Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Received SNS Notification, but No findings in Console?

0

We received a notification via SNS of New Findings, but upon visiting the Guard Duty page, we don't see any findings reported. Also, the SNS notification does not mention the instance which generated the findings - Any pointers on how to find out the instance/service which generated these findings?

{"type": "NEW_FINDINGS",
"version": "1",
"findingDetails":[
{
"link": "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcaller",
"findingType": "Impact:EC2/MaliciousDomainRequest.Reputation",
"findingDescription": "An EC2 instance is querying a low reputation domain that is associated with known malicious domains."
},...
}

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Amazon GuardDuty
Idioma
English
drl
preguntada hace 3 años257 visualizaciones
1 Respuesta
1

Figured out that we had subscribed to "GuardDuty Feature Announcements" - The language in documentation was bit unclear.

For folks who run into this issue:
The right way to configure this via a rule in Cloudwatch -https://aws.amazon.com/premiumsupport/knowledge-center/guardduty-cloudwatch-sns-rule/

drl
respondido hace 3 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante