Questions tagged with Threat Detection

Our company is considering purchasing a partner threat list for GuardDuty to generate additional findings. What has been others experience with that? Is the default Amazon threat list good enough? Have you found that your partner threat list adds too much noise and doesn't provide much real world value? Does the partner threat list even do anything that Amazon doesn't already catch? Would you say that your purchase of the partner threat list has been worth it to your company? What would you tell someone who is considering a partner threat list for GuardDuty? Thanks.

Someone pointed Nessus at my EC2 machine and performed a 12minute vunerability scan - Their IP traces back to AWS - There are more than 200 entries across all logs in /var/log/httpd. I believe my server is fine, undamaged, but the actions should not go unrewarded. How do I raise this with AWS? Thanks

Hello All, Does anyone experience False Positives with GuardDuty? If yes, what do you do to tune or update false positive findings? What options do customers have? Recently, i've notice a lot of false positives with C&C findings in that they are simply triggered by a an DNS lookup (dig or nslookup) it seems and domain reputations in the threat lists that Guard Duty is using are not up to date.