1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
1
Reviewing the documentation here - https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html - it seems that findings should be getting published to your SNS topic and on to Slack at or near the 5 minute mark, but subsequent occurrences of particular findings are aggregated and sent by default at 6 hours so this still doesn't match what you are seeing. If you've not changed the default for this behaviour or these are not subsequent alarms that are aggregating I suggest you get in touch with support to investigate your specific configuration.
respondido hace 5 meses
Thank you. This document explains everything.
Contenido relevante
- OFICIAL DE AWSActualizada hace 8 meses
- ¿Cómo superviso los eventos de IAM y configuro las notificaciones de eventos con AWS CloudFormation?OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 8 meses
Are there any FailedInvocations in CloudWatch? For a delay that long I'd expect some failures and retries.
I am checking it regularly for failed invocations, but there is none. It's also subscribed to a dead letter SQS queue, no messages there too.