For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
Why did GuardDuty send me alert findings for a trusted IP list address?
1 minute read
0
I set up a trusted IP address list for Amazon GuardDuty, but GuardDuty is sending me alert findings for my trusted IP address.
Resolution
To verify the trusted IP list settings, use the following best practices:
- Make sure that the trusted IP lists are uploaded in the same AWS Region as your GuardDuty findings.
- Verify that the trusted IP lists are activated. For instructions, see Adding and activating a trusted IP list or a threat IP list.
- If you change the trusted IP list, then you must reactivate it in GuardDuty. For instructions, see Updating trusted IP lists and threat lists.
- Make sure that IP addresses added in the trusted IP list are publicly routable IPv4 addresses. Support for IPv6 addresses isn't available.
Note: When you add a domain name, private IP address, or IPv6 address in a trusted IP list, GuardDuty generates findings.
Related information
Working with trusted IP lists and threat lists
How to use Amazon GuardDuty and AWS Web Application Firewall to automatically block suspicious hosts
- Tags
- Amazon GuardDuty
- Language
- English
AWS OFFICIALUpdated 2 years ago
No comments
Relevant content
- asked 2 years ago
- asked 4 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 3 years ago
