Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
Why did GuardDuty send me alert findings for a trusted IP list address?
1 minute read
0
I set up a trusted IP address list for Amazon GuardDuty, but GuardDuty is sending me alert findings for my trusted IP address.
Resolution
To verify the trusted IP list settings, use the following best practices:
- Make sure that the trusted IP lists are uploaded in the same AWS Region as your GuardDuty findings.
- Verify that the trusted IP lists are activated. For instructions, see Adding and activating a trusted IP list or a threat IP list.
- If you change the trusted IP list, then you must reactivate it in GuardDuty. For instructions, see Updating trusted IP lists and threat lists.
- Make sure that IP addresses added in the trusted IP list are publicly routable IPv4 addresses. Support for IPv6 addresses isn't available.
Note: When you add a domain name, private IP address, or IPv6 address in a trusted IP list, GuardDuty generates findings.
Related information
Working with trusted IP lists and threat lists
How to use Amazon GuardDuty and AWS Web Application Firewall to automatically block suspicious hosts
AWS OFFICIALUpdated 7 months ago
No comments
Relevant content
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 3 years ago
