0PricingLogin
AWS Security Academy · Lesson

Matching Findings with Event Patterns

Write rules that fire only on the alerts you care about.

Why Patterns Matter

You do not want to react to every event — only the ones that matter. An event pattern is the filter that decides which events a rule acts on.

A precise pattern means your automation fires exactly when a real threat appears and stays quiet otherwise, avoiding both missed alerts and noisy false triggers.

Pattern Structure

An event pattern is JSON that mirrors the structure of the events it matches. You specify the fields and values you care about; an event matches only if every specified field matches.

Fields you omit are ignored, so a pattern can be as broad or as narrow as you need.

{
  "source": ["aws.guardduty"],
  "detail-type": ["GuardDuty Finding"]
}

All lessons in this course

  1. How EventBridge Routes Security Events
  2. Matching Findings with Event Patterns
  3. Triggering Lambda for Auto-Remediation
  4. Orchestrating Responses with Step Functions
← Back to AWS Security Academy