I am trying to test guardduty by pulling off a brute force attack on Windows target ec2 host from my local windows machine (outside aws) using RDP. What i can see is there are no finding getting created on guardduty console even though i tried breaking into it with around 1000 login attempts.
But doing the same exercise with another ec2 instance (both within and outside the vpc) results in findings being created in the guardduty console.
Does it imply that GuardDuty is only applicable for attacks being made inside the aws premise?