Set up the guardduty integration.
Detect Brute Force Attacks
Leverage GuardDuty and detect when an attacker is performing a brute force attack. The following are GuardDuty findings trigger this signal:
TARGETand the instance is available on the internet, expect to see IPs scanning your systems.
TARGETand the instance is not available on the internet, this means a host on your internal network is scanning your EC2 instance. Open an investigation.
ACTOR, this means that your instance is performing brute force attacks on other systems. Open an investigation.