> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Non Archived Findings Enabled For Guardduty

### More Info:

Checks if Amazon GuardDuty has findings that are non-archived. The rule is NON\_COMPLIANT if GuardDuty has non-archived low/medium/high severity findings older than the specified number in the daysLowSev/daysMediumSev/daysHighSev parameter.

### Risk Level

Low

### Addresses

Configuration

### Compliance Standards

CBP,RBI\_MD\_ITF,RBI\_UCB

### Triage and Remediation

<Tabs>
  <Tab title="Remediation">
    ### Remediation

    <AccordionGroup>
      <Accordion title="Using Console" defaultOpen="true">
        To remediate the non-archived findings enabled for GuardDuty in AWS Shield, you can follow these steps using the AWS Management Console:

        1. **Login to AWS Console**: Go to [https://aws.amazon.com/](https://aws.amazon.com/) and login to your AWS account using your credentials.

        2. **Navigate to GuardDuty Service**: In the AWS Management Console, search for "GuardDuty" in the services search bar and click on the GuardDuty service.

        3. **Select the GuardDuty Detector**: In the GuardDuty console, select the GuardDuty detector for which you want to remediate the non-archived findings.

        4. **Navigate to Settings**: Click on the "Settings" tab in the GuardDuty console to view the settings for the selected detector.

        5. **Disable Non-Archived Findings**: In the settings page, locate the "Non-Archived Findings" section and toggle the switch to disable it. This will ensure that findings are automatically archived after 90 days.

        6. **Save Changes**: Once you have disabled the non-archived findings, click on the "Save" button to apply the changes.

        7. **Verify Configuration**: You can verify that the non-archived findings are disabled by checking the settings page again and ensuring that the switch is in the off position.

        By following these steps, you have successfully remediated the non-archived findings enabled for GuardDuty in AWS Shield using the AWS Management Console.

        #
      </Accordion>

      <Accordion title="Using CLI">
        To remediate the non-archived findings enabled for GuardDuty in AWS Shield using AWS CLI, you can follow these steps:

        1. Open the AWS CLI and run the following command to disable the non-archived findings in GuardDuty:

        ```bash theme={null}
        aws guardduty update-organization-configuration --detector-id <detector-id> --auto-enable --data-sources "s3Logs={enable=false}"
        ```

        Replace `<detector-id>` with the ID of the GuardDuty detector for which you want to disable the non-archived findings.

        2. Verify that the non-archived findings are disabled by running the following command:

        ```bash theme={null}
        aws guardduty get-detector --detector-id <detector-id> --query DataSources.S3Logs
        ```

        This command will return the current configuration of S3 logs for the specified GuardDuty detector.

        3. Once you have verified that the non-archived findings are disabled, you have successfully remediated the misconfiguration in AWS Shield for GuardDuty.

        By following these steps, you can remediate the non-archived findings enabled for GuardDuty in AWS Shield using AWS CLI.
      </Accordion>

      <Accordion title="Using Python">
        To remediate the non-archived findings enabled for GuardDuty in AWS Shield using Python, you can follow these steps:

        1. Import the necessary libraries:

        ```python theme={null}
        import boto3
        ```

        2. Create a Boto3 client for GuardDuty:

        ```python theme={null}
        guardduty = boto3.client('guardduty')
        ```

        3. List all the detectors in GuardDuty:

        ```python theme={null}
        detectors = guardduty.list_detectors()
        ```

        4. Iterate through each detector and update the findingPublishingFrequency to "ARCHIVE":

        ```python theme={null}
        for detector in detectors['DetectorIds']:
            guardduty.update_detector(
                DetectorId=detector,
                FindingPublishingFrequency='ARCHIVE'
            )
        ```

        5. Verify that the findings are now being archived by checking the FindingPublishingFrequency of each detector:

        ```python theme={null}
        for detector in detectors['DetectorIds']:
            response = guardduty.get_detector(
                DetectorId=detector
            )
            print(f"Detector {detector} finding publishing frequency: {response['FindingPublishingFrequency']}")
        ```

        By following these steps and running the Python script, you can remediate the non-archived findings enabled for GuardDuty in AWS Shield.
      </Accordion>
    </AccordionGroup>
  </Tab>
</Tabs>
