Sample AWS Guardduty RQL Queries

note

The following guide will walk you through AWS Guardduty RQL Query Examples

AWS Guardduty Host looking for Trojan using Blackholed DNS traffic

config from cloud.resource where finding.type = 'AWS GuardDuty Host' AND finding.name = 'Trojan:EC2/BlackholeTraffic!DNS'