How does AWS guardduty generate sample event and generate cloudwatch event

0 votes

I'm working on a Lambda function to process AWS GuardDuty findings.

I'd like to generate sample events, which is easily done using the CreateSampleFindings API call or create-sample-findings cli command.

I have a custom cloudwatch rule that responds to the following event Pattern which triggers my Lambda function:

{
    "detail-type": [
    "GuardDuty Finding"
    ],
    "source": [
    "aws.guardduty"
    ]
}

Generating the first sample finding easily triggers a cloudwatch event

$ aws guardduty create-sample-findings \
--detector-id abcd12345efgh6789 \
--finding-types Recon:EC2/PortProbeUnprotectedPort

However when I call this same command again, the count of the finding in guard duty increments, but no more cloudwatch events are generated.

$ aws guardduty get-findings \
--detector-id abcd12345efgh6789 \
--finding-ids zyxwv987654acbde1234 \
--query "Findings[].Service.Count"
--output text $ 2

I understand why this behavior is in place, as the findings are grouped by unique signature and triggering cloudwatch events for each instance of a unique finding would be too much noise

However for developing/debugging purposes, is there a way I can generate multiple sample events that will trigger a cloudwatch event?

Aug 22, 2018 in AWS by bug_seeker
• 15,350 points
188 views

1 answer to this question.

0 votes

For anyone that comes across this for testing purposes disabling GuardDuty and then reenabling allows you to regenerate sample findings that trigger the CloudWatch event. This method has worked for me while creating a log forwarder for GuardDuty.
 

answered Aug 22, 2018 by Priyaj
• 56,520 points

Related Questions In AWS

+1 vote
2 answers

Want my AWS s3 Bucket to read Name from CloudWatch Event

CloudTrail events for S3 bucket level operations ...READ MORE

answered May 28, 2018 in AWS by Cloud gunner
• 4,260 points
216 views
0 votes
1 answer

How to link AWS Lambda function to Amazon CloudWatch ?

In order to create Log Group and ...READ MORE

answered Jul 20, 2018 in AWS by datageek
• 2,440 points
167 views
+1 vote
1 answer

How does AWS EC2 Bitnami Wordpress setting security permissions for outsourced developer

cd /opt/bitnami/apps/wordpress/ sudo ./bnconfig --userpassword YOUR_NEW_PASSWORD Change password ...READ MORE

answered Aug 23, 2018 in AWS by Priyaj
• 56,520 points
59 views
+13 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 26, 2018 in DevOps & Agile by DragonLord999
• 8,380 points
152 views
0 votes
1 answer
0 votes
1 answer

How to get AWS account/service cost using CloudWatch API?

You can check this link for a ...READ MORE

answered Jul 13, 2018 in AWS by Priyaj
• 56,520 points
147 views
0 votes
1 answer

How and Why AWS bill comes after i suspended the account

Amazon does not have a "suspend" account. ...READ MORE

answered Jul 20, 2018 in AWS by Priyaj
• 56,520 points
96 views