Firstly, you should absolutely have a security account!
This article will be a brief intro to Amazon GuardDuty.
What is it?
A Machine Learning based threat discovery tool to detect anomalies and protect your AWS Account.
What to include
VPC Flow Logs
DNS Logs - Route 53
Cloudtrail Logs Optional inclusions:
S3 Logs
EBS
Lambda Activity
RDS Login Activity
EKS Monitoring
There is also a feature to detect for cryptocurrency activity.
What do you do with detections?
Simples.
Detection raised -> Amazon EventBridge -> Lambda or SNS.
Managing multiple AWS Accounts
You should have several Accounts. But you want GuardDuty activity on each of these.
Use AWS Organizations. Head into GuardDuty and invite member accounts through GuardDuty.
You can also nominate a specific member account as your delegated administrator account for GuardDuty, e.g. the security account.
