< Back to rules search
AWS EC2 Instance Sending Spam Emails
Set up the guardduty integration.
Detect when an EC2 instance is compromised and sending spam emails.
This rule lets you monitor this GuardDuty integration finding:
Triage & Response
- Determine if the EC2 should be sending out email over port 25.
- If the instance is compromised:
- Review the AWS documentation on remediating a compromised EC2 instance.