Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS
News
This article announces enhancements to Amazon GuardDuty Extended Threat Detection, adding support for detecting multistage attacks on Amazon EC2 and Amazon ECS workloads.
- Detects multistage attacks targeting EC2 instances and ECS clusters on Fargate or EC2
- Uses AI/ML to correlate security signals across network, process, malware, and API activity
- Introduces two new critical-severity findings: CompromisedInstanceGroup and CompromisedCluster
- Provides attack sequence information, MITRE ATT&CK mappings, and remediation recommendations
- Automatically enabled for GuardDuty customers at no additional cost
- Enable Runtime Monitoring for EC2 or Fargate to improve detection coverage
- 30-day free trial available for new and existing customers
GuardDuty Extended Threat Detection now provides comprehensive multistage attack detection for EC2 and ECS workloads, reducing analysis time and improving threat response.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Dec 2
2025
2025
Amazon GuardDuty adds Extended Threat Detection for Amazon EC2 and Amazon ECS
Dec 2
2024
2024
Amazon GuardDuty introduces GuardDuty Extended Threat Detection
Jun 17
2025
2025
Amazon GuardDuty Extended Threat Detection now supports Amazon EKS
Jun 17
2025
2025
Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.