Amazon GuardDuty
Intelligent threat protection for accounts and workloads
It analyzes:
Foundational threat detection
- VPC Flow Logs (network traffic)
- CloudTrail event logs (management events + S3 data events)
- DNS logs (from Route 53 resolver)
GuardDuty protection plans
- EKS (audit logs)
- Malware Protection (on EBS snapshots if suspicious activity is detected)
- Runtime Montoring
- **RDS (**Event Analysis)
- Lambda (Network Activity Log Analysis)
Ref:
What is Amazon GuardDuty? - Amazon GuardDuty
Free Tier and Pricing (ap-southeast-1)
Sample Calculation (ap-southeast-1)