Finding types
For information about important changes to the GuardDuty finding types, including newly added or retired finding types, see Document history for Amazon GuardDuty.
For information about retired finding types see Retired finding types.
Findings by resource type
The following pages are broken down by each resource type GuardDuty currently generates findings for. The pages contain detailed information on all finding types for that resources type.
Findings table
The following table lists all finding types by name, threat purpose, resource and severity. A severity listed with an asterisk (*) indicates the finding has variable severities depending the circumstances of the finding, which are described in the details for that finding. Choose the finding name to open more info about that finding.
FINDING TYPE |
THREAT PURPOSE |
RESOURCE |
SEVERITY |
---|---|---|---|
Backdoor |
EC2 |
High |
|
Backdoor |
EC2 |
High |
|
Backdoor |
EC2 |
High |
|
Backdoor |
EC2 |
High |
|
Backdoor |
EC2 |
High |
|
Backdoor |
EC2 |
High |
|
Backdoor |
EC2 |
High |
|
Backdoor |
EC2 |
Medium |
|
Behavior |
EC2 |
Medium |
|
Behavior |
EC2 |
Medium |
|
CryptoCurrency |
EC2 |
High |
|
CryptoCurrency |
EC2 |
High |
|
Discovery |
S3 |
Medium* |
|
Discovery |
S3 |
High |
|
Discovery |
S3 |
High |
|
Discovery |
S3 |
Medium |
|
Exfiltration |
S3 |
High |
|
Exfiltration |
S3 |
Medium* |
|
Impact |
EC2 |
Medium |
|
Impact |
EC2 |
High |
|
Impact |
EC2 |
High |
|
Impact |
EC2 |
Low |
|
Impact |
EC2 |
Low* |
|
Impact |
S3 |
High |
|
Impact |
S3 |
Medium* |
|
Impact |
S3 |
Medium* |
|
PenTest |
IAM |
Medium |
|
PenTest |
IAM |
Medium |
|
PenTest |
IAM |
Medium |
|
PenTest |
S3 |
Medium |
|
PenTest |
S3 |
Medium |
|
PenTest |
S3 |
Medium |
|
Persistence |
IAM |
Medium* |
|
Persistence |
IAM |
Medium* |
|
Persistence |
IAM |
Medium* |
|
Policy |
IAM |
Low |
|
Policy |
S3 |
Low |
|
Policy |
S3 |
High |
|
Policy |
S3 |
Low |
|
Policy |
S3 |
High |
|
PrivilegeEscalation |
IAM |
Low* |
|
Recon |
EC2 |
High |
|
Recon |
EC2 |
Low* |
|
Recon |
EC2 |
Medium |
|
Recon |
IAM |
Medium |
|
Recon |
IAM |
Medium |
|
Recon |
IAM |
Medium* |
|
Recon |
IAM |
Medium* |
|
Recon |
IAM |
Medium |
|
Recon |
IAM |
Medium* |
|
ResourceConsumption |
IAM |
Medium* |
|
Stealth |
IAM |
Low |
|
Stealth |
IAM |
Medium* |
|
Stealth |
IAM |
Low |
|
Stealth |
S3 |
Low |
|
Trojan |
EC2 |
Medium |
|
Trojan |
EC2 |
Medium |
|
Trojan |
EC2 |
High |
|
Trojan |
EC2 |
High |
|
Trojan |
EC2 |
High |
|
Trojan |
EC2 |
Medium |
|
Trojan |
EC2 |
Medium |
|
Trojan |
EC2 |
Medium |
|
Trojan |
EC2 |
High |
|
UnauthorizedAccess |
EC2 |
Medium |
|
UnauthorizedAccess |
EC2 |
High |
|
UnauthorizedAccess |
EC2 |
Low* |
|
UnauthorizedAccess |
EC2 |
Low* |
|
UnauthorizedAccess |
EC2 |
High |
|
UnauthorizedAccess |
EC2 |
High |
|
UnauthorizedAccess |
IAM |
Medium* |
|
UnauthorizedAccess |
IAM |
Medium |
|
UnauthorizedAccess |
IAM |
High |
|
UnauthorizedAccess |
IAM |
Medium |
|
UnauthorizedAccess |
IAM |
Medium |
|
UnauthorizedAccess |
IAM |
Medium |
|
UnauthorizedAccess |
S3 |
High |
|
UnauthorizedAccess |
S3 |
High |
|
Impact |
EC2 |
High |