How does AWS guardduty generate sample event and generate cloudwatch event

0 votes

I'm working on a Lambda function to process AWS GuardDuty findings.

I'd like to generate sample events, which is easily done using the CreateSampleFindings API call or create-sample-findings cli command.

I have a custom cloudwatch rule that responds to the following event Pattern which triggers my Lambda function:

{
    "detail-type": [
    "GuardDuty Finding"
    ],
    "source": [
    "aws.guardduty"
    ]
}

Generating the first sample finding easily triggers a cloudwatch event

$ aws guardduty create-sample-findings \
--detector-id abcd12345efgh6789 \
--finding-types Recon:EC2/PortProbeUnprotectedPort

However when I call this same command again, the count of the finding in guard duty increments, but no more cloudwatch events are generated.

$ aws guardduty get-findings \
--detector-id abcd12345efgh6789 \
--finding-ids zyxwv987654acbde1234 \
--query "Findings[].Service.Count"
--output text $ 2

I understand why this behavior is in place, as the findings are grouped by unique signature and triggering cloudwatch events for each instance of a unique finding would be too much noise

However for developing/debugging purposes, is there a way I can generate multiple sample events that will trigger a cloudwatch event?

Aug 22, 2018 in AWS by bug_seeker
• 14,970 points
76 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

For anyone that comes across this for testing purposes disabling GuardDuty and then reenabling allows you to regenerate sample findings that trigger the CloudWatch event. This method has worked for me while creating a log forwarder for GuardDuty.
 

answered Aug 22, 2018 by Priyaj
• 56,120 points

Related Questions In AWS

+1 vote
2 answers

Want my AWS s3 Bucket to read Name from CloudWatch Event

CloudTrail events for S3 bucket level operations ...READ MORE

answered May 28, 2018 in AWS by Cloud gunner
• 4,240 points
116 views
0 votes
1 answer

How to link AWS Lambda function to Amazon CloudWatch ?

In order to create Log Group and ...READ MORE

answered Jul 20, 2018 in AWS by datageek
• 2,390 points
79 views
+1 vote
1 answer

How does AWS EC2 Bitnami Wordpress setting security permissions for outsourced developer

cd /opt/bitnami/apps/wordpress/ sudo ./bnconfig --userpassword YOUR_NEW_PASSWORD Change password ...READ MORE

answered Aug 23, 2018 in AWS by Priyaj
• 56,120 points
36 views
+13 votes
2 answers
0 votes
1 answer
0 votes
1 answer

How to get AWS account/service cost using CloudWatch API?

You can check this link for a ...READ MORE

answered Jul 13, 2018 in AWS by Priyaj
• 56,120 points
131 views
0 votes
1 answer

How and Why AWS bill comes after i suspended the account

Amazon does not have a "suspend" account. ...READ MORE

answered Jul 20, 2018 in AWS by Priyaj
• 56,120 points
29 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.