Alert Logic® and Amazon Web Services (AWS) GuardDuty should ideally be used in conjunction with one another for the best environment monitoring. GuardDuty reviews logs generated by actions in your AWS account while Alert Logic monitors logs generated from hosts and provides intrusion detection protection. Utilizing both in your AWS environment is advised.
GuardDuty reviews your VPC flow and CloudTrail logs for anomalies. Examples of GuardDuty detections include:
- An EC2 instance spun up that hasn't been seen in the environment before
- Activity from a foreign IP in your environment that is either a known bad IP address or from a country you have not communicated with before
- A user performed an action they do not normally perform, such as starting a service or running an API call they have not dealt with before
GuardDuty does not look at logs from the OS on your EC2 instances - Alert Logic takes care of this. With Alert Logic MDR Professional or Enterprise, we review Windows logs and Syslogs on your hosts and communicate potential findings.