Posted On: May 9, 2018
Amazon GuardDuty now allows you to setup automatic archiving when creating a findings filter. This is useful when you have a unique use case in your environment that generates many similar findings, or in situations where you have reviewed a certain class of findings and don’t want to be alerted again.
When you create an Amazon GuardDuty filter, you choose specific filter criteria, name the filter and can enable the auto-archiving of findings that the filter matches. This allows you to further tune GuardDuty to your unique environment, without degrading the ability to identify threats. With auto-archive set, all findings are still generated by GuardDuty, so you have a complete and immutable history of all suspicious activity.