Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. GuardDuty also detects potentially compromised instances or reconnaissance by attackers.

We now support checking if GuardDuty is available on a region.

This is a new service capability which fetches guard duty detectors for each region. This can now be reasoned from the Compliance Engine.

libssh

GSL Syntax:

Region should have guardDutyStatus='Enabled'