By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post

GuardDuty finding segregation

0

I have checked below link and I came to know that default behavior of GuardDuty findings is aggregation of new information.

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#:~:text=GuardDuty%20finding%20aggregation,within%20your%20account.

https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html

we do not want to aggregate the information.

Could anyone confirm if we can do finding segregation to do not update new information.

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
Amazon GuardDutySecurity
Language
English
AWS-User-6176623
asked 2 years ago199 views
1 Answer
0

Why do you not want to aggregate the information?

If GD was to raise separate findings customers would quickly be overwhelmed with findings and would find it hard to address the issue. By having a single finding and then updating it continuously, it is easier for you to then see which findings to fix (you can see which findings have been open for the longest time for example), then when you fix the issue you can close that single finding down.

It is not currently possible to have new findings raised for the same security issue on the same instance - that is by design.

profile pictureAWS
Alex_AWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content