> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/ko/search/data-explorer/example-queries/guardduty-logs-queries.md).

# GuardDuty 로그 쿼리

## 모든 GuardDuty 경고를 심각도별로 순위화

GuardDuty는 인프라에 대한 위협을 파악하는 데 유용한 가시성 소스입니다. 그러나 많은 수의 탐지 결과를 생성할 수 있습니다. 이 쿼리는 계정의 상태를 평가하는 데 사용할 수 있는 탐지 결과의 분포를 보여줍니다.

```sql
SELECT
 severity,
 count(1) AS total_rows
FROM panther_logs.public.aws_guardduty
WHERE p_occurs_between('2021-01-01', '2021-02-01')
GROUP BY severity
ORDER BY total_rows DESC
```

## 영향을 받은 리소스별로 모든 GuardDuty 경고를 순위화

위의 예와 비슷하지만, 이 예에서는 영향을 받은 리소스를 기준으로 탐지 결과를 순위화하여 특징을 설명합니다.

```sql
SELECT
 resource:resourceType AS resource_type,
 count(1) AS total_rows
FROM panther_logs.public.aws_guardduty
WHERE p_occurs_between('2021-01-01', '2021-02-01')
GROUP BY resource:resourceType
ORDER BY total_rows DESC
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.panther.com/ko/search/data-explorer/example-queries/guardduty-logs-queries.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.