AWS GuardDuty + D3 Morpheus
Secure Your Cloud Systems
Amazon GuardDuty is a threat detection service that continuously monitors Amazon Web Services accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. Morpheus’s integration with AWS GuardDuty enables automation-powered response to cloud security alerts.
Benefits and Capabilities
GuardDuty produces security findings based on its analysis of logs, threat intelligence, and machine learning, which enables it to detect unusual or suspicious activity in your AWS environment. Morpheus can retrieve security findings from GuardDuty in order to rapidly orchestrate a response.
- Orchestrate across hundreds of integrated systems, including AWS platforms such as EC2, Lambda, SSM, and S3 Buckets
- Capture suspicious behaviors that slip past signature-based tools
- Seamlessly oversee hybrid environments, by managing cloud and on-premise incident response through Morpheus
Use CAse
Cryptomining
AWS GuardDuty can detect compromised EC2 instances that have been hijacked by an adversary to mine bitcoin. Morpheus retrieves that event and extracts IOCs and TTPs to compare against third-party threat intelligence to determine risk. Based on this information, the user can escalate the event to an incident if further investigation is required.
- Run a prebuilt automation-powered playbook for cryptomining, which includes domain analysis and EC2 instance analysis.
- Hunt for cryptomining threats based on ingested threat reports.
- Orchestrate rapid response across integrated tools.
Use Case
Insider Threat Detection and Mitigation
AWS GuardDuty can be utilized to identify potential insider threats by monitoring and flagging unusual data access patterns or unauthorized attempts to access sensitive data. Morpheus, upon receiving such alerts, employs its MITRE ATT&CK framework correlation to categorize the nature of the threat, focusing on tactics and techniques indicative of insider behavior.
- Morpheus’s automation capabilities then kick in, extracting IOCs and comparing them against known threat intelligence.
- If the threat is verified, D3 activates a specialized playbook for insider threats, which includes steps for securing compromised accounts, assessing data exposure, and initiating necessary legal or HR protocols.
Why Morpheus?
Joint users of AWS GuardDuty and D3 Morpheus don’t just get automated cloud security; they also get the countless other features that make Morpheus the leading independent AI-augmented SOC automation solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Hyperpipe, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
AWS GuardDuty Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
