Amazon GuardDuty expands threat detection coverage to continuously monitor network activity logs, starting with VPC Flow Logs, generated from the execution of AWS Lambda functions to detect threats to Lambda such as functions maliciously repurposed for unauthorized cryptocurrency mining, or compromised Lambda functions that are communicating with known threat actor servers. GuardDuty Lambda Protection can be enabled with a few steps in the GuardDuty console, and using AWS Organizations, can be centrally enabled for all existing and new accounts in an organization.
Source:: Amazon AWS