AwsGuardDuty
The following are examples of the Amazon Security Finding Format for AwsGuardDuty
resources.
AwsGuardDutyDetector
The AwsGuardDutyDetector
object provides information about an Amazon GuardDuty
detector. A detector is an object that represents the GuardDuty service. A detector is
required for GuardDuty to become operational.
The following example shows the Amazon Security Finding Format (ASFF) for the
AwsGuardDutyDetector
object. To view descriptions of
AwsGuardDutyDetector
attributes, see AwsGuardDutyDetector in the Amazon Security Hub API Reference.
Example
"AwsGuardDutyDetector": { "FindingPublishingFrequency": "SIX_HOURS", "ServiceRole": "arn:aws-cn:iam::123456789012:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty", "Status": "ENABLED", "DataSources": { "CloudTrail": { "Status": "ENABLED" }, "DnsLogs": { "Status": "ENABLED" }, "FlowLogs": { "Status": "ENABLED" }, "S3Logs": { "Status": "ENABLED" }, "Kubernetes": { "AuditLogs": { "Status": "ENABLED" } }, "MalwareProtection": { "ScanEc2InstanceWithFindings": { "EbsVolumes": { "Status": "ENABLED" } }, "ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection" } } }