Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Amazon GuardDuty Sample Event Messages

Use these sample event messages to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Amazon GuardDuty sample message when you use the Amazon AWS S3 REST API protocol

Sample 1: The following sample event message shows that an IAM entity requested an API to disable S3 and block public access on a bucket.

Table 1: Highlighted Values in the Amazon GuardDuty Sample Event

JSA field name

Highlighted values in the event payload

Event ID

Policy:S3/BucketBlockPublicAccessDisabled

Source IP

10.51.100.0

Event Time

2020-06-23T23:53:14.222Z

Username

GeneratedFindingUserName

Sample 2: The following sample event message shows that S3 server access logging is disabled for a bucket.

Table 2: Highlighted values in the Amazon GuardDuty sample event

JSA field name

Highlighted values in the event payload

Event ID

Stealth:S3/ServerAccessLoggingDisabled

Source IP

10.51.100.0

Event Time

2020-06-23T23:53:14.222Z

Username

GeneratedFindingUserName