GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior inside AWS accounts. For more information, see AWS's documentation on GuardDuty finding format.
schema:AWS.GuardDutyparser:native:name:AWS.GuardDutydescription:Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior inside AWS accounts.referenceURL:https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-format.htmlfields: - name:schemaVersionrequired:truedescription:The schema format version of this record.type:string - name:accountIdrequired:truedescription:The ID of the AWS account in which the activity took place that prompted GuardDuty to generate this finding.type:string - name:regionrequired:truedescription:The AWS region in which the finding was generated.type:string - name:partitionrequired:truedescription:The AWS partition in which the finding was generated.type:string - name:idrequired:truedescription:A unique identifier for the finding.type:string - name:arnrequired:truedescription:A unique identifier formatted as an ARN for the finding.type:string - name:typerequired:truedescription:A concise yet readable description of the potential security issue.type:string - name:resourcerequired:truedescription:The AWS resource against which the activity took place that prompted GuardDuty to generate this finding.type:json - name:severityrequired:truedescription:The value of the severity can fall anywhere within the 0.1 to 8.9 range.type:float - name:createdAtrequired:truedescription:The initial creation time of the finding (UTC).type:timestamptimeFormat:rfc3339 - name:updatedAtrequired:truedescription:The last update time of the finding (UTC).type:timestamptimeFormat:rfc3339 - name:titlerequired:truedescription:A short description of the finding.type:string - name:descriptionrequired:truedescription:A long description of the finding.type:string - name:servicerequired:truedescription:Additional information about the affected service.type:objectfields: - name:additionalInfodescription:AdditionalInfo fieldtype:json - name:actiondescription:Action fieldtype:json - name:serviceNamerequired:truedescription:ServiceName fieldtype:string - name:detectorIdrequired:truedescription:DetectorID fieldtype:string - name:resourceRoledescription:ResourceRole fieldtype:string - name:eventFirstSeendescription:EventFirstSeen fieldtype:timestamptimeFormat:rfc3339 - name:eventLastSeendescription:EventLastSeen fieldtype:timestamptimeFormat:rfc3339 - name:archiveddescription:Archived fieldtype:boolean - name:countdescription:Count fieldtype:bigint