In GuardDuty, how can we create a filter to exclude findings marked as [SAMPLE]

The problem with [SAMPLE] findings is that information is not available in the Console in order for the filter to work. The only place that information is available is Sample findings have a value of "sample": true in the additionalInfo section of the finding JSON details, but that does not help with filtering either. One thing you can do is to select all [SAMPLE] findings from Console and archive them. That way you will not see them in the current view anymore.

Thanks for your suggestion, but it doesn't resolve my case. Here are additionnal infos.

All [SAMPLE] findings are already archived. I want to provide a list of all security events that occured in the past to an auditor. It means I want to include active and archived findings but exclude [SAMPLE] because they are not relevant the scope of the audit. I also tried the export functions to filter the JSON on "sample" value state, but when I click on download button it hangs indefinitely and I am not able to export the file. For your information I only have 249 findings (all samples) to export.

I retried after your post and exporting and downloading are working now int the same browser I had issue, I can't explain the cause of the issue previously.

I can have a workaround with exporting feature. But I thing it could be great to have to filter Sample finding in the Console.

Thanks for your help!