This document discusses AWS services for threat detection and response. It begins with an introduction and overview of challenges around threat detection. It then describes AWS services that provide log and activity data for detection. These include GuardDuty and Macie which use machine learning for intelligent detection. Security Hub provides a centralized view of findings. Services like CloudWatch Events and Lambda can be used to automate response actions. The document outlines typical attacker lifecycles and example GuardDuty findings. It provides high-level and detailed playbooks for using AWS services in a threat detection and response workflow.