# aws-sdk-guardduty Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following foundational data sources - VPC flow logs, Amazon Web Services CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, DNS logs, Amazon EBS volume data, runtime activity belonging to container workloads, such as Amazon EKS, Amazon ECS (including Amazon Web Services Fargate), and Amazon EC2 instances. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, domains, or presence of malware on your Amazon EC2 instances and container workloads. For example, GuardDuty can detect compromised EC2 instances and container workloads serving malware, or mining bitcoin. GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise, such as unauthorized infrastructure deployments like EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength. GuardDuty informs you about the status of your Amazon Web Services environment by producing security findings that you can view in the GuardDuty console or through Amazon EventBridge. For more information, see the _ [Amazon GuardDuty User Guide](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html) _. ## Getting Started > Examples are available for many services and operations, check out the > [examples folder in GitHub](https://github.com/awslabs/aws-sdk-rust/tree/main/examples). The SDK provides one crate per AWS service. You must add [Tokio](https://crates.io/crates/tokio) as a dependency within your Rust project to execute asynchronous code. To add `aws-sdk-guardduty` to your project, add the following to your **Cargo.toml** file: ```toml [dependencies] aws-config = { version = "1.1.7", features = ["behavior-version-latest"] } aws-sdk-guardduty = "1.57.0" tokio = { version = "1", features = ["full"] } ``` Then in code, a client can be created with the following: ```rust,no_run use aws_sdk_guardduty as guardduty; #[::tokio::main] async fn main() -> Result<(), guardduty::Error> { let config = aws_config::load_from_env().await; let client = aws_sdk_guardduty::Client::new(&config); // ... make some calls with the client Ok(()) } ``` See the [client documentation](https://docs.rs/aws-sdk-guardduty/latest/aws_sdk_guardduty/client/struct.Client.html) for information on what calls can be made, and the inputs and outputs for each of those calls. ## Using the SDK Until the SDK is released, we will be adding information about using the SDK to the [Developer Guide](https://docs.aws.amazon.com/sdk-for-rust/latest/dg/welcome.html). Feel free to suggest additional sections for the guide by opening an issue and describing what you are trying to do. ## Getting Help * [GitHub discussions](https://github.com/awslabs/aws-sdk-rust/discussions) - For ideas, RFCs & general questions * [GitHub issues](https://github.com/awslabs/aws-sdk-rust/issues/new/choose) - For bug reports & feature requests * [Generated Docs (latest version)](https://awslabs.github.io/aws-sdk-rust/) * [Usage examples](https://github.com/awslabs/aws-sdk-rust/tree/main/examples) ## License This project is licensed under the Apache-2.0 License.