By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

GuardDuty Malware Protection for S3 service- scan duration

0

Hello team, Is there a way to track the exact duration of time a file is scanned when using the new AWS GuardDuty Malware Protection for S3 service? From the moment the file is fully uploaded to S3 until the GuardDuty service completes the scan and tags the file

Topics
StorageSecurity, Identity, & ComplianceManagement & GovernanceNetworking & Content DeliveryAWS Well-Architected Framework
Tags
Amazon Simple Storage ServiceAmazon GuardDutyAmazon CloudWatchSecurity
Language
English
Jess
asked 2 months ago90 views
1 Answer
0

Hello.

As I answered in another question, EventBridge can notify you when a scan is completed.
The time is included in this event, so you can see information that can be used as an indicator rather than checking CloudWatch metrics.
https://docs.aws.amazon.com/guardduty/latest/ug/monitor-with-eventbridge-s3-malware-protection.html

I think it's also possible to check the timing when a tag was set with EventBridge.
For example, if you set up a rule like the one below, you'll be able to catch the event when a tag is set on an object in a bucket, and you'll also be able to check the time.

{
  "source": ["aws.s3"],
  "detail-type": ["Object Tags Added"],
  "detail": {
    "bucket": {
      "name": ["example-bucket-name"]
    }
  }
}
profile picture
EXPERT
Riku_Kobayashi
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content