Posted On: Oct 8, 2018
Amazon GuardDuty customers can now customize the notification frequency to Amazon CloudWatch Events for subsequent occurrences of an existing finding. Prior to this feature, recurring GuardDuty findings generated a CloudWatch Event every 6 hours. Now, customers can customize this to recur in 15 minute, 1 hour or the default 6 hour intervals. Unique/first time findings still generate a CloudWatch Event close to real time.
Amazon CloudWatch Events are the mechanism for customers to integrate the GuardDuty service with alerting/ticketing tools, partner security solutions and AWS Lambda-based remediation actions. This feature will enable customers to further customize GuardDuty for their specific needs and improve the overall security posture of their AWS environment.
Available globally, Amazon GuardDuty continuously monitors for malicious or unauthorized behavior to help protect your AWS resources, including your AWS accounts and access keys. GuardDuty identifies unusual or unauthorized activity, like crypto-currency mining or infrastructure deployments in a region that has never been used. Powered by threat intelligence and machine learning, GuardDuty is continuously evolving to help you protect your AWS environment.
You can enable your 30-day free trial of Amazon GuardDuty with a single-click in the AWS Management console. Please see the AWS Regions page for all the regions where GuardDuty is available. To learn more, see Amazon GuardDuty Findings and to start your 30-day free trial, see Amazon GuardDuty Free Trial.