Remediating detected GuardDuty security findings

Amazon GuardDuty generates findings that indicate potential security findings associated with GuardDuty foundational threat detection and dedicated protection plans. The following sections describe the recommended remediation steps for these scenarios. If there are alternative remediation scenarios, they will be described in the descriptions for each finding type. You can access the full information about a finding type by selecting it from the Active findings types table.

Remediating a potentially compromised Amazon EC2 instance
Remediating a potentially compromised S3 bucket
Remediating a potentially malicious S3 object
Remediating a potentially compromised ECS cluster
Remediating potentially compromised AWS credentials
Remediating a potentially compromised standalone container
Remediating EKS Protection findings
Remediating Runtime Monitoring findings
Remediating a potentially compromised database
Remediating a potentially compromised Lambda function

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Reporting false positive S3 object scan result

Remediating a potentially compromised Amazon EC2 instance

Remediating detected GuardDuty security findings

Contents