S3 object scan status metrics in CloudWatch

You can monitor GuardDuty using CloudWatch, which collects raw data and processes it into readable, near real-time metrics. These statistics are retained for 15 months, so that you can access historical information and gain a better perspective on how Malware Protection for S3 is performing. You can also set alarms that watch for certain thresholds, and send notifications or take actions when those thresholds are met. For more information, see the Amazon CloudWatch User Guide.

The CloudWatch metrics for Malware Protection for S3 are available at the resource level. You can query these metrics for each protected resource separately. The metrics are reported in the AWS/GuardDuty/MalwareProtection namespace. You can set up alarms on specific resources to monitor security posture.

Malware scan status metrics
Metric	Description
`CompletedScanCount`	The number of S3 object malware scans that completed in a given time frame. Valid Dimensions: `Malware Protection Plan Id` `Resource Name` Units: Count
`FailedScanCount`	The number of S3 object malware scans that failed in a given time frame. Valid Dimensions: `Malware Protection Plan Id` `Resource Name` Units: Count
`SkippedScanCount`	The number of S3 object malware scans that were skipped in a given time frame. Valid Dimensions: `Malware Protection Plan Id` `Resource Name` `Skipped Reason` Potential values `Unsupported` `MissingPermissions` Units: Count
Malware scan result metrics
`InfectedScanCount`	The number of S3 object malware scans that detected potentially malicious object in a given time frame. Valid Dimensions: `Malware Protection Plan Id` `Resource Name` Units: Count
`CompletedScanBytes`	The number of S3 object bytes scanned in a given time frame. Valid Dimensions: `Malware Protection Plan Id` `Resource Name` Units: Count

Note

By default, the statistics in the CloudWatch metrics are AVG.

The following dimensions are supported for the Malware Protection for S3 metrics.

Dimension	Description
`Malware Protection Plan Id`	The unique identifier that is associated with the Malware Protection plan resource that GuardDuty creates for your protected resource.
`Resource Name`	The name of the protected resource.
`Skipped Reason`	The reason why an S3 object malware scan was skipped. Potential values `Unsupported` `MissingPermissions`

For information about accessing and querying these metrics, see Use Amazon CloudWatch metrics in the Amazon CloudWatch User Guide.

For information about setting up alarms, see Using Amazon CloudWatch alarms in the Amazon CloudWatch User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Troubleshooting S3 object post-scan tag failures

Editing Malware Protection plan for a protected bucket

S3 object scan status metrics in CloudWatch

Potential values

Note

Potential values