1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
1
Hi and welcome to the community!
You can search for the updateDetector event name to find who updated the Guard Duty configuration.
In particular you should search to see if scanEc2InstanceWithFindings
is set to true.
"requestParameters": {
"detectorId": "56bf249c0b2004c6e5f32f00b3cfda80",
"enable": true,
"findingPublishingFrequency": "SIX_HOURS",
"dataSources": {
"malwareProtection": {
"scanEc2InstanceWithFindings": {
"ebsVolumes": true
}
}
}
},
beantwortet vor einem Jahr
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
Thanks. I followed your guidance and it isn't showing me any events. I know we have logging enabled as a user search shows events. Does logging need to be enabled separately for the config changes?