
Dec 28
2023
2023
Using Amazon GuardDuty ECS runtime monitoring with Fargate and Amazon EC2
Jun 4
2025
2025
Detect and investigate Amazon EC2 malware with Amazon GuardDuty and Amazon Detective
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.