AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2026-05-28 · Documentation low

File: guardduty/latest/ug/how-does-runtime-monitoring-work.md

Summary

Updated description of GuardDuty's handling of runtime events from 'not accessible' to explaining analysis and presentation through findings

Security assessment

Clarifies security feature behavior (runtime threat detection) but doesn't address a specific vulnerability. Improves documentation of existing security capabilities.

Diff

diff --git a/guardduty/latest/ug/how-does-runtime-monitoring-work.md b/guardduty/latest/ug/how-does-runtime-monitoring-work.md
index 4b556b4cf..804201f13 100644
--- a//guardduty/latest/ug/how-does-runtime-monitoring-work.md
+++ b//guardduty/latest/ug/how-does-runtime-monitoring-work.md
@@ -26 +26 @@ The security agent uses VPC endpoint to deliver events to GuardDuty, ensuring th
-GuardDuty doesn't make the runtime events accessible to you.
+GuardDuty analyzes runtime events in your AWS environment, uses them internally for threat detection, and presents the results through findings.