Using Amazon CloudWatch metrics for Malware Protection plan - Amazon GuardDuty
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using Amazon CloudWatch metrics for Malware Protection plan

You can monitor GuardDuty using CloudWatch, which collects raw data and processes it into readable, near real-time metrics. These statistics are retained for 15 months, so that you can access historical information and gain a better perspective on how Malware Protection for S3 is performing. You can also set alarms that watch for certain thresholds, and send notifications or take actions when those thresholds are met. For more information, see the Amazon CloudWatch User Guide.

The CloudWatch metrics for Malware Protection for S3 are available at the resource level. You can query these metrics for each protected resource separately. The metrics are reported in the AWS/GuardDuty/MalwareProtection namespace. You can set up alarms on specific resources to monitor security posture.

Malware scan status metrics

Metric

Description

CompletedScanCount

The number of S3 object malware scans that completed in a given time frame.

Valid Dimensions:

  • Malware Protection Plan Id

    Resource Name

Valid statistics: SUM

Units: Count

FailedScanCount

The number of S3 object malware scans that completed in a given time frame.

Valid Dimensions:

  • Malware Protection Plan Id

    Resource Name

Valid statistics: Sum

Units: Count

SkippedScanCount

The number of S3 object malware scans that were skipped in a given time frame.

Valid Dimensions:

  • Malware Protection Plan Id

    Resource Name

    Skipped Reason

    Potential values

    • UnSupported

    • MissingPermissions

Valid statistics: Sum

Units: Count
Malware scan result metrics

InfectedScanCount

The number of S3 object malware scans that detected potentially malicious object in a given time frame.

Valid Dimensions:

  • Malware Protection Plan Id

    Resource Name

Valid statistics: Sum

Units: Count

CompletedScanBytes

The number of S3 object bytes scanned in a given time frame.

Valid Dimensions:

  • Malware Protection Plan Id

    Resource Name

Valid statistics: Sum

Units: Count
Note

By default, the statistics in the CloudWatch metrics are AVG.

The following dimensions are supported for the Malware Protection for S3 metrics.

Dimension Description
Malware Protection Plan Id

The unique identifier that is associated with the Malware Protection plan resource that GuardDuty creates for your protected resource.
Resource Name

The name of the protected resource.
Skipped Reason

The reason why an S3 object malware scan was skipped.

Potential values

  • UnSupported

  • MissingPermissions

For information about accessing and querying these metrics, see Use Amazon CloudWatch metrics in the Amazon CloudWatch User Guide.

For information about setting up alarms, see Using Amazon CloudWatch alarms in the Amazon CloudWatch User Guide.