AWS CloudTrail Insights 与 GuardDuty
[英]AWS CloudTrail Insights vs GuardDuty
问题描述
CloudTrail Insights identifies any anomalies in the CloudTrail Events. 
CloudTrail Insights 可识别 CloudTrail 事件中的任何异常。 And out of all the inputs to the GuardDuty, CloudTrail Events is one of it.在 GuardDuty 的所有输入中,CloudTrail Events 就是其中之一。 Looks like both CloudTrail Insights and GuardDuty provide similar service.看起来 CloudTrail Insights 和 GuardDuty 都提供类似的服务。
Would like to know the differences between the two.想知道两者的区别。 AWS provides a lot of similar services. AWS 提供了很多类似的服务。
1 个解决方案
解决方案1
0 2021-07-04 13:49:58
There are a few categories of data that GuardDuty will look at that won't be by CloudTrail Insights including VPC Flow Logs and DNS Logs (if you are using VPC DNS resolution). GuardDuty 将查看 CloudTrail Insights 不会查看的几类数据,包括 VPC 流日志和 DNS 日志(如果您使用 VPC DNS 分辨率)。 That means alerts for things like port scanners (even if originating within and destinations within in your VPCs) and DNS lookups that might indicate a compromise.这意味着对端口扫描器(即使在您的 VPC 中起源和目的地)和 DNS 查找等可能表明存在妥协的事物发出警报。 It can also produce alerts for things like 'known-bad' actors interacting (or trying to) your machines.它还可以针对与您的机器进行交互(或尝试)的“已知不良”演员等事情产生警报。 Of course, there are false positives for all of these, but these are things that GuardDuty can do that CloudTrail Insights won't.当然,所有这些都存在误报,但这些都是 GuardDuty 可以做到而 CloudTrail Insights 无法做到的事情。
It is a bit unclear if the machine learning for 'anomalies' that CloudTrail Insights applies is the same or different than the machine learning it applies to GuardDuty on CloudTrail logs. CloudTrail Insights 应用的“异常”机器学习与它应用于 CloudTrail 日志上的 GuardDuty 的机器学习是相同还是不同,这有点不清楚。 However, it generally appears that GuardDuty is more tilted towards indications of actual compromise whereas insights is more just 'unusual' API activity.然而,GuardDuty 似乎更倾向于实际妥协的迹象,而洞察力更多只是“不寻常的”API 活动。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.