We have already covered the two CloudTrail-related GuardDuty finding types, but there is also a third one under the stealth category: Stealth:IAMUser/PasswordPolicyChange. This will trigger when an accounts password policy is weakened, such as if the minimum password length changes from 15 characters to 8 characters. To avoid this finding, we simply should not touch the password strength requirements within an account that we are attacking.