|
|
|
|
|
|
by ramimac
700 days ago
|
|
|
Agreed - I find the credential exfil alerts meaningful. I appreciate that AWS has invested in making them better in recent years (bypass details in https://hackingthe.cloud/aws/avoiding-detection/steal-keys-u...)! I also find the DNS based cryptomining detections pretty handy, and high enough signal. Great point on VPC Flow Logs! With the move to SKU off various GuardDuty features (S3 protection, Runtime, etc.) ... it'd be nice if GuardDuty monitoring of VPC Flow logs were more configurable |
|
|