Glossary

GuardDuty

AWS managed threat-detection service producing categorised security findings.

Definition

Amazon GuardDuty continuously monitors VPC Flow Logs, CloudTrail event history, DNS logs and EKS audit logs for known-bad indicators and anomalous behaviour. It produces findings with severity scoring and a rich vocabulary of finding types (e.g., Recon:EC2/PortProbeUnprotectedPort, Persistence:IAMUser/AnomalousBehavior).

DCV maps every GuardDuty finding type to one or more MITRE ATT&CK techniques with a confidence weight, so an account's GuardDuty inventory translates directly into ATT&CK coverage for that environment.

· See also
Sources
  • Amazon GuardDuty user guide, https://docs.aws.amazon.com/guardduty/latest/ug/
  • GuardDuty active finding types, https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html
Last verified: 2026-04-24