AWS guardduty documentation change
Summary
Added documentation about new Runtime Monitoring finding types (Persistence/PrivilegeEscalation/DefenseEvasion:Runtime/SensitiveFileModified) that detect security-sensitive file modifications.
Security assessment
This change documents new security monitoring capabilities but does not address a specific vulnerability. It enhances security awareness by describing detection of file modifications that could enable persistence, privilege escalation, or defense evasion tactics.
Diff
diff --git a/guardduty/latest/ug/doc-history.md b/guardduty/latest/ug/doc-history.md index db3629dca..e8bdd302a 100644 --- a//guardduty/latest/ug/doc-history.md +++ b//guardduty/latest/ug/doc-history.md @@ -14,0 +15 @@ Change| Description| Date +New Runtime Monitoring finding types - SensitiveFileModified| GuardDuty Runtime Monitoring introduces 3 new finding types that inform you when a security-sensitive system file on an Amazon EC2 instance or container has been modified, potentially enabling an adversary to gain persistence, elevate privileges, or evade detection. For more information, see [Persistence:Runtime/SensitiveFileModified](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#persistence-runtime-sensitive-file-modified), [PrivilegeEscalation:Runtime/SensitiveFileModified](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#privilege-escalation-runtime-sensitive-file-modified), and [DefenseEvasion:Runtime/SensitiveFileModified](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defense-evasion-runtime-sensitive-file-modified).| June 2, 2026