Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Sample Event Message

 

Use these sample event messages as a way of verifying a successful integration with JSA.

The following table provides a sample event message when you use the Amazon Web Services protocol for the Amazon GuardDuty DSM

Table 1: Amazon GuardDuty Sample Message Supported by Amazon Web Services.

Event name

Low level category

Sample log message

Trojan:EC2/ PhishingDomain Request!DNS

Trojan Detected

{"version": "0", "id": "xxxxx-xx", "detail-type": "GuardDuty Finding", "source": "aws.guardduty", "account":"1234567890", "time": "2018-02-28T20: 25:00Z", "region":"us-west-2", "resources": [] , "detail": {"schemaVersion":"2.0", "accountId" : "1234567890", "region": "us-west-2","partition" : "aws", "id": "xxxxxxxx", "arn": "arn:aws: guardduty:us-west-2:1234567890:detector/XXXXXXX /finding/xxxxxxx", "type": "Trojan:EC2/Phishing DomainRequest!DNS","resource": {"resourceType" : "Instance", "instanceDetails":{"instanceId" : "i-99999999", "instanceType": "m3.xlarge", "launchTime": "2016-08-02T02:05:06Z", "product Codes": [{"productCodeId": "GeneratedFinding ProductCodeId", "productCodeType": "Generated FindingProductCodeType"}],"iamInstanceProfile" : {"arn": "GeneratedFindingInstanceProfileArn" , "id": "GeneratedFindingInstanceProfileId"}, "networkInterfaces": [{"ipv6Addresses": [], "privateDnsName": "GeneratedFindingPrivateDns Name", "privateIpAddress":"127.0.0.1", "priva teIpAddresses": [{"privateDnsName": "Generated FindingPrivateName", "privateIpAddress":"127.0 .0.1"}], "subnetId": "GeneratedFindingSubnetId ", "vpcId": "GeneratedFindingVPCId", "security Groups": [{"groupName": "GeneratedFindingSecur ityGroupName", "groupId": "GeneratedFindingSec urityId"}], "publicDnsName":"GeneratedFinding PublicDNSName", "publicIp": "127.0.0.1"}], "tags": [{"key": "GeneratedFindingInstaceTag1 ", "value":"GeneratedFindingInstaceValue1"}, {"key":"ami-99999999", "imageDescription": "GeneratedFindingInstaceImageDescription"}} , "service": {"serviceName": "guardduty", "d etectorId": "xxxxxx","action": {"actionType" : "DNS_REQUEST", "dnsRequestAction":{"domain ": "GeneratedFindingDomainName", "protocol" : "UDP", "blocked": true}}, "resourceRole" : "TARGET", "additionalInfo": {"threatList Name": "GeneratedFindingThreatListName", "sample": true}, "eventFirstSeen": "2018- 02-28T20:22:26.350Z", "eventLastSeen": "20 18-02-28T20:22:26.350Z", "archived": false, "count": 1.0}, "severity": 8.0, "createdAt ": "2018-02-28T20:22:26.350Z", "updatedAt" : "2018-02-28T20:22:26.350Z", "title": "Trojan:EC2/PhishingDomainRequest!DNS", "description": "Trojan:EC2/PhishingDomain Request!DNS"}}