AWS guardduty documentation change
Summary
Updated EventBridge notification documentation for S3 malware protection to include the new statusReasons field when scans are skipped, with examples showing reasons like PASSWORD_PROTECTED and SSE_C_ENCRYPTED_OBJECT
Security assessment
This change documents an enhancement to GuardDuty's malware protection feature by adding a statusReasons field to EventBridge notifications. This provides better visibility into why scans are skipped (e.g., password-protected files, encrypted objects), which helps users understand security monitoring gaps. However, there is no evidence this fixes a security vulnerability.
Diff
diff --git a/guardduty/latest/ug/monitor-with-eventbridge-s3-malware-protection.md b/guardduty/latest/ug/monitor-with-eventbridge-s3-malware-protection.md index 23ff1cafe..7e39ba07d 100644 --- a//guardduty/latest/ug/monitor-with-eventbridge-s3-malware-protection.md +++ b//guardduty/latest/ug/monitor-with-eventbridge-s3-malware-protection.md @@ -177,0 +178,2 @@ For information about troubleshooting steps for the following warning and errors +When the `scanStatus` is `SKIPPED`, the `scanResultDetails` includes a `statusReasons` field that provides the specific reason why the scan was skipped. For information about the possible values, see [S3 object potential scan status and result status](./monitoring-malware-protection-s3-scans-gdu.html#s3-object-scan-result-value-malware-protection). + @@ -203 +205,2 @@ For information about troubleshooting steps for the following warning and errors - "threats": null + "threats": null, + "statusReasons": null @@ -239 +242,2 @@ Show moreShow less - ] + ], + "statusReasons": null @@ -275 +279,2 @@ Show moreShow less - "threats": null + "threats": null, + "statusReasons": ["PASSWORD_PROTECTED"] @@ -307 +312,2 @@ Show moreShow less - "threats": null + "threats": null, + "statusReasons": ["SSE_C_ENCRYPTED_OBJECT"] @@ -339 +345,2 @@ Show moreShow less - "threats": null + "threats": null, + "statusReasons": null