Amazon GuardDuty is a regional service, and so you must first select the region in which you want to enable the service. It is very easy and simple to enable:
- From the AWS Management Console, select Amazon GuardDuty | Get started:
- Select Enable GuardDuty:
GuardDuty is now enabled. It will begin monitoring feeds from your DNS logs, CloudTrail logs, and VPC flow logs. Any findings that are found will be displayed within the dashboard—for example, the finding shown here:
This shows that a finding highlighted unusual activity where a trail within AWS CloudTrail was stopped. By selecting the finding, we can gather additional information:
As you can see, it provides the reason behind the finding, plus the severity, and here, we can see that the severity is LOW. It also provides additional information, such as the account, the region, and timestamps.