GuardDuty security agent release versions - Amazon GuardDuty

GuardDuty security agent release versions

GuardDuty releases an updated agent version from time to time. When GuardDuty manages the agent automatically, GuardDuty is designed to update the agent on your behalf. When you manage the agent manually, you are responsible to update the agent version for your resource types – Amazon EC2 instances, Amazon ECS clusters, and Amazon EKS clusters.

The following sections provide GuardDuty security agent release versions and associated release notes for all the supported resource types.

The following table shows the release version history for the GuardDuty security agent for Amazon EC2.

Agent version

Release notes

Availability date

v1.5.0

Added support for CentOS 9.0, RedHat 9.4, Fedora 34.0, and Ubuntu 24.04.

Support for ARM instances for .../MetadataDNSRebind findings.

General performance tuning and enhancements.

November 20, 2024

v1.3.1

Support for custom DNS resolvers.

September 12, 2024

v1.3.0

General performance tuning and enhancements.

Includes support to capture additional security signals for future GuardDuty Runtime Monitoring finding types.

August 19, 2024

v1.2.0

Supports OS distributions Ubuntu 20.04, Ubuntu 22.04, Debian 11, and Debian 12.

Supports kernel 6.5 and 6.8.

General performance tuning and enhancements.

June 13, 2024

v1.1.0

Supports GuardDuty automated agent configuration in Runtime Monitoring for Amazon EC2 instances.

Supports new security signals and findings released with the announcement of general availability of Runtime Monitoring for EC2 instances.

General performance tuning and enhancements.

March 26, 2024

v1.0.2

Supports the latest Amazon ECS AMIs.

February 2, 2024

v1.0.1

Agent versions released prior to v1.0.2 are incompatible with Amazon ECS AMIs launched after January 31, 2024.

General performance tuning and enhancements.

January 23, 2024
v1.0.0

Initial release of the RPM installation.

Agent versions released prior to v1.0.2 are incompatible with Amazon ECS AMIs launched after January 31, 2024.

November 26, 2023

The following table shows the release version history for the GuardDuty security agent for Fargate (Amazon ECS only).

Agent version

Container image

Release notes

Availability date

v1.5.0

x86_64 (AMD64): sha256:5e6fdc41f9eb748219d0498cd6c1dba6a19d875daec50167a0ac80e5028eac54

Graviton (ARM64): sha256:d56801ff6864d6014740103b70b1c38431851358d182613bede20fe21090e734

Support for ARM tasks for .../MetadataDNSRebind findings.

General performance tuning and enhancements.

November 14, 2024

v1.4.1

x86_64 (AMD64): sha256:ef36a11151ec2d3d7db22273bfb954750dee76f0ac7bec37a7ba7e74c3de1c78

Graviton (ARM64): sha256:a8844544a59d6b4cba98f8e528b513ac2d97432f208e3ad497cc16b331aa9faa

Container image hardening.

General performance tuning and enhancements.

October 24, 2024

v1.3.1

x86_64 (AMD64): sha256:a6e2307d796e2875907bc4c1c69622c906f3192ddc42ef27b99e0a8f0979f3e0

Graviton (ARM64): sha256:ad1b6539d806edb504f17e6bcfb8b4026c5e822300afc31c0d23c6a08f9b99e9

Support for custom DNS resolvers.

September 11, 2024

v1.3.0

x86_64 (AMD64): sha256:f1ad3fb2dc55a1110c60eecf4453b9f9c02f29acb261df39814e7d29296bf831

Graviton (ARM64): sha256:ff81a755d46681e409f55a95beedae9ebbcf5336e1c0b1e6348af7c6518bdbb1

General performance tuning and enhancements.

Includes support to capture additional security signals for future GuardDuty GuardDuty Runtime Monitoring finding types.

August 9, 2024

v1.2.0

x86_64 (AMD64): sha256:1dbad20ac2dc66d52d00bb28dde4281fe0d3c5f261b1649b247c2369d9e26b93

Graviton (ARM64): sha256:91930f8446f5f95b93b8ccb18773992affa401eb3f42da89d68077a56bafa6cd

General performance tuning and enhancements.

May 31, 2024

v1.1.0

x86_64 (AMD64): sha256:83ce3cf2ef85a349ed1797a8cf30a008ac5d8c9f673f2835823957e9dcf71657

Graviton (ARM64): sha256:0d4b61648d7bdeab8ab8d94684f805498927c7d437d318204dcccfe8c9383dc7

Supports new security signals and findings.

General performance tuning and enhancements.

May 01, 2024

v1.0.1

x86_64 (AMD64): sha256:9f8cd438fb66f62d09bfc641286439f7ed5177988a314a6021ef4ff880642e68

Graviton (ARM64): sha256:82c66bb615bd0d1e96db77b1f1fb51dc03220caa593b1962249571bf7147d1b7

General performance tuning and enhancements.

January 26, 2024

v1.0.0

x86_64 (AMD64): sha256:359b8b014e5076c625daa1056090e522631587a7afa3b2e055edda6bd1141017

Graviton (ARM64): sha256:b9438690fa8a86067180a11658bec0f4f838ae3fbd225d04b9306250648b3984

Initial release of GuardDuty security agent for AWS Fargate (Amazon ECS only).

November 26, 2023

GuardDuty releases an updated agent version from time to time. When GuardDuty manages the agent automatically, it is designed to manage the agent updates on your behalf. When you manage the agent manually, you are responsible to update the agent version for your Amazon EKS clusters.

Before updating the agent to a specific version, add the image registry for GuardDuty to the allowed-container-registries in your admission controller. For more information, see ECR repository for EKS v1.8.1-eks-build.2.

The following table shows the release version history of Amazon EKS add-on GuardDuty agent.

Agent version

Container image

Release notes

Availability date

End of standard support1

v1.8.1

x86_64 (AMD64): sha256:f2ce8cf89dbe17e3388cecb35053544dadf21af7770545f8d4b50384076aff47

Graviton (ARM64): sha256:30f586e4b694e704bcafadfa9081ab0aeff3cfbcde39743a0f1e24f77d79627f

Added support for CentOS 9.0, RedHat 9.4, Fedora 34.0, and Ubuntu 24.04.

Support for ARM instances for .../MetadataDNSRebind finding.

General performance tuning and enhancements.

November 23, 2024

v1.7.1

x86_64 (AMD64): sha256:b8b86b5d0872c8b67fecf64ec3d172666360545435a1752447d510951a7fd749

Graviton (ARM64): sha256:40ac4cfc354fd430ba7897ca1632e9a500ed13eeb0c315c5bcad38680e76b6e9

General performance tuning and enhancements.

Includes support to capture additional security signals for future GuardDuty Runtime Monitoring finding types.

Support for custom DNS resolvers.

September 13, 2024

v1.7.0

x86_64 (AMD64): sha256:f3a2a8806e6c2a7fd63a91cccf6f7dffcd7e68554a423d610cea8c7e8f2185ec

Graviton (ARM64): sha256:b1a6db35a072c0de3c695e5e909a03e6c4e1fdbe47ecfaeb2784435cf67ebe0a

General performance tuning and enhancements.

Includes support to capture additional security signals for future GuardDuty Runtime Monitoring finding types.

August 17, 2024

v1.6.1

x86_64 (AMD64): sha256:30650708a6601f6d6b9046f54b30f5fd65af296b1e40b8c24426b9bdb07c3ab1

Graviton (ARM64): sha256:5f637c42ffb306b20f776d9d83e1e0b4be40ce245be44afcf43a8902b4d71019

General performance tuning and enhancements.

May 14, 2024

v1.6.0

x86_64 (AMD64): sha256:7dabcbee30d8b053676752fbc19e89f77272d9a6a53cc93731f5872180ef9010

Graviton (ARM64): sha256:9710f53afccdf4f22b265a1a6fc27f1469403af1f7d5d08c4869a7269cdd2650

April 29, 2024

v1.5.0

x86_64 (AMD64): sha256:e09a4e70af4058a212f172cc8eb3fc23ad9bed547ed609faa2bb82cf7cc5532d

Graviton (ARM64): sha256:afc9a3f8f17ae12499d76069efcf1b46271a5a4b2b3f6ba5de54637b8f55d5c6

  • General performance tuning and enhancements.

  • Security enhancements including new event types under Collected runtime event types.

  • Performance enhancements around CPU usage.

March 07, 2024

v1.4.1

x86_64 (AMD64): sha256:66d491927763742660faa87cc2c39bb97b7873039157ae8b90bc999cb73d0b9c

Graviton (ARM64): sha256:537a330b2dd82357024fb6daeb8761034b7defd43b10dffe0792c9e6d0778b40

General performance tuning and enhancements.

January 16, 2024

v1.4.0

x86_64 (AMD64): sha256:848ce13d9430bad554ac23d4699551505326ada2a88e1a721fe9f86b56b52c0f

Graviton (ARM64): sha256:0c650aeafeeb5f2bcb8b989ac849bedc1fae1a4de1cf6306ffdd9c6aebe67f8e

Manifest mount point support better data collection

AppArmor configuration in manifest

Collect command line argument

General performance tuning and enhancements

December 21, 2023

v1.3.1

x86_64 (AMD64): sha256:55578fcb7b73097ade5c8404390ef16cf76a7b568490abaae01ac75992b3ea29

Graviton (ARM64): sha256:e3ce8d66ac2121f8d476eb58f8bc50ab51336647615eb7cf514c21421cb818fd

Important security patches and updates.

October 23, 2023

v1.3.0

x86_64 (AMD64): sha256:6dace2337dfbb7609811be89fb4b23ae0b865f1027ad78fbe69530bfbd46c694

Graviton (ARM64): sha256:4928a7c6ef40e77c8ec95841323bb9a110db31f12c0ee7ab965e08b43efd01bb

Supports Ubuntu platform

Supports Kubernetes version 1.28

General performance enhancements and stability improvement.

October 05, 2023

v1.2.0

x86_64 (AMD64): sha256:d610413d662ec042057f05d6942496d7f2c08e9f5a077ea307ffdb5d3f11bcc3

Graviton (ARM64): sha256:174d7ab28b2f95e5309da80d95b88ad26f602dfe72c2b351a0ef9297a1412bfa

In addition to AMD64-based instances, v1.2.0 now also supports ARM64-based instances. Added and verified support for Bottlerocket

Supports Kubernetes version 1.27

General performance enhancements and stability improvements.

June 16, 2023

v1.1.0

sha256:b19ba3a3c1a508d153263ae2fda891a7928b5ca9b3a5692db6c101829303281c

In addition to Kubernetes versions supported by GuardDuty security agent, this agent release also supports Kubernetes version 1.26.

General performance enhancements and stability improvements.

May 2, 2023

May 14, 2024

v1.0.0

sha256:e38bdd2b1323e89113f1a31bd4bc8e5a8098525dd98e6981a28b9906b1e4411e

Initial release of Amazon EKS add-on agent.

March 30, 2023

May 14, 2024

1 For information about updating your current agent version that is approaching to an end of standard support, see Updating security agent manually for Amazon EKS resources.

For more information on the next steps, see the following topics: