☁️
CTHFM: AWS
  • Welcome
  • Getting Started
    • Account Setup
  • AWS CLI
    • AWS CLI Overview
    • Installation
  • AWS Fundamentals
    • AWS Documentation
    • AWS Shared Responsibility Model
    • Organizational Hierarchy
    • AWS Principals
    • IAM Fundamentals
      • IAM Policy Components
      • IAM Documentation References
    • AWS Security Services Overview
    • AWS Core Services
    • AWS Frameworks
    • Regions and Availability Zones
  • SQL
    • SQL Refresher for Threat Hunting
  • Logging Reference
    • Cloudtrail
      • What is Cloudtrail?
      • Setting Up Cloudtrail
      • Cloudtrail Events Structure
      • Filtering and Searching CloudTrail Logs
      • IAM ID Prefixes
      • Additional Resources
      • API References
    • VPCFlow Logs
    • GuardDuty
      • Multi-Account Setup
      • GuardDuty Concepts
      • GuardDuty Finding References
      • S3 Protection
      • Malware Protection
        • EC2 Malware Protection
          • EC2 Protection Resources
          • Monitoring Scans
          • EC2 Malware Protection Events: CloudWatch
        • S3 Malware Protection
          • Enabling S3 Malware Protection
          • After Enabling S3 Malware Protection
          • S3 Malware Resource Plan Status
          • S3 Malware Protection Quotas
      • RDS Protection Enablement
      • Lambda Protection Enablement
      • Trusted IP Lists and Threat Lists in Amazon GuardDuty
      • Remediation Recommendations
      • GuardDuty API Reference
      • GuardDuty Quotas
    • Access Analyzer
      • Setup
      • External Access and Unused Access Analyzer Findings
      • Review Findings
      • Access Analyzer Resources
      • Access Analyzer API Reference
    • AWS Network Firewall
      • Permissions
      • Firewall Log Contents
      • Logging Destinations
      • CloudWatch Firewall Metrics
    • AWS Config
      • Resource Management in AWS Config
      • AWS Config Integrations
      • AWS Config Resources
      • Configuration Item
      • Config Rules
        • Evaluation Modes
  • CloudWatch
    • Amazon CloudWatch
      • CloudWatch Concepts
      • CloudWatch Metrics
        • Filter Pattern Syntax
      • CloudWatch Alarms
        • Alarm Recommendations
      • Subscriptions
      • CloudWatch Agent
      • CloudWatch Insights
        • Supported Logs and Discovered Fields
        • CloudWatch Insights Query Syntax
      • Anomaly Detection
        • Create Anomaly Detector
        • Alarms for Anomaly Detections
      • CloudWatch Filter Syntax
      • CloudWatch Service Quota
  • Athena For Threat Hunting
    • Introduction to Athena
    • Setting Up Athena
    • SQL For Threat Hunters
    • Automated Response
    • Query Best Practices
  • AWS Security Research and Resources
    • AWS Security Blog
    • AWS Goat
    • Cloud Goat
    • Pacu
    • Prowler
    • Scout Suite
  • Threat Hunting in AWS
    • Threat Hunting in AWS
    • Threat Hunting Introduction
    • Threat Hunting Process
      • Hypothesis Generation
      • Investigation
      • Identification
      • Resolution & Follow Up
    • Pyramid of Pain
    • MITRE Att&ck
      • MITRE Att&ck Concepts
      • MITRE Att&CK Data Sources
      • MITRE Att&CK Mitigations
    • MITRE Att&ck: AWS
      • MITRE Att&CK Matrix
      • Amazon Web Services Security Control Mappings
    • AWS Threat Hunting Ideas
      • AWS Threat Hunting Ideas: EC2
      • AWS Threat Hunting Ideas: Lambda
      • AWS Threat Hunting Ideas: SQS
      • AWS Threat Hunting Ideas: SNS
      • AWS Threat Hunting Ideas: RDS
Powered by GitBook
On this page
  • Overview
  • GuardDuty Findings
  • Malware Scan From Multi-Account Setup
  • Malware Scan Standalone Setup
  • On-Demand Scanning
  • GuardDuty Service Account Reference
  • EC2 Quotas
  1. Logging Reference
  2. GuardDuty
  3. Malware Protection
  4. EC2 Malware Protection

EC2 Protection Resources

PreviousEC2 Malware ProtectionNextMonitoring Scans

Last updated 8 months ago

Overview

The following are curated links for EC2 related Protections.

GuardDuty Findings

The following are GuardDuty findings that trigger a malware scan.

Malware Scan From Multi-Account Setup

The following is a link on how to setup a scanning on a member account within a Multi-account setup

Malware Scan Standalone Setup

The following is a link to how to setup a scanning in a standalone acount.

On-Demand Scanning

Link to how to setup on demand scanning.

Rescanning can occur after one hour of the initial request

GuardDuty Service Account Reference

The following is a list of service accounts that generate a log when snapshots are shared with GuardDuty.

EC2 Quotas

The following list of quotas as far as limits on the nested levels that can be scaned, number of files to be scanned, EBS volume size and more.

Enabling GuardDuty-initiated malware scan in multiple-account environments - Amazon GuardDutyAmazon GuardDuty
Logo
Starting On-demand malware scan in GuardDuty - Amazon GuardDutyAmazon GuardDuty
Logo
GuardDuty service accounts by AWS Region - Amazon GuardDutyAmazon GuardDuty
Logo
Enabling GuardDuty-initiated malware scan for a standalone account - Amazon GuardDutyAmazon GuardDuty
Logo
Malware Protection for EC2 quotas - Amazon GuardDutyAmazon GuardDuty
Logo
Findings that invoke GuardDuty-initiated malware scan - Amazon GuardDutyAmazon GuardDuty
Logo