Die vorliegende Übersetzung wurde maschinell erstellt. Im Falle eines Konflikts oder eines Widerspruchs zwischen dieser übersetzten Fassung und der englischen Fassung (einschließlich infolge von Verzögerungen bei der Übersetzung) ist die englische Fassung maßgeblich.

# Integrieren mit AWS Security Hub CSPM
<a name="securityhub-integration"></a>

[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) liefert einen umfassenden Überblick über den Sicherheitsstatus in AWS und hilft Ihnen dabei, Ihre Umgebung anhand von Sicherheitsstandards und bewährten Methoden der Branche zu überprüfen. Security Hub CSPM sammelt Sicherheitsdaten von AWS Konten, Diensten und unterstützten Partnerprodukten von Drittanbietern und hilft Ihnen dabei, Ihre Sicherheitstrends zu analysieren und die Sicherheitsprobleme mit der höchsten Priorität zu identifizieren.

Die GuardDuty Amazon-Integration mit Security Hub CSPM ermöglicht es Ihnen, Ergebnisse von an Security Hub CSPM GuardDuty zu senden. Security Hub CSPM kann diese Ergebnisse dann in die Analyse Ihres Sicherheitsstatus einbeziehen.

**Contents**
+ [So GuardDuty sendet Amazon Ergebnisse an AWS Security Hub CSPM](#securityhub-integration-sending-findings)
  + [Arten von Ergebnissen, die GuardDuty an Security Hub CSPM gesendet werden](#securityhub-integration-finding-types)
    + [Latenz beim Senden neuer Ergebnisse](#securityhub-integration-finding-latency)
    + [Wiederholter Versuch, wenn Security Hub CSPM nicht verfügbar ist](#securityhub-integration-retry-send)
    + [Aktualisieren von vorhandenen Erkenntnissen in Security Hub CSPM](#securityhub-integration-finding-updates)
+ [Ergebnisse anzeigen in GuardDuty AWS Security Hub CSPM](#findings-in-securityhub)
  + [Interpretieren von GuardDuty Fundnamen in AWS Security Hub CSPM](#interpreting-findings-in-securityhub)
  + [Typischer Befund von GuardDuty](#securityhub-integration-finding-example)
+ [Aktivieren und Konfigurieren der Integration](#securityhub-integration-enable)
+ [Verwendung von GuardDuty Steuerelementen in Security Hub CSPM](#securityhub-integration-using-guardduty-controls)
+ [Einstellung der Veröffentlichung der Ergebnisse im Security Hub CSPM](#securityhub-integration-disable)

## So GuardDuty sendet Amazon Ergebnisse an AWS Security Hub CSPM
<a name="securityhub-integration-sending-findings"></a>

 AWS Security Hub CSPM In werden Sicherheitsprobleme als Ergebnisse erfasst. Einige Ergebnisse stammen aus Problemen, die von anderen AWS Diensten oder von Drittanbietern entdeckt wurden. Security Hub CSPM verfügt außerdem über eine Reihe von Regeln, anhand derer Sicherheitsprobleme erkannt und Ergebnisse generiert werden.

Security Hub CSPM bietet Tools zur Verwaltung von Erkenntnissen aus all diesen Quellen. Sie können Listen mit Erkenntnissen anzeigen und filtern und Details zu einer Erkenntnis anzeigen. Weitere Informationen finden Sie unter [Anzeigen der Erkenntnisse](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html) im *AWS Security Hub -Benutzerhandbuch*. Sie können auch den Status einer Untersuchung zu einer Erkenntnis nachverfolgen. Weitere Informationen finden Sie unter [Ergreifen von Maßnahmen zu Erkenntnissen](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-taking-action.html) im *AWS Security Hub -Benutzerhandbuch*.

Alle Ergebnisse in Security Hub CSPM verwenden ein standardmäßiges JSON-Format, das AWS Security Finding Format (ASFF). Das ASFF enthält Details über die Ursache des Problems, die betroffenen Ressourcen und den aktuellen Status der Erkenntnis. Siehe [AWS -Security Finding-Format (ASFF)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) im *AWS Security Hub -Leitfaden*.

Amazon GuardDuty ist einer der AWS Dienste, der Ergebnisse an Security Hub CSPM sendet.

### Arten von Ergebnissen, die GuardDuty an Security Hub CSPM gesendet werden
<a name="securityhub-integration-finding-types"></a>

Sobald Sie Security Hub CSPM für dasselbe Konto innerhalb desselben aktiviert GuardDuty haben AWS-Region, GuardDuty werden alle generierten Ergebnisse an Security Hub CSPM gesendet. Diese Ergebnisse werden mit dem Security [Finding Format (ASFF) an AWS Security](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) Hub CSPM gesendet. In ASFF gibt das `Types`-Feld die Art der Erkenntnis an.

#### Latenz beim Senden neuer Ergebnisse
<a name="securityhub-integration-finding-latency"></a>

Wenn ein neues Ergebnis GuardDuty erstellt wird, wird es normalerweise innerhalb von fünf Minuten an Security Hub CSPM gesendet.

#### Wiederholter Versuch, wenn Security Hub CSPM nicht verfügbar ist
<a name="securityhub-integration-retry-send"></a>

Wenn Security Hub CSPM nicht verfügbar ist, GuardDuty versucht es erneut, die Ergebnisse zu senden, bis sie empfangen werden.

#### Aktualisieren von vorhandenen Erkenntnissen in Security Hub CSPM
<a name="securityhub-integration-finding-updates"></a>

Nachdem es ein Ergebnis an Security Hub CSPM gesendet hat, GuardDuty sendet es Updates, um zusätzliche Beobachtungen der Findungsaktivität zu berücksichtigen, an Security Hub CSPM. Die neuen Beobachtungen dieser Ergebnisse werden basierend auf den [Schritt 5 — Häufigkeit für den Export von Ergebnissen](guardduty_exportfindings.md#guardduty_exportfindings-frequency) Einstellungen in Ihrem an Security Hub CSPM gesendet. AWS-Konto

Wenn Sie einen Befund archivieren oder die Archivierung aufheben, GuardDuty wird dieser Befund nicht an Security Hub CSPM gesendet. Alle manuell dearchivierten Ergebnisse, die später aktiv werden, werden nicht an Security Hub CSPM gesendet. GuardDuty 

## Ergebnisse anzeigen in GuardDuty AWS Security Hub CSPM
<a name="findings-in-securityhub"></a>

Melden Sie sich bei der an AWS-Managementkonsole und öffnen Sie die AWS Security Hub CSPM Konsole unter [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/).

Sie können jetzt eine der folgenden Methoden verwenden, um die GuardDuty Ergebnisse in der Security Hub CSPM-Konsole anzuzeigen:

**Option 1: *Integrationen* in Security Hub CSPM verwenden**  

1. **Wählen Sie im linken Navigationsbereich Integrationen aus.**

1. Überprüfen Sie auf der Seite **Integrationen** den **Status** für **Amazon: GuardDuty**. 
   + Wenn der **Status „**Ergebnisse werden akzeptiert**“** lautet, wählen **Sie neben „Ergebnisse** **akzeptieren“ die Option Ergebnisse** anzeigen aus. 
   + *Falls nicht, finden Sie weitere Informationen zur Funktionsweise von **Integrationen** unter [Security Hub CSPM-Integrationen](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-providers.html) im Benutzerhandbuch.AWS Security Hub *

**Option 2: *Ergebnisse* im Security Hub CSPM verwenden**  

1. **Wählen Sie im linken Navigationsbereich Findings aus.**

1. Fügen Sie auf der Seite **Ergebnisse** den Filter **Produktname** hinzu und geben Sie ein**GuardDuty**, um nur GuardDuty Ergebnisse anzuzeigen.

### Interpretieren von GuardDuty Fundnamen in AWS Security Hub CSPM
<a name="interpreting-findings-in-securityhub"></a>

GuardDuty sendet die Ergebnisse mithilfe des Security [Finding Formats (ASFF) an AWS Security](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) Hub CSPM. In ASFF gibt das `Types`-Feld die Art der Erkenntnis an. ASFF-Typen verwenden ein anderes Benennungsschema als Typen. GuardDuty In der folgenden Tabelle sind alle GuardDuty Findetypen mit ihren ASFF-Gegenstücken aufgeführt, so wie sie in Security Hub CSPM erscheinen. 

**Anmerkung**  
****Für einige GuardDuty Ergebnisarten weist Security Hub CSPM unterschiedliche ASFF-Suchnamen zu, je nachdem, ob die **Ressourcenrolle des Ergebnisdetails ACTOR oder TARGET** war.**** Weitere Informationen finden Sie unter [Erkenntnisdetails](guardduty_findings-summary.md).


|  GuardDuty Findetyp  |  ASFF-Ergebnistyp  | 
| --- | --- | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-attack-sequence-finding-types.html#attack-sequence-iam-compromised-credentials](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-attack-sequence-finding-types.html#attack-sequence-iam-compromised-credentials)  |  TTPs/AttackSequence:IAM/CompromisedCredentials   | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-attack-sequence-finding-types.html#attack-sequence-s3-compromised-data](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-attack-sequence-finding-types.html#attack-sequence-s3-compromised-data)  |  TTPs/AttackSequence:S3/CompromisedData   | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-ccactivityb](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-ccactivityb)  |  TTPs/Command and Control/Backdoor:EC2-C&CActivity.B  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-ccactivitybdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-ccactivitybdns)  |  TTPs/Command and Control/Backdoor:EC2-C&CActivity.B\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofservicedns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofservicedns)  |  TTPs/Command and Control/Backdoor:EC2-DenialOfService.Dns  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofservicetcp](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofservicetcp)  |  TTPs/Command and Control/Backdoor:EC2-DenialOfService.Tcp  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceudp](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceudp)  |  TTPs/Command and Control/Backdoor:EC2-DenialOfService.Udp  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceudpontcpports](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceudpontcpports)  |  TTPs/Command and Control/Backdoor:EC2-DenialOfService.UdpOnTcpPorts  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceunusualprotocol](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-denialofserviceunusualprotocol)  |  TTPs/Command and Control/Backdoor:EC2-DenialOfService.UnusualProtocol  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-spambot](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#backdoor-ec2-spambot)  |  TTPs/Command and Control/Backdoor:EC2-Spambot  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#behavior-ec2-networkportunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#behavior-ec2-networkportunusual)  |  Unusual Behaviors/VM/Behavior:EC2-NetworkPortUnusual  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#behavior-ec2-trafficvolumeunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#behavior-ec2-trafficvolumeunusual)  |  Unusual Behaviors/VM/Behavior:EC2-TrafficVolumeUnusual  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#backdoor-lambda-ccactivity-b](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#backdoor-lambda-ccactivity-b)  |  TTPs/Command and Control/Backdoor:Lambda-C&CActivity.B  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#backdoor-runtime-ccactivityb](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#backdoor-runtime-ccactivityb)  |  TTPs/Command and Control/Backdoor:Runtime-C&CActivity.B  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#backdoor-runtime-ccactivitybdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#backdoor-runtime-ccactivitybdns)  |  TTPs/Command and Control/Backdoor:Runtime-C&CActivity.B\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#credentialaccess-iam-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#credentialaccess-iam-anomalousbehavior)  |  TTPs/Credential Access/IAMUser-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credaccess-kubernetes-anomalousbehavior-secretsaccessed](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credaccess-kubernetes-anomalousbehavior-secretsaccessed)  |  TTPs/AnomalousBehavior/CredentialAccess:Kubernetes-SecretsAccessed  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-maliciousipcaller)  |  TTPs/CredentialAccess/CredentialAccess:Kubernetes-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-maliciousipcallercustom)  |  TTPs/CredentialAccess/CredentialAccess:Kubernetes-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-successfulanonymousaccess)  |  TTPs/CredentialAccess/CredentialAccess:Kubernetes-SuccessfulAnonymousAccess  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#credentialaccess-kubernetes-toripcaller)  |  TTPs/CredentialAccess/CredentialAccess:Kubernetes-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-failedlogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-failedlogin)  |  TTPs/Credential Access/CredentialAccess:RDS-AnomalousBehavior.FailedLogin  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-successfulbruteforce](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-successfulbruteforce)  |  TTPs/Credential Access/CredentialAccess:RDS-AnomalousBehavior.SuccessfulBruteForce  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-successlogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-anombehavior-successlogin)  |  TTPs/Credential Access/CredentialAccess:RDS-AnomalousBehavior.SuccessfulLogin  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-maliciousipcaller-failedlogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-maliciousipcaller-failedlogin)  |  TTPs/Credential Access/CredentialAccess:RDS-MaliciousIPCaller.FailedLogin  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-maliciousipcaller-successfullogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-maliciousipcaller-successfullogin)  |  TTPs/Credential Access/CredentialAccess:RDS-MaliciousIPCaller.SuccessfulLogin  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-toripcaller-failedlogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-toripcaller-failedlogin)  |  TTPs/Credential Access/CredentialAccess:RDS-TorIPCaller.FailedLogin  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-toripcaller-successfullogin](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#credaccess-rds-toripcaller-successfullogin)  |  TTPs/Credential Access/CredentialAccess:RDS-TorIPCaller.SuccessfulLogin  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolb](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolb)  |  TTPs/Command and Control/CryptoCurrency:EC2-BitcoinTool.B  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolbdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#cryptocurrency-ec2-bitcointoolbdns)  |  TTPs/Command and Control/CryptoCurrency:EC2-BitcoinTool.B\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#cryptocurrency-lambda-bitcointool-b](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#cryptocurrency-lambda-bitcointool-b)  |  TTPs/Command and Control/CryptoCurrency:Lambda-BitcoinTool.B Effects/Resource Consumption/CryptoCurrency:Lambda-BitcoinTool.B  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#cryptocurrency-runtime-bitcointoolb](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#cryptocurrency-runtime-bitcointoolb)  |  TTPs/Command and Control/CryptoCurrency:Runtime-BitcoinTool.B  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#cryptocurrency-runtime-bitcointoolbdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#cryptocurrency-runtime-bitcointoolbdns)  |  TTPs/Command and Control/CryptoCurrency:Runtime-BitcoinTool.B\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdnsresolver](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdnsresolver)  |  TTPs/DefenseEvasion/EC2:Unusual-DNS-Resolver  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unsualdohactivity](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unsualdohactivity)  |  TTPs/DefenseEvasion/EC2:Unusual-DoH-Activity  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdotactivity](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#defenseevasion-ec2-unusualdotactivity)  |  TTPs/DefenseEvasion/EC2:Unusual-DoT-Activity  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#defenseevasion-iam-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#defenseevasion-iam-anomalousbehavior)  |  TTPs/Defense Evasion/IAMUser-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#defenseevasion-iam-bedrockloggingdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#defenseevasion-iam-bedrockloggingdisabled)  |  TTPs/Defense Evasion/DefenseEvasion:IAMUser-BedrockLoggingDisabled  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-maliciousipcaller)  |  TTPs/DefenseEvasion/DefenseEvasion:Kubernetes-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-maliciousipcallercustom)  |  TTPs/DefenseEvasion/DefenseEvasion:Kubernetes-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-successfulanonymousaccess)  |  TTPs/DefenseEvasion/DefenseEvasion:Kubernetes-SuccessfulAnonymousAccess  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#defenseevasion-kubernetes-toripcaller)  |  TTPs/DefenseEvasion/DefenseEvasion:Kubernetes-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-filelessexecution](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-filelessexecution)  |  TTPs/Defense Evasion/DefenseEvasion:Runtime-FilelessExecution  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-kernelmoduleloaded](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-kernelmoduleloaded)  |  TTPs/Defense Evasion/DefenseEvasion:Runtime-KernelModuleLoaded  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionproc](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionproc)  |  TTPs/Defense Evasion/DefenseEvasion:Runtime-ProcessInjection.Proc  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionptrace](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionptrace)  |  TTPs/Defense Evasion/DefenseEvasion:Runtime-ProcessInjection.Ptrace  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionvirtualmemw](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseeva-runtime-processinjectionvirtualmemw)  |  TTPs/Defense Evasion/DefenseEvasion:Runtime-ProcessInjection.VirtualMemoryWrite  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-ptrace-anti-debug](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-ptrace-anti-debug)  |  TTPs/DefenseEvasion/DefenseEvasion:Runtime-PtraceAntiDebugging  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-suspicious-command](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#defenseevasion-runtime-suspicious-command)  |  TTPs/DefenseEvasion/DefenseEvasion:Runtime-SuspiciousCommand  | 
|  [Entdeckung:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#discovery-iam-anomalousbehavior)  |  TTPs/Discovery/IAMUser-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-anomalousbehavrior-permissionchecked](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-anomalousbehavrior-permissionchecked)  |  TTPs/AnomalousBehavior/Discovery:Kubernetes-PermissionChecked  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-maliciousipcaller)  |  TTPs/Discovery/Discovery:Kubernetes-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-maliciousipcallercustom)  |  TTPs/Discovery/Discovery:Kubernetes-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-successfulanonymousaccess)  |  TTPs/Discovery/Discovery:Kubernetes-SuccessfulAnonymousAccess  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#discovery-kubernetes-toripcaller)  |  TTPs/Discovery/Discovery:Kubernetes-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#discovery-rds-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#discovery-rds-maliciousipcaller)  |  TTPs/Discovery/RDS-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#discovery-rds-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/findings-rds-protection.html#discovery-rds-toripcaller)  |  TTPs/Discovery/RDS-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#discovery-runtime-suspicious-command](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#discovery-runtime-suspicious-command)  |  TTPs/Discovery/Discovery:Runtime-SuspiciousCommand  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-anomalousbehavior)  |  TTPs/Discovery:S3-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#discovery-s3-bucketenumerationunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#discovery-s3-bucketenumerationunusual)  |  TTPs/Discovery:S3-BucketEnumeration.Unusual  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcallercustom.title](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcallercustom.title)  |  TTPs/Discovery:S3-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-toripcaller)  |  TTPs/Discovery:S3-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcaller)  |  TTPs/Discovery:S3-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#exfiltration-iam-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#exfiltration-iam-anomalousbehavior)  |  TTPs/Exfiltration/IAMUser-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#execution-kubernetes-execinkubesystempod](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#execution-kubernetes-execinkubesystempod)  |  TTPs/Execution/Execution:Kubernetes-ExecInKubeSystemPod  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#execution-kubernetes-anomalousbehvaior-execinprod](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#execution-kubernetes-anomalousbehvaior-execinprod)  |  TTPs/AnomalousBehavior/Execution:Kubernetes-ExecInPod  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#exec-kubernetes-anomalousbehavior-workloaddeployed](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#exec-kubernetes-anomalousbehavior-workloaddeployed)  |  TTPs/AnomalousBehavior/Execution:Kubernetes-WorkloadDeployed  | 
|   [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-maliciousdomainrequest-custom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-maliciousdomainrequest-custom)   |  TTPs/Impact/Impact:EC2-MaliciousDomainRequest.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-maliciousipcaller)  |  TTPs/Impact/Impact:Kubernetes-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-maliciousipcallercustom)  |  TTPs/Impact/Impact:Kubernetes-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-successfulanonymousaccess)  |  TTPs/Impact/Impact:Kubernetes-SuccessfulAnonymousAccess  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#impact-kubernetes-toripcaller)  |  TTPs/Impact/Impact:Kubernetes-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-containerwithsensitivemount](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-containerwithsensitivemount)  | TTPs/Persistence/Persistence:Kubernetes-ContainerWithSensitiveMount | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-workloaddeployed-containerwithsensitivemount](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-workloaddeployed-containerwithsensitivemount)  | TTPs/AnomalousBehavior/Persistence:Kubernetes-WorkloadDeployed\$1ContainerWithSensitiveMount | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-workloaddeployed-privcontainer](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-workloaddeployed-privcontainer)  |  TTPs/AnomalousBehavior/PrivilegeEscalation:Kubernetes-WorkloadDeployed\$1PrivilegedContainer  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-maliciousipcaller)  |  TTPs/Persistence/Persistence:Kubernetes-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-maliciousipcallercustom)  |  TTPs/Persistence/Persistence:Kubernetes-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-successfulanonymousaccess](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-successfulanonymousaccess)  |  TTPs/Persistence/Persistence:Kubernetes-SuccessfulAnonymousAccess  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#persistence-kubernetes-toripcaller)  |  TTPs/Persistence/Persistence:Kubernetes-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ec2-maliciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ec2-maliciousfile)  |  TTPs/Execution/Execution:EC2-MaliciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ecs-maliciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ecs-maliciousfile)  |  TTPs/Execution/Execution:ECS-MaliciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-kubernetes-maliciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-kubernetes-maliciousfile)  |  TTPs/Execution/Execution:Kubernetes-MaliciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-container-maliciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-container-maliciousfile)  |  TTPs/Execution/Execution:Container-MaliciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ec2-suspiciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ec2-suspiciousfile)  |  TTPs/Execution/Execution:EC2-SuspiciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ecs-suspiciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-ecs-suspiciousfile)  |  TTPs/Execution/Execution:ECS-SuspiciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-kubernetes-suspiciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-kubernetes-suspiciousfile)  |  TTPs/Execution/Execution:Kubernetes-SuspiciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-container-suspiciousfile](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-malware-container-suspiciousfile)  |  TTPs/Execution/Execution:Container-SuspiciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-snapshot](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-snapshot)  |  TTPs/Execution/Execution:EC2-MaliciousFile\$1Snapshot  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-ami](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-ami)  |  TTPs/Execution/Execution:EC2-MaliciousFile\$1AMI  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-recoverypoint](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-ec2-maliciousfile-recoverypoint)  |  TTPs/Execution/Execution:EC2-MaliciousFile\$1RecoveryPoint  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-s3-maliciousfile-recoverypoint](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection-backup.html#execution-malware-s3-maliciousfile-recoverypoint)  |  TTPs/Execution/Execution:S3-MaliciousFile\$1RecoveryPoint  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-runtime-malicious-file-executed](https://docs.aws.amazon.com/guardduty/latest/ug/findings-malware-protection.html#execution-runtime-malicious-file-executed)  |  TTPs/Execution/Execution:Runtime-MaliciousFileExecuted  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-newbinaryexecuted](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-newbinaryexecuted)  |  TTPs/Execution/Execution:Runtime-NewBinaryExecuted  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-newlibraryloaded](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-newlibraryloaded)  |  TTPs/Execution/Execution:Runtime-NewLibraryLoaded  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-reverseshell](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-reverseshell)  |  TTPs/Execution/Execution:Runtime-ReverseShell  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspiciouscommand](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspiciouscommand)  |  TTPs/Execution/Execution:Runtime-SuspiciousCommand  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspicious-shell-created](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspicious-shell-created)  |  TTPs/Execution/Execution:Runtime-SuspiciousShellCreated  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspicioustool](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#execution-runtime-suspicioustool)  |  TTPs/Execution/Execution:Runtime-SuspiciousTool  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#exfiltration-s3-anomalousbehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#exfiltration-s3-anomalousbehavior)  |  TTPs/Exfiltration:S3-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#exfiltration-s3-objectreadunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#exfiltration-s3-objectreadunusual)  |  TTPs/Exfiltration:S3-ObjectRead.Unusual  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#exfiltration-s3-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#exfiltration-s3-maliciousipcaller)  |  TTPs/Exfiltration:S3-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-abuseddomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-abuseddomainrequestreputation)  |  TTPs/Impact:EC2-AbusedDomainRequest.Reputation  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-bitcoindomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-bitcoindomainrequestreputation)  |  TTPs/Impact:EC2-BitcoinDomainRequest.Reputation  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-maliciousdomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-maliciousdomainrequestreputation)  |  TTPs/Impact:EC2-MaliciousDomainRequest.Reputation  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-portsweep](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-portsweep)  |  TTPs/Impact/Impact:EC2-PortSweep  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-suspiciousdomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-suspiciousdomainrequestreputation)  |  TTPs/Impact:EC2-SuspiciousDomainRequest.Reputation  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-winrmbruteforce](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#impact-ec2-winrmbruteforce)  |  TTPs/Impact/Impact:EC2-WinRMBruteForce  | 
|  [Wirkung:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#impact-iam-anomalousbehavior)  |  TTPs/Impact/IAMUser-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-abuseddomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-abuseddomainrequestreputation)  |  TTPs/Impact/Impact:Runtime-AbusedDomainRequest.Reputation  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-bitcoindomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-bitcoindomainrequestreputation)  |  TTPs/Impact/Impact:Runtime-BitcoinDomainRequest.Reputation  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-cryptominerexecuted](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-cryptominerexecuted)  |  TTPs/Impact/Impact:Runtime-CryptoMinerExecuted  | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-maliciousdomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-maliciousdomainrequestreputation)  |  TTPs/Impact/Impact:Runtime-MaliciousDomainRequest.Reputation  | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-suspiciousdomainrequestreputation](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#impact-runtime-suspiciousdomainrequestreputation)  |  TTPs/Impact/Impact:Runtime-SuspiciousDomainRequest.Reputatio  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-delete](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-delete)  |  TTPs/Impact:S3-AnomalousBehavior.Delete  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-permission](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-permission)  |  TTPs/Impact:S3-AnomalousBehavior.Permission  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-write](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-anomalousbehavior-write)  |  TTPs/Impact:S3-AnomalousBehavior.Write  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#impact-s3-objectdeleteunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#impact-s3-objectdeleteunusual)  |  TTPs/Impact:S3-ObjectDelete.Unusual  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#impact-s3-permissionsmodificationunusual](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#impact-s3-permissionsmodificationunusual)  |  TTPs/Impact:S3-PermissionsModification.Unusual  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#impact-s3-maliciousipcaller)  |  TTPs/Impact:S3-MaliciousIPCaller  | 
|  [InitialAccess:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#initialaccess-iam-anomalousbehavior)  |  TTPs/Initial Access/IAMUser-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/gdu-malware-protection-s3-finding-types.html#s3-object-s3-malicious-file](https://docs.aws.amazon.com/guardduty/latest/ug/gdu-malware-protection-s3-finding-types.html#s3-object-s3-malicious-file)  |  TTPs/Object/Object:S3-MaliciousFile  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux)  |  TTPs/PenTest:IAMUser/KaliLinux  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-parrotlinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-parrotlinux)  |  TTPs/PenTest:IAMUser/ParrotLinux  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-pentoolinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-pentoolinux)  |  TTPs/PenTest:IAMUser/PentooLinux  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux)  |  TTPs/PenTest:S3-KaliLinux  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-parrotlinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-parrotlinux)  |  TTPs/PenTest:S3-ParrotLinux  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-pentoolinux](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#pentest-s3-pentoolinux)  |  TTPs/PenTest:S3-PentooLinux  | 
|   [Beharrlichkeit:/IAMUserAnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#persistence-iam-anomalousbehavior)   | TTPs/Persistence/IAMUser-AnomalousBehavior | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-networkpermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-networkpermissions)  |  TTPs/Persistence/Persistence:IAMUser-NetworkPermissions  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-resourcepermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-resourcepermissions)  |  TTPs/Persistence/Persistence:IAMUser-ResourcePermissions  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-userpermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#persistence-iam-userpermissions)  |  TTPs/Persistence/Persistence:IAMUser-UserPermissions  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#persistence-runtime-suspicious-command](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#persistence-runtime-suspicious-command)  |  TTPs/Persistence/Persistence:Runtime-SuspiciousCommand  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#policy-iam-rootcredentialusage](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#policy-iam-rootcredentialusage)  |  TTPs/Policy:IAMUser-RootCredentialUsage  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#policy-iam-user-short-term-root-credential-usage](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#policy-iam-user-short-term-root-credential-usage)  |  TTPs/Policy:IAMUser-ShortTermRootCredentialUsage  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-adminaccesstodefaultserviceaccount](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-adminaccesstodefaultserviceaccount)  |  Software and Configuration Checks/AWS Security Best Practices/Policy:Kubernetes-AdminAccessToDefaultServiceAccount  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-anonymousaccessgranted](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-anonymousaccessgranted)  |  Software and Configuration Checks/AWS Security Best Practices/Policy:Kubernetes-AnonymousAccessGranted  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-exposeddashboard](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-exposeddashboard)  |  Software and Configuration Checks/AWS Security Best Practices/Policy:Kubernetes-ExposedDashboard  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-kubeflowdashboardexposed](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#policy-kubernetes-kubeflowdashboardexposed)  |  Software and Configuration Checks/AWS Security Best Practices/Policy:Kubernetes-KubeflowDashboardExposed  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-accountblockpublicaccessdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-accountblockpublicaccessdisabled)  |  TTPs/Policy:S3-AccountBlockPublicAccessDisabled  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketanonymousaccessgranted](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketanonymousaccessgranted)  |  TTPs/Policy:S3-BucketAnonymousAccessGranted  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketblockpublicaccessdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketblockpublicaccessdisabled)  |  Effects/Data Exposure/Policy:S3-BucketBlockPublicAccessDisabled  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketpublicaccessgranted](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#policy-s3-bucketpublicaccessgranted)  |  TTPs/Policy:S3-BucketPublicAccessGranted  | 
|   [PrivilegeEscalation:IAMUser/AnomalousBehavior](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#privilegeescalation-iam-anomalousbehavior)   |  TTPs/Privilege Escalation/IAMUser-AnomalousBehavior  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeescalation-iam-administrativepermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeescalation-iam-administrativepermissions)  |  TTPs/Privilege Escalation/PrivilegeEscalation:IAMUser-AdministrativePermissions  | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-rolebindingcreated](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-rolebindingcreated) |  TTPs/AnomalousBehavior/PrivilegeEscalation:Kubernetes-RoleBindingCreated  | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-rolecreated](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privesc-kubernetes-anomalousbehavior-rolecreated) |  TTPs/AnomalousBehavior/PrivilegeEscalation:Kubernetes-RoleCreated  | 
| [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privilegeescalation-kubernetes-privilegedcontainer](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-finding-types-eks-audit-logs.html#privilegeescalation-kubernetes-privilegedcontainer) |  TTPs/PrivilegeEscalation/PrivilegeEscalation:Kubernetes-PrivilegedContainer  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-containermountshostdirectory](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-containermountshostdirectory)  |  TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-ContainerMountsHostDirectory  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-cgroupsreleaseagentmodified](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-cgroupsreleaseagentmodified)  |  TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-CGroupsReleaseAgentModified  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-dockersocketaccessed](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-dockersocketaccessed)  |  TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-DockerSocketAccessed  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-elevation-to-root](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-elevation-to-root)  |  TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-ElevationToRoot  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-runccontainerescape](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-runccontainerescape)  |  TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-RuncContainerEscape  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#privilege-escalation-runtime-suspicious-command](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#privilege-escalation-runtime-suspicious-command)  |  Software and Configuration Checks/PrivilegeEscalation:Runtime-SuspiciousCommand  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-userfaultfdusage](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#privilegeesc-runtime-userfaultfdusage)  |  TTPs/Privilege Escalation/PrivilegeEscalation:Runtime-UserfaultfdUsage  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portprobeemrunprotectedport](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portprobeemrunprotectedport)  |  TTPs/Discovery/Recon:EC2-PortProbeEMRUnprotectedPort  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portprobeunprotectedport](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portprobeunprotectedport)  |  TTPs/Discovery/Recon:EC2-PortProbeUnprotectedPort  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#recon-ec2-portscan)  |  TTPs/Discovery/Recon:EC2-Portscan  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-maliciousipcaller)  |  TTPs/Discovery/Recon:IAMUser-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-maliciousipcallercustom)  |  TTPs/Discovery/Recon:IAMUser-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-networkpermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-networkpermissions)  |  TTPs/Discovery/Recon:IAMUser-NetworkPermissions  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-resourcepermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-resourcepermissions)  |  TTPs/Discovery/Recon:IAMUser-ResourcePermissions  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#recon-iam-toripcaller)  |  TTPs/Discovery/Recon:IAMUser-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-userpermissions](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#recon-iam-userpermissions)  |  TTPs/Discovery/Recon:IAMUser-UserPermissions  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#resourceconsumption-iam-computeresources](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#resourceconsumption-iam-computeresources)  |  Unusual Behaviors/User/ResourceConsumption:IAMUser-ComputeResources  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#stealth-iam-cloudtrailloggingdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#stealth-iam-cloudtrailloggingdisabled)  |  TTPs/Defense Evasion/Stealth:IAMUser-CloudTrailLoggingDisabled  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#stealth-iam-loggingconfigurationmodified](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#stealth-iam-loggingconfigurationmodified)  |  TTPs/Defense Evasion/Stealth:IAMUser-LoggingConfigurationModified  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#stealth-iam-passwordpolicychange](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#stealth-iam-passwordpolicychange)  |  TTPs/Defense Evasion/Stealth:IAMUser-PasswordPolicyChange  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#stealth-s3-serveraccessloggingdisabled](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#stealth-s3-serveraccessloggingdisabled)  |  TTPs/Defense Evasion/Stealth:S3-ServerAccessLoggingDisabled  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-blackholetraffic](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-blackholetraffic)  |  TTPs/Command and Control/Trojan:EC2-BlackholeTraffic  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-blackholetrafficdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-blackholetrafficdns)  |  TTPs/Command and Control/Trojan:EC2-BlackholeTraffic\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dgadomainrequestb](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dgadomainrequestb)  |  TTPs/Command and Control/Trojan:EC2-DGADomainRequest.B  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dgadomainrequestcdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dgadomainrequestcdns)  |  TTPs/Command and Control/Trojan:EC2-DGADomainRequest.C\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dnsdataexfiltration](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-dnsdataexfiltration)  |  TTPs/Command and Control/Trojan:EC2-DNSDataExfiltration  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-drivebysourcetrafficdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-drivebysourcetrafficdns)  |  TTPs/Initial Access/Trojan:EC2-DriveBySourceTraffic\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-droppoint](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-droppoint)  |  Effects/Data Exfiltration/Trojan:EC2-DropPoint  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-droppointdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-droppointdns)  |  Effects/Data Exfiltration/Trojan:EC2-DropPoint\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-phishingdomainrequestdns](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#trojan-ec2-phishingdomainrequestdns)  |  TTPs/Command and Control/Trojan:EC2-PhishingDomainRequest\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#trojan-lambda-blackhole-traffic](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#trojan-lambda-blackhole-traffic)  |  TTPs/Command and Control/Trojan:Lambda-BlackholeTraffic  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#trojan-lambda-drop-point](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#trojan-lambda-drop-point)  |  Effects/Data Exfiltration/Trojan:Lambda-DropPoint  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-blackholetraffic](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-blackholetraffic)  |  TTPs/Command and Control/Trojan:Runtime-BlackholeTraffic  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-blackholetrafficdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-blackholetrafficdns)  |  TTPs/Command and Control/Trojan:Runtime-BlackholeTraffic\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-dgadomainrequestcdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-dgadomainrequestcdns)  |  TTPs/Command and Control/Trojan:Runtime-DGADomainRequest.C\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-drivebysourcetrafficdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-drivebysourcetrafficdns)  |  TTPs/Initial Access/Trojan:Runtime-DriveBySourceTraffic\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-droppoint](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-droppoint)  |  Effects/Data Exfiltration/Trojan:Runtime-DropPoint  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-droppointdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-droppointdns)  |  Effects/Data Exfiltration/Trojan:Runtime-DropPoint\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-phishingdomainrequestdns](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#trojan-runtime-phishingdomainrequestdns)  |  TTPs/Command and Control/Trojan:Runtime-PhishingDomainRequest\$1DNS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-maliciousipcallercustom)  |  TTPs/Command and Control/UnauthorizedAccess:EC2-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-metadatadnsrebind](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-metadatadnsrebind)  |  TTPs/UnauthorizedAccess:EC2-MetadataDNSRebind  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-rdpbruteforce](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-rdpbruteforce)  |  TTPs/Initial Access/UnauthorizedAccess:EC2-RDPBruteForce  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-sshbruteforce](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-sshbruteforce)  |  TTPs/Initial Access/UnauthorizedAccess:EC2-SSHBruteForce  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torclient](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torclient)  |  Effects/Resource Consumption/UnauthorizedAccess:EC2-TorClient  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torrelay](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-torrelay)  |  Effects/Resource Consumption/UnauthorizedAccess:EC2-TorRelay  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#unauthorizedaccess-iam-consolelogin](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-retired.html#unauthorizedaccess-iam-consolelogin)  |  Unusual Behaviors/User/UnauthorizedAccess:IAMUser-ConsoleLogin  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-consoleloginsuccessb](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-consoleloginsuccessb)  |  TTPs/UnauthorizedAccess:IAMUser-ConsoleLoginSuccess.B  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationinsideaws](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationinsideaws)  |  Effects/Data Exfiltration/UnauthorizedAccess:IAMUser-InstanceCredentialExfiltration.InsideAWS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationoutsideaws](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-instancecredentialexfiltrationoutsideaws)  |  Effects/Data Exfiltration/UnauthorizedAccess:IAMUser-InstanceCredentialExfiltration.OutsideAWS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-maliciousipcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-maliciousipcaller)  |  TTPs/UnauthorizedAccess:IAMUser-MaliciousIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-maliciousipcallercustom)  |  TTPs/UnauthorizedAccess:IAMUser-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-resourcecredentialexfiltrationoutsideaws](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-resourcecredentialexfiltrationoutsideaws)  |  Effects/Data Exfiltration/UnauthorizedAccess:IAMUser-ResourceCredentialExfiltration.OutsideAWS  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#unauthorizedaccess-iam-toripcaller)  |  TTPs/Command and Control/UnauthorizedAccess:IAMUser-TorIPCaller  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-maliciousIPcaller-custom](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-maliciousIPcaller-custom)  |  TTPs/Command and Control/UnauthorizedAccess:Lambda-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-tor-client](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-tor-client)  |  Effects/Resource Consumption/UnauthorizedAccess:Lambda-TorClient  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-tor-relay](https://docs.aws.amazon.com/guardduty/latest/ug/lambda-protection-finding-types.html#unauthorized-access-lambda-tor-relay)  |  Effects/Resource Consumption/UnauthorizedAccess:Lambda-TorRelay  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-metadatadnsrebind](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-metadatadnsrebind)  |  TTPs/UnauthorizedAccess:Runtime-MetadataDNSRebind  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-torrelay](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-torrelay)  |  Effects/Resource Consumption/UnauthorizedAccess:Runtime-TorRelay  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-torclient](https://docs.aws.amazon.com/guardduty/latest/ug/findings-runtime-monitoring.html#unauthorizedaccess-runtime-torclient)  |  Effects/Resource Consumption/UnauthorizedAccess:Runtime-TorClient  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#unauthorizedaccess-s3-maliciousipcallercustom](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#unauthorizedaccess-s3-maliciousipcallercustom)  |  TTPs/UnauthorizedAccess:S3-MaliciousIPCaller.Custom  | 
|  [https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#unauthorizedaccess-s3-toripcaller](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#unauthorizedaccess-s3-toripcaller)  |  TTPs/UnauthorizedAccess:S3-TorIPCaller  | 

### Typischer Befund von GuardDuty
<a name="securityhub-integration-finding-example"></a>

GuardDuty sendet Ergebnisse mithilfe des Security [Finding Formats (ASFF) an AWS Security](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) Hub CSPM.

Hier ist ein Beispiel für ein typisches Ergebnis von. GuardDuty

```
  {
  "SchemaVersion": "2018-10-08",
  "Id": "arn:aws:guardduty:us-east-1:193043430472:detector/d4b040365221be2b54a6264dc9a4bc64/finding/46ba0ac2845071e23ccdeb2ae03bfdea",
  "ProductArn": "arn:aws:securityhub:us-east-1:product/aws/guardduty",
  "GeneratorId": "arn:aws:guardduty:us-east-1:193043430472:detector/d4b040365221be2b54a6264dc9a4bc64",
  "AwsAccountId": "193043430472",
  "Types": [
    "TTPs/Initial Access/UnauthorizedAccess:EC2-SSHBruteForce"
  ],
  "FirstObservedAt": "2020-08-22T09:15:57Z",
  "LastObservedAt": "2020-09-30T11:56:49Z",
  "CreatedAt": "2020-08-22T09:34:34.146Z",
  "UpdatedAt": "2020-09-30T12:14:00.206Z",
  "Severity": {
    "Product": 2,
    "Label": "MEDIUM",
    "Normalized": 40
  },
  "Title": "199.241.229.197 is performing SSH brute force attacks against i-0c10c2c7863d1a356.",
  "Description": "199.241.229.197 is performing SSH brute force attacks against i-0c10c2c7863d1a356. Brute force attacks are used to gain unauthorized access to your instance by guessing the SSH password.",
  "SourceUrl": "https://us-east-1.console.aws.amazon.com/guardduty/home?region=us-east-1#/findings?macros=current&fId=46ba0ac2845071e23ccdeb2ae03bfdea",
  "ProductFields": {
    "aws/guardduty/service/action/networkConnectionAction/remotePortDetails/portName": "Unknown",
    "aws/guardduty/service/archived": "false",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/organization/asnOrg": "CENTURYLINK-US-LEGACY-QWEST",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/geoLocation/lat": "42.5122",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/ipAddressV4": "199.241.229.197",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/geoLocation/lon": "-90.7384",
    "aws/guardduty/service/action/networkConnectionAction/blocked": "false",
    "aws/guardduty/service/action/networkConnectionAction/remotePortDetails/port": "46717",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/country/countryName": "United States",
    "aws/guardduty/service/serviceName": "guardduty",
    "aws/guardduty/service/evidence": "",
    "aws/guardduty/service/action/networkConnectionAction/localIpDetails/ipAddressV4": "172.31.43.6",
    "aws/guardduty/service/detectorId": "d4b040365221be2b54a6264dc9a4bc64",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/organization/org": "CenturyLink",
    "aws/guardduty/service/action/networkConnectionAction/connectionDirection": "INBOUND",
    "aws/guardduty/service/eventFirstSeen": "2020-08-22T09:15:57Z",
    "aws/guardduty/service/eventLastSeen": "2020-09-30T11:56:49Z",
    "aws/guardduty/service/action/networkConnectionAction/localPortDetails/portName": "SSH",
    "aws/guardduty/service/action/actionType": "NETWORK_CONNECTION",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/city/cityName": "Dubuque",
    "aws/guardduty/service/additionalInfo": "",
    "aws/guardduty/service/resourceRole": "TARGET",
    "aws/guardduty/service/action/networkConnectionAction/localPortDetails/port": "22",
    "aws/guardduty/service/action/networkConnectionAction/protocol": "TCP",
    "aws/guardduty/service/count": "74",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/organization/asn": "209",
    "aws/guardduty/service/action/networkConnectionAction/remoteIpDetails/organization/isp": "CenturyLink",
    "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/guardduty/arn:aws:guardduty:us-east-1:193043430472:detector/d4b040365221be2b54a6264dc9a4bc64/finding/46ba0ac2845071e23ccdeb2ae03bfdea",
    "aws/securityhub/ProductName": "GuardDuty",
    "aws/securityhub/CompanyName": "Amazon"
  },
  "Resources": [
    {
      "Type": "AwsEc2Instance",
      "Id": "arn:aws:ec2:us-east-1:193043430472:instance/i-0c10c2c7863d1a356",
      "Partition": "aws",
      "Region": "us-east-1",
      "Tags": {
        "Name": "kubectl"
      },
      "Details": {
        "AwsEc2Instance": {
          "Type": "t2.micro",
          "ImageId": "ami-02354e95b39ca8dec",
          "IpV4Addresses": [
            "18.234.130.16",
            "172.31.43.6"
          ],
          "VpcId": "vpc-a0c2d7c7",
          "SubnetId": "subnet-4975b475",
          "LaunchedAt": "2020-08-03T23:21:57Z"
        }
      }
    }
  ],
  "WorkflowState": "NEW",
  "Workflow": {
    "Status": "NEW"
  },
  "RecordState": "ACTIVE"
}
```

## Aktivieren und Konfigurieren der Integration
<a name="securityhub-integration-enable"></a>

Um die Integration mit verwenden zu können AWS Security Hub CSPM, müssen Sie Security Hub CSPM aktivieren. Informationen zur Aktivierung von Security Hub CSPM finden Sie unter [Security Hub einrichten](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) im *AWS Security Hub Benutzerhandbuch*.

Wenn Sie GuardDuty sowohl als auch Security Hub CSPM aktivieren, wird die Integration automatisch aktiviert. GuardDutybeginnt sofort, Ergebnisse an Security Hub CSPM zu senden.

## Verwendung von GuardDuty Steuerelementen in Security Hub CSPM
<a name="securityhub-integration-using-guardduty-controls"></a>

AWS Security Hub CSPM verwendet Sicherheitskontrollen, um Ihre AWS Ressourcen zu bewerten und zu überprüfen, ob Sie die Sicherheitsstandards und bewährten Verfahren der Branche einhalten. Sie können die Kontrollen verwenden, die sich auf GuardDuty Ressourcen und ausgewählte Schutzpläne beziehen. Weitere Informationen finden Sie unter [Amazon GuardDuty Controls](https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html) im *AWS Security Hub Benutzerhandbuch*.

Eine Liste aller Kontrollen für AWS Dienste und Ressourcen finden Sie unter [Security Hub CSPM-Steuerungsreferenz](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html) im *AWS Security Hub Benutzerhandbuch*.

## Einstellung der Veröffentlichung der Ergebnisse im Security Hub CSPM
<a name="securityhub-integration-disable"></a>

Um anzugeben, dass keine Erkenntnisse mehr an Security Hub CSPM gesendet werden, können Sie entweder die Konsole von Security Hub CSPM oder die API verwenden.

Weitere Informationen finden Sie unter [Deaktivieren und Aktivieren des Ergebnisflusses aus einer Integration (Konsole)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-console) oder [Deaktivieren des Ergebnisflusses aus einer Integration (Security Hub Hub-API, AWS CLI)](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-disable-api) im *AWS Security Hub Benutzerhandbuch*.