84 releases (39 stable)

new 1.40.0 Jul 12, 2024
1.38.0 Jun 20, 2024
1.21.0 Mar 28, 2024
1.9.0 Dec 21, 2023
0.0.0 May 8, 2021

#2 in #malware

Download history 172/week @ 2024-03-15 199/week @ 2024-03-22 116/week @ 2024-03-29 129/week @ 2024-04-05 194/week @ 2024-04-12 151/week @ 2024-04-19 106/week @ 2024-04-26 172/week @ 2024-05-03 114/week @ 2024-05-10 164/week @ 2024-05-17 167/week @ 2024-05-24 164/week @ 2024-05-31 319/week @ 2024-06-07 231/week @ 2024-06-14 72/week @ 2024-06-21 1/week @ 2024-06-28

645 downloads per month


93K SLoC


Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following foundational data sources - VPC flow logs, Amazon Web Services CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, DNS logs, Amazon EBS volume data, runtime activity belonging to container workloads, such as Amazon EKS, Amazon ECS (including Amazon Web Services Fargate), and Amazon EC2 instances. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, domains, or presence of malware on your Amazon EC2 instances and container workloads. For example, GuardDuty can detect compromised EC2 instances and container workloads serving malware, or mining bitcoin.

GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise, such as unauthorized infrastructure deployments like EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.

GuardDuty informs you about the status of your Amazon Web Services environment by producing security findings that you can view in the GuardDuty console or through Amazon EventBridge. For more information, see the _ Amazon GuardDuty User Guide _.

Getting Started

Examples are available for many services and operations, check out the examples folder in GitHub.

The SDK provides one crate per AWS service. You must add Tokio as a dependency within your Rust project to execute asynchronous code. To add aws-sdk-guardduty to your project, add the following to your Cargo.toml file:

aws-config = { version = "1.1.7", features = ["behavior-version-latest"] }
aws-sdk-guardduty = "1.40.0"
tokio = { version = "1", features = ["full"] }

Then in code, a client can be created with the following:

use aws_sdk_guardduty as guardduty;

async fn main() -> Result<(), guardduty::Error> {
    let config = aws_config::load_from_env().await;
    let client = aws_sdk_guardduty::Client::new(&config);

    // ... make some calls with the client


See the client documentation for information on what calls can be made, and the inputs and outputs for each of those calls.

Using the SDK

Until the SDK is released, we will be adding information about using the SDK to the Developer Guide. Feel free to suggest additional sections for the guide by opening an issue and describing what you are trying to do.

Getting Help


This project is licensed under the Apache-2.0 License.


~275K SLoC