Answer: Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. It uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. **Key features of Amazon GuardDuty:** - Monitors AWS CloudTrail event logs for suspicious API activity - Analyzes VPC Flow Logs for unusual network traffic patterns - Examines DNS logs for potentially malicious activity - Provides security findings with severity levels and remediation steps - Integrates with AWS Security Hub and Amazon EventBridge **Other options explained:** - **AWS Secrets Manager**: Used for managing and rotating secrets, not for security monitoring - **Amazon Cognito**: Provides user authentication and access control, not threat detection - **AWS Certificate Manager (ACM)**: Manages SSL/TLS certificates, not security monitoring

Author: Ritesh Yadav