AWS guardduty documentation change
Summary
Added documentation for new Runtime Monitoring finding type DefenseEvasion:Runtime/KernelModuleLoaded.
Security assessment
Documents a new security detection capability for kernel module-based defense evasion techniques, enhancing security visibility.
Diff
diff --git a/guardduty/latest/ug/doc-history.md b/guardduty/latest/ug/doc-history.md index 29de5f56c..1e396d4ec 100644 --- a//guardduty/latest/ug/doc-history.md +++ b//guardduty/latest/ug/doc-history.md @@ -12,0 +13 @@ Change| Description| Date +New Runtime Monitoring finding type - DefenseEvasion:Runtime/KernelModuleLoaded| GuardDuty Runtime Monitoring introduces a new finding type that helps you identify defense evasion techniques where threat actors use kernel modules to bypass security controls, modify system operations, and gain persistent system access. For more information, see [DefenseEvasion:Runtime/KernelModuleLoaded](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-kernelmoduleloaded).| October 15, 2025