How Juno closes false positive investigations in 90 seconds.

GuardDuty flags unauthorized access on one of your IAM users.

You stop what you’re doing and start digging through CloudTrail, IAM activity, and VPC Flow Logs to trace the IP and API calls. Two hours later you finally piece it together. Instead of being an attack, it was just a false positive caused by an IP that should never have been on your threat list.

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Umesh Sirsiwal. Read the original post at: https://www.uptycs.com/blog/stop-letting-a-guardduty-alert-eat-your-day