# S3 object scan status metrics in CloudWatch You can monitor GuardDuty using CloudWatch, which collects raw data and processes it into readable, near real-time metrics. These statistics are retained for 15 months, so that you can access historical information and gain a better perspective on how Malware Protection for S3 is performing. You can also set alarms that watch for certain thresholds, and send notifications or take actions when those thresholds are met. For more information, see the [Amazon CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/). The CloudWatch metrics for Malware Protection for S3 are available at the resource level. You can query these metrics for each protected resource separately. The metrics are reported in the `AWS/GuardDuty/MalwareProtection` namespace. You can set up alarms on specific resources to monitor security posture. | | | **Malware scan status metrics** | | --- | | **Metric** | **Description** | | `CompletedScanCount` | The number of S3 object malware scans that completed in a given time frame. Valid Dimensions: `Malware Protection Plan Id` `Resource Name` Units: Count | | `FailedScanCount` | The number of S3 object malware scans that failed in a given time frame. **Valid Dimensions**: `Malware Protection Plan Id` `Resource Name` Units: Count | | `SkippedScanCount` | The number of S3 object malware scans that were skipped in a given time frame. **Valid Dimensions**: `Malware Protection Plan Id` `Resource Name` `Skipped Reason` Potential values `Unsupported` `MissingPermissions` Units: Count | | **Malware scan result metrics** | | --- | | `InfectedScanCount` | The number of S3 object malware scans that detected potentially malicious object in a given time frame. Valid Dimensions: `Malware Protection Plan Id` `Resource Name` Units: Count | | `CompletedScanBytes` | The number of S3 object bytes scanned in a given time frame. Valid Dimensions: `Malware Protection Plan Id` `Resource Name` Units: Count | **Note** By default, the statistics in the CloudWatch metrics are AVG. The following dimensions are supported for the Malware Protection for S3 metrics. | | | **Dimension** | **Description** | | --- |--- | | Malware Protection Plan Id | The unique identifier that is associated with the Malware Protection plan resource that GuardDuty creates for your protected resource. | | Resource Name | The name of the protected resource. | | Skipped Reason | The reason why an S3 object malware scan was skipped. Potential values `Unsupported` `MissingPermissions` | For information about accessing and querying these metrics, see [Use Amazon CloudWatch metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/working_with_metrics.html) in the *Amazon CloudWatch User Guide*. For information about setting up alarms, see [Using Amazon CloudWatch alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) in the *Amazon CloudWatch User Guide*.