GuardDuty

Definition

AWS GuardDuty is an intelligent threat detection service that continuously monitors your AWS environment for malicious activity and potential security

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between Amazon GuardDuty and AWS Security Hub?
GuardDuty is a threat detection service: it generates findings when it detects suspicious or malicious activity (for example, unusual API calls or known malicious IP communication). AWS Security Hub is a central dashboard that aggregates and prioritizes findings from multiple tools (including GuardDuty) and runs security checks against best practices. In many setups, GuardDuty produces findings and Security Hub helps you manage them in one place.
When should I use Amazon GuardDuty?
Use GuardDuty when you want continuous threat detection in AWS without managing your own detection infrastructure. It’s especially useful if you run production workloads, have multiple AWS accounts, need visibility into suspicious API behavior or network activity, or want automated alerts for things like credential compromise indicators, unusual data access patterns, or cryptocurrency mining behavior.
How much does Amazon GuardDuty cost?
GuardDuty pricing is usage-based and varies by region. Costs depend on the volume of analyzed data sources (such as AWS CloudTrail management events, VPC Flow Logs, and DNS logs) and any enabled features that add additional analysis. There’s no upfront license; you pay for what’s analyzed, so high-traffic environments or many accounts typically cost more. Use the AWS Pricing page and AWS Cost Explorer to estimate and track spend.

Category: security

Difficulty: intermediate

See Also