Generating sample findings in GuardDuty
You can generate sample findings with Amazon GuardDuty to help you visualize and understand the various finding types that GuardDuty can generate. When you generate sample findings, GuardDuty populates your current findings list with one sample finding for each supported finding type.
The generated samples are approximations populated with placeholder values. These samples may look different from real findings for your environment, but you can use them to test various configurations for GuardDuty, such as your EventBridge events or filters. For a list of available values for finding types, see Finding types table.
Generating sample findings through the GuardDuty console or API
Choose your preferred access method to generate sample findings.
Note
The console method generates one of each finding type. Single sample findings can only be generated through the API.
The title of sample findings generated through these methods always begins with
[SAMPLE] in the console. Sample findings have a value of
"sample": true
in the additionalInfo section of
the finding JSON details.
To understand the finding details, such as finding severity and potentially compromised resource, associated with the generated findings, see Severity levels for GuardDuty findings and Finding details.
To generate some common findings based on a simulated activity in a dedicated and isolated AWS account within your environment, see Test GuardDuty findings in dedicated accounts.