- Le plus récent
- Le plus de votes
- La plupart des commentaires
The GuardDuty finding contains the Instance-Id. Use this to search AWS Config to gain information about the instance. You can also find API calls involving this instance in CloudTrail.
The Finding shared resembles to Finding type "Behavior:EC2/NetworkPortUnusual", which informs that a listed EC2 instance in your AWS environment is behaving in a way that deviates from the established baseline. This EC2 instance has no prior history of communications on this remote port.
As in your case, this finding is reported for an EC2 instance that was spin up by auto-scaling, hence I would recommend you to kindly investigate internally and check for what purpose "43582" port is used by those EC2 instances. When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them.
Contenus pertinents
- demandé il y a un an
- Réponse acceptéedemandé il y a un an
- demandé il y a un an
- demandé il y a 6 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 6 mois
- AWS OFFICIELA mis à jour il y a 3 mois