2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
2
Here are my thoughts about the possible reasons that you didn't get the email notification (I followed the same document and it worked for me):
- the CloudWatch event pattern created at step 6 in the "Setup a CloudWatch event for GuardDuty findings" section in the document only alert for findings at Medium to High severity level. you can check the new finding's severity to see if it is at Low level.
- Because you could not find any GuardDuty events in CloudTrail and CloudTrail should capture all API calls to GuardDuty, I also suggest you use either of the two ways below to actively generate some new findings:
- Create sample findings from the GuardDuty console or API.
- Generate common GuardDuty findings automatically using the guardduty_tester.sh script.
- After new findings are generated, wait for more than 15 minutes, then check your email to see a corresponding number of Medium and High severity findings are received; if not, check CloudTrail events and also refer to this document - How can I troubleshoot issues with Amazon EventBridge rules? to narrow down the cause of the issue.
Hope these steps can help you make the GuardDuty notification work in your environment.
답변함 3달 전
0
Probably permission issue, you can use the following link - https://medium.com/@cloud_tips/how-to-connect-eventbridge-to-aws-860e6f303793
In Guardduty-> Settings console, it says as below : Findings export options Findings are automatically sent to EventBridge. You can also export findings to an S3 bucket. New findings are exported within 5 minutes. You can modify the frequency for updated findings below.
Does this mean that we don’t need to do anything special apart from setting up an eventbridge rule to get the findings to eventbridge ?
The blogpost you mentioned it talks about setting up the event destination from settings page. I don’t see that option at all in settings and my understanding is that we don’t need to do anything special to send events to eventbridge. Please correct.