Amazon GuardDuty Adds Capability to Automatically Archive Findings

Posted on: May 9, 2018

Amazon GuardDuty now allows you to setup automatic archiving when creating a findings filter. This is useful when you have a unique use case in your environment that generates many similar findings, or in situations where you have reviewed a certain class of findings and don’t want to be alerted again.

When you create an Amazon GuardDuty filter, you choose specific filter criteria, name the filter and can enable the auto-archiving of findings that the filter matches. This allows you to further tune GuardDuty to your unique environment, without degrading the ability to identify threats. With auto-archive set, all findings are still generated by GuardDuty, so you have a complete and immutable history of all suspicious activity.

To learn more, see Amazon GuardDuty Auto-Archive Rules. To start your 30-day free trial, see Amazon GuardDuty Free Trial.