En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Received SNS Notification, but No findings in Console?

0

We received a notification via SNS of New Findings, but upon visiting the Guard Duty page, we don't see any findings reported. Also, the SNS notification does not mention the instance which generated the findings - Any pointers on how to find out the instance/service which generated these findings?

{"type": "NEW_FINDINGS",
"version": "1",
"findingDetails":[
{
"link": "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcaller",
"findingType": "Impact:EC2/MaliciousDomainRequest.Reputation",
"findingDescription": "An EC2 instance is querying a low reputation domain that is associated with known malicious domains."
},...
}

Sujets
Sécurité, identité et conformité
Balises
Amazon GuardDuty
Langue
English
drl
demandé il y a 3 ans257 vues
1 réponse
1

Figured out that we had subscribed to "GuardDuty Feature Announcements" - The language in documentation was bit unclear.

For folks who run into this issue:
The right way to configure this via a rule in Cloudwatch -https://aws.amazon.com/premiumsupport/knowledge-center/guardduty-cloudwatch-sns-rule/

drl
répondu il y a 3 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents