Why did GuardDuty report the finding HIDDEN_DUE_TO_SECURITY_REASONS?

Last updated: 2022-07-07

Amazon GuardDuty findings or AWS CloudTrail logs display the user name as "HIDDEN_DUE_TO_SECURITY_REASONS".

Resolution

Successful and failed sign-in attempts for Identity and Access Management (IAM) users and federated users to the AWS Management Console are logged in CloudTrail logs. As a security best practice, AWS doesn't log the entered IAM user name text when the sign-in failure is caused by an incorrect user name. The user name text shows a GuardDuty finding or CloudTrail log entry as "HIDDEN_DUE_TO_SECURITY_REASONS", similar to the following sign-in failure event log example.

For more information, see Logging user sign-in events.

Related information

Security best practices in IAM

CloudTrail userIdentity element

Did this article help?

Submit feedback

Do you need billing or technical support?

Contact AWS Support

Why did GuardDuty report the finding HIDDEN_DUE_TO_SECURITY_REASONS?

Resolution

Related information

Ending Support for Internet Explorer