Amazon Guard​Duty | Recorded Future
Amazon Guard​Duty

Amazon Guard​Duty

Table of Contents


Product Overview

Clients of Amazon GuardDuty can use Recorded Future’s intelligence to reduce time to threat identification and remediation. By integrating solutions with Recorded Future, organizations can:

  • Identify 22% more security threats before impact
  • Resolve security threats 63% faster
  • Increase team efficiency by 32%

Challenges Overcome Through Integration

The Recorded Future and Amazon GuardDuty integration allows users to greatly reduce time to verdict while reviewing findings by:

  • Targeted detection of malware, C&C, phishing, and other malicious activity based on Recorded Future intelligence
  • Real-time enrichment with Recorded Future context to improve remediation time, and prioritize and/or inform actions

Integration Description

The Recorded Future and Amazon GuardDuty integration allows users to upload a Recorded Future threat list of high-fidelity, known malicious IP addresses, including a Security Control Feed, into Amazon GuardDuty for correlation against client’s telemetry data.

As Amazon GuardDuty monitors activity across the users’ Amazon Web Services (AWS) accounts, the Recorded Future threat list will be correlated against to detect malicious IPs and generate findings for review.

Once alerts have been generated from the Recorded Future threat list, users are able to access valuable information under the Findings section in Amazon GuardDuty, including the malicious IP address and location details.

Additionally, using the Recorded Future Browser Extension, users can enrich the data in Amazon GuardDuty with Recorded Future’s security intelligence. The Recorded Future Browser Extension provides risk scores and evidence in real-time and allows users to open the Intelligence Card for the IP address in question to review additional context.