From 321c79a374cc8a7d1a0ac64f3b44aad653fb5759 Mon Sep 17 00:00:00 2001
From: Christopher Biel <christopher.biel89@gmail.com>
Date: Thu, 19 Aug 2021 11:50:16 +0200
Subject: [PATCH] Ignore archvived findings, as the check should only look at
 active findings, not those that were moved to the archive of guardduty

---
 checks/check_extra7139 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check_extra7139 b/checks/check_extra7139
index 0b635a10..b38ddba6 100644
--- a/checks/check_extra7139
+++ b/checks/check_extra7139
@@ -29,7 +29,7 @@ extra7139(){
     if [[ $DETECTORS_LIST ]];then
       for DETECTOR in $DETECTORS_LIST;do
         FINDINGS_COUNT=""
-        FINDINGS_COUNT=$($AWSCLI $PROFILE_OPT --region $regx --output text guardduty list-findings --detector-id $DETECTOR --finding-criteria '{"Criterion":{"severity": {"Eq":["8"]}}}' 2> /dev/null | wc -l | xargs) # Severity LOW=2, MED=4, HIGH=8
+        FINDINGS_COUNT=$($AWSCLI $PROFILE_OPT --region $regx --output text guardduty list-findings --detector-id $DETECTOR --finding-criteria '{"Criterion":{"severity": {"Eq":["8"]}, "service.archived": {"Eq": ["false"]}}}' 2> /dev/null | wc -l | xargs) # Severity LOW=2, MED=4, HIGH=8
           if [[ $FINDINGS_COUNT -gt 0 ]];then
             textFail "$regx: GuardDuty has $FINDINGS_COUNT high severity findings." "$regx"
           else