Guardduty

detecting-s3-data-exfiltration-attempts helps investigate possible AWS S3 data theft by correlating CloudTrail S3 data events, GuardDuty findings, Amazon Macie alerts, and S3 access patterns. Use this detecting-s3-data-exfiltration-attempts skill for Security Audit, incident response, and suspicious bulk-download analysis.

detecting-cryptomining-in-cloud helps security teams detect unauthorized cryptomining in cloud workloads by correlating cost spikes, mining-port traffic, GuardDuty crypto findings, and runtime process evidence. Use it for triage, detection engineering, and detecting-cryptomining-in-cloud for Security Audit workflows.

detecting-compromised-cloud-credentials is a cloud security skill for AWS, Azure, and GCP that helps confirm credential abuse, trace anomalous API activity, investigate impossible travel and suspicious logins, and scope incident impact with provider telemetry and alerts.

detecting-cloud-threats-with-guardduty guides AWS teams through enabling Amazon GuardDuty, reviewing findings, and building automated response for cloud threats across accounts and workloads. It is useful for GuardDuty install, usage, and day-two operations in Cloud Architecture.