1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
1
Hi and welcome to the community!
You can search for the updateDetector event name to find who updated the Guard Duty configuration.
In particular you should search to see if scanEc2InstanceWithFindings
is set to true.
"requestParameters": {
"detectorId": "56bf249c0b2004c6e5f32f00b3cfda80",
"enable": true,
"findingPublishingFrequency": "SIX_HOURS",
"dataSources": {
"malwareProtection": {
"scanEc2InstanceWithFindings": {
"ebsVolumes": true
}
}
}
},
respondido há um ano
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
Thanks. I followed your guidance and it isn't showing me any events. I know we have logging enabled as a user search shows events. Does logging need to be enabled separately for the config changes?