AWS EC2 Instance Probed by Scanner
Security Monitoring is now available Security Monitoring is now available
<  Back to rules search

AWS EC2 Instance Probed by Scanner

guardduty

Classification:

attack

Tactic:

Technique:

Set up the guardduty integration.

Overview

Goal

Detect when an EC2 instance is being probed by a scanner.

Strategy

This rule lets you monitor these GuardDuty integration findings:

Triage & Response

  1. This is typically an informative signal. However, if this instance should not be publicly available, you should review the security group for this instance.