Today, AWS announced the general availability of Amazon GuardDuty custom threat detection using entity lists. This new feature enhances threat detection capabilities in GuardDuty by extending support to incorporate your own domain-based threat intelligence into the service beyond originally supported custom IP list. You can now detect threats in GuardDuty using malicious domains or IP addresses defined in your custom threat list. As part of this update, GuardDuty introduces a new finding type, Impact:EC2/MaliciousDomainRequest.Custom, which is triggered when activity related to a domain in your custom threat list is detected. Additionally, you can use entity lists to suppress alerts from trusted sources, giving you greater control over your threat detection strategy.
Entity lists offer enhanced flexibility compared to the previous IP address lists. These new lists can include IP addresses, domains, or both, allowing for more comprehensive threat intelligence integration. Unlike the legacy IP list format, entity lists provides simplified permission management and avoids impacting IAM policy size limits across multiple AWS Regions, making it easier to implement and manage custom threat detection across your AWS environment.
GuardDuty custom entity list is available in all AWS Regions where GuardDuty is offered, excluding China Regions and GovCloud (US) Regions.
Categories: general:products/amazon-guardduty,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
Latest Posts
- Updates available for Microsoft 365 Apps for Current Channel [MC1238604]
- Microsoft Purview eDiscovery Configuration change for PowerShell cmdlet case and search synchronization changes [MC1238428]
- Workspace IP Firewall rules (Public Preview) [MC1238430]
- Updates to filtered message viewing in Outlook for iOS and Android [MC1238433]
