What GuardDuty Detects and Why

Amazon GuardDuty is AWS's managed threat detection service. Its defining feature is that it needs no agents and no software to deploy. You simply enable it, and it begins analyzing AWS telemetry for malicious or unauthorized behavior. This makes it fast to roll out across an entire account or organization.

GuardDuty continuously ingests and analyzes existing data sources, then applies threat intelligence, anomaly detection, and machine learning to spot suspicious activity. Because it reads logs AWS already produces, it adds detection without changing your workloads. It runs entirely as a managed service.