Summary dashboard - Amazon GuardDuty

Summary dashboard

The Summary dashboard provides an aggregated view of the GuardDuty findings generated in your AWS account in the current Region. Presently, the dashboard supports a volume of up to 5,000 findings. However, you can view the details of all the findings by using either the Findings page on the GuardDuty console, or GetFindings or ListFindings.

Note

The findings summary is only available through the GuardDuty console at https://console.aws.amazon.com/guardduty/.

The following sections will help you access the dashboard and understand its components.

Accessing the Summary dashboard

On the GuardDuty console, the Summary dashboard shows a consolidated view of up to last 5,000 GuardDuty findings generated in the current Region.

To access the Summary dashboard
  1. Open the GuardDuty console at https://console.aws.amazon.com/guardduty/.

  2. In the navigation pane, choose Summary. When you open the console, GuardDuty shows the Summary dashboard.

  3. By default, the summary gets displayed for the same day – Today. The GuardDuty console provides an option to view the summary for the Last 2 days, Last 7 days, and Last 30 days. To change the default time range, choose one of the options from the dropdown above the Overview pane.

  4. Filter the data
    • The Accounts with most findings, Resources with most findings, and Least occurring findings widgets help you filter the data on the basis of the level of severity of the findings.

    • The Resources with most findings widget also helps you filter the data on the basis of your potentially impacted resource type.

      A member account can view the details of the potentially impacted resource that belongs to their own account. If you're a GuardDuty administrator account and want to view the details of the potentially impacted resource, open the GuardDuty console using the credentials of the associated member account.

  5. Protection plans coverage

    The protection plans coverage provides the count of member accounts that have enabled GuardDuty in your organization. The statistics are visible only to the delegated GuardDuty administrator.

Understanding the Summary dashboard

The Summary dashboard shows the aggregated data in the following sections. Before you proceed to view and understand the summary, make sure to choose the desired AWS Region from the Region selector at the top of the console. Also, make sure to choose the desired time range from the dropdown menu provided above the Overview pane. If no findings were generated for the chosen parameters, no data will be available in any of the widgets.

Out of a volume of up to last 5,000 GuardDuty findings, the summary dashboard with Accounts with most findings, Resources with most findings, and Least occurring findings shows the data based off of the top 5 results. For a deeper analysis, see the Findings page in the GuardDuty console.

This section provides the following data:

  • Total findings: Indicates the total number of findings generated in your account in the current Region.

  • High severity findings: Indicates the number of GuardDuty findings that have a high severity level in the current Region.

  • Resources with findings: Indicates the number of resources that are associated to a finding and have been potentially compromised.

  • Accounts with findings: Indicates the number of accounts in which at least one finding was generated. If you're a standalone account, the value in this field is 1.

For the time ranges Last 7 days and Last 30 days, the Overview pane may show the percentage difference in the findings generated week over week (WoW) or month over month (MoM), respectively. If no findings were generated in the week or the month before, then with no data to compare, the percentage difference may not be available.

If you're a GuardDuty administrator account, all of these fields provide the summarized data across all the member accounts in your organization.

This section displays a bar chart with the total number of findings against the chosen time range. You can view the number of findings with low, medium, or high severity, generated on a specific date within the chosen time range.

This section provides a pie chart illustration of the top five common finding types as observed from a volume of up to last 5,000 GuardDuty findings generated in the current Region. This pie chart displays the following data when hovered over each sector:

  • Findings count: Indicates the number of times this finding has been generated in the chosen time range.

  • Severity: Indicates the severity level of the finding – for example, Medium and High.

  • Percentage: Indicates the share of this finding type in the pie chart.

  • Last generated: Indicates how much time has passed since this finding type was last generated.

This section provides the following data:

  • Account: Indicates the AWS account ID where the finding was generated.

  • Finding count: Indicates the number of times a finding was generated for this account ID.

  • Last generated: Indicates how much time has passed since a finding type was last generated for this account ID.

  • High severity: By default, the data is shown for the high severity finding types. Possible options for this field are High severity, Medium severity, and All severity.

This section provides the following data:

  • Resource: Indicates the potentially impacted resource type and if this resource belongs to your account, you can access the quick link to view the resource details. If you're a GuardDuty administrator account, you can view the details of the potentially impacted resource by accessing the GuardDuty console with the credentials of the member account to which this resource belongs.

  • Account: Indicates the AWS account ID to which this resource belongs.

  • Finding count: Indicates the number of times that this resource was associated to a finding.

  • Last generated: Indicates how much time has passed since a finding type associated to this resource was last generated.

  • All resource types: By default, the data is shown for all of the resource types. By using the dropdown, you can view the data for a specific resource type, such as Instance, AccessKey, Lambda, and others.

  • High severity: By default, the data is shown for the high severity finding types. By using the dropdown, you can view the data for other severity levels. Possible options are High severity, Medium severity, and All severity.

This section provides the details of the finding types that are not generated often in your AWS environment. This insight can help you investigate and take action on an emergent threat pattern in your environment. The table shows the following data:

  • Finding type: Indicates the finding type name.

  • Finding count: Indicates the number of times that this finding type was generated in the chosen time range.

  • Last generated: Indicates how much time has passed since this finding type was last generated.

  • High severity: By default, the data is shown for the high severity finding types. Possible options for this field are High severity, Medium severity, and All severity.

This section provides the number of active member accounts that belong to your organization and have enabled one or more features and additional features (as applicable) configuration in the current AWS Region.

Only a delegated GuardDuty administrator can view the statistics for the member accounts within their organization. If a feature is not configured, choose Configure under the Actions column.

When you create a new AWS organization, it might take up to 24 hours to generate the statistics for the entire organization.

Providing feedback on the Summary dashboard

GuardDuty encourages you to provide feedback on the Summary dashboard's usability, features, and performance. This will help us improve the dashboard.

To provide feedback on the Summary dashboard
  1. Open the GuardDuty console at https://console.aws.amazon.com/guardduty/.

  2. In the navigation pane, choose Summary. When you open the GuardDuty console, it shows the Summary dashboard.

  3. Choose Feedback at the top-right corner of the dashboard. This will open up a form. After you provide the feedback, choose Submit.