AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2025-07-01 · Documentation low

File: guardduty/latest/ug/guardduty-opting-out-using-data.md

Summary

Expanded explanation of command/argument collection for threat detection

Security assessment

Adds detailed documentation about security data collection practices and threat detection capabilities without addressing specific vulnerabilities

Diff

diff --git a/guardduty/latest/ug/guardduty-opting-out-using-data.md b/guardduty/latest/ug/guardduty-opting-out-using-data.md
index a36d74130..6b042e384 100644
--- a//guardduty/latest/ug/guardduty-opting-out-using-data.md
+++ b//guardduty/latest/ug/guardduty-opting-out-using-data.md
@@ -39 +39 @@ GuardDuty Runtime Monitoring provides runtime threat detection for Amazon Elasti
-Although GuardDuty now collects command-line arguments that you may direct to your workloads, it doesn't currently use these arguments for service improvement purposes (it may do so in the future). We have started collecting command-line arguments in anticipation of new threat detection rules and findings that will be released soon. Your trust, privacy, and the security of your content are our highest priority, and ensure that our use complies with our commitments to you. For more information, see [Data Privacy FAQ](https://aws.amazon.com/compliance/data-privacy-faq/). 
+GuardDuty collects both commands (such as `curl`, `systemctl`, and `cron`) and their associated arguments (such as `start`, `stop`, `disable`) from your workloads. For example, when someone runs `systemctl stop `service-name``, GuardDuty captures both the command `systemctl` and its arguments `stop `service-name``. This detailed information helps GuardDuty to detect sophisticated threats by analyzing command patterns and correlating multiple events. For example, GuardDuty can identify when an attacker attempts to disable security services or executes known malicious files. While GuardDuty actively uses this data for threat detection, it **doesn't** currently use these commands and arguments for service improvement purposes (it may do so in the future). Your trust, privacy, and the security of your content are our highest priority, and ensure that our use complies with our commitments to you. For more information, see [Data Privacy FAQ](https://aws.amazon.com/compliance/data-privacy-faq/).