AWS guardduty documentation change
Summary
Updated documentation to include backup resources in GuardDuty Malware Protection scope and fixed URL formatting for Data Privacy FAQ links.
Security assessment
The change expands GuardDuty Malware Protection coverage to backup resources, enhancing security monitoring capabilities. However, there is no evidence of addressing a specific security vulnerability, but rather documenting expanded security feature coverage.
Diff
diff --git a/guardduty/latest/ug/guardduty-opting-out-using-data.md b/guardduty/latest/ug/guardduty-opting-out-using-data.md index 6b042e384..7609f4801 100644 --- a//guardduty/latest/ug/guardduty-opting-out-using-data.md +++ b//guardduty/latest/ug/guardduty-opting-out-using-data.md @@ -39 +39 @@ GuardDuty Runtime Monitoring provides runtime threat detection for Amazon Elasti -GuardDuty collects both commands (such as `curl`, `systemctl`, and `cron`) and their associated arguments (such as `start`, `stop`, `disable`) from your workloads. For example, when someone runs `systemctl stop `service-name``, GuardDuty captures both the command `systemctl` and its arguments `stop `service-name``. This detailed information helps GuardDuty to detect sophisticated threats by analyzing command patterns and correlating multiple events. For example, GuardDuty can identify when an attacker attempts to disable security services or executes known malicious files. While GuardDuty actively uses this data for threat detection, it **doesn't** currently use these commands and arguments for service improvement purposes (it may do so in the future). Your trust, privacy, and the security of your content are our highest priority, and ensure that our use complies with our commitments to you. For more information, see [Data Privacy FAQ](https://aws.amazon.com/compliance/data-privacy-faq/). +GuardDuty collects both commands (such as `curl`, `systemctl`, and `cron`) and their associated arguments (such as `start`, `stop`, `disable`) from your workloads. For example, when someone runs `systemctl stop `service-name``, GuardDuty captures both the command `systemctl` and its arguments `stop `service-name``. This detailed information helps GuardDuty to detect sophisticated threats by analyzing command patterns and correlating multiple events. For example, GuardDuty can identify when an attacker attempts to disable security services or executes known malicious files. While GuardDuty actively uses this data for threat detection, it **doesn't** currently use these commands and arguments for service improvement purposes (it may do so in the future). Your trust, privacy, and the security of your content are our highest priority, and ensure that our use complies with our commitments to you. For more information, see [Data Privacy FAQ](https://aws.amazon.com//compliance/data-privacy-faq/). @@ -43 +43 @@ GuardDuty collects both commands (such as `curl`, `systemctl`, and `cron`) and t -GuardDuty Malware Protection scans and detects malware contained in EBS volumes attached to your potentially compromised Amazon EC2 instance and container workloads, and newly uploaded files in your selected Amazon S3 buckets. Currently, GuardDuty doesn't collect or use detected malware for service improvement. However, in the future, when GuardDuty Malware Protection identifies an EBS volume file or an S3 file as being malicious or harmful, GuardDuty Malware Protection will collect and store this file to develop and improve its malware detections, and the GuardDuty service. This file may also be used to develop and improve other AWS security services. Your trust, privacy, and the security of your content are our highest priority, and ensure that our use complies with our commitments to you. For more information, see [Data Privacy FAQ](https://aws.amazon.com/compliance/data-privacy-faq/). +GuardDuty Malware Protection scans and detects malware contained in EBS volumes attached to your potentially compromised Amazon EC2 instance and container workloads, newly uploaded files in your selected Amazon S3 buckets, and backup resources. Currently, GuardDuty doesn't collect or use detected malware for service improvement. However, in the future, when GuardDuty Malware Protection identifies an EBS volume file, backup file, or an S3 file as being malicious or harmful, GuardDuty Malware Protection will collect and store this file to develop and improve its malware detections, and the GuardDuty service. This file may also be used to develop and improve other AWS security services. Your trust, privacy, and the security of your content are our highest priority, and ensure that our use complies with our commitments to you. For more information, see [Data Privacy FAQ](https://aws.amazon.com//compliance/data-privacy-faq/).