1 Answer
- Newest
- Most votes
- Most comments
1
Hi and welcome to the community!
You can search for the updateDetector event name to find who updated the Guard Duty configuration.
In particular you should search to see if scanEc2InstanceWithFindings
is set to true.
"requestParameters": {
"detectorId": "56bf249c0b2004c6e5f32f00b3cfda80",
"enable": true,
"findingPublishingFrequency": "SIX_HOURS",
"dataSources": {
"malwareProtection": {
"scanEc2InstanceWithFindings": {
"ebsVolumes": true
}
}
}
},
answered a year ago
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
Thanks. I followed your guidance and it isn't showing me any events. I know we have logging enabled as a user search shows events. Does logging need to be enabled separately for the config changes?