Amazon GuardDuty
Amazon GuardDuty is a continuous security monitoring service. Amazon GuardDuty can help to identify unexpected and potentially unauthorized or malicious activity in your AWS environment.
How Amazon GuardDuty Differs for AWS GovCloud (US)
-
Preview release of the GuardDuty RDS Protection feature is not supported.
-
The GuardDuty Malware Protection feature is not supported.
-
Cross-region data transfer is not supported.
-
Member invite notifications through Personal Health Dashboard and email is not supported.
-
The following findings are not available in AWS GovCloud (US):
Discovery:S3/AnomalousBehavior
Impact:S3/AnomalousBehavior.Write
Impact:S3/AnomalousBehavior.Delete
Impact:S3/AnomalousBehavior.Permission
Exfiltration:S3/AnomalousBehavior
CredentialAccess:IAMUser/AnomalousBehavior
DefenseEvasion:IAMUser/AnomalousBehavior
Discovery:IAMUser/AnomalousBehavior
Exfiltration:IAMUser/AnomalousBehavior
Impact:IAMUser/AnomalousBehavior
InitialAccess:IAMUser/AnomalousBehavior
Persistence:IAMUser/AnomalousBehavior
PrivilegeEscalation:IAMUser/AnomalousBehavior
-
The following retired findings are still active in AWS GovCloud (US) as replacements for the above:
Discovery:S3/BucketEnumeration.Unusual
Impact:S3/ObjectDelete.Unusual
Impact:S3/PermissionsModification.Unusual
Persistence:IAMUser/NetworkPermissions
Persistence:IAMUser/ResourcePermissions
Persistence:IAMUser/UserPermissions
PrivilegeEscalation:IAMUser/AdministrativePermissions
Recon:IAMUser/NetworkPermissions
Recon:IAMUser/ResourcePermissions
Recon:IAMUser/UserPermissions
ResourceConsumption:IAMUser/ComputeResources
Stealth:IAMUser/LoggingConfigurationModified
UnauthorizedAccess:IAMUser/ConsoleLogin
Documentation for Amazon GuardDuty
Amazon GuardDuty documentation
Export-Controlled Content
For AWS Services architected within the AWS GovCloud (US) Regions, the following list explains how certain components of data may leave the AWS GovCloud (US) Regions in the normal course of the service offerings. The list can be used as a guide to help meet applicable customer compliance obligations. Data not included in the following list remains within the AWS GovCloud (US) Regions.
-
This service can generate metadata from customer-defined configurations. AWS suggests customers do not enter export-controlled information in console fields, descriptions, resource names, and tagging information.