guardduty-non-archived-findings
Checks if Amazon GuardDuty has findings that are non-archived. The rule is NON_COMPLIANT if GuardDuty has non-archived low/medium/high severity findings older than the specified number in the daysLowSev/daysMediumSev/daysHighSev
parameter.
Identifier: GUARDDUTY_NON_ARCHIVED_FINDINGS
Trigger type: Periodic
Amazon Web Services Region: All supported Amazon regions except US ISO West, US ISO East, Asia Pacific (Malaysia), US ISOB East, Israel (Tel Aviv), Canada West (Calgary) Region
Parameters:
- daysLowSev (Optional)
- Type: int
- Default: 30
-
The number of days Amazon GuardDuty low severity findings are allowed to stay non archived. The default is 30 days.
- daysMediumSev (Optional)
- Type: int
- Default: 7
-
The number of days Amazon GuardDuty medium severity findings are allowed to stay non archived. The default is 7 days.
- daysHighSev (Optional)
- Type: int
- Default: 1
-
The number of days Amazon GuardDuty high severity findings are allowed to stay non archived. The default is 1 day.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.