GuardDuty

AWS GuardDuty is a managed threat detection service that continuously monitors AWS accounts for malicious activity and unauthorized behavior using machine learning, anomaly detection, and integrated threat intelligence feeds. It analyzes CloudTrail event logs, VPC Flow Logs, DNS logs, and Kubernetes audit logs to detect threats like account compromise, EC2 credential theft, cryptocurrency mining, and Kubernetes cluster attacks without requiring log infrastructure setup.