Sample alert for AWS GuardDuty
Snapshot of the entity when an event occurs in GuardDuty.
The sample alert becomes available after you generate the webhook.
{
"Type": "Notification",
"MessageId": "xx00xx-00xx-000-xxx-xx-00-xx",
"TopicArn": "arn:aws:sns:us-east-1:xxxx:Test0AWSMessage",
"Message": "{\"version\":\"0\",\"id\":\"xxxxx-xx-xx-xxx-xx\",\"detail-type\":\"GuardDuty Finding\",\"source\":\"aws.guardduty\",\"account\":\"0123456789\",\"time\":\"20XX-01-01T00:00:00Z\",\"region\":\"xx-east-1\",\"resources\":[],\"detail\":{\"schemaVersion\":\"1.0\",\"accountId\":\"0123456789\",\"region\":\"xx-east-1\",\"partition\":\"aws\",\"id\":\"xx00xxxx0xxxx00xxebd0\",\"arn\":\"arn:aws:guardduty:us-east-1:0123456789:detector\/xxxxx9a03exxxxxcbc\/finding\/xxxx\",\"type\":\"UnauthorizedAccess:IAMUser\/MaliciousIPCaller.Custom\",\"resource\":{},\"service\":{},\"severity\":2,\"createdAt\":\"20XX-01-02T01:01:00.936Z\",\"updatedAt\":\"20XX-01-02T01:01:33.594Z\",\"title\":\"API GeneratedFindingAPIName was invoked from an IP address on a custom threat list.\",\"description\":\"API was invoked from an IP address on the custom threat list.\"}}",
"Timestamp": "20XX-01-01T01:02:03.372Z",
"SignatureVersion": "1",
"Signature": "xxx/x/+xxx+xxx/x+xx/xx/x+xxx==",
"SigningCertURL": "https://sns.us-east-1.xxx.com/SimpleNotificationService-xxxxx.pem",
"UnsubscribeURL": "https://sns.us-east-1.xxx.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:xx-east-1:00xx0xx0xxx0:Test0AWSMessage:00xxxxx00-x0x00-xxxx-00x0x-x00xxxxx0x"
}