Amazon EventBridge enables real-time delivery of AWS service events to Blink via secure webhooks, by configuring rules and API destinations in AWS. For additional information, please refer to AWS’s documentation.

Sample Event

{
	"account": "[REDACTED_ACCOUNT_ID]",
	"detail": {
		"accountId": "[REDACTED_ACCOUNT_ID]",
		"arn": "arn:aws:guardduty:us-east-1:[REDACTED_ACCOUNT_ID]:detector/[REDACTED_DETECTOR_ID]/finding/[REDACTED_FINDING_ID]",
		"createdAt": "[REDACTED_TIMESTAMP]",
		"description": "The EC2 instance [REDACTED_INSTANCE_ID] is querying a domain name of a remote host that is known to hold credentials and other stolen data captured by malware.",
		"id": "[REDACTED_FINDING_ID]",
		"partition": "aws",
		"region": "us-east-1",
		"resource": {
			"instanceDetails": {
				"availabilityZone": "[REDACTED_AZ]",
				"iamInstanceProfile": {
					"arn": "arn:aws:iam::[REDACTED_ACCOUNT_ID]:instance-profile/[REDACTED_PROFILE_NAME]",
					"id": "[REDACTED_PROFILE_ID]"
				},
				"imageDescription": "[REDACTED_IMAGE_DESCRIPTION]",
				"imageId": "[REDACTED_IMAGE_ID]",
				"instanceId": "[REDACTED_INSTANCE_ID]",
				"instanceState": "running",
				"instanceType": "[REDACTED_INSTANCE_TYPE]",
				"launchTime": "[REDACTED_TIMESTAMP]",
				"networkInterfaces": [
					{
						"networkInterfaceId": "[REDACTED_ENI_ID]",
						"privateIpAddress": "[REDACTED_IP]",
						"publicIp": "[REDACTED_PUBLIC_IP]",
						"securityGroups": "[REDACTED]",
						"subnetId": "[REDACTED_SUBNET_ID]",
						"vpcId": "[REDACTED_VPC_ID]"
					}
				],
				"outpostArn": "[REDACTED_OUTPOST_ARN]",
				"productCodes": "[REDACTED]",
				"tags": "[REDACTED]"
			},
			"resourceType": "Instance"
		},
		"schemaVersion": "2.0",
		"service": {
			"action": {
				"actionType": "DNS_REQUEST",
				"dnsRequestAction": {
					"blocked": false,
					"domain": "[REDACTED_DOMAIN]",
					"domainWithSuffix": "[REDACTED_DOMAIN_SUFFIX]",
					"protocol": "UDP"
				}
			},
			"additionalInfo": "[REDACTED]",
			"archived": false,
			"count": 8,
			"detectorId": "[REDACTED_DETECTOR_ID]",
			"eventFirstSeen": "[REDACTED_TIMESTAMP]",
			"eventLastSeen": "[REDACTED_TIMESTAMP]",
			"evidence": {
				"threatIntelligenceDetails": "[REDACTED_THREAT_LISTS]"
			},
			"resourceRole": "TARGET",
			"serviceName": "guardduty"
		},
		"severity": 5,
		"title": "The EC2 instance [REDACTED_INSTANCE_ID] queried a Drop Point domain name.",
		"type": "Trojan:EC2/DropPoint!DNS",
		"updatedAt": "[REDACTED_TIMESTAMP]"
	},
	"detail-type": "GuardDuty Finding",
	"id": "[REDACTED_EVENT_ID]",
	"region": "us-east-1",
	"resources": [],
	"source": "aws.guardduty",
	"time": "[REDACTED_TIMESTAMP]",
	"version": "0"
}