GuardDuty findings and suppression rules

AWS Security Incident Response proactively ingests, triages, and responds to all GuardDuty findings and Security Hub CSPM findings from CrowdStrike, FortinetCNAPP (Lacework), and Trend Micro. Our auto-triage technology eliminates internal analysis requirements. The service creates suppression and auto-archive rules in GuardDuty and Security Hub CSPM for benign findings. View or modify these rules under "Findings" in the GuardDuty console.

To quickly review enabled GuardDuty Suppression Rules:

Access the GuardDuty console.
Choose Findings.
Select the down arrow and notice the naming convention of the suppression rule.

Note

Organizations using SIEM technology have significantly reduced GuardDuty finding volumes over time, improving both Security Incident Response service and SIEM efficiency.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS supported case

Amazon EventBridge