This alert triggers whenever GuardDuty assigns high severity to an event/a finding. Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A high severity level indicates that the resource in question is compromised and is actively being used for unauthorized purposes. Mitigation It is recommended to treat any high-severity findings as a priority and take immediate remediation steps to prevent further unauthorized use of your resources. To investigate further, check the field names such as 'type', 'description', 'title', etc. for more detail.

This alert triggers whenever GuardDuty assigns medium severity to an event/a finding. Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A medium severity level indicates suspicious activity that deviates from normally observed behavior and, depending on your use case, may be indicative of a resource compromise. Mitigation To investigate further, check the field names such as 'type', 'description', 'title', etc.

This alert triggers whenever GuardDuty assigns low severity to an event/a finding. Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers details for visibility and remediation. Impact A low severity level indicates attempted suspicious activity that did not compromise your network, for example, a port scan or a failed intrusion attempt. Mitigation To investigate further, check the field names such as 'type', 'description', 'title', etc.