Sample alert for AWS GuardDuty

Snapshot of the entity when an event occurs in GuardDuty.

The sample alert becomes available after you generate the webhook.

{
    "Type": "Notification",
    "MessageId": "xx00xx-00xx-000-xxx-xx-00-xx",
    "TopicArn": "arn:aws:sns:us-east-1:xxxx:Test0AWSMessage",
    "Message": "{\"version\":\"0\",\"id\":\"xxxxx-xx-xx-xxx-xx\",\"detail-type\":\"GuardDuty Finding\",\"source\":\"aws.guardduty\",\"account\":\"0123456789\",\"time\":\"20XX-01-01T00:00:00Z\",\"region\":\"xx-east-1\",\"resources\":[],\"detail\":{\"schemaVersion\":\"1.0\",\"accountId\":\"0123456789\",\"region\":\"xx-east-1\",\"partition\":\"aws\",\"id\":\"xx00xxxx0xxxx00xxebd0\",\"arn\":\"arn:aws:guardduty:us-east-1:0123456789:detector\/xxxxx9a03exxxxxcbc\/finding\/xxxx\",\"type\":\"UnauthorizedAccess:IAMUser\/MaliciousIPCaller.Custom\",\"resource\":{},\"service\":{},\"severity\":2,\"createdAt\":\"20XX-01-02T01:01:00.936Z\",\"updatedAt\":\"20XX-01-02T01:01:33.594Z\",\"title\":\"API GeneratedFindingAPIName was invoked from an IP address on a custom threat list.\",\"description\":\"API was invoked from an IP address on the custom threat list.\"}}",
    "Timestamp": "20XX-01-01T01:02:03.372Z",
    "SignatureVersion": "1",
    "Signature": "xxx/x/+xxx+xxx/x+xx/xx/x+xxx==",
    "SigningCertURL": "https://sns.us-east-1.xxx.com/SimpleNotificationService-xxxxx.pem",
    "UnsubscribeURL": "https://sns.us-east-1.xxx.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:xx-east-1:00xx0xx0xxx0:Test0AWSMessage:00xxxxx00-x0x00-xxxx-00x0x-x00xxxxx0x"
}