Guardduty not able to detect attacks outside the Aws

Asked Sep 22 '21 at 07:56

Active Sep 22 '21 at 07:56

Viewed 153 times

I am trying to test guardduty by pulling off a brute force attack on Windows target ec2 host from my local windows machine (outside aws) using RDP. What i can see is there are no finding getting created on guardduty console even though i tried breaking into it with around 1000 login attempts.

But doing the same exercise with another ec2 instance (both within and outside the vpc) results in findings being created in the guardduty console.

Does it imply that GuardDuty is only applicable for attacks being made inside the aws premise?

asked Sep 22 '21 at 07:56

jayendra bhatt

1,337
2
19
41

Your question is confusing, and needs clarification. Just sounds like you described the same scenario twice and are asking the difference. Did you mean that there are 2 different OSes involved ... perhaps the one that worked was Linux? – Chux Uzoeto Jan 27 '22 at 14:25
I mean sending traffic from inside aws (like an ec2 within same vpc as the target ec2 machine ) and outside aws ( ie from internet like your local desktop). Hope this clears the air – jayendra bhatt Jan 28 '22 at 16:51

Guardduty not able to detect attacks outside the Aws

0 Answers0