GuardDuty finding segregation


I have checked below link and I came to know that default behavior of GuardDuty findings is aggregation of new information.,within%20your%20account.

we do not want to aggregate the information.

Could anyone confirm if we can do finding segregation to do not update new information.

1 Risposta

Why do you not want to aggregate the information?

If GD was to raise separate findings customers would quickly be overwhelmed with findings and would find it hard to address the issue. By having a single finding and then updating it continuously, it is easier for you to then see which findings to fix (you can see which findings have been open for the longest time for example), then when you fix the issue you can close that single finding down.

It is not currently possible to have new findings raised for the same security issue on the same instance - that is by design.

profile pictureAWS
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande