An intrusion detection system (IDS) is a system that is configured to monitor a network, or specific resources, in order to watch for policy violations that might indicate that a bad actor has infiltrated the network. Unusual user activity, odd patterns in data flows throughout a network, or changes to critical operating system files can indicate an intrusion.
An IDS is often integrated with a Security Information and Event Management (SIEM) system, to collect and analyze all of the information reported by an IDS.
Amazon GuardDuty is a service offered by AWS that can act as your cloud IDS. GuardDuty uses machine learning algorithms to monitor log sources, such as AWS CloudTrail and Amazon VPC Flow Logs, for any activity that could indicate unauthorized activity in your account.