Closed abdulharb closed 1 year ago
nasbench
commented
1 year ago Hi @abdulharb and sorry for the late response.
I looked into it a little bit and I also couldn't find the event in question as alert. This might a mistake that slipped during the rule creation. I would look into it more thanks for reporting.
nasbench
commented
1 year ago Hey @abdulharb looking at this list of cloudtrail events https://gist.github.com/pkazi/8b5a1374771f6efa5d55b92d8835718c I can find the eventname CreateIPSet maybe this helps?
nasbench
commented
1 year ago Closing this as unresponsive for now. If the issue still persist, feel free to re-open it.
Hey guys,
I've been trying to valated this rule but it seems like i can't find any docs that list "CreateIPSet" events as alerts. I've even ran a test and still could not find anything.
Any ideas? or am i just nuts?
List of AWS GuardDuty events: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html
Generating sample findings through the GuardDuty: https://docs.aws.amazon.com/guardduty/latest/ug/sample_findings.html