GuardDuty Runtime adds sensitive file modification detection
๐ก๏ธ Amazon GuardDuty Runtime Monitoring now includes three new threat detections to alert teams when sensitive files are modified on Amazon EC2 instances and container workloads on Amazon EKS and Amazon ECS. These findings monitor critical system files such as configuration files, authentication settings, and system logs to surface post-compromise activity. The detections map to MITRE ATT&CKยฎ tactics and provide remediation guidance while using correlation analysis to reduce false positives. The capability is available to customers with GuardDuty Runtime Monitoring enabled, with a 30-day trial for new users.
