Amazon GuardDuty
Amazon Guard Duty User Guide

GuardDuty Retired Finding Types

Important

For information about important changes to the GuardDuty finding types, including newly added or retired finding types, see Document History for Amazon GuardDuty.

In the current release of GuardDuty, the following finding types are retired (no longer generated). You CANNOT reactivate retired GuardDuty findings types.

Behavior:IAMUser/InstanceLaunchUnusual

Finding description

An IAM user launched an EC2 instance of an unusual type.

This finding informs you that a specific IAM user in your AWS environment is exhibiting behavior that is different from the established baseline. This IAM user has no prior history of launching an EC2 instance of this type. Your IAM user credentials might be compromised. For more information, see Remediating Compromised AWS Credentials

CryptoCurrency:EC2/BitcoinTool.A

Finding description

EC2 instance is communicating with Bitcoin mining pools.

This finding informs you that an EC2 instance in your AWS environment is communicating with Bitcoin mining pools. In the field of cryptocurrency mining, a mining pool is the pooling of resources by miners who share their processing power over a network to split the reward according to the amount of work they contributed to solving a block. Unless you use this EC2 instance for Bitcoin mining, your EC2 instance might be compromised. For more information, see Remediating a Compromised EC2 Instance.