Amazon GuardDuty
Amazon GuardDuty
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC flow logs, Amazon Web Services CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, DNS logs, and Amazon EBS volume data.
Continuous security monitoring
Check the docs depth and real endpoint shape before assuming production fit.
To start using Amazon GuardDuty, configure your AWS environment to enable GuardDuty and provide necessary permissions. Authentication is managed through AWS credentials and IAM roles.
Uptime · 30-day window
GitHub activity
About this API
Amazon GuardDuty is a security monitoring service designed to continuously analyze and process various AWS data sources such as VPC flow logs, CloudTrail management and data event logs, EKS audit logs, DNS logs, and Amazon EBS volume data. It helps identify potential security threats by detecting suspicious activities and anomalies within these logs.
This service is primarily used by security teams and developers managing AWS environments who need to maintain visibility into their cloud infrastructure's security posture. By automating the analysis of multiple log sources, GuardDuty reduces the manual effort required to detect and respond to threats.
GuardDuty's relevance lies in its integration with core AWS logging services and its ability to provide ongoing threat detection without requiring extensive setup. It supports continuous monitoring, making it a valuable tool for maintaining cloud security compliance and operational awareness.
What you can build
- 1Monitor AWS network traffic for security threats
- 2Analyze CloudTrail logs for suspicious activity
- 3Process EKS audit logs for compliance
- 4Detect anomalies in DNS and VPC flow logs
Strengths & limitations
Strengths
- Continuous security monitoring
- Supports multiple AWS log sources
- Automates threat detection
Example request
curl https://github.com/mermade/aws2openapi/<endpoint>Getting started
To start using Amazon GuardDuty, configure your AWS environment to enable GuardDuty and provide necessary permissions. Authentication is managed through AWS credentials and IAM roles.
FAQ
Do I need an API key to use Amazon GuardDuty?+
Amazon GuardDuty uses AWS credentials and IAM roles for authentication, not separate API keys.
What types of data does GuardDuty analyze?+
It analyzes VPC flow logs, CloudTrail management and data event logs, EKS audit logs, DNS logs, and Amazon EBS volume data.
Is there a free tier available for GuardDuty?+
Pricing details are managed by AWS; check AWS official documentation for current offerings.
Can I use GuardDuty from a browser directly?+
GuardDuty is accessed via AWS APIs and the AWS Management Console, which is browser-based.
Is HTTPS required to interact with GuardDuty APIs?+
AWS APIs, including GuardDuty, require HTTPS for secure communication.
Technical details
- Auth type
- unknown
- Pricing
- unknown
- Protocols
- REST
- Response time
- 39 ms
- Last health check
- 5/15/2026, 2:52:42 PM
More from Amazon Web Services
AWS IAM Access Analyzer API analyzes IAM resource policies for over-privileged access or external access — proactively surfaces security risks.
Alexa for Business helps you use Alexa in your organization.
Amazon API Gateway helps developers deliver robust, secure, and scalable mobile and web application back ends.
Use AppConfig, a capability of Amazon Web Services Systems Manager, to create, manage, and quickly deploy application configurations.
Welcome to the Amazon AppFlow API reference.
The Amazon AppIntegrations service enables you to configure and reuse connections to external applications.
Amazon AppStream 2.0 API Reference.
Amazon Athena is an interactive query service that lets you use standard SQL to analyze data directly in Amazon S3.