AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2026-06-04 · Documentation low

File: guardduty/latest/ug/guardduty_finding-types-active.md

Summary

Added three new Runtime Monitoring finding types to the active findings table related to sensitive file modifications.

Security assessment

This change updates the reference table to include new security findings for file modification detection. It enhances documentation of security monitoring features but doesn't address a specific security incident.

Diff

diff --git a/guardduty/latest/ug/guardduty_finding-types-active.md b/guardduty/latest/ug/guardduty_finding-types-active.md
index a6184c467..6929f66a1 100644
--- a//guardduty/latest/ug/guardduty_finding-types-active.md
+++ b//guardduty/latest/ug/guardduty_finding-types-active.md
@@ -213,0 +214 @@ Finding type | Resource type | Foundational data source/Feature | Finding severi
+[DefenseEvasion:Runtime/SensitiveFileModified](./findings-runtime-monitoring.html#defense-evasion-runtime-sensitive-file-modified) | Instance, EKS cluster, ECS cluster, or container | Runtime Monitoring | Medium  
@@ -233,0 +235 @@ Finding type | Resource type | Foundational data source/Feature | Finding severi
+[Persistence:Runtime/SensitiveFileModified](./findings-runtime-monitoring.html#persistence-runtime-sensitive-file-modified) | Instance, EKS cluster, ECS cluster, or container | Runtime Monitoring | Medium  
@@ -239,0 +242 @@ Finding type | Resource type | Foundational data source/Feature | Finding severi
+[PrivilegeEscalation:Runtime/SensitiveFileModified](./findings-runtime-monitoring.html#privilege-escalation-runtime-sensitive-file-modified) | Instance, EKS cluster, ECS cluster, or container | Runtime Monitoring | Medium