Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.
Monitoring scan statuses and results in
GuardDuty Malware Protection
You can monitor the scan status of each GuardDuty Malware Protection scan. The possible values for scan
Status are Completed
, Running
,
and Failed
.
After the scan completes, the Scan result is populated for scans that
have the Status as Completed
. Possible values for
Scan result are Clean
and Infected
.
Scan results for each malware scan has a retention period of 90 days. You can view these
details using either the GuardDuty console or the API provided below.
- Console
-
-
Log into the https://console.amazonaws.cn/guardduty/ console.
-
In the navigation pane, choose Malware
scans.
-
You can filter the malware scans by the following
Properties available in the filter
criteria.
-
Scan ID
-
Account ID
-
EC2 instance ARN
-
Scan status
For information on properties used for filter criteria, see Finding details.
- API
-
-
After the malware scan is complete, you can filter the malware scans
on the basis of EC2_INSTANCE_ARN
, SCAN_ID
,
ACCOUNT_ID
, GUARDDUTY_FINDING_ID
,
SCAN_STATUS
, and SCAN_START_TIME
.
For information on the filter criteria, see Finding details.
-
You can change the example filter-criteria
in the command below. Presently, you can filter on the basis of one
CriterionKey
at a time. The options for
CriterionKey
are EC2_INSTANCE_ARN
,
SCAN_ID
, ACCOUNT_ID
,
GUARDDUTY_FINDING_ID
, SCAN_STATUS
, and
SCAN_START_TIME
.
If you use the same CriterionKey
as below, ensure to
replace the example EqualsValue
with your own valid Amazon
scan-id
.
Replace the example detector-id
with your own valid
detector-id
. You can
change the max-results
(up to 50) and the
sort-criteria
. The
AttributeName
is mandatory and must be
scanStartTime
.
aws guardduty describe-malware-scans --detector-id 60b8777933648562554d637e0e4bb3b2
--max-results 1
--sort-criteria '{"AttributeName": "scanStartTime", "OrderBy": "DESC
"}' --filter-criteria '{"FilterCriterion":[{"CriterionKey":"SCAN_ID
", "FilterCondition":{"EqualsValue":"123456789012
"}}] }'
-
The response of this command displays a maximum of one result with
details about the affected resource and malware findings (if
Infected
).