You need to have a managed threat detection service that continuously monitors malicious or unauthorized behavior against your EC2 Instances.
Which of the following can help in such a requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
The AWS Documentation mentions the following.
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads.
It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise.
GuardDuty also detects potentially compromised instances or reconnaissance by attackers.
Option B is incorrect since this is used for API Monitoring.
Option C is incorrect since this is used for monitoring traffic in the VPC.Option D is incorrect since this is used for logging purposes.
For more information on Amazon GuardDuty, please visit the below link.
https://aws.amazon.com/guardduty/The managed threat detection service that continuously monitors malicious or unauthorized behavior against your EC2 instances is Amazon GuardDuty.
Amazon GuardDuty is a threat detection service that uses machine learning, anomaly detection, and integrated threat intelligence to identify potential security threats to AWS resources. It continuously monitors and analyzes AWS logs and network traffic to detect and respond to threats in real-time.
Amazon CloudTrail is a service that records AWS API calls and events for an account and delivers the log files to an S3 bucket for storage and analysis. While it can help you with auditing and compliance, it doesn't provide threat detection and response capabilities.
Amazon VPC Flow Logs is a service that captures information about the IP traffic going to and from network interfaces in your VPC. It is used for network troubleshooting, monitoring, and forensics, but it doesn't provide threat detection and response capabilities.
Amazon CloudWatch Logs is a service that monitors, stores, and accesses log files from Amazon EC2 instances, AWS CloudTrail, and other services. It can help you monitor and troubleshoot your applications and infrastructure, but it doesn't provide threat detection and response capabilities.
Therefore, the correct answer is A. Amazon GuardDuty.