Monitor the security of your AWS environment with GuardDuty, CloudTrail, and New Relic One

One way to mitigate these attacks is to set up key-based SSH authentication or use a security group that only allows SSH connections from a known IP address such as a bastion host.

Public or anonymous access granted to S3 Buckets

Publicly accessible S3 buckets have been the source of many famous data breaches and security incidents. Attackers can potentially access sensitive data stored in unsecure S3 buckets. GuardDuty detects changes to S3 bucket configurations and highlights potential misconfigurations that could lead to issues.

Alerting on findings from GuardDuty

By using NRQL alerts, you can get notifications when GuardDuty surfaces any of these findings. Using the examples above, here are the queries you would use for an alert.

Public or anonymous access granted to S3 buckets

SSH brute force attacks

Set a static threshold of 1 to be notified each time GuardDuty finds a security event, as shown in the next image.