AWS EC2 instance probed by scanner
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

AWS EC2 instance probed by scanner

guardduty

Classification:

attack

Tactic:

Technique:

Set up the guardduty integration.

Overview

Goal

Detect when an EC2 instance is being probed by a scanner.

Strategy

This rule lets you monitor these GuardDuty integration findings:

Triage & Response

  1. This is typically an informative signal. However, if this instance should not be publicly available, you should review the security group for this instance.