Features
Integrations
Dashboards
Log Management
APM
Security Monitoring
Network Monitoring
Synthetic Monitoring
Real User Monitoring
Serverless
Alerts
API
< Back to rules search
AWS EC2 Instance Connecting to TOR as a Relay
Set up the guardduty integration.
Overview
Goal
Detect when an EC2 instance is being used as a TOR relay.
Strategy
This rule lets you monitor this GuardDuty integration finding:
Triage & Response
- Determine if the EC2 instance should be uses as a TOR relay.
- If the instance is compromised:
- Review the AWS documentation on remediating a compromised EC2 instance.
On this Page