Threat Detection with AWS GuardDuty

My goal is this lab was to delete any suspiocus activity using AWS GuardDuty.

Below is a screenshot of the AWS Guard Duty Dashboard:

GuardDuty continuously scans AWS logs for anomalies. By enabling it, I can detect and respond to potential security threats it a timely manner.

Next, i wanted to scan through GuardDuty for any findings, in this case Unauthorized API Calls, but as you can see here on the findings page, it is blank:

If GuardDuty flagged an unauthorized IAM API call it would show here under findings, which could indicate credential theft. This finding would then need to be further investigated.