1 Answer
- Newest
- Most votes
- Most comments
0
GuardDuty is a security service that continuously monitors your AWS accounts and workloads for malicious activity and unusual behavior. If GuardDuty detects a potential security issue, it generates a finding. Each finding is assigned a unique finding ID. If GuardDuty continues to detect the issue over time, it will send additional alerts with the same finding ID. This is done to keep you informed of any ongoing security issues and to provide you with the information you need to take corrective action. It is not uncommon for GuardDuty to send multiple alerts for the same finding, especially if the issue is not immediately resolved.
https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html
answered 2 years ago
Relevant content
- asked 7 months ago
- asked 2 years ago
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 4 months ago
Thank you for the response. But in my case, it is an EC2 instance involved in the alert. And I have terminated the EC2 instance. Then, how is this possible to get another alert for same EC2 instance which is terminated 7 days back?