Amazon GuardDuty
Amazon Guard Duty User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

GuardDuty PenTest Finding Types

This section covers the active PenTest threat purpose finding types. For information about important changes to the GuardDuty finding types, including newly added or retired finding types, see Document History for Amazon GuardDuty.

Important

The default severity value of a finding type is subject to change based on various criteria when the finding is generated.

PenTest:IAMUser/KaliLinux

Default severity: Medium

Finding description

An API was invoked from a Kali Linux EC2 instance.

This finding informs you that a machine running Kali Linux is making API calls using credentials that belong to your AWS account. Your credentials might be compromised. Kali Linux is a popular penetration testing tool that security professionals use to identify weaknesses in EC2 instances that require patching. Attackers also use this tool to find EC2 configuration weaknesses and gain unauthorized access to your AWS environment. For more information, see Remediating Compromised AWS Credentials.

PenTest:IAMUser/ParrotLinux

Default severity: Medium

Finding description

An API was invoked from a Parrot Security Linux EC2 instance.

This finding informs you that a machine running Parrot Security Linux is making API calls using credentials that belong to your AWS account. Your credentials might be compromised. Parrot Security Linux is a popular penetration testing tool that security professionals use to identify weaknesses in EC2 instances that require patching. Attackers also use this tool to find EC2 configuration weaknesses and gain unauthorized access to your AWS environment. For more information, see Remediating Compromised AWS Credentials.

PenTest:IAMUser/PentooLinux

Default severity: Medium

Finding description

An API was invoked from a Pentoo Linux EC2 instance.

This finding informs you that a machine running Pentoo Linux is making API calls using credentials that belong to your AWS account. Your credentials might be compromised. Pentoo Linux is a popular penetration testing tool that security professionals use to identify weaknesses in EC2 instances that require patching. Attackers also use this tool to find EC2 configuration weaknesses and gain unauthorized access to your AWS environment. For more information, see Remediating Compromised AWS Credentials.