AWS Certified Security - Specialty (#137)

A company has enabled Amazon GuardDuty in all Regions as part of its security monitoring strategy. In one of the VPCs, the company hosts an Amazon EC2 instance working as an FTP server that is contacted by a high number of clients from multiple locations. This is identified by GuardDuty as a brute force attack due to the high number of connections that happen every hour. The finding has been flagged as a false positive. However, GuardDuty keeps raising the issue. A Security Engineer has been asked to improve the signal-to-noise ratio. The Engineer needs to ensure that changes do not compromise the visibility of potential anomalous behavior. How can the Security Engineer address the issue?

Disable the FTP rule in GuardDuty in the Region where the FTP server is deployed
Add the FTP server to a trusted IP list and deploy it to GuardDuty to stop receiving the notifications
Use GuardDuty filters with auto archiving enabled to close the findings
Create an AWS Lambda function that closes the finding whenever a new occurrence is reported