Skip to main content
AWS GuardDuty produces findings — threat-intelligence alerts covering compromised credentials, unusual API calls, reconnaissance activity, malware on EC2 and EKS workloads, and other security events. EventBridge API Destinations — GuardDuty publishes findings as EventBridge events, so a rule with an API Destination delivers them to Bronto in real time over HTTPS.

Alternatives

  • S3 Log Forwarder — for environments that already export findings to an S3 bucket via the GuardDuty findings-export feature.
See Ingesting AWS Data into Bronto for the full service-to-method mapping.

References