Getting Started with Warden Threat Detection

Before getting started on Warden Threat Detection, you can onboard your AWS account or organization by following the instructions here.

What does Warden Threat Detection Support?

Currently supports only AWS environment

Best Practices and Limitations

As stated, our initial launch supports AWS and focuses on providing Threat Detection support for resources the Warden platform currently supports.

Warden Threat Detection will continue to expand support and capabilities as we work with our customers to incorporate their feedback and requirements into our roadmap. If you have questions about the specifics of what we support or questions around a certain use case, reach out to us at 

Supported Threat Detection Alert Types

Understanding Threat Detection Terminology

This page provides a glossary of terminology with definitions for Warden Threat Detection specific terminology as well as some useful cloud-based terms.

Account ID

Cloud account identifier (e.g. AWS account ID)


Refers to the geographic location of the data center.

Alert Type

A notification that a cyber security threat to your information system has been detected or is underway.

Resource ID

A specific identifier of an instance of a cloud service. (e.g. “arn:aws:s3:::test-public-s3bucket-demo-1234”)

Resource Type

The grouping for the resource in the cloud environment. (e.g. “S3 Bucket”, “EC2 Instance”)

Source IP

Refers to the source IP address of the event which prompted the alert.

User ID

An entity that is used to identify a user.


Indicates the relative impact of an alert on the cloud environment (e.g. Critical, High, Low)   

Service-triggered Event

An event that is triggered by a cloud service (e.g. autoscaling)

Continue to
AWS Threat Detection Prerequisites



Back to: