Detecting Cloud Threats with GuardDuty When to Use - When establishing continuous threat detection for new or existing AWS accounts - When investigating GuardDuty findings related to compromised instances, credential abuse, or data exfiltration - When building automated incident response playbooks triggered by GuardDuty findings - When extending threat coverage to container workloads running on EKS, ECS, or Fargate - When enabling malware scanning for EBS volumes attached to suspicious EC2 instances Do not use for Azure or GCP threat detection (see securing-azure-with-microsoft-defender or au…