AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

AWS GuardDuty alert retriggered

0

I am using AWS GuardDuty integration to Slack. Integration works like this, Cloudwatch Event --> SNS --> Lambda --> Slack.

Last week I got an alert for one finding and I did take action on that. But today I got an alert for the same GuardDuty finding ID in Slack. Why does it happen? Does GuardDuty sends alerts for the same finding after few days?

주제
보안, 신원 및 규정 준수서버리스애플리케이션 통합관리 및 거버넌스
태그
아마존 GuardDuty아마존 EventBridge아마존 CloudWatch
언어
English
Karthikeyan Sundararajan
질문됨 일 년 전378회 조회
1개 답변
0

GuardDuty is a security service that continuously monitors your AWS accounts and workloads for malicious activity and unusual behavior. If GuardDuty detects a potential security issue, it generates a finding. Each finding is assigned a unique finding ID. If GuardDuty continues to detect the issue over time, it will send additional alerts with the same finding ID. This is done to keep you informed of any ongoing security issues and to provide you with the information you need to take corrective action. It is not uncommon for GuardDuty to send multiple alerts for the same finding, especially if the issue is not immediately resolved.

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html

profile pictureAWS
KPMISHRA
답변함 일 년 전
  • Karthikeyan Sundararajan
    일 년 전

    Thank you for the response. But in my case, it is an EC2 instance involved in the alert. And I have terminated the EC2 instance. Then, how is this possible to get another alert for same EC2 instance which is terminated 7 days back?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠