Received SNS Notification, but No findings in Console?

Question

We received a notification via SNS of New Findings, but upon visiting the Guard Duty page, we don't see any findings reported. Also, the SNS notification does not mention the instance which generated the findings - Any pointers on how to find out the instance/service which generated these findings?  
  
{"type": "NEW_FINDINGS",  
"version": "1",  
"findingDetails":\[  
        {  
            "link": "https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-s3.html#discovery-s3-maliciousipcaller",  
            "findingType": "Impact:EC2/MaliciousDomainRequest.Reputation",  
            "findingDescription": "An EC2 instance is querying a low reputation domain that is associated with known malicious domains."  
        },...  
}

Answer

Figured out that we had subscribed to "GuardDuty **Feature** Announcements" - The language in documentation was bit unclear.  
  
For folks who run into this issue:  
The right way to configure this via a rule in Cloudwatch -https://aws.amazon.com/premiumsupport/knowledge-center/guardduty-cloudwatch-sns-rule/

Received SNS Notification, but No findings in Console?

相關內容