AWS managed threat-detection service producing categorised security findings.
Amazon GuardDuty continuously monitors VPC Flow Logs, CloudTrail event history, DNS logs and EKS audit logs for known-bad indicators and anomalous behaviour. It produces findings with severity scoring and a rich vocabulary of finding types (e.g., Recon:EC2/PortProbeUnprotectedPort, Persistence:IAMUser/AnomalousBehavior).
DCV maps every GuardDuty finding type to one or more MITRE ATT&CK techniques with a confidence weight, so an account's GuardDuty inventory translates directly into ATT&CK coverage for that environment.