GuardDuty finding segregation

0

I have checked below link and I came to know that default behavior of GuardDuty findings is aggregation of new information.

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#:~:text=GuardDuty%20finding%20aggregation,within%20your%20account.

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html

we do not want to aggregate the information.

Could anyone confirm if we can do finding segregation to do not update new information.

1개 답변
0

Why do you not want to aggregate the information?

If GD was to raise separate findings customers would quickly be overwhelmed with findings and would find it hard to address the issue. By having a single finding and then updating it continuously, it is easier for you to then see which findings to fix (you can see which findings have been open for the longest time for example), then when you fix the issue you can close that single finding down.

It is not currently possible to have new findings raised for the same security issue on the same instance - that is by design.

profile pictureAWS
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인