Home Security & Privacy AWS GuardDuty Response

AWS GuardDuty Response Cheat Sheet

Alert triage and automation for GuardDuty findings

Last Updated: November 21, 2025

Focus Areas

Focus
Categorize findings by severity, resource, and service
Use tags and automation to escalate only actionable alerts

Commands & Queries

aws guardduty list-detectors
List GuardDuty detectors
aws guardduty get-findings --finding-ids ...
Inspect a finding
aws ssm send-command --document-name AWS-RunShellScript ...
Remediate compromised hosts

Summary

Triage GuardDuty alerts with tags and automation so responders focus on real risk.

Related Cheat Sheets

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

💡 Pro Tip: Tag resources and automate suppressions for known benign findings.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets