Amazon GuardDuty
Amazon Guard Duty User Guide

GuardDuty PenTest Finding Types

This section covers the active PenTest threat purpose finding types. For information about important changes to the GuardDuty finding types, including newly added or retired finding types, see Document History for Amazon GuardDuty.

Important

The default severity value of a finding type is subject to change based on various criteria when the finding is generated.

PenTest:IAMUser/KaliLinux

Default severity: Medium

Finding description

An API was invoked from a Kali Linux EC2 instance.

This finding informs you that a machine running Kali Linux is making API calls using credentials that belong to your AWS account. Your credentials might be compromised. Kali Linux is a popular penetration testing tool that security professionals use to identify weaknesses in EC2 instances that require patching. Attackers also use this tool to find EC2 configuration weaknesses and gain unauthorized access to your AWS environment. For more information, see Remediating Compromised AWS Credentials.

PenTest:IAMUser/ParrotLinux

Default severity: Medium

Finding description

An API was invoked from a Parrot Security Linux EC2 instance.

This finding informs you that a machine running Parrot Security Linux is making API calls using credentials that belong to your AWS account. Your credentials might be compromised. Parrot Security Linux is a popular penetration testing tool that security professionals use to identify weaknesses in EC2 instances that require patching. Attackers also use this tool to find EC2 configuration weaknesses and gain unauthorized access to your AWS environment. For more information, see Remediating Compromised AWS Credentials.

PenTest:IAMUser/PentooLinux

Default severity: Medium

Finding description

An API was invoked from a Pentoo Linux EC2 instance.

This finding informs you that a machine running Pentoo Linux is making API calls using credentials that belong to your AWS account. Your credentials might be compromised. Pentoo Linux is a popular penetration testing tool that security professionals use to identify weaknesses in EC2 instances that require patching. Attackers also use this tool to find EC2 configuration weaknesses and gain unauthorized access to your AWS environment. For more information, see Remediating Compromised AWS Credentials.