Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

GuardDuty False Positive Rates

0

Hello All,

Does anyone experience False Positives with GuardDuty? If yes, what do you do to tune or update false positive findings? What options do customers have?

Recently, i've notice a lot of false positives with C&C findings in that they are simply triggered by a an DNS lookup (dig or nslookup) it seems and domain reputations in the threat lists that Guard Duty is using are not up to date.

Temas
Seguridad, identidad y cumplimientoAWS Well-Architected Framework
Etiquetas
Amazon GuardDutyDetección de amenazasSeguridad
Idioma
English
AWS-User-2792197
preguntada hace 2 años749 visualizaciones
1 Respuesta
1

I encountered a Guard Duty false positive before, but it was regarding an IP address that I use. I followed this document to add it as a trusted IP: https://aws.amazon.com/premiumsupport/knowledge-center/guardduty-trusted-ip-list/

You can also try Suppression rules to filter false-positive findings: https://docs.aws.amazon.com/guardduty/latest/ug/findings_suppression-rule.html

profile picture
joahna
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante