Set up the guardduty integration.
Detect Brute Force Attacks
Leverage GuardDuty and detect when an attacker is performing a brute force attack. The following are GuardDuty findings trigger this signal:
ACTOR
or TARGET
.TARGET
and the instance is available on the internet, expect to see IPs scanning your systems.TARGET
and the instance is not available on the internet, this means a host on your internal network is scanning your EC2 instance. Open an investigation.ACTOR
, this means that your instance is performing brute force attacks on other systems. Open an investigation.このページ