Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

# Integrasi dengan AWS Security Hub CSPM
<a name="securityhub-integration"></a>

[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) memberi Anda gambaran menyeluruh tentang status keamanan Anda dalam AWS dan membantu Anda memeriksa lingkungan Anda terhadap standar industri keamanan dan praktik terbaik. Security Hub CSPM mengumpulkan data keamanan dari berbagai AWS akun, layanan, dan produk mitra pihak ketiga yang didukung serta membantu Anda menganalisis tren keamanan dan mengidentifikasi masalah keamanan prioritas tertinggi.

 GuardDuty Integrasi Amazon dengan Security Hub CSPM memungkinkan Anda mengirim temuan GuardDuty ke Security Hub CSPM. Security Hub CSPM kemudian dapat memasukkan temuan-temuan tersebut dalam analisisnya tentang postur keamanan Anda.

**Contents**
+ [Bagaimana Amazon GuardDuty mengirimkan temuan ke AWS Security Hub CSPM](#securityhub-integration-sending-findings)
  + [Jenis temuan yang GuardDuty dikirim ke Security Hub CSPM](#securityhub-integration-finding-types)
    + [Latensi untuk mengirimkan temuan baru](#securityhub-integration-finding-latency)
    + [Mencoba lagi saat Security Hub CSPM tidak tersedia](#securityhub-integration-retry-send)
    + [Memperbarui temuan yang ada di Security Hub CSPM](#securityhub-integration-finding-updates)
+ [Melihat GuardDuty temuan di AWS Security Hub CSPM](#findings-in-securityhub)
  + [Menafsirkan GuardDuty menemukan nama di AWS Security Hub CSPM](#interpreting-findings-in-securityhub)
  + [Temuan khas dari GuardDuty](#securityhub-integration-finding-example)
+ [Mengaktifkan dan mengonfigurasi integrasi](#securityhub-integration-enable)
+ [Menggunakan GuardDuty kontrol di Security Hub CSPM](#securityhub-integration-using-guardduty-controls)
+ [Menghentikan publikasi temuan ke Security Hub CSPM](#securityhub-integration-disable)

## Bagaimana Amazon GuardDuty mengirimkan temuan ke AWS Security Hub CSPM
<a name="securityhub-integration-sending-findings"></a>

Pada tahun AWS Security Hub CSPM, masalah keamanan dilacak sebagai temuan. Beberapa temuan berasal dari masalah yang terdeteksi oleh AWS layanan lain atau oleh mitra pihak ketiga. Security Hub CSPM juga memiliki seperangkat aturan yang digunakan untuk mendeteksi masalah keamanan dan menghasilkan temuan.

Security Hub CSPM menyediakan alat untuk mengelola temuan dari seluruh sumber ini. Anda dapat melihat dan mem-filter daftar temuan dan melihat detail suatu temuan. Untuk informasi lebih lanjut, lihat [Melihat temuan](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) dalam *Panduan Pengguna AWS Security Hub *. Anda juga dapat melacak status penyelidikan temuan. Untuk informasi lebih lanjut, lihat [Mengambil tindakan pada temuan](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-taking-action.html) dalam *Panduan Pengguna AWS Security Hub *.

Semua temuan di Security Hub CSPM menggunakan format JSON standar yang disebut AWS Security Finding Format (ASFF). ASFF mencakup detail tentang sumber masalah, sumber daya yang terdampak, dan status temuan saat ini. Lihat [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) di *Panduan Pengguna AWS Security Hub *.

Amazon GuardDuty adalah salah satu AWS layanan yang mengirimkan temuan ke Security Hub CSPM.

### Jenis temuan yang GuardDuty dikirim ke Security Hub CSPM
<a name="securityhub-integration-finding-types"></a>

Setelah Anda mengaktifkan GuardDuty dan Security Hub CSPM di akun yang sama dalam akun yang sama AWS Region, GuardDuty mulai mengirimkan semua temuan yang dihasilkan ke Security Hub CSPM. Temuan ini dikirim ke Security Hub CSPM menggunakan [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html). Dalam ASFF, bidang `Types` menyediakan jenis temuan.

#### Latensi untuk mengirimkan temuan baru
<a name="securityhub-integration-finding-latency"></a>

Ketika GuardDuty membuat temuan baru, biasanya dikirim ke Security Hub CSPM dalam waktu lima menit.

#### Mencoba lagi saat Security Hub CSPM tidak tersedia
<a name="securityhub-integration-retry-send"></a>

Jika Security Hub CSPM tidak tersedia, GuardDuty coba lagi mengirimkan temuan sampai diterima.

#### Memperbarui temuan yang ada di Security Hub CSPM
<a name="securityhub-integration-finding-updates"></a>

Setelah mengirimkan temuan ke Security Hub CSPM, GuardDuty mengirimkan pembaruan untuk mencerminkan pengamatan tambahan dari aktivitas temuan ke Security Hub CSPM. Pengamatan baru dari temuan ini dikirim ke Security Hub CSPM berdasarkan [Langkah 5 — Frekuensi untuk mengekspor temuan](guardduty_exportfindings.md#guardduty_exportfindings-frequency) pengaturan di Anda. Akun AWS

Saat Anda mengarsipkan atau membatalkan arsip temuan, GuardDuty tidak akan mengirimkan temuan itu ke Security Hub CSPM. Temuan yang tidak diarsipkan secara manual yang kemudian menjadi aktif tidak dikirim ke Security Hub CSPM. GuardDuty 

## Melihat GuardDuty temuan di AWS Security Hub CSPM
<a name="findings-in-securityhub"></a>

Masuk ke Konsol Manajemen AWS dan buka AWS Security Hub CSPM konsol di [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/).

Anda sekarang dapat menggunakan salah satu cara berikut untuk melihat GuardDuty temuan di konsol CSPM Security Hub:

**Opsi 1: Menggunakan *Integrasi* di Security Hub CSPM**  

1. Di panel navigasi kiri, pilih **Integrasi**.

1. Pada halaman **Integrasi**, periksa **Status** untuk **Amazon: GuardDuty**. 
   + Jika **Status** **Menerima temuan**, maka pilih **Lihat temuan** di sebelah **Menerima** temuan. 
   + *Jika tidak, maka untuk informasi selengkapnya tentang cara kerja **Integrasi**, lihat Integrasi [CSPM Security Hub di Panduan Pengguna.](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html)AWS Security Hub *

**Opsi 2: Menggunakan *Temuan* di Security Hub CSPM**  

1. Di panel navigasi kiri, pilih **Temuan**.

1. Pada halaman **Temuan**, tambahkan filter **Nama produk** dan masukkan **GuardDuty** untuk melihat hanya GuardDuty temuan.

### Menafsirkan GuardDuty menemukan nama di AWS Security Hub CSPM
<a name="interpreting-findings-in-securityhub"></a>

GuardDuty mengirimkan temuan ke Security Hub CSPM menggunakan [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html). Dalam ASFF, bidang `Types` menyediakan jenis temuan. Jenis ASFF menggunakan skema penamaan yang berbeda dari GuardDuty tipe. Tabel di bawah ini merinci semua jenis GuardDuty temuan dengan rekan ASFF mereka seperti yang muncul di Security Hub CSPM. 

**catatan**  
****Untuk beberapa jenis GuardDuty temuan Security Hub CSPM memberikan nama temuan ASFF yang berbeda tergantung pada apakah **Peran Sumber Daya** detail temuan adalah ACTOR atau TARGET.**** Untuk mengetahui informasi selengkapnya, lihat [Detail temuan](guardduty_findings-summary.md).


|  GuardDuty menemukan jenis  |  Tipe temuan ASFF  | 
| --- | --- | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-attack-sequence-finding-types.html#attack-sequence-iam-compromised-credentials](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-attack-sequence-finding-types.html#attack-sequence-iam-compromised-credentials) | TTPs/AttackSequence:IAM/CompromisedCredentials  | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-attack-sequence-finding-types.html#attack-sequence-s3-compromised-data](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-attack-sequence-finding-types.html#attack-sequence-s3-compromised-data) | TTPs/AttackSequence:S3/CompromisedData  | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-ccactivityb](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-ccactivityb) | TTPs/Command and Control/Backdoor:EC2-C&CActivity.B | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-ccactivitybdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-ccactivitybdns) | TTPs/Command and Control/Backdoor:EC2-C&CActivity.B\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofservicedns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofservicedns) | TTPs/Command and Control/Backdoor:EC2-DenialOfService.Dns | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofservicetcp](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofservicetcp) | TTPs/Command and Control/Backdoor:EC2-DenialOfService.Tcp | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceudp](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceudp) | TTPs/Command and Control/Backdoor:EC2-DenialOfService.Udp | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceudpontcpports](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceudpontcpports) | TTPs/Command and Control/Backdoor:EC2-DenialOfService.UdpOnTcpPorts | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceunusualprotocol](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceunusualprotocol) | TTPs/Command and Control/Backdoor:EC2-DenialOfService.UnusualProtocol | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-spambot](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-spambot) | TTPs/Command and Control/Backdoor:EC2-Spambot | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#behavior-ec2-networkportunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#behavior-ec2-networkportunusual) | Unusual Behaviors/VM/Behavior:EC2-NetworkPortUnusual | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#behavior-ec2-trafficvolumeunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#behavior-ec2-trafficvolumeunusual) | Unusual Behaviors/VM/Behavior:EC2-TrafficVolumeUnusual | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#backdoor-lambda-ccactivity-b](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#backdoor-lambda-ccactivity-b) | TTPs/Command and Control/Backdoor:Lambda-C&CActivity.B | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#backdoor-runtime-ccactivityb](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#backdoor-runtime-ccactivityb) | TTPs/Command and Control/Backdoor:Runtime-C&CActivity.B | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#backdoor-runtime-ccactivitybdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#backdoor-runtime-ccactivitybdns) | TTPs/Command and Control/Backdoor:Runtime-C&CActivity.B\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#credentialaccess-iam-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#credentialaccess-iam-anomalousbehavior) | TTPs/Credential Access/IAMUser-AnomalousBehavior | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credaccess-kubernetes-anomalousbehavior-secretsaccessed](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credaccess-kubernetes-anomalousbehavior-secretsaccessed) | TTPs/AnomalousBehavior/CredentialAccess:Kubernetes-SecretsAccessed | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-maliciousipcaller)  | TTPs/CredentialAccess/CredentialAccess:Kubernetes-MaliciousIPCaller | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-maliciousipcallercustom)  | TTPs/CredentialAccess/CredentialAccess:Kubernetes-MaliciousIPCaller.Custom | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-successfulanonymousaccess)  | TTPs/CredentialAccess/CredentialAccess:Kubernetes-SuccessfulAnonymousAccess | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-toripcaller)  | TTPs/CredentialAccess/CredentialAccess:Kubernetes-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-failedlogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-failedlogin) | TTPs/Credential Access/CredentialAccess:RDS-AnomalousBehavior.FailedLogin | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-successfulbruteforce](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-successfulbruteforce) | TTPs/Credential Access/CredentialAccess:RDS-AnomalousBehavior.SuccessfulBruteForce | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-successlogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-successlogin) | TTPs/Credential Access/CredentialAccess:RDS-AnomalousBehavior.SuccessfulLogin | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-maliciousipcaller-failedlogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-maliciousipcaller-failedlogin) | TTPs/Credential Access/CredentialAccess:RDS-MaliciousIPCaller.FailedLogin | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-maliciousipcaller-successfullogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-maliciousipcaller-successfullogin) | TTPs/Credential Access/CredentialAccess:RDS-MaliciousIPCaller.SuccessfulLogin | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-toripcaller-failedlogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-toripcaller-failedlogin) | TTPs/Credential Access/CredentialAccess:RDS-TorIPCaller.FailedLogin | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-toripcaller-successfullogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-toripcaller-successfullogin) | TTPs/Credential Access/CredentialAccess:RDS-TorIPCaller.SuccessfulLogin | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolb](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolb) | TTPs/Command and Control/CryptoCurrency:EC2-BitcoinTool.B | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolbdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolbdns) | TTPs/Command and Control/CryptoCurrency:EC2-BitcoinTool.B\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#cryptocurrency-lambda-bitcointool-b](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#cryptocurrency-lambda-bitcointool-b) | TTPs/Command and Control/CryptoCurrency:Lambda-BitcoinTool.B<br />Effects/Resource Consumption/CryptoCurrency:Lambda-BitcoinTool.B | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#cryptocurrency-runtime-bitcointoolb](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#cryptocurrency-runtime-bitcointoolb) | TTPs/Command and Control/CryptoCurrency:Runtime-BitcoinTool.B | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#cryptocurrency-runtime-bitcointoolbdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#cryptocurrency-runtime-bitcointoolbdns) | TTPs/Command and Control/CryptoCurrency:Runtime-BitcoinTool.B\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdnsresolver](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdnsresolver) | TTPs/DefenseEvasion/EC2:Unusual-DNS-Resolver | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unsualdohactivity](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unsualdohactivity) | TTPs/DefenseEvasion/EC2:Unusual-DoH-Activity | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdotactivity](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdotactivity) | TTPs/DefenseEvasion/EC2:Unusual-DoT-Activity | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#defenseevasion-iam-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#defenseevasion-iam-anomalousbehavior) | TTPs/Defense Evasion/IAMUser-AnomalousBehavior | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#defenseevasion-iam-bedrockloggingdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#defenseevasion-iam-bedrockloggingdisabled) | TTPs/Defense Evasion/DefenseEvasion:IAMUser-BedrockLoggingDisabled | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-maliciousipcaller) | TTPs/DefenseEvasion/DefenseEvasion:Kubernetes-MaliciousIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-maliciousipcallercustom) | TTPs/DefenseEvasion/DefenseEvasion:Kubernetes-MaliciousIPCaller.Custom | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-successfulanonymousaccess) | TTPs/DefenseEvasion/DefenseEvasion:Kubernetes-SuccessfulAnonymousAccess | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-toripcaller) | TTPs/DefenseEvasion/DefenseEvasion:Kubernetes-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-filelessexecution](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-filelessexecution) | TTPs/Defense Evasion/DefenseEvasion:Runtime-FilelessExecution | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-kernelmoduleloaded](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-kernelmoduleloaded) | TTPs/Defense Evasion/DefenseEvasion:Runtime-KernelModuleLoaded | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionproc](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionproc) | TTPs/Defense Evasion/DefenseEvasion:Runtime-ProcessInjection.Proc | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionptrace](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionptrace) | TTPs/Defense Evasion/DefenseEvasion:Runtime-ProcessInjection.Ptrace | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionvirtualmemw](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionvirtualmemw) | TTPs/Defense Evasion/DefenseEvasion:Runtime-ProcessInjection.VirtualMemoryWrite | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-ptrace-anti-debug](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-ptrace-anti-debug) | TTPs/DefenseEvasion/DefenseEvasion:Runtime-PtraceAntiDebugging | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-suspicious-command](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-suspicious-command) | TTPs/DefenseEvasion/DefenseEvasion:Runtime-SuspiciousCommand | 
| [Discovery:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#discovery-iam-anomalousbehavior) | TTPs/Discovery/IAMUser-AnomalousBehavior | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-anomalousbehavrior-permissionchecked](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-anomalousbehavrior-permissionchecked)  | TTPs/AnomalousBehavior/Discovery:Kubernetes-PermissionChecked | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-maliciousipcaller)  | TTPs/Discovery/Discovery:Kubernetes-MaliciousIPCaller | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-maliciousipcallercustom)  | TTPs/Discovery/Discovery:Kubernetes-MaliciousIPCaller.Custom | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-successfulanonymousaccess)  | TTPs/Discovery/Discovery:Kubernetes-SuccessfulAnonymousAccess | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-toripcaller)  | TTPs/Discovery/Discovery:Kubernetes-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#discovery-rds-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#discovery-rds-maliciousipcaller) | TTPs/Discovery/RDS-MaliciousIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#discovery-rds-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#discovery-rds-toripcaller) | TTPs/Discovery/RDS-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#discovery-runtime-suspicious-command](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#discovery-runtime-suspicious-command) | TTPs/Discovery/Discovery:Runtime-SuspiciousCommand | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-anomalousbehavior) | TTPs/Discovery:S3-AnomalousBehavior | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#discovery-s3-bucketenumerationunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#discovery-s3-bucketenumerationunusual) | TTPs/Discovery:S3-BucketEnumeration.Unusual | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcallercustom.title](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcallercustom.title) | TTPs/Discovery:S3-MaliciousIPCaller.Custom | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-toripcaller) | TTPs/Discovery:S3-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcaller) | TTPs/Discovery:S3-MaliciousIPCaller | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#exfiltration-iam-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#exfiltration-iam-anomalousbehavior)  | TTPs/Exfiltration/IAMUser-AnomalousBehavior | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#execution-kubernetes-execinkubesystempod](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#execution-kubernetes-execinkubesystempod)  | TTPs/Execution/Execution:Kubernetes-ExecInKubeSystemPod | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#execution-kubernetes-anomalousbehvaior-execinprod](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#execution-kubernetes-anomalousbehvaior-execinprod)  | TTPs/AnomalousBehavior/Execution:Kubernetes-ExecInPod | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#exec-kubernetes-anomalousbehavior-workloaddeployed](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#exec-kubernetes-anomalousbehavior-workloaddeployed)  | TTPs/AnomalousBehavior/Execution:Kubernetes-WorkloadDeployed | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-maliciousdomainrequest-custom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-maliciousdomainrequest-custom)  |  TTPs/Impact/Impact:EC2-MaliciousDomainRequest.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-maliciousipcaller)  | TTPs/Impact/Impact:Kubernetes-MaliciousIPCaller | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-maliciousipcallercustom)  | TTPs/Impact/Impact:Kubernetes-MaliciousIPCaller.Custom | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-successfulanonymousaccess)  | TTPs/Impact/Impact:Kubernetes-SuccessfulAnonymousAccess | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-toripcaller)  | TTPs/Impact/Impact:Kubernetes-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-containerwithsensitivemount](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-containerwithsensitivemount) | TTPs/Persistence/Persistence:Kubernetes-ContainerWithSensitiveMount | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-workloaddeployed-containerwithsensitivemount](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-workloaddeployed-containerwithsensitivemount) | TTPs/AnomalousBehavior/Persistence:Kubernetes-WorkloadDeployed\!ContainerWithSensitiveMount | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-workloaddeployed-privcontainer](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-workloaddeployed-privcontainer)  | TTPs/AnomalousBehavior/PrivilegeEscalation:Kubernetes-WorkloadDeployed\!PrivilegedContainer | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-maliciousipcaller)  | TTPs/Persistence/Persistence:Kubernetes-MaliciousIPCaller | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-maliciousipcallercustom)  | TTPs/Persistence/Persistence:Kubernetes-MaliciousIPCaller.Custom | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-successfulanonymousaccess)  | TTPs/Persistence/Persistence:Kubernetes-SuccessfulAnonymousAccess | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-toripcaller)  | TTPs/Persistence/Persistence:Kubernetes-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ec2-maliciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ec2-maliciousfile) | TTPs/Execution/Execution:EC2-MaliciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ecs-maliciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ecs-maliciousfile) | TTPs/Execution/Execution:ECS-MaliciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-kubernetes-maliciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-kubernetes-maliciousfile) | TTPs/Execution/Execution:Kubernetes-MaliciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-container-maliciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-container-maliciousfile) | TTPs/Execution/Execution:Container-MaliciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ec2-suspiciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ec2-suspiciousfile) | TTPs/Execution/Execution:EC2-SuspiciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ecs-suspiciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ecs-suspiciousfile) | TTPs/Execution/Execution:ECS-SuspiciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-kubernetes-suspiciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-kubernetes-suspiciousfile) | TTPs/Execution/Execution:Kubernetes-SuspiciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-container-suspiciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-container-suspiciousfile) | TTPs/Execution/Execution:Container-SuspiciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-snapshot](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-snapshot) | TTPs/Execution/Execution:EC2-MaliciousFile\!Snapshot | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-ami](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-ami) | TTPs/Execution/Execution:EC2-MaliciousFile\!AMI | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-recoverypoint](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-recoverypoint) | TTPs/Execution/Execution:EC2-MaliciousFile\!RecoveryPoint | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-s3-maliciousfile-recoverypoint](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-s3-maliciousfile-recoverypoint) | TTPs/Execution/Execution:S3-MaliciousFile\!RecoveryPoint | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-runtime-malicious-file-executed](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-runtime-malicious-file-executed) | TTPs/Execution/Execution:Runtime-MaliciousFileExecuted | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-malicious-file-executed-custom](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-malicious-file-executed-custom) | TTPs/Execution/Execution:Runtime-MaliciousFileExecuted.Custom | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-newbinaryexecuted](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-newbinaryexecuted) | TTPs/Execution/Execution:Runtime-NewBinaryExecuted | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-newlibraryloaded](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-newlibraryloaded) | TTPs/Execution/Execution:Runtime-NewLibraryLoaded | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-reverseshell](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-reverseshell) | TTPs/Execution/Execution:Runtime-ReverseShell | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspiciouscommand](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspiciouscommand) | TTPs/Execution/Execution:Runtime-SuspiciousCommand | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspicious-shell-created](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspicious-shell-created) | TTPs/Execution/Execution:Runtime-SuspiciousShellCreated | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspicioustool](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspicioustool) | TTPs/Execution/Execution:Runtime-SuspiciousTool | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#exfiltration-s3-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#exfiltration-s3-anomalousbehavior) | TTPs/Exfiltration:S3-AnomalousBehavior | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#exfiltration-s3-objectreadunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#exfiltration-s3-objectreadunusual) | TTPs/Exfiltration:S3-ObjectRead.Unusual | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#exfiltration-s3-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#exfiltration-s3-maliciousipcaller) | TTPs/Exfiltration:S3-MaliciousIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-abuseddomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-abuseddomainrequestreputation) | TTPs/Impact:EC2-AbusedDomainRequest.Reputation | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-bitcoindomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-bitcoindomainrequestreputation) | TTPs/Impact:EC2-BitcoinDomainRequest.Reputation | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-maliciousdomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-maliciousdomainrequestreputation) | TTPs/Impact:EC2-MaliciousDomainRequest.Reputation | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-portsweep](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-portsweep) | TTPs/Impact/Impact:EC2-PortSweep | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-suspiciousdomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-suspiciousdomainrequestreputation) | TTPs/Impact:EC2-SuspiciousDomainRequest.Reputation | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-winrmbruteforce](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-winrmbruteforce) | TTPs/Impact/Impact:EC2-WinRMBruteForce | 
| [Impact:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#impact-iam-anomalousbehavior) | TTPs/Impact/IAMUser-AnomalousBehavior | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-abuseddomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-abuseddomainrequestreputation) | TTPs/Impact/Impact:Runtime-AbusedDomainRequest.Reputation | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-bitcoindomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-bitcoindomainrequestreputation) | TTPs/Impact/Impact:Runtime-BitcoinDomainRequest.Reputation | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-cryptominerexecuted](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-cryptominerexecuted) | TTPs/Impact/Impact:Runtime-CryptoMinerExecuted | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-maliciousdomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-maliciousdomainrequestreputation) | TTPs/Impact/Impact:Runtime-MaliciousDomainRequest.Reputation | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-suspiciousdomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-suspiciousdomainrequestreputation) | TTPs/Impact/Impact:Runtime-SuspiciousDomainRequest.Reputatio | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-delete](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-delete) | TTPs/Impact:S3-AnomalousBehavior.Delete | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-permission](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-permission) | TTPs/Impact:S3-AnomalousBehavior.Permission | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-write](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-write) | TTPs/Impact:S3-AnomalousBehavior.Write | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#impact-s3-objectdeleteunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#impact-s3-objectdeleteunusual) | TTPs/Impact:S3-ObjectDelete.Unusual | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#impact-s3-permissionsmodificationunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#impact-s3-permissionsmodificationunusual) | TTPs/Impact:S3-PermissionsModification.Unusual | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-maliciousipcaller) | TTPs/Impact:S3-MaliciousIPCaller | 
| [InitialAccess:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#initialaccess-iam-anomalousbehavior) | TTPs/Initial Access/IAMUser-AnomalousBehavior | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/gdu-malware-protection-s3-finding-types.html#s3-object-s3-malicious-file](https://docs.aws.amazon.com/guardduty/latest/ug/gdu-malware-protection-s3-finding-types.html#s3-object-s3-malicious-file) | TTPs/Object/Object:S3-MaliciousFile | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux) | TTPs/PenTest:IAMUser/KaliLinux | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-parrotlinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-parrotlinux) | TTPs/PenTest:IAMUser/ParrotLinux | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-pentoolinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-pentoolinux) | TTPs/PenTest:IAMUser/PentooLinux | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux) | TTPs/PenTest:S3-KaliLinux | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-parrotlinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-parrotlinux) | TTPs/PenTest:S3-ParrotLinux | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-pentoolinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-pentoolinux) | TTPs/PenTest:S3-PentooLinux | 
|  [Persistence:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#persistence-iam-anomalousbehavior)  | TTPs/Persistence/IAMUser-AnomalousBehavior | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-networkpermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-networkpermissions) | TTPs/Persistence/Persistence:IAMUser-NetworkPermissions | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-resourcepermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-resourcepermissions) | TTPs/Persistence/Persistence:IAMUser-ResourcePermissions | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-userpermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-userpermissions) | TTPs/Persistence/Persistence:IAMUser-UserPermissions | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#persistence-runtime-suspicious-command](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#persistence-runtime-suspicious-command) | TTPs/Persistence/Persistence:Runtime-SuspiciousCommand | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#policy-iam-rootcredentialusage](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#policy-iam-rootcredentialusage) | TTPs/Policy:IAMUser-RootCredentialUsage | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#policy-iam-user-short-term-root-credential-usage](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#policy-iam-user-short-term-root-credential-usage) | TTPs/Policy:IAMUser-ShortTermRootCredentialUsage | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-adminaccesstodefaultserviceaccount](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-adminaccesstodefaultserviceaccount) | Software and Configuration Checks/AWS Security Best Practices/Policy:Kubernetes-AdminAccessToDefaultServiceAccount | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-anonymousaccessgranted](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-anonymousaccessgranted) | Software and Configuration Checks/AWS Security Best Practices/Policy:Kubernetes-AnonymousAccessGranted | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-exposeddashboard](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-exposeddashboard) | Software and Configuration Checks/AWS Security Best Practices/Policy:Kubernetes-ExposedDashboard | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-kubeflowdashboardexposed](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-kubeflowdashboardexposed) | Software and Configuration Checks/AWS Security Best Practices/Policy:Kubernetes-KubeflowDashboardExposed | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-accountblockpublicaccessdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-accountblockpublicaccessdisabled) | TTPs/Policy:S3-AccountBlockPublicAccessDisabled | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketanonymousaccessgranted](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketanonymousaccessgranted) | TTPs/Policy:S3-BucketAnonymousAccessGranted | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketblockpublicaccessdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketblockpublicaccessdisabled) | Effects/Data Exposure/Policy:S3-BucketBlockPublicAccessDisabled | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketpublicaccessgranted](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketpublicaccessgranted) | TTPs/Policy:S3-BucketPublicAccessGranted | 
|  [PrivilegeEscalation:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#privilegeescalation-iam-anomalousbehavior)  |  TTPs/Privilege Escalation/IAMUser-AnomalousBehavior  | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeescalation-iam-administrativepermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeescalation-iam-administrativepermissions) | TTPs/Privilege Escalation/PrivilegeEscalation:IAMUser-AdministrativePermissions | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-rolebindingcreated](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-rolebindingcreated) | TTPs/AnomalousBehavior/PrivilegeEscalation:Kubernetes-RoleBindingCreated | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-rolecreated](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-rolecreated) | TTPs/AnomalousBehavior/PrivilegeEscalation:Kubernetes-RoleCreated | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privilegeescalation-kubernetes-privilegedcontainer](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privilegeescalation-kubernetes-privilegedcontainer) | TTPs/PrivilegeEscalation/PrivilegeEscalation:Kubernetes-PrivilegedContainer | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-containermountshostdirectory](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-containermountshostdirectory) | TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-ContainerMountsHostDirectory | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-cgroupsreleaseagentmodified](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-cgroupsreleaseagentmodified) | TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-CGroupsReleaseAgentModified | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-dockersocketaccessed](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-dockersocketaccessed) | TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-DockerSocketAccessed | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-elevation-to-root](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-elevation-to-root) | TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-ElevationToRoot | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-runccontainerescape](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-runccontainerescape) | TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-RuncContainerEscape | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#privilege-escalation-runtime-suspicious-command](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#privilege-escalation-runtime-suspicious-command) | Software and Configuration Checks/PrivilegeEscalation:Runtime-SuspiciousCommand | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-userfaultfdusage](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-userfaultfdusage) | TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-UserfaultfdUsage | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portprobeemrunprotectedport](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portprobeemrunprotectedport) | TTPs/Discovery/Recon:EC2-PortProbeEMRUnprotectedPort | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portprobeunprotectedport](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portprobeunprotectedport) | TTPs/Discovery/Recon:EC2-PortProbeUnprotectedPort | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan) | TTPs/Discovery/Recon:EC2-Portscan | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-maliciousipcaller) | TTPs/Discovery/Recon:IAMUser-MaliciousIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-maliciousipcallercustom) | TTPs/Discovery/Recon:IAMUser-MaliciousIPCaller.Custom | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-networkpermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-networkpermissions) | TTPs/Discovery/Recon:IAMUser-NetworkPermissions | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-resourcepermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-resourcepermissions) | TTPs/Discovery/Recon:IAMUser-ResourcePermissions | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-toripcaller) | TTPs/Discovery/Recon:IAMUser-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-userpermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-userpermissions) | TTPs/Discovery/Recon:IAMUser-UserPermissions | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#resourceconsumption-iam-computeresources](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#resourceconsumption-iam-computeresources) | Unusual Behaviors/User/ResourceConsumption:IAMUser-ComputeResources | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#stealth-iam-cloudtrailloggingdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#stealth-iam-cloudtrailloggingdisabled) | TTPs/Defense Evasion/Stealth:IAMUser-CloudTrailLoggingDisabled | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#stealth-iam-loggingconfigurationmodified](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#stealth-iam-loggingconfigurationmodified) | TTPs/Defense Evasion/Stealth:IAMUser-LoggingConfigurationModified | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#stealth-iam-passwordpolicychange](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#stealth-iam-passwordpolicychange) | TTPs/Defense Evasion/Stealth:IAMUser-PasswordPolicyChange | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#stealth-s3-serveraccessloggingdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#stealth-s3-serveraccessloggingdisabled) | TTPs/Defense Evasion/Stealth:S3-ServerAccessLoggingDisabled | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-blackholetraffic](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-blackholetraffic) | TTPs/Command and Control/Trojan:EC2-BlackholeTraffic | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-blackholetrafficdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-blackholetrafficdns) | TTPs/Command and Control/Trojan:EC2-BlackholeTraffic\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dgadomainrequestb](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dgadomainrequestb) | TTPs/Command and Control/Trojan:EC2-DGADomainRequest.B | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dgadomainrequestcdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dgadomainrequestcdns) | TTPs/Command and Control/Trojan:EC2-DGADomainRequest.C\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dnsdataexfiltration](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dnsdataexfiltration) | TTPs/Command and Control/Trojan:EC2-DNSDataExfiltration | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-drivebysourcetrafficdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-drivebysourcetrafficdns) | TTPs/Initial Access/Trojan:EC2-DriveBySourceTraffic\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-droppoint](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-droppoint) | Effects/Data Exfiltration/Trojan:EC2-DropPoint | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-droppointdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-droppointdns) | Effects/Data Exfiltration/Trojan:EC2-DropPoint\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-phishingdomainrequestdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-phishingdomainrequestdns) | TTPs/Command and Control/Trojan:EC2-PhishingDomainRequest\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#trojan-lambda-blackhole-traffic](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#trojan-lambda-blackhole-traffic) | TTPs/Command and Control/Trojan:Lambda-BlackholeTraffic | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#trojan-lambda-drop-point](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#trojan-lambda-drop-point) | Effects/Data Exfiltration/Trojan:Lambda-DropPoint | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-blackholetraffic](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-blackholetraffic) | TTPs/Command and Control/Trojan:Runtime-BlackholeTraffic | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-blackholetrafficdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-blackholetrafficdns) | TTPs/Command and Control/Trojan:Runtime-BlackholeTraffic\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-dgadomainrequestcdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-dgadomainrequestcdns) | TTPs/Command and Control/Trojan:Runtime-DGADomainRequest.C\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-drivebysourcetrafficdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-drivebysourcetrafficdns) | TTPs/Initial Access/Trojan:Runtime-DriveBySourceTraffic\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-droppoint](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-droppoint) | Effects/Data Exfiltration/Trojan:Runtime-DropPoint | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-droppointdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-droppointdns) | Effects/Data Exfiltration/Trojan:Runtime-DropPoint\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-phishingdomainrequestdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-phishingdomainrequestdns) | TTPs/Command and Control/Trojan:Runtime-PhishingDomainRequest\!DNS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-maliciousipcallercustom) | TTPs/Command and Control/UnauthorizedAccess:EC2-MaliciousIPCaller.Custom | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-metadatadnsrebind](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-metadatadnsrebind) | TTPs/UnauthorizedAccess:EC2-MetadataDNSRebind | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-rdpbruteforce](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-rdpbruteforce) | TTPs/Initial Access/UnauthorizedAccess:EC2-RDPBruteForce | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-sshbruteforce](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-sshbruteforce) | TTPs/Initial Access/UnauthorizedAccess:EC2-SSHBruteForce | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torclient](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torclient) | Effects/Resource Consumption/UnauthorizedAccess:EC2-TorClient | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torrelay](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torrelay) | Effects/Resource Consumption/UnauthorizedAccess:EC2-TorRelay | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#unauthorizedaccess-iam-consolelogin](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#unauthorizedaccess-iam-consolelogin) | Unusual Behaviors/User/UnauthorizedAccess:IAMUser-ConsoleLogin | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-consoleloginsuccessb](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-consoleloginsuccessb) | TTPs/UnauthorizedAccess:IAMUser-ConsoleLoginSuccess.B | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationinsideaws](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationinsideaws) | Effects/Data Exfiltration/UnauthorizedAccess:IAMUser-InstanceCredentialExfiltration.InsideAWS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationoutsideaws](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationoutsideaws) | Effects/Data Exfiltration/UnauthorizedAccess:IAMUser-InstanceCredentialExfiltration.OutsideAWS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-maliciousipcaller) | TTPs/UnauthorizedAccess:IAMUser-MaliciousIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-maliciousipcallercustom) | TTPs/UnauthorizedAccess:IAMUser-MaliciousIPCaller.Custom | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-resourcecredentialexfiltrationoutsideaws](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-resourcecredentialexfiltrationoutsideaws) | Effects/Data Exfiltration/UnauthorizedAccess:IAMUser-ResourceCredentialExfiltration.OutsideAWS | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-toripcaller) | TTPs/Command and Control/UnauthorizedAccess:IAMUser-TorIPCaller | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-maliciousIPcaller-custom](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-maliciousIPcaller-custom) | TTPs/Command and Control/UnauthorizedAccess:Lambda-MaliciousIPCaller.Custom | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-tor-client](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-tor-client) | Effects/Resource Consumption/UnauthorizedAccess:Lambda-TorClient | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-tor-relay](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-tor-relay) | Effects/Resource Consumption/UnauthorizedAccess:Lambda-TorRelay | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-metadatadnsrebind](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-metadatadnsrebind) | TTPs/UnauthorizedAccess:Runtime-MetadataDNSRebind | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-torrelay](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-torrelay) | Effects/Resource Consumption/UnauthorizedAccess:Runtime-TorRelay | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-torclient](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-torclient) | Effects/Resource Consumption/UnauthorizedAccess:Runtime-TorClient | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#unauthorizedaccess-s3-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#unauthorizedaccess-s3-maliciousipcallercustom) | TTPs/UnauthorizedAccess:S3-MaliciousIPCaller.Custom | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#unauthorizedaccess-s3-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#unauthorizedaccess-s3-toripcaller) | TTPs/UnauthorizedAccess:S3-TorIPCaller | 

### Temuan khas dari GuardDuty
<a name="securityhub-integration-finding-example"></a>

GuardDuty mengirimkan temuan ke Security Hub CSPM menggunakan [AWS Security Finding Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html).

Berikut adalah contoh temuan khas dari GuardDuty.

```
  {
  "SchemaVersion": "2018-10-08",
  "Id": "arn:aws:guardduty:us-east-1:193043430472:detector/d4b040365221be2b54a6264dc9a4bc64/finding/46ba0ac2845071e23ccdeb2ae03bfdea",
  "ProductArn": "arn:aws:securityhub:us-east-1:product/aws/guardduty",
  "GeneratorId": "arn:aws:guardduty:us-east-1:193043430472:detector/d4b040365221be2b54a6264dc9a4bc64",
  "AwsAccountId": "193043430472",
  "Types": [
    "TTPs/Initial Access/UnauthorizedAccess:EC2-SSHBruteForce"
  ],
  "FirstObservedAt": "2020-08-22T09:15:57Z",
  "LastObservedAt": "2020-09-30T11:56:49Z",
  "CreatedAt": "2020-08-22T09:34:34.146Z",
  "UpdatedAt": "2020-09-30T12:14:00.206Z",
  "Severity": {
    "Product": 2,
    "Label": "MEDIUM",
    "Normalized": 40
  },
  "Title": "199.241.229.197 is performing SSH brute force attacks against i-0c10c2c7863d1a356.",
  "Description": "199.241.229.197 is performing SSH brute force attacks against i-0c10c2c7863d1a356. Brute force attacks are used to gain unauthorized access to your instance by guessing the SSH password.",
  "SourceUrl": "https://us-east-1.console.aws.amazon.com/guardduty/home?region=us-east-1#/findings?macros=current&fId=46ba0ac2845071e23ccdeb2ae03bfdea",
  "ProductFields": {
    "aws/guardduty/service/action/networkConnectionAction/remotePortDetails/portName": "Unknown",
    "aws/guardduty/service/archived": "false",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/organization/asnOrg": "CENTURYLINK-US-LEGACY-QWEST",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/geoLocation/lat": "42.5122",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/ipAddressV4": "199.241.229.197",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/geoLocation/lon": "-90.7384",
    "aws/guardduty/service/action/networkConnectionAction/blocked": "false",
    "aws/guardduty/service/action/networkConnectionAction/remotePortDetails/port": "46717",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/country/countryName": "United States",
    "aws/guardduty/service/serviceName": "guardduty",
    "aws/guardduty/service/evidence": "",
    "aws/guardduty/service/action/networkConnectionAction/localIpDetails/ipAddressV4": "172.31.43.6",
    "aws/guardduty/service/detectorId": "d4b040365221be2b54a6264dc9a4bc64",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/organization/org": "CenturyLink",
    "aws/guardduty/service/action/networkConnectionAction/connectionDirection": "INBOUND",
    "aws/guardduty/service/eventFirstSeen": "2020-08-22T09:15:57Z",
    "aws/guardduty/service/eventLastSeen": "2020-09-30T11:56:49Z",
    "aws/guardduty/service/action/networkConnectionAction/localPortDetails/portName": "SSH",
    "aws/guardduty/service/action/actionType": "NETWORK_CONNECTION",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/city/cityName": "Dubuque",
    "aws/guardduty/service/additionalInfo": "",
    "aws/guardduty/service/resourceRole": "TARGET",
    "aws/guardduty/service/action/networkConnectionAction/localPortDetails/port": "22",
    "aws/guardduty/service/action/networkConnectionAction/protocol": "TCP",
    "aws/guardduty/service/count": "74",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/organization/asn": "209",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/organization/isp": "CenturyLink",
    "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/guardduty/arn:aws:guardduty:us-east-1:193043430472:detector/d4b040365221be2b54a6264dc9a4bc64/finding/46ba0ac2845071e23ccdeb2ae03bfdea",
    "aws/securityhub/ProductName": "GuardDuty",
    "aws/securityhub/CompanyName": "Amazon"
  },
  "Resources": [
    {
      "Type": "AwsEc2Instance",
      "Id": "arn:aws:ec2:us-east-1:193043430472:instance/i-0c10c2c7863d1a356",
      "Partition": "aws",
      "Region": "us-east-1",
      "Tags": {
        "Name": "kubectl"
      },
      "Details": {
        "AwsEc2Instance": {
          "Type": "t2.micro",
          "ImageId": "ami-02354e95b39ca8dec",
          "IpV4Addresses": [
            "18.234.130.16",
            "172.31.43.6"
          ],
          "VpcId": "vpc-a0c2d7c7",
          "SubnetId": "subnet-4975b475",
          "LaunchedAt": "2020-08-03T23:21:57Z"
        }
      }
    }
  ],
  "WorkflowState": "NEW",
  "Workflow": {
    "Status": "NEW"
  },
  "RecordState": "ACTIVE"
}
```

## Mengaktifkan dan mengonfigurasi integrasi
<a name="securityhub-integration-enable"></a>

Untuk menggunakan integrasi dengan AWS Security Hub CSPM, Anda harus mengaktifkan Security Hub CSPM. Untuk informasi tentang cara mengaktifkan CSPM Security Hub, lihat [Menyiapkan Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) di *AWS Security Hub Panduan Pengguna*.

Ketika Anda mengaktifkan keduanya GuardDuty dan Security Hub CSPM, integrasi diaktifkan secara otomatis. GuardDutysegera mulai mengirim temuan ke Security Hub CSPM.

## Menggunakan GuardDuty kontrol di Security Hub CSPM
<a name="securityhub-integration-using-guardduty-controls"></a>

AWS Security Hub CSPM menggunakan kontrol keamanan untuk mengevaluasi AWS sumber daya Anda, dan memeriksa kepatuhan Anda terhadap standar industri keamanan dan praktik terbaik. Anda dapat menggunakan kontrol yang terkait dengan GuardDuty sumber daya dan rencana perlindungan yang dipilih. Untuk informasi selengkapnya, lihat [ GuardDutykontrol Amazon](https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html) di *Panduan AWS Security Hub Pengguna*.

Untuk daftar semua kontrol di seluruh AWS layanan dan sumber daya, lihat [Referensi kontrol CSPM Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html) di *AWS Security Hub Panduan Pengguna*.

## Menghentikan publikasi temuan ke Security Hub CSPM
<a name="securityhub-integration-disable"></a>

Untuk menghentikan pengiriman temuan ke Security Hub CSPM, Anda dapat menggunakan konsol CSPM Security Hub atau API.

*Lihat [Menonaktifkan dan mengaktifkan alur temuan dari integrasi (konsol)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-console) atau [Menonaktifkan alur temuan dari integrasi (Security Hub API, AWS CLI](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-disable-api)) di Panduan Pengguna.AWS Security Hub *