One additional AWS request for the day. Any thoughts on allowing GuardDuty findings to be filtered to exclude archived findings? There’s a lot of noise in there that typically isn’t important. We’re filtering it out on the DB side, but there’s no need in wasting the storage / API requests pulling months/years worth of archived findings.
Hi @mutual-krill!
This is already possible with table_options (see docs).
Consider this part (only table_options spec part, so indent properly):
table_options:
aws_guardduty_detectors:
- ListFindings:
- FindingCriteria:
Criterion:
service.archived:
Eq:
- 'true'
Although it’s a verbose syntax, it corresponds to the AWS API object used for performing the request.
@KernelKnight Thanks for reaching out. I spoke with Ben earlier in the week, and he informed me of that. Nice work on the table options enhancement!