AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2026-06-04 · Documentation low

File: guardduty/latest/ug/doc-history.md

Summary

Added documentation about new Runtime Monitoring finding types (Persistence/PrivilegeEscalation/DefenseEvasion:Runtime/SensitiveFileModified) that detect security-sensitive file modifications.

Security assessment

This change documents new security monitoring capabilities but does not address a specific vulnerability. It enhances security awareness by describing detection of file modifications that could enable persistence, privilege escalation, or defense evasion tactics.

Diff

diff --git a/guardduty/latest/ug/doc-history.md b/guardduty/latest/ug/doc-history.md
index db3629dca..e8bdd302a 100644
--- a//guardduty/latest/ug/doc-history.md
+++ b//guardduty/latest/ug/doc-history.md
@@ -14,0 +15 @@ Change| Description| Date
+New Runtime Monitoring finding types - SensitiveFileModified| GuardDuty Runtime Monitoring introduces 3 new finding types that inform you when a security-sensitive system file on an Amazon EC2 instance or container has been modified, potentially enabling an adversary to gain persistence, elevate privileges, or evade detection. For more information, see [Persistence:Runtime/SensitiveFileModified](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#persistence-runtime-sensitive-file-modified), [PrivilegeEscalation:Runtime/SensitiveFileModified](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#privilege-escalation-runtime-sensitive-file-modified), and [DefenseEvasion:Runtime/SensitiveFileModified](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defense-evasion-runtime-sensitive-file-modified).| June 2, 2026