Amazon GuardDuty is a security service that continuously monitors your AWS accounts and workloads to identify unexpected and potentially malicious activity. It uses a combination of machine learning, threat intelligence feeds, and integrated AWS security features to identify threats, and provides you with recommendations for how to remediate them. In this blog, we'll take a look at some of the common findings that GuardDuty can identify in Amazon Elastic Container Service for Kubernetes (EKS) and Amazon Elastic Compute Cloud (EC2) environments. One common finding in EKS environments is unauthorized resource access. This occurs when an entity (such as an IAM user or an EC2 instance) accesses resources that it does not have permission to access. This could be the result of a misconfigured IAM policy or an accidental leak of AWS credentials. GuardDuty can alert you to this type of activity so that you can take action to secure your resources. Another common finding in EKS environments is network communication with known malicious IPs. This occurs when an EKS cluster or an EC2 instance in your environment communicates with an IP address that is known to be associated with malicious activity. This could be the result of an infected EC2 instance or an EKS cluster that has been compromised by a malicious actor. GuardDuty can alert you to this type of activity so that you can take steps to secure your environment. In EC2 environments, a common finding is unusual resource creation. This occurs when an entity creates resources in your environment at an unusual rate or in an unusual way. This could be the result of a compromised IAM user or an EC2 instance that has been compromised by a malicious actor. GuardDuty can alert you to this type of activity so that you can take steps to secure your environment.