简体繁体 English

AWS Cloudtrail Insights 对比 AWS Macie 对比 AWS GuardDuty

[英]AWS Cloudtrail Insights vs AWS Macie vs AWS GuardDuty

原文 2021-08-14 10:08:31 8 1 amazon-web-services/ amazon-cloudtrail/ amazon-macie

My understanding of all three is that they look for patterns in events and logs to determine if there is a potential security flaw.我对这三者的理解是，它们在事件和日志中寻找模式以确定是否存在潜在的安全漏洞。 Another question touches upon this but somewhat unsatisfactory.另一个问题涉及到这个但有些不尽如人意。 What I got from that reply was:我从那个回复中得到的是：

... GuardDuty is more tilted towards indications of actual compromise whereas insights is more just 'unusual' API activity ... GuardDuty 更倾向于实际妥协的迹象，而洞察力更只是“不寻常”的 API 活动

Macie: Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie：Amazon Macie 是一项完全托管的数据安全和数据隐私服务，它使用机器学习和模式匹配来发现和保护您在 AWS 中的敏感数据。

Cloudtrail Insights: AWS CloudTrail Insights helps AWS users identify and respond to unusual activity associated with write API calls by continuously analyzing CloudTrail management events. Cloudtrail Insights：AWS CloudTrail Insights 通过持续分析 CloudTrail 管理事件，帮助 AWS 用户识别和响应与 write API 调用相关的异常活动。

GuardDuty: Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3 GuardDuty：Amazon GuardDuty 是一项威胁检测服务，可持续监控恶意活动和未经授权的行为，以保护您的 AWS 账户、工作负载和存储在 Amazon S3 中的数据

What is the difference and when should I use what service?有什么区别，什么时候应该使用什么服务？ Is someone able to do a bit more explanation around the actual differences?有人能够对实际差异做更多解释吗？

1 个解决方案

My understanding of all three is that they look for patterns in events and logs to determine if there is a potential security flaw我对这三者的理解是，它们在事件和日志中寻找模式以确定是否存在潜在的安全漏洞
... ...
What is the difference and when should I use what service?有什么区别，什么时候应该使用什么服务？

Every service documentation has its FAQ part, where this is explained.每个服务文档都有其常见问题解答部分，其中对此进行了解释。

All three services have different purpose.这三种服务都有不同的目的。 They look into different input data and produce different alert types, which are not necessarily security flaws, but are to be reviewed and addressed.他们查看不同的输入数据并产生不同的警报类型，这些警报类型不一定是安全漏洞，但需要审查和解决。 The services are not overlapping in functionality, so I'm not sure what is confusing for you.这些服务在功能上没有重叠，所以我不确定是什么让您感到困惑。 I will just list the difference.我只会列出不同之处。

Amazon Macie reads your S3 bucket data to identify open and shared S3 buckets and data containing PII. Amazon Macie读取您的 S3 存储桶数据以识别打开和共享的 S3 存储桶以及包含 PII 的数据。

GuardDuty aggregates "AWS CloudTrail event logs, Amazon VPC Flow Logs and DNS logs" to detect suspicious activity. GuardDuty聚合“AWS CloudTrail 事件日志、Amazon VPC 流日志和 DNS 日志”以检测可疑活动。

Cloudtrail Insights is a new CloudTrail feature. Cloudtrail Insights是一项新的 CloudTrail 功能。 The service generates Insights events when the API calls volume is outside normal patterns.当 API 呼叫量超出正常模式时，该服务会生成 Insights 事件。