EC2 Malware Protection Events: CloudWatch
Overview
The following are the specific events that are generated by EC2 Malware scan
Table Reference
EC2_SCAN_STARTED
Created when an GuardDuty Malware Protection for EC2 is initiating the process of malware scan, such as preparing to take a snapshot of an EBS volume.
EC2_SCAN_COMPLETED
Created when GuardDuty Malware Protection for EC2 scan completes for at least one of the EBS volumes of the impacted resource. This event also includes the snapshotId that belongs to the scanned EBS volume. After the scan completes, the scan result will either be CLEAN, THREATS_FOUND, or NOT_SCANNED.
EC2_SCAN_SKIPPED
Created when GuardDuty Malware Protection for EC2 scan skips all the EBS volumes of the impacted resource. To identify the skip reason, select the corresponding event, and view the details. For more information on skip reasons, see Reasons for skipping resource during malware scan below.
Last updated