EC2 Malware Protection Events: CloudWatch

Overview

The following are the specific events that are generated by EC2 Malware scan

Table Reference

Malware Protection for EC2 scan event name	Explanation
EC2_SCAN_STARTED	Created when an GuardDuty Malware Protection for EC2 is initiating the process of malware scan, such as preparing to take a snapshot of an EBS volume.
EC2_SCAN_COMPLETED	Created when GuardDuty Malware Protection for EC2 scan completes for at least one of the EBS volumes of the impacted resource. This event also includes the snapshotId that belongs to the scanned EBS volume. After the scan completes, the scan result will either be CLEAN, THREATS_FOUND, or NOT_SCANNED.
EC2_SCAN_SKIPPED	Created when GuardDuty Malware Protection for EC2 scan skips all the EBS volumes of the impacted resource. To identify the skip reason, select the corresponding event, and view the details. For more information on skip reasons, see Reasons for skipping resource during malware scan below.