Findings that invoke GuardDuty-initiated malware scan
A GuardDuty-initiated malware scan gets invoked when GuardDuty detects suspicious behavior indicative of malware on Amazon EC2 instance or container workloads. In the following list of GuardDuty findings, some of the findings can initiate a scan only if they are outbound.
-
Impact:EC2/WinRMBruteForce (Outbound only)
-
UnauthorizedAccess:EC2/RDPBruteForce (Outbound only)
-
UnauthorizedAccess:EC2/SSHBruteForce (Outbound only)