Hello,
I want to ask regarding Guard Duty because it has caused the billing to increase in recent months, so the analyzed events exceeds 500Mil events. So after I checked the CloudTrail there are some requests to the S3 when the AWS Backup Job running, something like this:
273ab8768706e347a3fb4550fa8cc3012fb3f59a6b9e0f595f18a133f035ad00 <BUCKET_NAME> [07/Jul/2024:09:33:43 +0000] - arn:aws:sts::<ACCOUNT_ID>:assumed-role/AWSBackupDefaultServiceRole/<AWS_BACKUP_ROLE> DZ206W9WC7XG6APM REST.GET.OBJECT_TAGGING demo/A/2/2024/2/19/11/0_22_440.jpg "GET /demo/A/2/2024/2/19/11/0_22_440.jpg?tagging&versionId=DDmmqZSgLrVw42N5dW5BV60X1JPOraNa HTTP/1.1" 200 - 115 - 13 10 "-" "-" DDmmqZSgLrVw42N5dW5BV60X1JPOraNa fQCpSbnaPLPgCt8ckxWISxgdjcuo12Dxv8Ee4tRtTqYZqWsvKrjGgbR3hT/C/dSAwZO5Lr+86vO6FPtYiva3Yw== SigV4 TLS_AES_128_GCM_SHA256 AuthHeader <BUCKET_NAME>.s3.ap-southeast-1.amazonaws.com TLSv1.3 - -
273ab8768706e347a3fb4550fa8cc3012fb3f59a6b9e0f595f18a133f035ad00 <BUCKET_NAME> [07/Jul/2024:09:33:43 +0000] - arn:aws:sts::<ACCOUNT_ID>:assumed-role/AWSBackupDefaultServiceRole/<AWS_BACKUP_ROLE> DZ20MZY0BWR21HYP REST.GET.ACL demo/A/2/2024/2/19/11/0_22_542.jpg "GET /demo/A/2/2024/2/19/11/0_22_542.jpg?acl&versionId=at0YzlQ2uRgGuaZC4vmSRW4xvmZiuH6f HTTP/1.1" 200 - 542 - 12 - "-" "-" at0YzlQ2uRgGuaZC4vmSRW4xvmZiuH6f g6zN1R8dDbxkV5aCFmvERVdp6M0MxXwC57PGPO8Rr0p9F9CxNhfHqSA0QBwHbjctbW9POYOmzm5JGau212BMqw== SigV4 TLS_AES_128_GCM_SHA256 AuthHeader <BUCKET_NAME>.s3.ap-southeast-1.amazonaws.com TLSv1.3 - -
Are those requests/events also included in the AWS Guard Duty analyzing process?
