< Back to rules searchAWS EC2 instance communicating with a cryptocurrency server
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
WARNING: This rule is being deprecated on 6 March 2023.
Goal
Detect when an EC2 instance is communicating with a cryptocurrency server
Strategy
This rule lets you leverage GuardDuty to detect when an EC2 instance has made a DNS request or is communicating with an IP that is associated with cryptocurrency operations. The following GuardDuty Findings trigger this signal:
Triage and response
- Determine which domain name or IP address triggered the signal. This can be found in the samples.
- If the domain or IP address should not have been requested, open a security investigation, and determine which process requested the domain name or IP address.
Changelog
- 1 November 2022 - Updated links.
