1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
Reviewing the documentation here - https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html - it seems that findings should be getting published to your SNS topic and on to Slack at or near the 5 minute mark, but subsequent occurrences of particular findings are aggregated and sent by default at 6 hours so this still doesn't match what you are seeing. If you've not changed the default for this behaviour or these are not subsequent alarms that are aggregating I suggest you get in touch with support to investigate your specific configuration.
con risposta 5 mesi fa
Thank you. This document explains everything.
Contenuto pertinente
- AWS UFFICIALEAggiornata 8 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
Are there any FailedInvocations in CloudWatch? For a delay that long I'd expect some failures and retries.
I am checking it regularly for failed invocations, but there is none. It's also subscribed to a dead letter SQS queue, no messages there too.