Package guardduty provides the client and types for making API requests to Amazon GuardDuty.
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following foundational data sources - VPC flow logs, Amazon Web Services CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, DNS logs, Amazon EBS volume data, runtime activity belonging to container workloads, such as Amazon EKS, Amazon ECS (including Amazon Web Services Fargate), and Amazon EC2 instances. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, domains, or presence of malware on your Amazon EC2 instances and container workloads. For example, GuardDuty can detect compromised EC2 instances and container workloads serving malware, or mining bitcoin.
GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise, such as unauthorized infrastructure deployments like EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you about the status of your Amazon Web Services environment by producing security findings that you can view in the GuardDuty console or through Amazon EventBridge. For more information, see the Amazon GuardDuty User Guide (https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html) .
See https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28 for more information on this service.
See guardduty package documentation for more information. https://docs.aws.amazon.com/sdk-for-go/api/service/guardduty/
To contact Amazon GuardDuty with the SDK use the New function to create a new service client. With that client you can make API requests to the service. These clients are safe to use concurrently.
See the SDK's documentation for more information on how to use the SDK. https://docs.aws.amazon.com/sdk-for-go/api/
See aws.Config documentation for more information on configuring SDK clients. https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
See the Amazon GuardDuty client GuardDuty for more information on creating client for this service. https://docs.aws.amazon.com/sdk-for-go/api/service/guardduty/#New
The stub package, guarddutyiface, can be used to provide alternative implementations of service clients, such as mocking the client for testing.