1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
It should be registered in metrics, not CloudWatch Logs.
Check the CloudWatch metrics screen.
https://docs.aws.amazon.com/guardduty/latest/ug/monitor-cloudwatch-metrics-s3-malware-protection.html
The CloudWatch metrics for Malware Protection for S3 are available at the resource level. You can query these metrics for each protected resource separately. The metrics are reported in the AWS/GuardDuty/MalwareProtection namespace. You can set up alarms on specific resources to monitor security posture.
Relevant content
- asked 2 months ago
AWS OFFICIALUpdated 2 years ago
thank you for you answer!,
but what i'm looking for is the scan duration AWS took to complete file scanning process, the above metrics doesn't show that
If you want to know the time the scan was completed, why not capture the event in EventBridge? https://docs.aws.amazon.com/guardduty/latest/ug/monitor-with-eventbridge-s3-malware-protection.html
thank you, in fact i want to know how much time the AWS service took to scan the file, not which time the file was scanned
Therefore, I believe we can roughly estimate the time taken for the malware scan by comparing the time the file was uploaded to S3 with the time the event was notified by EventBridge. I didn't think there was any way to see the exact time it took to scan a file. Why would you want to know the exact time it took to scan a file?
because I’m conducting a performance test to measure the exact time it takes for GuardDuty to scan a file versus my current solution running in ECS Fargate, to determine if there's a performance gain.