guardduty-non-archived-findings

Checks if Amazon GuardDuty has findings that are non-archived. The rule is NON_COMPLIANT if GuardDuty has non-archived low/medium/high severity findings older than the specified number in the daysLowSev/daysMediumSev/daysHighSev parameter.

Identifier: GUARDDUTY_NON_ARCHIVED_FINDINGS

Trigger type: Periodic

AWS Region: All supported AWS regions except Israel (Tel Aviv), Canada West (Calgary) Region

Parameters:

daysLowSev (Optional)
Type: int
Default: 30: The number of days Amazon GuardDuty low severity findings are allowed to stay non archived. The default is 30 days.
daysMediumSev (Optional)
Type: int
Default: 7: The number of days Amazon GuardDuty medium severity findings are allowed to stay non archived. The default is 7 days.
daysHighSev (Optional)
Type: int
Default: 1: The number of days Amazon GuardDuty high severity findings are allowed to stay non archived. The default is 1 day.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

guardduty-lambda-protection-enabled

iam-customer-policy-blocked-kms-actions