AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2025-10-16 · Documentation medium

File: guardduty/latest/ug/doc-history.md

Summary

Added documentation for new Runtime Monitoring finding type DefenseEvasion:Runtime/KernelModuleLoaded.

Security assessment

Documents a new security detection capability for kernel module-based defense evasion techniques, enhancing security visibility.

Diff

diff --git a/guardduty/latest/ug/doc-history.md b/guardduty/latest/ug/doc-history.md
index 29de5f56c..1e396d4ec 100644
--- a//guardduty/latest/ug/doc-history.md
+++ b//guardduty/latest/ug/doc-history.md
@@ -12,0 +13 @@ Change| Description| Date
+New Runtime Monitoring finding type - DefenseEvasion:Runtime/KernelModuleLoaded| GuardDuty Runtime Monitoring introduces a new finding type that helps you identify defense evasion techniques where threat actors use kernel modules to bypass security controls, modify system operations, and gain persistent system access. For more information, see [DefenseEvasion:Runtime/KernelModuleLoaded](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-kernelmoduleloaded).| October 15, 2025