Reviewing GuardDuty findings

Use the following procedure to review and understand your GuardDuty findings.

Open the GuardDuty console at https://console.aws.amazon.com/guardduty/.
Choose Findings and then select a specific finding to view its details.

The details for each finding will differ depending on the Finding type, resources involved, and nature of the activity. For more information on available finding fields see Finding details.
(Optional) If you wish to archive a finding, select it from the list of your findings and then choose the Actions menu. Then choose Archive.

Archived findings can be viewed by choosing Archived from the Current dropdown.

Currently in GuardDuty users from GuardDuty member accounts can't archive findings.

Important
If you archive a finding manually using the procedure above, all subsequent occurrences of this finding (generated after the archiving is complete) are added to the list of your current findings. To never see this finding in your current list, you can auto-archive it. For more information, see Suppression rules in GuardDuty.
(Optional) To download a finding, select it from the list of your findings and then choose the Actions menu. Then choose Export. When you Export a finding, you can see its full JSON document.

Note
In some cases, GuardDuty becomes aware that certain findings are false positives after they have been generated. GuardDuty provides a Confidence field in the finding's JSON, and sets its value to zero. This way GuardDuty lets you know that you can safely ignore such findings.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Test GuardDuty findings

Finding details