Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC flow logs, Amazon Web Services CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, DNS logs, and Amazon EBS volume data. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, domains, or presence of malware on your Amazon EC2 instances and container workloads. For example, GuardDuty can detect compromised EC2 instances and container workloads serving malware, or mining bitcoin.
GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise, such as unauthorized infrastructure deployments like EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you about the status of your Amazon Web Services environment by producing security findings that you can view in the GuardDuty console or through Amazon EventBridge. For more information, see the Amazon GuardDuty User Guide .
' x-logo: url: https://api.apis.guru/v2/cache/logo/https_twitter.com_awscloud_profile_image.png backgroundColor: '#FFFFFF' termsOfService: https://aws.amazon.com/service-terms/ contact: name: Mike Ralphson email: mike.ralphson@gmail.com url: https://github.com/mermade/aws2openapi x-twitter: PermittedSoc license: name: Apache 2.0 License url: http://www.apache.org/licenses/ x-providerName: amazonaws.com x-serviceName: guardduty x-aws-signingName: guardduty x-origin: - contentType: application/json url: https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/guardduty-2017-11-28.normal.json converter: url: https://github.com/mermade/aws2openapi version: 1.0.0 x-apisguru-driver: external x-apiClientRegistration: url: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct x-apisguru-categories: - cloud x-preferred: true externalDocs: description: Amazon Web Services documentation url: https://docs.aws.amazon.com/guardduty/ servers: - url: http://guardduty.{region}.amazonaws.com variables: region: description: The AWS region enum: - us-east-1 - us-east-2 - us-west-1 - us-west-2 - us-gov-west-1 - us-gov-east-1 - ca-central-1 - eu-north-1 - eu-west-1 - eu-west-2 - eu-west-3 - eu-central-1 - eu-south-1 - af-south-1 - ap-northeast-1 - ap-northeast-2 - ap-northeast-3 - ap-southeast-1 - ap-southeast-2 - ap-east-1 - ap-south-1 - sa-east-1 - me-south-1 default: us-east-1 description: The Amazon GuardDuty multi-region endpoint - url: https://guardduty.{region}.amazonaws.com variables: region: description: The AWS region enum: - us-east-1 - us-east-2 - us-west-1 - us-west-2 - us-gov-west-1 - us-gov-east-1 - ca-central-1 - eu-north-1 - eu-west-1 - eu-west-2 - eu-west-3 - eu-central-1 - eu-south-1 - af-south-1 - ap-northeast-1 - ap-northeast-2 - ap-northeast-3 - ap-southeast-1 - ap-southeast-2 - ap-east-1 - ap-south-1 - sa-east-1 - me-south-1 default: us-east-1 description: The Amazon GuardDuty multi-region endpoint - url: http://guardduty.{region}.amazonaws.com.cn variables: region: description: The AWS region enum: - cn-north-1 - cn-northwest-1 default: cn-north-1 description: The Amazon GuardDuty endpoint for China (Beijing) and China (Ningxia) - url: https://guardduty.{region}.amazonaws.com.cn variables: region: description: The AWS region enum: - cn-north-1 - cn-northwest-1 default: cn-north-1 description: The Amazon GuardDuty endpoint for China (Beijing) and China (Ningxia) x-hasEquivalentPaths: true paths: /detector/{detectorId}/administrator: post: operationId: AcceptAdministratorInvitation description: Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/AcceptAdministratorInvitationResponse' examples: AcceptAdministratorInvitation200Example: summary: Default AcceptAdministratorInvitation 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: AcceptAdministratorInvitation480Example: summary: Default AcceptAdministratorInvitation 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: AcceptAdministratorInvitation481Example: summary: Default AcceptAdministratorInvitation 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector of the GuardDuty member account. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object required: - administratorId - invitationId properties: administratorId: description: The account ID of the GuardDuty administrator account whose invitation you're accepting. type: string invitationId: description: The value that is used to validate the administrator account to the member account. type: string summary: Amazon GuardDuty Accept Administrator Invitation x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' get: operationId: GetAdministratorAccount description: Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetAdministratorAccountResponse' examples: GetAdministratorAccount200Example: summary: Default GetAdministratorAccount 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetAdministratorAccount480Example: summary: Default GetAdministratorAccount 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetAdministratorAccount481Example: summary: Default GetAdministratorAccount 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector of the GuardDuty member account. schema: type: string minLength: 1 maxLength: 300 summary: Amazon GuardDuty Get Administrator Account x-microcks-operation: delay: 0 dispatcher: FALLBACK /detector/{detectorId}/master: post: deprecated: true operationId: AcceptInvitation description: Accepts the invitation to be monitored by a GuardDuty administrator account. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/AcceptInvitationResponse' examples: AcceptInvitation200Example: summary: Default AcceptInvitation 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: AcceptInvitation480Example: summary: Default AcceptInvitation 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: AcceptInvitation481Example: summary: Default AcceptInvitation 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector of the GuardDuty member account. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object required: - masterId - invitationId properties: masterId: description: The account ID of the GuardDuty administrator account whose invitation you're accepting. type: string invitationId: description: The value that is used to validate the administrator account to the member account. type: string summary: Amazon GuardDuty Accept Invitation x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' get: deprecated: true operationId: GetMasterAccount description: Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetMasterAccountResponse' examples: GetMasterAccount200Example: summary: Default GetMasterAccount 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetMasterAccount480Example: summary: Default GetMasterAccount 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetMasterAccount481Example: summary: Default GetMasterAccount 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector of the GuardDuty member account. schema: type: string minLength: 1 maxLength: 300 summary: Amazon GuardDuty Get Master Account x-microcks-operation: delay: 0 dispatcher: FALLBACK /detector/{detectorId}/findings/archive: post: operationId: ArchiveFindings description:Archives GuardDuty findings that are specified by the list of finding IDs.
Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/CreateDetectorResponse' examples: CreateDetector200Example: summary: Default CreateDetector 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: CreateDetector480Example: summary: Default CreateDetector 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: CreateDetector481Example: summary: Default CreateDetector 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: [] requestBody: required: true content: application/json: schema: type: object required: - enable properties: enable: description: A Boolean value that specifies whether the detector is to be enabled. type: boolean clientToken: description: The idempotency token for the create request. type: string minLength: 0 maxLength: 64 findingPublishingFrequency: description: A value that specifies how frequently updated findings are exported. type: string enum: - FIFTEEN_MINUTES - ONE_HOUR - SIX_HOURS dataSources: description: Contains information about which data sources are enabled. type: object properties: S3Logs: allOf: - $ref: '#/components/schemas/S3LogsConfiguration' - xml: name: s3Logs description: Describes whether S3 data event logs are enabled as a data source. Kubernetes: allOf: - $ref: '#/components/schemas/KubernetesConfiguration' - xml: name: kubernetes description: Describes whether any Kubernetes logs are enabled as data sources. MalwareProtection: allOf: - $ref: '#/components/schemas/MalwareProtectionConfiguration' - xml: name: malwareProtection description: Describes whether Malware Protection is enabled as a data source. tags: description: The tags to be added to a new detector resource. type: object minProperties: 1 maxProperties: 200 additionalProperties: $ref: '#/components/schemas/TagValue' features: description: A list of features that will be configured for the detector. type: array items: $ref: '#/components/schemas/DetectorFeatureConfiguration' summary: Amazon GuardDuty Create Detector x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' get: operationId: ListDetectors description: Lists detectorIds of all the existing Amazon GuardDuty detector resources. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListDetectorsResponse' examples: ListDetectors200Example: summary: Default ListDetectors 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: ListDetectors480Example: summary: Default ListDetectors 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: ListDetectors481Example: summary: Default ListDetectors 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: maxResults in: query required: false description: You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50. schema: type: integer minimum: 1 maximum: 50 - name: nextToken in: query required: false description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. schema: type: string - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false summary: Amazon GuardDuty List Detectors x-microcks-operation: delay: 0 dispatcher: FALLBACK /detector/{detectorId}/filter: post: operationId: CreateFilter description: Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/CreateFilterResponse' examples: CreateFilter200Example: summary: Default CreateFilter 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: CreateFilter480Example: summary: Default CreateFilter 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: CreateFilter481Example: summary: Default CreateFilter 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The ID of the detector belonging to the GuardDuty account that you want to create a filter for. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object required: - name - findingCriteria properties: name: description: The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character. type: string minLength: 3 maxLength: 64 description: description: The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({
}, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
type: string
minLength: 0
maxLength: 512
action:
description: Specifies the action that is to be applied to the findings that match the filter.
type: string
enum:
- NOOP
- ARCHIVE
minLength: 1
maxLength: 300
rank:
description: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
type: integer
minimum: 1
maximum: 100
findingCriteria:
description: Contains information about the criteria used for querying findings.
type: object
properties:
Criterion:
allOf:
- $ref: '#/components/schemas/Criterion'
- xml:
name: criterion
description: Represents a map of finding properties that match specified conditions and values when querying findings.
clientToken:
description: The idempotency token for the create request.
type: string
minLength: 0
maxLength: 64
tags:
description: The tags to be added to a new filter resource.
type: object
minProperties: 1
maxProperties: 200
additionalProperties:
$ref: '#/components/schemas/TagValue'
summary: Amazon GuardDuty Create Filter
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
get:
operationId: ListFilters
description: Returns a paginated list of the current filters.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ListFiltersResponse'
examples:
ListFilters200Example:
summary: Default ListFilters 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
ListFilters480Example:
summary: Default ListFilters 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
ListFilters481Example:
summary: Default ListFilters 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector that the filter is associated with.
schema:
type: string
minLength: 1
maxLength: 300
- name: maxResults
in: query
required: false
description: You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
schema:
type: integer
minimum: 1
maximum: 50
- name: nextToken
in: query
required: false
description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill
nextToken in the request with the value of NextToken from the previous response to continue listing data.
schema:
type: string
- name: MaxResults
in: query
schema:
type: string
description: Pagination limit
required: false
- name: NextToken
in: query
schema:
type: string
description: Pagination token
required: false
summary: Amazon GuardDuty List Filters
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/detector/{detectorId}/ipset:
post:
operationId: CreateIPSet
description: Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web
Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/CreateIPSetResponse'
examples:
CreateIPSet200Example:
summary: Default CreateIPSet 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
CreateIPSet480Example:
summary: Default CreateIPSet 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
CreateIPSet481Example:
summary: Default CreateIPSet 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.
schema:
type: string
minLength: 1
maxLength: 300
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
- format
- location
- activate
properties:
name:
description: The user-friendly name to identify the IPSet.
Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_).
type: string minLength: 1 maxLength: 300 format: description: The format of the file that contains the IPSet. type: string enum: - TXT - STIX - OTX_CSV - ALIEN_VAULT - PROOF_POINT - FIRE_EYE minLength: 1 maxLength: 300 location: description: 'The URI of the file that contains the IPSet. ' type: string minLength: 1 maxLength: 300 activate: description: A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet. type: boolean clientToken: description: The idempotency token for the create request. type: string minLength: 0 maxLength: 64 tags: description: The tags to be added to a new IP set resource. type: object minProperties: 1 maxProperties: 200 additionalProperties: $ref: '#/components/schemas/TagValue' summary: Amazon GuardDuty Create I P Set x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' get: operationId: ListIPSets description: Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListIPSetsResponse' examples: ListIPSets200Example: summary: Default ListIPSets 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: ListIPSets480Example: summary: Default ListIPSets 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: ListIPSets481Example: summary: Default ListIPSets 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector that the IPSet is associated with. schema: type: string minLength: 1 maxLength: 300 - name: maxResults in: query required: false description: You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. schema: type: integer minimum: 1 maximum: 50 - name: nextToken in: query required: false description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. schema: type: string - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false summary: Amazon GuardDuty List I P Sets x-microcks-operation: delay: 0 dispatcher: FALLBACK /detector/{detectorId}/member: post: operationId: CreateMembers description:Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
When using Create Members as an organizations delegated administrator this action will enable
GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member.
If you are adding accounts by invitation, use this action after GuardDuty has bee enabled in potential member accounts and before using InviteMembers.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/CreateMembersResponse' examples: CreateMembers200Example: summary: Default CreateMembers 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: CreateMembers480Example: summary: Default CreateMembers 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: CreateMembers481Example: summary: Default CreateMembers 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector of the GuardDuty account that you want to associate member accounts with. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object required: - accountDetails properties: accountDetails: description: A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account. type: array items: $ref: '#/components/schemas/AccountDetail' minItems: 1 maxItems: 50 summary: Amazon GuardDuty Create Members x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' get: operationId: ListMembers description: Lists details about all member accounts for the current GuardDuty administrator account. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListMembersResponse' examples: ListMembers200Example: summary: Default ListMembers 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: ListMembers480Example: summary: Default ListMembers 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: ListMembers481Example: summary: Default ListMembers 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector the member is associated with. schema: type: string minLength: 1 maxLength: 300 - name: maxResults in: query required: false description: You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. schema: type: integer minimum: 1 maximum: 50 - name: nextToken in: query required: false description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. schema: type: string - name: onlyAssociated in: query required: false description: "Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated). Member accounts must have been previously associated with the GuardDuty administrator account usingCreate Members
. "
schema:
type: string
- name: MaxResults
in: query
schema:
type: string
description: Pagination limit
required: false
- name: NextToken
in: query
schema:
type: string
description: Pagination token
required: false
summary: Amazon GuardDuty List Members
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/detector/{detectorId}/publishingDestination:
post:
operationId: CreatePublishingDestination
description: Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePublishingDestinationResponse'
examples:
CreatePublishingDestination200Example:
summary: Default CreatePublishingDestination 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
CreatePublishingDestination480Example:
summary: Default CreatePublishingDestination 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
CreatePublishingDestination481Example:
summary: Default CreatePublishingDestination 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The ID of the GuardDuty detector associated with the publishing destination.
schema:
type: string
minLength: 1
maxLength: 300
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- destinationType
- destinationProperties
properties:
destinationType:
description: The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.
type: string
enum:
- S3
minLength: 1
maxLength: 300
destinationProperties:
description: Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.
type: object
properties:
DestinationArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: destinationArn
description: 'The ARN of the resource to publish to.
To specify an S3 bucket folder use the following format: arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/
detectorId.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ListPublishingDestinationsResponse'
examples:
ListPublishingDestinations200Example:
summary: Default ListPublishingDestinations 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
ListPublishingDestinations480Example:
summary: Default ListPublishingDestinations 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
ListPublishingDestinations481Example:
summary: Default ListPublishingDestinations 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The ID of the detector to retrieve publishing destinations for.
schema:
type: string
minLength: 1
maxLength: 300
- name: maxResults
in: query
required: false
description: The maximum number of results to return in the response.
schema:
type: integer
minimum: 1
maximum: 50
- name: nextToken
in: query
required: false
description: A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use
the NextToken value returned from the previous request to continue listing results after the first page.
schema:
type: string
- name: MaxResults
in: query
schema:
type: string
description: Pagination limit
required: false
- name: NextToken
in: query
schema:
type: string
description: Pagination token
required: false
summary: Amazon GuardDuty List Publishing Destinations
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/detector/{detectorId}/findings/create:
post:
operationId: CreateSampleFindings
description: Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates sample findings of all supported
finding types.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/CreateSampleFindingsResponse'
examples:
CreateSampleFindings200Example:
summary: Default CreateSampleFindings 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
CreateSampleFindings480Example:
summary: Default CreateSampleFindings 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
CreateSampleFindings481Example:
summary: Default CreateSampleFindings 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The ID of the detector to create sample findings for.
schema:
type: string
minLength: 1
maxLength: 300
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
findingTypes:
description: The types of sample findings to generate.
type: array
items:
$ref: '#/components/schemas/FindingType'
minItems: 0
maxItems: 50
summary: Amazon GuardDuty Create Sample Findings
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}/threatintelset:
post:
operationId: CreateThreatIntelSet
description: Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account
can use this operation.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/CreateThreatIntelSetResponse'
examples:
CreateThreatIntelSet200Example:
summary: Default CreateThreatIntelSet 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
CreateThreatIntelSet480Example:
summary: Default CreateThreatIntelSet 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
CreateThreatIntelSet481Example:
summary: Default CreateThreatIntelSet 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.
schema:
type: string
minLength: 1
maxLength: 300
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
- format
- location
- activate
properties:
name:
description: A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
type: string
minLength: 1
maxLength: 300
format:
description: The format of the file that contains the ThreatIntelSet.
type: string
enum:
- TXT
- STIX
- OTX_CSV
- ALIEN_VAULT
- PROOF_POINT
- FIRE_EYE
minLength: 1
maxLength: 300
location:
description: 'The URI of the file that contains the ThreatIntelSet. '
type: string
minLength: 1
maxLength: 300
activate:
description: A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
type: boolean
clientToken:
description: The idempotency token for the create request.
type: string
minLength: 0
maxLength: 64
tags:
description: The tags to be added to a new threat list resource.
type: object
minProperties: 1
maxProperties: 200
additionalProperties:
$ref: '#/components/schemas/TagValue'
summary: Amazon GuardDuty Create Threat Intel Set
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
get:
operationId: ListThreatIntelSets
description: Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the
administrator account are returned.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ListThreatIntelSetsResponse'
examples:
ListThreatIntelSets200Example:
summary: Default ListThreatIntelSets 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
ListThreatIntelSets480Example:
summary: Default ListThreatIntelSets 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
ListThreatIntelSets481Example:
summary: Default ListThreatIntelSets 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector that the threatIntelSet is associated with.
schema:
type: string
minLength: 1
maxLength: 300
- name: maxResults
in: query
required: false
description: You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
schema:
type: integer
minimum: 1
maximum: 50
- name: nextToken
in: query
required: false
description: You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action,
fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
schema:
type: string
- name: MaxResults
in: query
schema:
type: string
description: Pagination limit
required: false
- name: NextToken
in: query
schema:
type: string
description: Pagination token
required: false
summary: Amazon GuardDuty List Threat Intel Sets
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/invitation/decline:
post:
operationId: DeclineInvitations
description: Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/DeclineInvitationsResponse'
examples:
DeclineInvitations200Example:
summary: Default DeclineInvitations 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
DeclineInvitations480Example:
summary: Default DeclineInvitations 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
DeclineInvitations481Example:
summary: Default DeclineInvitations 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- accountIds
properties:
accountIds:
description: A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to decline invitations from.
type: array
items:
$ref: '#/components/schemas/AccountId'
minItems: 1
maxItems: 50
summary: Amazon GuardDuty Decline Invitations
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}:
delete:
operationId: DeleteDetector
description: Deletes an Amazon GuardDuty detector that is specified by the detector ID.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteDetectorResponse'
examples:
DeleteDetector200Example:
summary: Default DeleteDetector 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
DeleteDetector480Example:
summary: Default DeleteDetector 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
DeleteDetector481Example:
summary: Default DeleteDetector 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector that you want to delete.
schema:
type: string
minLength: 1
maxLength: 300
summary: Amazon GuardDuty Delete Detector
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
get:
operationId: GetDetector
description: Retrieves an Amazon GuardDuty detector specified by the detectorId.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetDetectorResponse' examples: GetDetector200Example: summary: Default GetDetector 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetDetector480Example: summary: Default GetDetector 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetDetector481Example: summary: Default GetDetector 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector that you want to get. schema: type: string minLength: 1 maxLength: 300 summary: Amazon GuardDuty Get Detector x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: UpdateDetector description:Updates the Amazon GuardDuty detector specified by the detectorId.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/UpdateDetectorResponse' examples: UpdateDetector200Example: summary: Default UpdateDetector 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: UpdateDetector480Example: summary: Default UpdateDetector 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: UpdateDetector481Example: summary: Default UpdateDetector 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector to update. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object properties: enable: description: Specifies whether the detector is enabled or not enabled. type: boolean findingPublishingFrequency: description: An enum value that specifies how frequently findings are exported, such as to CloudWatch Events. type: string enum: - FIFTEEN_MINUTES - ONE_HOUR - SIX_HOURS dataSources: description: Contains information about which data sources are enabled. type: object properties: S3Logs: allOf: - $ref: '#/components/schemas/S3LogsConfiguration' - xml: name: s3Logs description: Describes whether S3 data event logs are enabled as a data source. Kubernetes: allOf: - $ref: '#/components/schemas/KubernetesConfiguration' - xml: name: kubernetes description: Describes whether any Kubernetes logs are enabled as data sources. MalwareProtection: allOf: - $ref: '#/components/schemas/MalwareProtectionConfiguration' - xml: name: malwareProtection description: Describes whether Malware Protection is enabled as a data source. features: description: Provides the features that will be updated for the detector. type: array items: $ref: '#/components/schemas/DetectorFeatureConfiguration' summary: Amazon GuardDuty Update Detector x-microcks-operation: delay: 0 dispatcher: FALLBACK /detector/{detectorId}/filter/{filterName}: delete: operationId: DeleteFilter description: Deletes the filter specified by the filter name. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/DeleteFilterResponse' examples: DeleteFilter200Example: summary: Default DeleteFilter 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: DeleteFilter480Example: summary: Default DeleteFilter 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: DeleteFilter481Example: summary: Default DeleteFilter 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector that the filter is associated with. schema: type: string minLength: 1 maxLength: 300 - name: filterName in: path required: true description: The name of the filter that you want to delete. schema: type: string summary: Amazon GuardDuty Delete Filter x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' get: operationId: GetFilter description: Returns the details of the filter specified by the filter name. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetFilterResponse' examples: GetFilter200Example: summary: Default GetFilter 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetFilter480Example: summary: Default GetFilter 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetFilter481Example: summary: Default GetFilter 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector that the filter is associated with. schema: type: string minLength: 1 maxLength: 300 - name: filterName in: path required: true description: The name of the filter you want to get. schema: type: string summary: Amazon GuardDuty Get Filter x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: UpdateFilter description: Updates the filter specified by the filter name. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/UpdateFilterResponse' examples: UpdateFilter200Example: summary: Default UpdateFilter 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: UpdateFilter480Example: summary: Default UpdateFilter 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: UpdateFilter481Example: summary: Default UpdateFilter 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector that specifies the GuardDuty service where you want to update a filter. schema: type: string minLength: 1 maxLength: 300 - name: filterName in: path required: true description: The name of the filter. schema: type: string requestBody: required: true content: application/json: schema: type: object properties: description: description: The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({
}, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
type: string
minLength: 0
maxLength: 512
action:
description: Specifies the action that is to be applied to the findings that match the filter.
type: string
enum:
- NOOP
- ARCHIVE
minLength: 1
maxLength: 300
rank:
description: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
type: integer
minimum: 1
maximum: 100
findingCriteria:
description: Contains information about the criteria used for querying findings.
type: object
properties:
Criterion:
allOf:
- $ref: '#/components/schemas/Criterion'
- xml:
name: criterion
description: Represents a map of finding properties that match specified conditions and values when querying findings.
summary: Amazon GuardDuty Update Filter
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/detector/{detectorId}/ipset/{ipSetId}:
delete:
operationId: DeleteIPSet
description: Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteIPSetResponse'
examples:
DeleteIPSet200Example:
summary: Default DeleteIPSet 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
DeleteIPSet480Example:
summary: Default DeleteIPSet 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
DeleteIPSet481Example:
summary: Default DeleteIPSet 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector associated with the IPSet.
schema:
type: string
minLength: 1
maxLength: 300
- name: ipSetId
in: path
required: true
description: The unique ID of the IPSet to delete.
schema:
type: string
summary: Amazon GuardDuty Delete I P Set
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
get:
operationId: GetIPSet
description: Retrieves the IPSet specified by the ipSetId.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/GetIPSetResponse'
examples:
GetIPSet200Example:
summary: Default GetIPSet 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
GetIPSet480Example:
summary: Default GetIPSet 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
GetIPSet481Example:
summary: Default GetIPSet 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector that the IPSet is associated with.
schema:
type: string
minLength: 1
maxLength: 300
- name: ipSetId
in: path
required: true
description: The unique ID of the IPSet to retrieve.
schema:
type: string
summary: Amazon GuardDuty Get I P Set
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
post:
operationId: UpdateIPSet
description: Updates the IPSet specified by the IPSet ID.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateIPSetResponse'
examples:
UpdateIPSet200Example:
summary: Default UpdateIPSet 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
UpdateIPSet480Example:
summary: Default UpdateIPSet 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
UpdateIPSet481Example:
summary: Default UpdateIPSet 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The detectorID that specifies the GuardDuty service whose IPSet you want to update.
schema:
type: string
minLength: 1
maxLength: 300
- name: ipSetId
in: path
required: true
description: The unique ID that specifies the IPSet that you want to update.
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
name:
description: The unique ID that specifies the IPSet that you want to update.
type: string
minLength: 1
maxLength: 300
location:
description: 'The updated URI of the file that contains the IPSet. '
type: string
minLength: 1
maxLength: 300
activate:
description: The updated Boolean value that specifies whether the IPSet is active or not.
type: boolean
summary: Amazon GuardDuty Update I P Set
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/invitation/delete:
post:
operationId: DeleteInvitations
description: Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteInvitationsResponse'
examples:
DeleteInvitations200Example:
summary: Default DeleteInvitations 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
DeleteInvitations480Example:
summary: Default DeleteInvitations 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
DeleteInvitations481Example:
summary: Default DeleteInvitations 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters: []
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- accountIds
properties:
accountIds:
description: A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to delete invitations from.
type: array
items:
$ref: '#/components/schemas/AccountId'
minItems: 1
maxItems: 50
summary: Amazon GuardDuty Delete Invitations
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}/member/delete:
post:
operationId: DeleteMembers
description: Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
With autoEnableOrganizationMembers
configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.
destinationId.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/DeletePublishingDestinationResponse'
examples:
DeletePublishingDestination200Example:
summary: Default DeletePublishingDestination 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
DeletePublishingDestination480Example:
summary: Default DeletePublishingDestination 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
DeletePublishingDestination481Example:
summary: Default DeletePublishingDestination 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector associated with the publishing destination to delete.
schema:
type: string
minLength: 1
maxLength: 300
- name: destinationId
in: path
required: true
description: The ID of the publishing destination to delete.
schema:
type: string
summary: Amazon GuardDuty Delete Publishing Destination
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
get:
operationId: DescribePublishingDestination
description: Returns information about the publishing destination specified by the provided destinationId.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/DescribePublishingDestinationResponse'
examples:
DescribePublishingDestination200Example:
summary: Default DescribePublishingDestination 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
DescribePublishingDestination480Example:
summary: Default DescribePublishingDestination 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
DescribePublishingDestination481Example:
summary: Default DescribePublishingDestination 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector associated with the publishing destination to retrieve.
schema:
type: string
minLength: 1
maxLength: 300
- name: destinationId
in: path
required: true
description: The ID of the publishing destination to retrieve.
schema:
type: string
summary: Amazon GuardDuty Describe Publishing Destination
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
post:
operationId: UpdatePublishingDestination
description: Updates information about the publishing destination specified by the destinationId.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/UpdatePublishingDestinationResponse'
examples:
UpdatePublishingDestination200Example:
summary: Default UpdatePublishingDestination 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
UpdatePublishingDestination480Example:
summary: Default UpdatePublishingDestination 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
UpdatePublishingDestination481Example:
summary: Default UpdatePublishingDestination 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The ID of the detector associated with the publishing destinations to update.
schema:
type: string
minLength: 1
maxLength: 300
- name: destinationId
in: path
required: true
description: The ID of the publishing destination to update.
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
destinationProperties:
description: Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.
type: object
properties:
DestinationArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: destinationArn
description: 'The ARN of the resource to publish to.
To specify an S3 bucket folder use the following format: arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/
Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/DescribeMalwareScansResponse' examples: DescribeMalwareScans200Example: summary: Default DescribeMalwareScans 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: DescribeMalwareScans480Example: summary: Default DescribeMalwareScans 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: DescribeMalwareScans481Example: summary: Default DescribeMalwareScans 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector that the request is associated with. schema: type: string minLength: 1 maxLength: 300 - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false requestBody: required: true content: application/json: schema: type: object properties: nextToken: description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. type: string maxResults: description: You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50. type: integer minimum: 1 maximum: 50 filterCriteria: description: Represents the criteria to be used in the filter for describing scan entries. type: object properties: FilterCriterion: allOf: - $ref: '#/components/schemas/FilterCriterionList' - xml: name: filterCriterion description: Represents a condition that when matched will be added to the response of the operation. sortCriteria: description: Contains information about the criteria used for sorting findings. type: object properties: AttributeName: allOf: - $ref: '#/components/schemas/String' - xml: name: attributeName description: Represents the finding attribute, such asaccountId, that sorts the findings.
OrderBy:
allOf:
- $ref: '#/components/schemas/OrderBy'
- xml:
name: orderBy
description: The order by which the sorted findings are to be displayed.
summary: Amazon GuardDuty Describe Malware Scans
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}/admin:
get:
operationId: DescribeOrganizationConfiguration
description: Returns information about the account selected as the delegated administrator for GuardDuty.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/DescribeOrganizationConfigurationResponse' examples: DescribeOrganizationConfiguration200Example: summary: Default DescribeOrganizationConfiguration 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: DescribeOrganizationConfiguration480Example: summary: Default DescribeOrganizationConfiguration 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: DescribeOrganizationConfiguration481Example: summary: Default DescribeOrganizationConfiguration 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The ID of the detector to retrieve information about the delegated administrator from. schema: type: string minLength: 1 maxLength: 300 - name: maxResults in: query required: false description: You can use this parameter to indicate the maximum number of items that you want in the response. schema: type: integer minimum: 1 maximum: 50 - name: nextToken in: query required: false description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fillnextToken in the request with the value of NextToken from the previous response to continue listing data.
schema:
type: string
- name: MaxResults
in: query
schema:
type: string
description: Pagination limit
required: false
- name: NextToken
in: query
schema:
type: string
description: Pagination token
required: false
summary: Amazon GuardDuty Describe Organization Configuration
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
post:
operationId: UpdateOrganizationConfiguration
description: Configures the delegated administrator account with the provided values. You must provide the value for either autoEnableOrganizationMembers or
autoEnable.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationConfigurationResponse' examples: UpdateOrganizationConfiguration200Example: summary: Default UpdateOrganizationConfiguration 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: UpdateOrganizationConfiguration480Example: summary: Default UpdateOrganizationConfiguration 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: UpdateOrganizationConfiguration481Example: summary: Default UpdateOrganizationConfiguration 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The ID of the detector that configures the delegated administrator. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object properties: autoEnable: description:Indicates whether to automatically enable member accounts in the organization.
Even though this is still supported, we recommend using
AutoEnableOrganizationMembers to achieve the similar results.
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization.
NEW: Indicates that when a new account
joins the organization, they will have GuardDuty enabled automatically.
ALL: Indicates that all accounts in the Amazon Web Services Organization have
GuardDuty enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE: Indicates that GuardDuty will not be automatically enabled for any accounts in the organization. GuardDuty must be managed for each account individually
by the administrator.
Disassociates the current GuardDuty member account from its administrator account.
With autoEnableOrganizationMembers configuration for your organization set
to ALL, you'll receive an error if you attempt to disable GuardDuty in a member account.
Disassociates GuardDuty member accounts (to the current administrator account) specified by the account IDs.
With autoEnableOrganizationMembers configuration
for your organization set to ALL, you'll receive an error if you attempt to disassociate a member account before removing them from your Amazon Web Services organization.
accountId, that sorts the findings.
OrderBy:
allOf:
- $ref: '#/components/schemas/OrderBy'
- xml:
name: orderBy
description: The order by which the sorted findings are to be displayed.
summary: Amazon GuardDuty Get Findings
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}/findings/statistics:
post:
operationId: GetFindingsStatistics
description: Lists Amazon GuardDuty findings statistics for the specified detector ID.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/GetFindingsStatisticsResponse'
examples:
GetFindingsStatistics200Example:
summary: Default GetFindingsStatistics 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
GetFindingsStatistics480Example:
summary: Default GetFindingsStatistics 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
GetFindingsStatistics481Example:
summary: Default GetFindingsStatistics 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
schema:
type: string
minLength: 1
maxLength: 300
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- findingStatisticTypes
properties:
findingStatisticTypes:
description: The types of finding statistics to retrieve.
type: array
items:
$ref: '#/components/schemas/FindingStatisticType'
minItems: 0
maxItems: 10
findingCriteria:
description: Contains information about the criteria used for querying findings.
type: object
properties:
Criterion:
allOf:
- $ref: '#/components/schemas/Criterion'
- xml:
name: criterion
description: Represents a map of finding properties that match specified conditions and values when querying findings.
summary: Amazon GuardDuty Get Findings Statistics
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/invitation/count:
get:
operationId: GetInvitationsCount
description: Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/GetInvitationsCountResponse'
examples:
GetInvitationsCount200Example:
summary: Default GetInvitationsCount 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
GetInvitationsCount480Example:
summary: Default GetInvitationsCount 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
GetInvitationsCount481Example:
summary: Default GetInvitationsCount 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters: []
summary: Amazon GuardDuty Get Invitations Count
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}/malware-scan-settings:
get:
operationId: GetMalwareScanSettings
description: Returns the details of the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetMalwareScanSettingsResponse' examples: GetMalwareScanSettings200Example: summary: Default GetMalwareScanSettings 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetMalwareScanSettings480Example: summary: Default GetMalwareScanSettings 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetMalwareScanSettings481Example: summary: Default GetMalwareScanSettings 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector that the scan setting is associated with. schema: type: string minLength: 1 maxLength: 300 summary: Amazon GuardDuty Get Malware Scan Settings x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' post: operationId: UpdateMalwareScanSettings description:Updates the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/UpdateMalwareScanSettingsResponse' examples: UpdateMalwareScanSettings200Example: summary: Default UpdateMalwareScanSettings 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: UpdateMalwareScanSettings480Example: summary: Default UpdateMalwareScanSettings 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: UpdateMalwareScanSettings481Example: summary: Default UpdateMalwareScanSettings 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector that specifies the GuardDuty service where you want to update scan settings. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object properties: scanResourceCriteria: description: Contains information about criteria used to filter resources before triggering malware scan. type: object properties: Include: allOf: - $ref: '#/components/schemas/ScanCriterion' - xml: name: include description: Represents condition that when matched will allow a malware scan for a certain resource. Exclude: allOf: - $ref: '#/components/schemas/ScanCriterion' - xml: name: exclude description: Represents condition that when matched will prevent a malware scan for a certain resource. ebsSnapshotPreservation: description: An enum value representing possible snapshot preservation settings. type: string enum: - NO_RETENTION - RETENTION_WITH_FINDING summary: Amazon GuardDuty Update Malware Scan Settings x-microcks-operation: delay: 0 dispatcher: FALLBACK /detector/{detectorId}/member/detector/get: post: operationId: GetMemberDetectors description:Describes which data sources are enabled for the member account's detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetMemberDetectorsResponse' examples: GetMemberDetectors200Example: summary: Default GetMemberDetectors 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetMemberDetectors480Example: summary: Default GetMemberDetectors 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetMemberDetectors481Example: summary: Default GetMemberDetectors 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The detector ID for the administrator account. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object required: - accountIds properties: accountIds: description: The account ID of the member account. type: array items: $ref: '#/components/schemas/AccountId' minItems: 1 maxItems: 50 summary: Amazon GuardDuty Get Member Detectors x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' /detector/{detectorId}/member/get: post: operationId: GetMembers description: Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetMembersResponse' examples: GetMembers200Example: summary: Default GetMembers 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetMembers480Example: summary: Default GetMembers 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetMembers481Example: summary: Default GetMembers 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector of the GuardDuty account whose members you want to retrieve. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object required: - accountIds properties: accountIds: description: A list of account IDs of the GuardDuty member accounts that you want to describe. type: array items: $ref: '#/components/schemas/AccountId' minItems: 1 maxItems: 50 summary: Amazon GuardDuty Get Members x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' /detector/{detectorId}/freeTrial/daysRemaining: post: operationId: GetRemainingFreeTrialDays description: Provides the number of days left for each data source used in the free trial period. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetRemainingFreeTrialDaysResponse' examples: GetRemainingFreeTrialDays200Example: summary: Default GetRemainingFreeTrialDays 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetRemainingFreeTrialDays480Example: summary: Default GetRemainingFreeTrialDays 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetRemainingFreeTrialDays481Example: summary: Default GetRemainingFreeTrialDays 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector of the GuardDuty member account. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object properties: accountIds: description: A list of account identifiers of the GuardDuty member account. type: array items: $ref: '#/components/schemas/AccountId' minItems: 1 maxItems: 50 summary: Amazon GuardDuty Get Remaining Free Trial Days x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' /detector/{detectorId}/usage/statistics: post: operationId: GetUsageStatistics description: Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetUsageStatisticsResponse' examples: GetUsageStatistics200Example: summary: Default GetUsageStatistics 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: GetUsageStatistics480Example: summary: Default GetUsageStatistics 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: GetUsageStatistics481Example: summary: Default GetUsageStatistics 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve. schema: type: string minLength: 1 maxLength: 300 - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false requestBody: required: true content: application/json: schema: type: object required: - usageStatisticsType - usageCriteria properties: usageStatisticsType: description: The type of usage statistics to retrieve. type: string enum: - SUM_BY_ACCOUNT - SUM_BY_DATA_SOURCE - SUM_BY_RESOURCE - TOP_RESOURCES - SUM_BY_FEATURES usageCriteria: description: Contains information about the criteria used to query usage statistics. type: object properties: AccountIds: allOf: - $ref: '#/components/schemas/AccountIds' - xml: name: accountIds description: The account IDs to aggregate usage statistics from. DataSources: allOf: - $ref: '#/components/schemas/DataSourceList' - deprecated: true xml: name: dataSources description: The data sources to aggregate usage statistics from.This parameter is deprecated, use Features instead Resources: allOf: - $ref: '#/components/schemas/ResourceList' - xml: name: resources description: The resources to aggregate usage statistics from. Only accepts exact resource names. Features: allOf: - $ref: '#/components/schemas/UsageFeatureList' - xml: name: features description: The features to aggregate usage statistics from. unit: description: The currency unit you would like to view your usage statistics in. Current valid values are USD. type: string maxResults: description: The maximum number of results to return in the response. type: integer minimum: 1 maximum: 50 nextToken: description: A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. type: string summary: Amazon GuardDuty Get Usage Statistics x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' /detector/{detectorId}/member/invite: post: operationId: InviteMembers description: Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/InviteMembersResponse' examples: InviteMembers200Example: summary: Default InviteMembers 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: InviteMembers480Example: summary: Default InviteMembers 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: InviteMembers481Example: summary: Default InviteMembers 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector of the GuardDuty account that you want to invite members with. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object required: - accountIds properties: accountIds: description: A list of account IDs of the accounts that you want to invite to GuardDuty as members. type: array items: $ref: '#/components/schemas/AccountId' minItems: 1 maxItems: 50 disableEmailNotification: description: A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members. type: boolean message: description: The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members. type: string summary: Amazon GuardDuty Invite Members x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' /detector/{detectorId}/coverage: post: operationId: ListCoverage description:Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization.
Make sure the accounts have EKS Runtime Monitoring enabled and GuardDuty agent running on their EKS nodes.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListCoverageResponse' examples: ListCoverage200Example: summary: Default ListCoverage 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: ListCoverage480Example: summary: Default ListCoverage 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: ListCoverage481Example: summary: Default ListCoverage 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The unique ID of the detector whose coverage details you want to retrieve. schema: type: string minLength: 1 maxLength: 300 - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false requestBody: required: true content: application/json: schema: type: object properties: nextToken: description: A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. type: string maxResults: description: The maximum number of results to return in the response. type: integer minimum: 1 maximum: 50 filterCriteria: description: Represents the criteria used in the filter. type: object properties: FilterCriterion: allOf: - $ref: '#/components/schemas/CoverageFilterCriterionList' - xml: name: filterCriterion description: Represents a condition that when matched will be added to the response of the operation. sortCriteria: description: Information about the sorting criteria used in the coverage statistics. type: object properties: AttributeName: allOf: - $ref: '#/components/schemas/CoverageSortKey' - xml: name: attributeName description: Represents the field name used to sort the coverage details. OrderBy: allOf: - $ref: '#/components/schemas/OrderBy' - xml: name: orderBy description: The order in which the sorted findings are to be displayed. summary: Amazon GuardDuty List Coverage x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' /detector/{detectorId}/findings: post: operationId: ListFindings description: Lists Amazon GuardDuty findings for the specified detector ID. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListFindingsResponse' examples: ListFindings200Example: summary: Default ListFindings 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: ListFindings480Example: summary: Default ListFindings 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: ListFindings481Example: summary: Default ListFindings 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The ID of the detector that specifies the GuardDuty service whose findings you want to list. schema: type: string minLength: 1 maxLength: 300 - name: MaxResults in: query schema: type: string description: Pagination limit required: false - name: NextToken in: query schema: type: string description: Pagination token required: false requestBody: required: true content: application/json: schema: type: object properties: findingCriteria: description: Contains information about the criteria used for querying findings. type: object properties: Criterion: allOf: - $ref: '#/components/schemas/Criterion' - xml: name: criterion description: Represents a map of finding properties that match specified conditions and values when querying findings. sortCriteria: description: Contains information about the criteria used for sorting findings. type: object properties: AttributeName: allOf: - $ref: '#/components/schemas/String' - xml: name: attributeName description: Represents the finding attribute, such asaccountId, that sorts the findings.
OrderBy:
allOf:
- $ref: '#/components/schemas/OrderBy'
- xml:
name: orderBy
description: The order by which the sorted findings are to be displayed.
maxResults:
description: You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
type: integer
minimum: 1
maximum: 50
nextToken:
description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action,
fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
type: string
summary: Amazon GuardDuty List Findings
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/invitation:
get:
operationId: ListInvitations
description: Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ListInvitationsResponse'
examples:
ListInvitations200Example:
summary: Default ListInvitations 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
ListInvitations480Example:
summary: Default ListInvitations 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
ListInvitations481Example:
summary: Default ListInvitations 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: maxResults
in: query
required: false
description: You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
schema:
type: integer
minimum: 1
maximum: 50
- name: nextToken
in: query
required: false
description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill
nextToken in the request with the value of NextToken from the previous response to continue listing data.
schema:
type: string
- name: MaxResults
in: query
schema:
type: string
description: Pagination limit
required: false
- name: NextToken
in: query
schema:
type: string
description: Pagination token
required: false
summary: Amazon GuardDuty List Invitations
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/admin:
get:
operationId: ListOrganizationAdminAccounts
description: Lists the accounts configured as GuardDuty delegated administrators.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ListOrganizationAdminAccountsResponse'
examples:
ListOrganizationAdminAccounts200Example:
summary: Default ListOrganizationAdminAccounts 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
ListOrganizationAdminAccounts480Example:
summary: Default ListOrganizationAdminAccounts 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
ListOrganizationAdminAccounts481Example:
summary: Default ListOrganizationAdminAccounts 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: maxResults
in: query
required: false
description: The maximum number of results to return in the response.
schema:
type: integer
minimum: 1
maximum: 50
- name: nextToken
in: query
required: false
description: A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use
the NextToken value returned from the previous request to continue listing results after the first page.
schema:
type: string
- name: MaxResults
in: query
schema:
type: string
description: Pagination limit
required: false
- name: NextToken
in: query
schema:
type: string
description: Pagination token
required: false
summary: Amazon GuardDuty List Organization Admin Accounts
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/tags/{resourceArn}:
get:
operationId: ListTagsForResource
description: Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this
operation returns all assigned tags for a given resource.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ListTagsForResourceResponse'
examples:
ListTagsForResource200Example:
summary: Default ListTagsForResource 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
ListTagsForResource480Example:
summary: Default ListTagsForResource 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
ListTagsForResource481Example:
summary: Default ListTagsForResource 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: resourceArn
in: path
required: true
description: 'The Amazon Resource Name (ARN) for the given GuardDuty resource. '
schema:
type: string
pattern: ^arn:[A-Za-z_.-]{1,20}:guardduty:[A-Za-z0-9_/.-]{0,63}:\d+:detector/[A-Za-z0-9_/.-]{32,264}$
summary: Amazon GuardDuty List Tags for Resource
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
post:
operationId: TagResource
description: Adds tags to a resource.
responses:
'204':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/TagResourceResponse'
examples:
TagResource204Example:
summary: Default TagResource 204 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
TagResource480Example:
summary: Default TagResource 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
TagResource481Example:
summary: Default TagResource 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: resourceArn
in: path
required: true
description: The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.
schema:
type: string
pattern: ^arn:[A-Za-z_.-]{1,20}:guardduty:[A-Za-z0-9_/.-]{0,63}:\d+:detector/[A-Za-z0-9_/.-]{32,264}$
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- tags
properties:
tags:
description: The tags to be added to a resource.
type: object
minProperties: 1
maxProperties: 200
additionalProperties:
$ref: '#/components/schemas/TagValue'
summary: Amazon GuardDuty Tag Resource
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/detector/{detectorId}/member/start:
post:
operationId: StartMonitoringMembers
description: Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/StartMonitoringMembersResponse'
examples:
StartMonitoringMembers200Example:
summary: Default StartMonitoringMembers 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
StartMonitoringMembers480Example:
summary: Default StartMonitoringMembers 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
StartMonitoringMembers481Example:
summary: Default StartMonitoringMembers 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor.
schema:
type: string
minLength: 1
maxLength: 300
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- accountIds
properties:
accountIds:
description: A list of account IDs of the GuardDuty member accounts to start monitoring.
type: array
items:
$ref: '#/components/schemas/AccountId'
minItems: 1
maxItems: 50
summary: Amazon GuardDuty Start Monitoring Members
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}/member/stop:
post:
operationId: StopMonitoringMembers
description: Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts.
With
autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to stop monitoring the member accounts in your
organization.
findingIds.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/UnarchiveFindingsResponse'
examples:
UnarchiveFindings200Example:
summary: Default UnarchiveFindings 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
UnarchiveFindings480Example:
summary: Default UnarchiveFindings 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
UnarchiveFindings481Example:
summary: Default UnarchiveFindings 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The ID of the detector associated with the findings to unarchive.
schema:
type: string
minLength: 1
maxLength: 300
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- findingIds
properties:
findingIds:
description: The IDs of the findings to unarchive.
type: array
items:
$ref: '#/components/schemas/FindingId'
minItems: 0
maxItems: 50
summary: Amazon GuardDuty Unarchive Findings
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/tags/{resourceArn}#tagKeys:
delete:
operationId: UntagResource
description: Removes tags from a resource.
responses:
'204':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/UntagResourceResponse'
examples:
UntagResource204Example:
summary: Default UntagResource 204 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
UntagResource480Example:
summary: Default UntagResource 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
UntagResource481Example:
summary: Default UntagResource 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: resourceArn
in: path
required: true
description: The Amazon Resource Name (ARN) for the resource to remove tags from.
schema:
type: string
pattern: ^arn:[A-Za-z_.-]{1,20}:guardduty:[A-Za-z0-9_/.-]{0,63}:\d+:detector/[A-Za-z0-9_/.-]{32,264}$
- name: tagKeys
in: query
required: true
description: The tag keys to remove from the resource.
schema:
type: array
items:
$ref: '#/components/schemas/TagKey'
minItems: 1
maxItems: 200
summary: Amazon GuardDuty Untag Resource
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}/findings/feedback:
post:
operationId: UpdateFindingsFeedback
description: Marks the specified GuardDuty findings as useful or not useful.
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateFindingsFeedbackResponse'
examples:
UpdateFindingsFeedback200Example:
summary: Default UpdateFindingsFeedback 200 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'480':
description: BadRequestException
content:
application/json:
schema:
$ref: '#/components/schemas/BadRequestException'
examples:
UpdateFindingsFeedback480Example:
summary: Default UpdateFindingsFeedback 480 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
'481':
description: InternalServerErrorException
content:
application/json:
schema:
$ref: '#/components/schemas/InternalServerErrorException'
examples:
UpdateFindingsFeedback481Example:
summary: Default UpdateFindingsFeedback 481 response
x-microcks-default: true
value:
detectorId: abc123
format: DNS_LOGS
parameters:
- name: detectorId
in: path
required: true
description: The ID of the detector associated with the findings to update feedback for.
schema:
type: string
minLength: 1
maxLength: 300
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- findingIds
- feedback
properties:
findingIds:
description: The IDs of the findings that you want to mark as useful or not useful.
type: array
items:
$ref: '#/components/schemas/FindingId'
minItems: 0
maxItems: 50
feedback:
description: The feedback for the finding.
type: string
enum:
- USEFUL
- NOT_USEFUL
comments:
description: Additional feedback about the GuardDuty findings.
type: string
summary: Amazon GuardDuty Update Findings Feedback
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
parameters:
- $ref: '#/components/parameters/X-Amz-Content-Sha256'
- $ref: '#/components/parameters/X-Amz-Date'
- $ref: '#/components/parameters/X-Amz-Algorithm'
- $ref: '#/components/parameters/X-Amz-Credential'
- $ref: '#/components/parameters/X-Amz-Security-Token'
- $ref: '#/components/parameters/X-Amz-Signature'
- $ref: '#/components/parameters/X-Amz-SignedHeaders'
/detector/{detectorId}/member/detector/update:
post:
operationId: UpdateMemberDetectors
description: Contains information on member accounts to be updated.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/UpdateMemberDetectorsResponse' examples: UpdateMemberDetectors200Example: summary: Default UpdateMemberDetectors 200 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '480': description: BadRequestException content: application/json: schema: $ref: '#/components/schemas/BadRequestException' examples: UpdateMemberDetectors480Example: summary: Default UpdateMemberDetectors 480 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS '481': description: InternalServerErrorException content: application/json: schema: $ref: '#/components/schemas/InternalServerErrorException' examples: UpdateMemberDetectors481Example: summary: Default UpdateMemberDetectors 481 response x-microcks-default: true value: detectorId: abc123 format: DNS_LOGS parameters: - name: detectorId in: path required: true description: The detector ID of the administrator account. schema: type: string minLength: 1 maxLength: 300 requestBody: required: true content: application/json: schema: type: object required: - accountIds properties: accountIds: description: A list of member account IDs to be updated. type: array items: $ref: '#/components/schemas/AccountId' minItems: 1 maxItems: 50 dataSources: description: Contains information about which data sources are enabled. type: object properties: S3Logs: allOf: - $ref: '#/components/schemas/S3LogsConfiguration' - xml: name: s3Logs description: Describes whether S3 data event logs are enabled as a data source. Kubernetes: allOf: - $ref: '#/components/schemas/KubernetesConfiguration' - xml: name: kubernetes description: Describes whether any Kubernetes logs are enabled as data sources. MalwareProtection: allOf: - $ref: '#/components/schemas/MalwareProtectionConfiguration' - xml: name: malwareProtection description: Describes whether Malware Protection is enabled as a data source. features: description: A list of features that will be updated for the specified member accounts. type: array items: $ref: '#/components/schemas/MemberFeaturesConfiguration' summary: Amazon GuardDuty Update Member Detectors x-microcks-operation: delay: 0 dispatcher: FALLBACK parameters: - $ref: '#/components/parameters/X-Amz-Content-Sha256' - $ref: '#/components/parameters/X-Amz-Date' - $ref: '#/components/parameters/X-Amz-Algorithm' - $ref: '#/components/parameters/X-Amz-Credential' - $ref: '#/components/parameters/X-Amz-Security-Token' - $ref: '#/components/parameters/X-Amz-Signature' - $ref: '#/components/parameters/X-Amz-SignedHeaders' components: parameters: X-Amz-Content-Sha256: name: X-Amz-Content-Sha256 in: header schema: type: string required: false X-Amz-Date: name: X-Amz-Date in: header schema: type: string required: false X-Amz-Algorithm: name: X-Amz-Algorithm in: header schema: type: string required: false X-Amz-Credential: name: X-Amz-Credential in: header schema: type: string required: false X-Amz-Security-Token: name: X-Amz-Security-Token in: header schema: type: string required: false X-Amz-Signature: name: X-Amz-Signature in: header schema: type: string required: false X-Amz-SignedHeaders: name: X-Amz-SignedHeaders in: header schema: type: string required: false securitySchemes: hmac: type: apiKey name: Authorization in: header description: Amazon Signature authorization v4 x-amazon-apigateway-authtype: awsSigv4 schemas: AcceptAdministratorInvitationResponse: type: object properties: {} BadRequestException: {} InternalServerErrorException: {} AcceptInvitationResponse: type: object deprecated: true properties: {} description: This output is deprecated, use AcceptAdministratorInvitationResponse instead ArchiveFindingsResponse: type: object properties: {} FindingId: type: string minLength: 1 maxLength: 300 CreateDetectorResponse: type: object properties: DetectorId: allOf: - $ref: '#/components/schemas/DetectorId' - xml: name: detectorId description: The unique ID of the created detector. UnprocessedDataSources: allOf: - $ref: '#/components/schemas/UnprocessedDataSourcesResult' - xml: name: unprocessedDataSources description: Specifies the data sources that couldn't be enabled when GuardDuty was enabled for the first time. S3LogsConfiguration: type: object required: - Enable properties: Enable: allOf: - $ref: '#/components/schemas/Boolean' - xml: name: enable description: ' The status of S3 data event logs as a data source.' description: Describes whether S3 data event logs will be enabled as a data source. KubernetesConfiguration: type: object required: - AuditLogs properties: AuditLogs: allOf: - $ref: '#/components/schemas/KubernetesAuditLogsConfiguration' - xml: name: auditLogs description: The status of Kubernetes audit logs as a data source. description: Describes whether any Kubernetes data sources are enabled. MalwareProtectionConfiguration: type: object properties: ScanEc2InstanceWithFindings: allOf: - $ref: '#/components/schemas/ScanEc2InstanceWithFindings' - xml: name: scanEc2InstanceWithFindings description: Describes the configuration of Malware Protection for EC2 instances with findings. description: Describes whether Malware Protection will be enabled as a data source. TagValue: type: string maxLength: 256 DetectorFeatureConfiguration: type: object properties: Name: allOf: - $ref: '#/components/schemas/DetectorFeature' - xml: name: name description: The name of the feature. Status: allOf: - $ref: '#/components/schemas/FeatureStatus' - xml: name: status description: The status of the feature. AdditionalConfiguration: allOf: - $ref: '#/components/schemas/DetectorAdditionalConfigurations' - xml: name: additionalConfiguration description: Additional configuration for a resource. description: Contains information about a GuardDuty feature. CreateFilterResponse: type: object required: - Name properties: Name: allOf: - $ref: '#/components/schemas/FilterName' - xml: name: name description: The name of the successfully created filter. Criterion: type: object additionalProperties: $ref: '#/components/schemas/Condition' CreateIPSetResponse: type: object required: - IpSetId properties: IpSetId: allOf: - $ref: '#/components/schemas/String' - xml: name: ipSetId description: The ID of the IPSet resource. CreateMembersResponse: type: object required: - UnprocessedAccounts properties: UnprocessedAccounts: allOf: - $ref: '#/components/schemas/UnprocessedAccounts' - xml: name: unprocessedAccounts description: A list of objects that include theaccountIds of the unprocessed accounts and a result string that explains why each was unprocessed.
AccountDetail:
type: object
required:
- AccountId
- Email
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/AccountId'
- xml:
name: accountId
description: The member account ID.
Email:
allOf:
- $ref: '#/components/schemas/Email'
- xml:
name: email
description: The email address of the member account.
description: Contains information about the account.
CreatePublishingDestinationResponse:
type: object
required:
- DestinationId
properties:
DestinationId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: destinationId
description: The ID of the publishing destination that is created.
String:
type: string
CreateSampleFindingsResponse:
type: object
properties: {}
FindingType:
type: string
minLength: 1
maxLength: 50
CreateThreatIntelSetResponse:
type: object
required:
- ThreatIntelSetId
properties:
ThreatIntelSetId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: threatIntelSetId
description: The ID of the ThreatIntelSet resource.
DeclineInvitationsResponse:
type: object
required:
- UnprocessedAccounts
properties:
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.
AccountId:
type: string
minLength: 12
maxLength: 12
DeleteDetectorResponse:
type: object
properties: {}
DeleteFilterResponse:
type: object
properties: {}
DeleteIPSetResponse:
type: object
properties: {}
DeleteInvitationsResponse:
type: object
required:
- UnprocessedAccounts
properties:
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.
DeleteMembersResponse:
type: object
required:
- UnprocessedAccounts
properties:
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: The accounts that could not be processed.
DeletePublishingDestinationResponse:
type: object
properties: {}
DeleteThreatIntelSetResponse:
type: object
properties: {}
DescribeMalwareScansResponse:
type: object
required:
- Scans
properties:
Scans:
allOf:
- $ref: '#/components/schemas/Scans'
- xml:
name: scans
description: Contains information about malware scans.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
FilterCriterionList:
type: array
items:
$ref: '#/components/schemas/FilterCriterion'
minItems: 0
maxItems: 1
OrderBy:
type: string
enum:
- ASC
- DESC
DescribeOrganizationConfigurationResponse:
type: object
required:
- MemberAccountLimitReached
properties:
AutoEnable:
allOf:
- $ref: '#/components/schemas/Boolean'
- deprecated: true
xml:
name: autoEnable
description: Indicates whether GuardDuty is automatically enabled for accounts added to the organization.
Even though this is still supported, we recommend using
AutoEnableOrganizationMembers to achieve the similar results.
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization.
NEW: Indicates that when a new account joins
the organization, they will have GuardDuty enabled automatically.
ALL: Indicates that all accounts in the Amazon Web Services Organization have GuardDuty enabled
automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE: Indicates that GuardDuty will not be automatically enabled for any accounts in the organization. GuardDuty must be managed for each account individually by the administrator.
DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.
DisableOrganizationAdminAccountResponse:
type: object
properties: {}
DisassociateFromAdministratorAccountResponse:
type: object
properties: {}
DisassociateFromMasterAccountResponse:
type: object
deprecated: true
properties: {}
description: This output is deprecated, use DisassociateFromAdministratorAccountResponse instead
DisassociateMembersResponse:
type: object
required:
- UnprocessedAccounts
properties:
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.
EnableOrganizationAdminAccountResponse:
type: object
properties: {}
GetAdministratorAccountResponse:
type: object
required:
- Administrator
properties:
Administrator:
allOf:
- $ref: '#/components/schemas/Administrator'
- xml:
name: administrator
description: The administrator account details.
GetCoverageStatisticsResponse:
type: object
properties:
CoverageStatistics:
allOf:
- $ref: '#/components/schemas/CoverageStatistics'
- xml:
name: coverageStatistics
description: Represents the count aggregated by the statusCode and resourceType.
CoverageFilterCriterionList:
type: array
items:
$ref: '#/components/schemas/CoverageFilterCriterion'
minItems: 0
maxItems: 50
CoverageStatisticsType:
type: string
enum:
- COUNT_BY_RESOURCE_TYPE
- COUNT_BY_COVERAGE_STATUS
GetDetectorResponse:
type: object
required:
- ServiceRole
- Status
properties:
CreatedAt:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: createdAt
description: The timestamp of when the detector was created.
FindingPublishingFrequency:
allOf:
- $ref: '#/components/schemas/FindingPublishingFrequency'
- xml:
name: findingPublishingFrequency
description: The publishing frequency of the finding.
ServiceRole:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: serviceRole
description: The GuardDuty service role.
Status:
allOf:
- $ref: '#/components/schemas/DetectorStatus'
- xml:
name: status
description: The detector status.
UpdatedAt:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: updatedAt
description: The last-updated timestamp for the detector.
DataSources:
allOf:
- $ref: '#/components/schemas/DataSourceConfigurationsResult'
- deprecated: true
xml:
name: dataSources
description: Describes which data sources are enabled for the detector.This parameter is deprecated, use Features instead
Tags:
allOf:
- $ref: '#/components/schemas/TagMap'
- xml:
name: tags
description: The tags of the detector resource.
Features:
allOf:
- $ref: '#/components/schemas/DetectorFeatureConfigurationsResults'
- xml:
name: features
description: Describes the features that have been enabled for the detector.
GetFilterResponse:
type: object
required:
- Name
- Action
- FindingCriteria
properties:
Name:
allOf:
- $ref: '#/components/schemas/FilterName'
- xml:
name: name
description: The name of the filter.
Description:
allOf:
- $ref: '#/components/schemas/FilterDescription'
- xml:
name: description
description: The description of the filter.
Action:
allOf:
- $ref: '#/components/schemas/FilterAction'
- xml:
name: action
description: Specifies the action that is to be applied to the findings that match the filter.
Rank:
allOf:
- $ref: '#/components/schemas/FilterRank'
- xml:
name: rank
description: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria:
allOf:
- $ref: '#/components/schemas/FindingCriteria'
- xml:
name: findingCriteria
description: Represents the criteria to be used in the filter for querying findings.
Tags:
allOf:
- $ref: '#/components/schemas/TagMap'
- xml:
name: tags
description: The tags of the filter resource.
GetFindingsResponse:
type: object
required:
- Findings
properties:
Findings:
allOf:
- $ref: '#/components/schemas/Findings'
- xml:
name: findings
description: A list of findings.
GetFindingsStatisticsResponse:
type: object
required:
- FindingStatistics
properties:
FindingStatistics:
allOf:
- $ref: '#/components/schemas/FindingStatistics'
- xml:
name: findingStatistics
description: The finding statistics object.
FindingStatisticType:
type: string
enum:
- COUNT_BY_SEVERITY
GetIPSetResponse:
type: object
required:
- Name
- Format
- Location
- Status
properties:
Name:
allOf:
- $ref: '#/components/schemas/Name'
- xml:
name: name
description: The user-friendly name for the IPSet.
Format:
allOf:
- $ref: '#/components/schemas/IpSetFormat'
- xml:
name: format
description: The format of the file that contains the IPSet.
Location:
allOf:
- $ref: '#/components/schemas/Location'
- xml:
name: location
description: The URI of the file that contains the IPSet.
Status:
allOf:
- $ref: '#/components/schemas/IpSetStatus'
- xml:
name: status
description: The status of IPSet file that was uploaded.
Tags:
allOf:
- $ref: '#/components/schemas/TagMap'
- xml:
name: tags
description: The tags of the IPSet resource.
GetInvitationsCountResponse:
type: object
properties:
InvitationsCount:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: invitationsCount
description: The number of received invitations.
GetMalwareScanSettingsResponse:
type: object
properties:
ScanResourceCriteria:
allOf:
- $ref: '#/components/schemas/ScanResourceCriteria'
- xml:
name: scanResourceCriteria
description: Represents the criteria to be used in the filter for scanning resources.
EbsSnapshotPreservation:
allOf:
- $ref: '#/components/schemas/EbsSnapshotPreservation'
- xml:
name: ebsSnapshotPreservation
description: An enum value representing possible snapshot preservation settings.
GetMasterAccountResponse:
type: object
required:
- Master
deprecated: true
properties:
Master:
allOf:
- $ref: '#/components/schemas/Master'
- xml:
name: master
description: The administrator account details.
description: This output is deprecated, use GetAdministratorAccountResponse instead
GetMemberDetectorsResponse:
type: object
required:
- MemberDataSourceConfigurations
- UnprocessedAccounts
properties:
MemberDataSourceConfigurations:
allOf:
- $ref: '#/components/schemas/MemberDataSourceConfigurations'
- xml:
name: members
description: An object that describes which data sources are enabled for a member account.
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.
GetMembersResponse:
type: object
required:
- Members
- UnprocessedAccounts
properties:
Members:
allOf:
- $ref: '#/components/schemas/Members'
- xml:
name: members
description: A list of members.
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.
GetRemainingFreeTrialDaysResponse:
type: object
properties:
Accounts:
allOf:
- $ref: '#/components/schemas/AccountFreeTrialInfos'
- xml:
name: accounts
description: The member accounts which were included in a request and were processed successfully.
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: The member account that was included in a request but for which the request could not be processed.
GetThreatIntelSetResponse:
type: object
required:
- Name
- Format
- Location
- Status
properties:
Name:
allOf:
- $ref: '#/components/schemas/Name'
- xml:
name: name
description: A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
Format:
allOf:
- $ref: '#/components/schemas/ThreatIntelSetFormat'
- xml:
name: format
description: The format of the threatIntelSet.
Location:
allOf:
- $ref: '#/components/schemas/Location'
- xml:
name: location
description: 'The URI of the file that contains the ThreatIntelSet. '
Status:
allOf:
- $ref: '#/components/schemas/ThreatIntelSetStatus'
- xml:
name: status
description: The status of threatIntelSet file uploaded.
Tags:
allOf:
- $ref: '#/components/schemas/TagMap'
- xml:
name: tags
description: The tags of the threat list resource.
GetUsageStatisticsResponse:
type: object
properties:
UsageStatistics:
allOf:
- $ref: '#/components/schemas/UsageStatistics'
- xml:
name: usageStatistics
description: The usage statistics object. If a UsageStatisticType was provided, the objects representing other types will be null.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
AccountIds:
type: array
items:
$ref: '#/components/schemas/AccountId'
minItems: 1
maxItems: 50
DataSourceList:
type: array
items:
$ref: '#/components/schemas/DataSource'
ResourceList:
type: array
items:
$ref: '#/components/schemas/String'
UsageFeatureList:
type: array
items:
$ref: '#/components/schemas/UsageFeature'
InviteMembersResponse:
type: object
required:
- UnprocessedAccounts
properties:
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.
ListCoverageResponse:
type: object
required:
- Resources
properties:
Resources:
allOf:
- $ref: '#/components/schemas/CoverageResources'
- xml:
name: resources
description: A list of resources and their attributes providing cluster details.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
CoverageSortKey:
type: string
enum:
- ACCOUNT_ID
- CLUSTER_NAME
- COVERAGE_STATUS
- ISSUE
- ADDON_VERSION
- UPDATED_AT
ListDetectorsResponse:
type: object
required:
- DetectorIds
properties:
DetectorIds:
allOf:
- $ref: '#/components/schemas/DetectorIds'
- xml:
name: detectorIds
description: A list of detector IDs.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
ListFiltersResponse:
type: object
required:
- FilterNames
properties:
FilterNames:
allOf:
- $ref: '#/components/schemas/FilterNames'
- xml:
name: filterNames
description: A list of filter names.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
ListFindingsResponse:
type: object
required:
- FindingIds
properties:
FindingIds:
allOf:
- $ref: '#/components/schemas/FindingIds'
- xml:
name: findingIds
description: The IDs of the findings that you're listing.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
ListIPSetsResponse:
type: object
required:
- IpSetIds
properties:
IpSetIds:
allOf:
- $ref: '#/components/schemas/IpSetIds'
- xml:
name: ipSetIds
description: The IDs of the IPSet resources.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
ListInvitationsResponse:
type: object
properties:
Invitations:
allOf:
- $ref: '#/components/schemas/Invitations'
- xml:
name: invitations
description: A list of invitation descriptions.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
ListMembersResponse:
type: object
properties:
Members:
allOf:
- $ref: '#/components/schemas/Members'
- xml:
name: members
description: A list of members.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
ListOrganizationAdminAccountsResponse:
type: object
properties:
AdminAccounts:
allOf:
- $ref: '#/components/schemas/AdminAccounts'
- xml:
name: adminAccounts
description: A list of accounts configured as GuardDuty delegated administrators.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
ListPublishingDestinationsResponse:
type: object
required:
- Destinations
properties:
Destinations:
allOf:
- $ref: '#/components/schemas/Destinations'
- xml:
name: destinations
description: A Destinations object that includes information about each publishing destination returned.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls,
use the NextToken value returned from the previous request to continue listing results after the first page.
ListTagsForResourceResponse:
type: object
properties:
Tags:
allOf:
- $ref: '#/components/schemas/TagMap'
- xml:
name: tags
description: The tags associated with the resource.
ListThreatIntelSetsResponse:
type: object
required:
- ThreatIntelSetIds
properties:
ThreatIntelSetIds:
allOf:
- $ref: '#/components/schemas/ThreatIntelSetIds'
- xml:
name: threatIntelSetIds
description: The IDs of the ThreatIntelSet resources.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: The pagination parameter to be used on the next list operation to retrieve more items.
StartMonitoringMembersResponse:
type: object
required:
- UnprocessedAccounts
properties:
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.
StopMonitoringMembersResponse:
type: object
required:
- UnprocessedAccounts
properties:
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: 'A list of objects that contain an accountId for each account that could not be processed, and a result string that indicates why the account was not processed. '
TagResourceResponse:
type: object
properties: {}
UnarchiveFindingsResponse:
type: object
properties: {}
UntagResourceResponse:
type: object
properties: {}
TagKey:
type: string
pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$
minLength: 1
maxLength: 128
UpdateDetectorResponse:
type: object
properties: {}
UpdateFilterResponse:
type: object
required:
- Name
properties:
Name:
allOf:
- $ref: '#/components/schemas/FilterName'
- xml:
name: name
description: The name of the filter.
UpdateFindingsFeedbackResponse:
type: object
properties: {}
UpdateIPSetResponse:
type: object
properties: {}
UpdateMalwareScanSettingsResponse:
type: object
properties: {}
ScanCriterion:
type: object
description: Represents a map of resource properties that match specified conditions and values when triggering malware scans.
additionalProperties:
$ref: '#/components/schemas/ScanCondition'
UpdateMemberDetectorsResponse:
type: object
required:
- UnprocessedAccounts
properties:
UnprocessedAccounts:
allOf:
- $ref: '#/components/schemas/UnprocessedAccounts'
- xml:
name: unprocessedAccounts
description: A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.
MemberFeaturesConfiguration:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/OrgFeature'
- xml:
name: name
description: The name of the feature.
Status:
allOf:
- $ref: '#/components/schemas/FeatureStatus'
- xml:
name: status
description: The status of the feature.
AdditionalConfiguration:
allOf:
- $ref: '#/components/schemas/MemberAdditionalConfigurations'
- xml:
name: additionalConfiguration
description: Additional configuration of the feature for the member account.
description: Contains information about the features for the member account.
UpdateOrganizationConfigurationResponse:
type: object
properties: {}
OrganizationS3LogsConfiguration:
type: object
required:
- AutoEnable
properties:
AutoEnable:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: autoEnable
description: A value that contains information on whether S3 data event logs will be enabled automatically as a data source for the organization.
description: Describes whether S3 data event logs will be automatically enabled for new members of the organization.
OrganizationKubernetesConfiguration:
type: object
required:
- AuditLogs
properties:
AuditLogs:
allOf:
- $ref: '#/components/schemas/OrganizationKubernetesAuditLogsConfiguration'
- xml:
name: auditLogs
description: Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.
description: Organization-wide Kubernetes data sources configurations.
OrganizationMalwareProtectionConfiguration:
type: object
properties:
ScanEc2InstanceWithFindings:
allOf:
- $ref: '#/components/schemas/OrganizationScanEc2InstanceWithFindings'
- xml:
name: scanEc2InstanceWithFindings
description: Whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization.
description: Organization-wide Malware Protection configurations.
OrganizationFeatureConfiguration:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/OrgFeature'
- xml:
name: name
description: The name of the feature that will be configured for the organization.
AutoEnable:
allOf:
- $ref: '#/components/schemas/OrgFeatureStatus'
- xml:
name: autoEnable
description: The status of the feature that will be configured for the organization.
AdditionalConfiguration:
allOf:
- $ref: '#/components/schemas/OrganizationAdditionalConfigurations'
- xml:
name: additionalConfiguration
description: The additional information that will be configured for the organization.
description: A list of features which will be configured for the organization.
UpdatePublishingDestinationResponse:
type: object
properties: {}
UpdateThreatIntelSetResponse:
type: object
properties: {}
DetectorId:
type: string
minLength: 1
maxLength: 300
AcceptAdministratorInvitationRequest:
type: object
required:
- AdministratorId
- InvitationId
title: AcceptAdministratorInvitationRequest
properties:
AdministratorId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: administratorId
description: The account ID of the GuardDuty administrator account whose invitation you're accepting.
InvitationId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: invitationId
description: The value that is used to validate the administrator account to the member account.
AcceptInvitationRequest:
type: object
required:
- MasterId
- InvitationId
deprecated: true
title: AcceptInvitationRequest
properties:
MasterId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: masterId
description: The account ID of the GuardDuty administrator account whose invitation you're accepting.
InvitationId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: invitationId
description: The value that is used to validate the administrator account to the member account.
description: This input is deprecated, use AcceptAdministratorInvitationRequest instead
Boolean:
type: boolean
AccessControlList:
type: object
properties:
AllowsPublicReadAccess:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: allowsPublicReadAccess
description: A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL).
AllowsPublicWriteAccess:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: allowsPublicWriteAccess
description: A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL).
description: Contains information on the current access control policies for the bucket.
AccessKeyDetails:
type: object
properties:
AccessKeyId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: accessKeyId
description: The access key ID of the user.
PrincipalId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: principalId
description: The principal ID of the user.
UserName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: userName
description: The name of the user.
UserType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: userType
description: The type of the user.
description: Contains information about the access keys.
Email:
type: string
minLength: 1
maxLength: 64
AccountDetails:
type: array
items:
$ref: '#/components/schemas/AccountDetail'
minItems: 1
maxItems: 50
DataSourcesFreeTrial:
type: object
properties:
CloudTrail:
allOf:
- $ref: '#/components/schemas/DataSourceFreeTrial'
- xml:
name: cloudTrail
description: Describes whether any Amazon Web Services CloudTrail management event logs are enabled as data sources.
DnsLogs:
allOf:
- $ref: '#/components/schemas/DataSourceFreeTrial'
- xml:
name: dnsLogs
description: Describes whether any DNS logs are enabled as data sources.
FlowLogs:
allOf:
- $ref: '#/components/schemas/DataSourceFreeTrial'
- xml:
name: flowLogs
description: Describes whether any VPC Flow logs are enabled as data sources.
S3Logs:
allOf:
- $ref: '#/components/schemas/DataSourceFreeTrial'
- xml:
name: s3Logs
description: Describes whether any S3 data event logs are enabled as data sources.
Kubernetes:
allOf:
- $ref: '#/components/schemas/KubernetesDataSourceFreeTrial'
- xml:
name: kubernetes
description: Describes whether any Kubernetes logs are enabled as data sources.
MalwareProtection:
allOf:
- $ref: '#/components/schemas/MalwareProtectionDataSourceFreeTrial'
- xml:
name: malwareProtection
description: Describes whether Malware Protection is enabled as a data source.
description: Contains information about which data sources are enabled for the GuardDuty member account.
FreeTrialFeatureConfigurationsResults:
type: array
items:
$ref: '#/components/schemas/FreeTrialFeatureConfigurationResult'
AccountFreeTrialInfo:
type: object
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: accountId
description: The account identifier of the GuardDuty member account.
DataSources:
allOf:
- $ref: '#/components/schemas/DataSourcesFreeTrial'
- deprecated: true
xml:
name: dataSources
description: Describes the data source enabled for the GuardDuty member account.This parameter is deprecated, use Features instead
Features:
allOf:
- $ref: '#/components/schemas/FreeTrialFeatureConfigurationsResults'
- xml:
name: features
description: A list of features enabled for the GuardDuty account.
description: Provides details of the GuardDuty member account that uses a free trial service.
AccountFreeTrialInfos:
type: array
items:
$ref: '#/components/schemas/AccountFreeTrialInfo'
BlockPublicAccess:
type: object
properties:
IgnorePublicAcls:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: ignorePublicAcls
description: Indicates if S3 Block Public Access is set to IgnorePublicAcls.
RestrictPublicBuckets:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: restrictPublicBuckets
description: Indicates if S3 Block Public Access is set to RestrictPublicBuckets.
BlockPublicAcls:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: blockPublicAcls
description: Indicates if S3 Block Public Access is set to BlockPublicAcls.
BlockPublicPolicy:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: blockPublicPolicy
description: Indicates if S3 Block Public Access is set to BlockPublicPolicy.
description: "Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information. "
AccountLevelPermissions:
type: object
properties:
BlockPublicAccess:
allOf:
- $ref: '#/components/schemas/BlockPublicAccess'
- xml:
name: blockPublicAccess
description: Describes the S3 Block Public Access settings of the bucket's parent account.
description: Contains information about the account level permissions on the S3 bucket.
AwsApiCallAction:
type: object
properties:
Api:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: api
description: The Amazon Web Services API name.
CallerType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: callerType
description: The Amazon Web Services API caller type.
DomainDetails:
allOf:
- $ref: '#/components/schemas/DomainDetails'
- xml:
name: domainDetails
description: The domain information for the Amazon Web Services API call.
ErrorCode:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: errorCode
description: The error code of the failed Amazon Web Services API action.
UserAgent:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: userAgent
description: The agent through which the API request was made.
RemoteIpDetails:
allOf:
- $ref: '#/components/schemas/RemoteIpDetails'
- xml:
name: remoteIpDetails
description: The remote IP information of the connection that initiated the Amazon Web Services API call.
ServiceName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: serviceName
description: The Amazon Web Services service name whose API was invoked.
RemoteAccountDetails:
allOf:
- $ref: '#/components/schemas/RemoteAccountDetails'
- xml:
name: remoteAccountDetails
description: The details of the Amazon Web Services account that made the API call. This field appears if the call was made from outside your account.
AffectedResources:
allOf:
- $ref: '#/components/schemas/AffectedResources'
- xml:
name: affectedResources
description: The details of the Amazon Web Services account that made the API call. This field identifies the resources that were affected by this API call.
description: Contains information about the API action.
DnsRequestAction:
type: object
properties:
Domain:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: domain
description: The domain information for the API request.
Protocol:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: protocol
description: The network connection protocol observed in the activity that prompted GuardDuty to generate the finding.
Blocked:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: blocked
description: Indicates whether the targeted port is blocked.
description: Contains information about the DNS_REQUEST action described in this finding.
NetworkConnectionAction:
type: object
properties:
Blocked:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: blocked
description: Indicates whether EC2 blocked the network connection to your instance.
ConnectionDirection:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: connectionDirection
description: The network connection direction.
LocalPortDetails:
allOf:
- $ref: '#/components/schemas/LocalPortDetails'
- xml:
name: localPortDetails
description: The local port information of the connection.
Protocol:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: protocol
description: The network connection protocol.
LocalIpDetails:
allOf:
- $ref: '#/components/schemas/LocalIpDetails'
- xml:
name: localIpDetails
description: The local IP information of the connection.
RemoteIpDetails:
allOf:
- $ref: '#/components/schemas/RemoteIpDetails'
- xml:
name: remoteIpDetails
description: The remote IP information of the connection.
RemotePortDetails:
allOf:
- $ref: '#/components/schemas/RemotePortDetails'
- xml:
name: remotePortDetails
description: The remote port information of the connection.
description: Contains information about the NETWORK_CONNECTION action described in the finding.
PortProbeAction:
type: object
properties:
Blocked:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: blocked
description: Indicates whether EC2 blocked the port probe to the instance, such as with an ACL.
PortProbeDetails:
allOf:
- $ref: '#/components/schemas/PortProbeDetails'
- xml:
name: portProbeDetails
description: A list of objects related to port probe details.
description: Contains information about the PORT_PROBE action described in the finding.
KubernetesApiCallAction:
type: object
properties:
RequestUri:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: requestUri
description: The Kubernetes API request URI.
Verb:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: verb
description: The Kubernetes API request HTTP verb.
SourceIps:
allOf:
- $ref: '#/components/schemas/SourceIps'
- xml:
name: sourceIps
description: The IP of the Kubernetes API caller and the IPs of any proxies or load balancers between the caller and the API endpoint.
UserAgent:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: userAgent
description: The user agent of the caller of the Kubernetes API.
RemoteIpDetails:
allOf:
- $ref: '#/components/schemas/RemoteIpDetails'
- xml:
name: remoteIpDetails
StatusCode:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: statusCode
description: The resulting HTTP response code of the Kubernetes API call action.
Parameters:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: parameters
description: Parameters related to the Kubernetes API call action.
description: Information about the Kubernetes API call action described in this finding.
RdsLoginAttemptAction:
type: object
properties:
RemoteIpDetails:
allOf:
- $ref: '#/components/schemas/RemoteIpDetails'
- xml:
name: remoteIpDetails
LoginAttributes:
allOf:
- $ref: '#/components/schemas/LoginAttributes'
- description: Indicates the login attributes used in the login attempt.
description: Indicates that a login attempt was made to the potentially compromised database from a remote IP address.
Action:
type: object
properties:
ActionType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: actionType
description: The GuardDuty finding activity type.
AwsApiCallAction:
allOf:
- $ref: '#/components/schemas/AwsApiCallAction'
- xml:
name: awsApiCallAction
description: Information about the AWS_API_CALL action described in this finding.
DnsRequestAction:
allOf:
- $ref: '#/components/schemas/DnsRequestAction'
- xml:
name: dnsRequestAction
description: Information about the DNS_REQUEST action described in this finding.
NetworkConnectionAction:
allOf:
- $ref: '#/components/schemas/NetworkConnectionAction'
- xml:
name: networkConnectionAction
description: Information about the NETWORK_CONNECTION action described in this finding.
PortProbeAction:
allOf:
- $ref: '#/components/schemas/PortProbeAction'
- xml:
name: portProbeAction
description: Information about the PORT_PROBE action described in this finding.
KubernetesApiCallAction:
allOf:
- $ref: '#/components/schemas/KubernetesApiCallAction'
- xml:
name: kubernetesApiCallAction
description: Information about the Kubernetes API call action described in this finding.
RdsLoginAttemptAction:
allOf:
- $ref: '#/components/schemas/RdsLoginAttemptAction'
- xml:
name: rdsLoginAttemptAction
description: Information about RDS_LOGIN_ATTEMPT action described in this finding.
description: Contains information about actions.
AddonDetails:
type: object
properties:
AddonVersion:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: addonVersion
description: Version of the installed EKS add-on.
AddonStatus:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: addonStatus
description: Status of the installed EKS add-on.
description: Information about the installed EKS add-on (GuardDuty security agent).
AdminStatus:
type: string
enum:
- ENABLED
- DISABLE_IN_PROGRESS
minLength: 1
maxLength: 300
AdminAccount:
type: object
properties:
AdminAccountId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: adminAccountId
description: The Amazon Web Services account ID for the account.
AdminStatus:
allOf:
- $ref: '#/components/schemas/AdminStatus'
- xml:
name: adminStatus
description: Indicates whether the account is enabled as the delegated administrator.
description: The account within the organization specified as the GuardDuty delegated administrator.
AdminAccounts:
type: array
items:
$ref: '#/components/schemas/AdminAccount'
minItems: 0
maxItems: 1
Administrator:
type: object
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/AccountId'
- xml:
name: accountId
description: The ID of the account used as the administrator account.
InvitationId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: invitationId
description: The value that is used to validate the administrator account to the member account.
RelationshipStatus:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: relationshipStatus
description: The status of the relationship between the administrator and member accounts.
InvitedAt:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: invitedAt
description: The timestamp when the invitation was sent.
description: Contains information about the administrator account and invitation.
AffectedResources:
type: object
additionalProperties:
$ref: '#/components/schemas/String'
FindingIds:
type: array
items:
$ref: '#/components/schemas/FindingId'
minItems: 0
maxItems: 50
ArchiveFindingsRequest:
type: object
required:
- FindingIds
title: ArchiveFindingsRequest
properties:
FindingIds:
allOf:
- $ref: '#/components/schemas/FindingIds'
- xml:
name: findingIds
description: The IDs of the findings that you want to archive.
AutoEnableMembers:
type: string
enum:
- NEW
- ALL
- NONE
DomainDetails:
type: object
properties:
Domain:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: domain
description: The domain information for the Amazon Web Services API call.
description: Contains information about the domain.
RemoteIpDetails:
type: object
properties:
City:
allOf:
- $ref: '#/components/schemas/City'
- xml:
name: city
description: The city information of the remote IP address.
Country:
allOf:
- $ref: '#/components/schemas/Country'
- xml:
name: country
description: The country code of the remote IP address.
GeoLocation:
allOf:
- $ref: '#/components/schemas/GeoLocation'
- xml:
name: geoLocation
description: The location information of the remote IP address.
IpAddressV4:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: ipAddressV4
description: The IPv4 remote address of the connection.
Organization:
allOf:
- $ref: '#/components/schemas/Organization'
- xml:
name: organization
description: The ISP organization information of the remote IP address.
description: Contains information about the remote IP address of the connection.
RemoteAccountDetails:
type: object
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: accountId
description: The Amazon Web Services account ID of the remote API caller.
Affiliated:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: affiliated
description: Details on whether the Amazon Web Services account of the remote API caller is related to your GuardDuty environment. If this value is True the API caller is
affiliated to your account in some way. If it is False the API caller is from outside your environment.
description: Contains details about the remote Amazon Web Services account that made the API call.
BucketPolicy:
type: object
properties:
AllowsPublicReadAccess:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: allowsPublicReadAccess
description: A value that indicates whether public read access for the bucket is enabled through a bucket policy.
AllowsPublicWriteAccess:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: allowsPublicWriteAccess
description: A value that indicates whether public write access for the bucket is enabled through a bucket policy.
description: Contains information on the current bucket policies for the S3 bucket.
BucketLevelPermissions:
type: object
properties:
AccessControlList:
allOf:
- $ref: '#/components/schemas/AccessControlList'
- xml:
name: accessControlList
description: Contains information on how Access Control Policies are applied to the bucket.
BucketPolicy:
allOf:
- $ref: '#/components/schemas/BucketPolicy'
- xml:
name: bucketPolicy
description: Contains information on the bucket policies for the S3 bucket.
BlockPublicAccess:
allOf:
- $ref: '#/components/schemas/BlockPublicAccess'
- xml:
name: blockPublicAccess
description: Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket.
description: Contains information about the bucket level permissions for the S3 bucket.
City:
type: object
properties:
CityName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: cityName
description: The city name of the remote IP address.
description: Contains information about the city associated with the IP address.
ClientToken:
type: string
minLength: 0
maxLength: 64
DataSourceStatus:
type: string
enum:
- ENABLED
- DISABLED
minLength: 1
maxLength: 300
CloudTrailConfigurationResult:
type: object
required:
- Status
properties:
Status:
allOf:
- $ref: '#/components/schemas/DataSourceStatus'
- xml:
name: status
description: Describes whether CloudTrail is enabled as a data source for the detector.
description: Contains information on the status of CloudTrail as a data source for the detector.
Eq:
type: array
items:
$ref: '#/components/schemas/String'
Neq:
type: array
items:
$ref: '#/components/schemas/String'
Integer:
type: integer
Equals:
type: array
items:
$ref: '#/components/schemas/String'
NotEquals:
type: array
items:
$ref: '#/components/schemas/String'
Long:
type: integer
Condition:
type: object
properties:
Eq:
allOf:
- $ref: '#/components/schemas/Eq'
- deprecated: true
xml:
name: eq
description: Represents the equal condition to be applied to a single field when querying for findings.
Neq:
allOf:
- $ref: '#/components/schemas/Neq'
- deprecated: true
xml:
name: neq
description: Represents the not equal condition to be applied to a single field when querying for findings.
Gt:
allOf:
- $ref: '#/components/schemas/Integer'
- deprecated: true
xml:
name: gt
description: Represents a greater than condition to be applied to a single field when querying for findings.
Gte:
allOf:
- $ref: '#/components/schemas/Integer'
- deprecated: true
xml:
name: gte
description: Represents a greater than or equal condition to be applied to a single field when querying for findings.
Lt:
allOf:
- $ref: '#/components/schemas/Integer'
- deprecated: true
xml:
name: lt
description: Represents a less than condition to be applied to a single field when querying for findings.
Lte:
allOf:
- $ref: '#/components/schemas/Integer'
- deprecated: true
xml:
name: lte
description: Represents a less than or equal condition to be applied to a single field when querying for findings.
Equals:
allOf:
- $ref: '#/components/schemas/Equals'
- xml:
name: equals
description: Represents an equal condition to be applied to a single field when querying for findings.
NotEquals:
allOf:
- $ref: '#/components/schemas/NotEquals'
- xml:
name: notEquals
description: Represents a not equal condition to be applied to a single field when querying for findings.
GreaterThan:
allOf:
- $ref: '#/components/schemas/Long'
- xml:
name: greaterThan
description: Represents a greater than condition to be applied to a single field when querying for findings.
GreaterThanOrEqual:
allOf:
- $ref: '#/components/schemas/Long'
- xml:
name: greaterThanOrEqual
description: Represents a greater than or equal condition to be applied to a single field when querying for findings.
LessThan:
allOf:
- $ref: '#/components/schemas/Long'
- xml:
name: lessThan
description: Represents a less than condition to be applied to a single field when querying for findings.
LessThanOrEqual:
allOf:
- $ref: '#/components/schemas/Long'
- xml:
name: lessThanOrEqual
description: Represents a less than or equal condition to be applied to a single field when querying for findings.
description: Contains information about the condition.
VolumeMounts:
type: array
items:
$ref: '#/components/schemas/VolumeMount'
SecurityContext:
type: object
properties:
Privileged:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: privileged
description: Whether the container is privileged.
description: Container security context.
Container:
type: object
properties:
ContainerRuntime:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: containerRuntime
description: The container runtime (such as, Docker or containerd) used to run the container.
Id:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: id
description: Container ID.
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: Container name.
Image:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: image
description: Container image.
ImagePrefix:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: imagePrefix
description: Part of the image name before the last slash. For example, imagePrefix for public.ecr.aws/amazonlinux/amazonlinux:latest would be public.ecr.aws/amazonlinux. If the image name
is relative and does not have a slash, this field is empty.
VolumeMounts:
allOf:
- $ref: '#/components/schemas/VolumeMounts'
- xml:
name: volumeMounts
description: Container volume mounts.
SecurityContext:
allOf:
- $ref: '#/components/schemas/SecurityContext'
- xml:
name: securityContext
description: Container security context.
description: Details of a container.
Containers:
type: array
items:
$ref: '#/components/schemas/Container'
CountByCoverageStatus:
type: object
additionalProperties:
$ref: '#/components/schemas/Long'
CountByResourceType:
type: object
additionalProperties:
$ref: '#/components/schemas/Long'
CountBySeverity:
type: object
additionalProperties:
$ref: '#/components/schemas/Integer'
Country:
type: object
properties:
CountryCode:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: countryCode
description: The country code of the remote IP address.
CountryName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: countryName
description: The country name of the remote IP address.
description: Contains information about the country where the remote IP address is located.
CoverageEksClusterDetails:
type: object
properties:
ClusterName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: clusterName
description: Name of the EKS cluster.
CoveredNodes:
allOf:
- $ref: '#/components/schemas/Long'
- xml:
name: coveredNodes
description: Represents the nodes within the EKS cluster that have a HEALTHY coverage status.
CompatibleNodes:
allOf:
- $ref: '#/components/schemas/Long'
- xml:
name: compatibleNodes
description: Represents all the nodes within the EKS cluster in your account.
AddonDetails:
allOf:
- $ref: '#/components/schemas/AddonDetails'
- xml:
name: addonDetails
description: Information about the installed EKS add-on.
description: Information about the EKS cluster that has a coverage status.
CoverageFilterCondition:
type: object
properties:
Equals:
allOf:
- $ref: '#/components/schemas/Equals'
- xml:
name: equals
description: Represents an equal condition that is applied to a single field while retrieving the coverage details.
NotEquals:
allOf:
- $ref: '#/components/schemas/NotEquals'
- xml:
name: notEquals
description: Represents a not equal condition that is applied to a single field while retrieving the coverage details.
description: Represents a condition that when matched will be added to the response of the operation.
CoverageFilterCriteria:
type: object
properties:
FilterCriterion:
allOf:
- $ref: '#/components/schemas/CoverageFilterCriterionList'
- xml:
name: filterCriterion
description: Represents a condition that when matched will be added to the response of the operation.
description: Represents the criteria used in the filter.
CoverageFilterCriterionKey:
type: string
enum:
- ACCOUNT_ID
- CLUSTER_NAME
- RESOURCE_TYPE
- COVERAGE_STATUS
- ADDON_VERSION
CoverageFilterCriterion:
type: object
properties:
CriterionKey:
allOf:
- $ref: '#/components/schemas/CoverageFilterCriterionKey'
- xml:
name: criterionKey
description: An enum value representing possible filter fields.
FilterCondition:
allOf:
- $ref: '#/components/schemas/CoverageFilterCondition'
- xml:
name: filterCondition
description: Contains information about the condition.
description: Represents a condition that when matched will be added to the response of the operation.
CoverageResourceDetails:
type: object
properties:
EksClusterDetails:
allOf:
- $ref: '#/components/schemas/CoverageEksClusterDetails'
- xml:
name: eksClusterDetails
description: EKS cluster details involved in the coverage statistics.
ResourceType:
allOf:
- $ref: '#/components/schemas/ResourceType'
- xml:
name: resourceType
description: The type of Amazon Web Services resource.
description: Information about the resource for each individual EKS cluster.
CoverageStatus:
type: string
enum:
- HEALTHY
- UNHEALTHY
Timestamp:
type: string
format: date-time
CoverageResource:
type: object
properties:
ResourceId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: resourceId
description: The unique ID of the resource.
DetectorId:
allOf:
- $ref: '#/components/schemas/DetectorId'
- xml:
name: detectorId
description: The unique ID of the GuardDuty detector associated with the resource.
AccountId:
allOf:
- $ref: '#/components/schemas/AccountId'
- xml:
name: accountId
description: The unique ID of the Amazon Web Services account.
ResourceDetails:
allOf:
- $ref: '#/components/schemas/CoverageResourceDetails'
- xml:
name: resourceDetails
description: Information about the resource for which the coverage statistics are retrieved.
CoverageStatus:
allOf:
- $ref: '#/components/schemas/CoverageStatus'
- xml:
name: coverageStatus
description: Represents the status of the EKS cluster coverage.
Issue:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: issue
description: Represents the reason why a coverage status was UNHEALTHY for the EKS cluster.
UpdatedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: updatedAt
description: The timestamp at which the coverage details for the resource were last updated. This is in UTC format.
description: Information about the resource of the GuardDuty account.
ResourceType:
type: string
enum:
- EKS
CoverageResources:
type: array
items:
$ref: '#/components/schemas/CoverageResource'
CoverageSortCriteria:
type: object
properties:
AttributeName:
allOf:
- $ref: '#/components/schemas/CoverageSortKey'
- xml:
name: attributeName
description: Represents the field name used to sort the coverage details.
OrderBy:
allOf:
- $ref: '#/components/schemas/OrderBy'
- xml:
name: orderBy
description: The order in which the sorted findings are to be displayed.
description: Information about the sorting criteria used in the coverage statistics.
CoverageStatistics:
type: object
properties:
CountByResourceType:
allOf:
- $ref: '#/components/schemas/CountByResourceType'
- xml:
name: countByResourceType
description: Represents coverage statistics for EKS clusters aggregated by resource type.
CountByCoverageStatus:
allOf:
- $ref: '#/components/schemas/CountByCoverageStatus'
- xml:
name: countByCoverageStatus
description: Represents coverage statistics for EKS clusters aggregated by coverage status.
description: Information about the coverage statistics for a resource.
CoverageStatisticsTypeList:
type: array
items:
$ref: '#/components/schemas/CoverageStatisticsType'
FindingPublishingFrequency:
type: string
enum:
- FIFTEEN_MINUTES
- ONE_HOUR
- SIX_HOURS
DataSourceConfigurations:
type: object
properties:
S3Logs:
allOf:
- $ref: '#/components/schemas/S3LogsConfiguration'
- xml:
name: s3Logs
description: Describes whether S3 data event logs are enabled as a data source.
Kubernetes:
allOf:
- $ref: '#/components/schemas/KubernetesConfiguration'
- xml:
name: kubernetes
description: Describes whether any Kubernetes logs are enabled as data sources.
MalwareProtection:
allOf:
- $ref: '#/components/schemas/MalwareProtectionConfiguration'
- xml:
name: malwareProtection
description: Describes whether Malware Protection is enabled as a data source.
description: Contains information about which data sources are enabled.
TagMap:
type: object
minProperties: 1
maxProperties: 200
additionalProperties:
$ref: '#/components/schemas/TagValue'
DetectorFeatureConfigurations:
type: array
items:
$ref: '#/components/schemas/DetectorFeatureConfiguration'
CreateDetectorRequest:
type: object
required:
- Enable
title: CreateDetectorRequest
properties:
Enable:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: enable
description: A Boolean value that specifies whether the detector is to be enabled.
ClientToken:
allOf:
- $ref: '#/components/schemas/ClientToken'
- xml:
name: clientToken
description: The idempotency token for the create request.
FindingPublishingFrequency:
allOf:
- $ref: '#/components/schemas/FindingPublishingFrequency'
- xml:
name: findingPublishingFrequency
description: A value that specifies how frequently updated findings are exported.
DataSources:
allOf:
- $ref: '#/components/schemas/DataSourceConfigurations'
- deprecated: true
xml:
name: dataSources
description: Describes which data sources will be enabled for the detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
This parameter is deprecated, use Features instead Tags: allOf: - $ref: '#/components/schemas/TagMap' - xml: name: tags description: The tags to be added to a new detector resource. Features: allOf: - $ref: '#/components/schemas/DetectorFeatureConfigurations' - xml: name: features description: A list of features that will be configured for the detector. UnprocessedDataSourcesResult: type: object properties: MalwareProtection: allOf: - $ref: '#/components/schemas/MalwareProtectionConfigurationResult' - xml: name: malwareProtection description: Specifies the names of the data sources that couldn't be enabled. FilterName: type: string minLength: 3 maxLength: 64 FilterDescription: type: string minLength: 0 maxLength: 512 FilterAction: type: string enum: - NOOP - ARCHIVE minLength: 1 maxLength: 300 FilterRank: type: integer minimum: 1 maximum: 100 FindingCriteria: type: object properties: Criterion: allOf: - $ref: '#/components/schemas/Criterion' - xml: name: criterion description: Represents a map of finding properties that match specified conditions and values when querying findings. description: Contains information about the criteria used for querying findings. CreateFilterRequest: type: object required: - Name - FindingCriteria title: CreateFilterRequest properties: Name: allOf: - $ref: '#/components/schemas/FilterName' - xml: name: name description: The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character. Description: allOf: - $ref: '#/components/schemas/FilterDescription' - xml: name: description description: The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({
}, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
Action:
allOf:
- $ref: '#/components/schemas/FilterAction'
- xml:
name: action
description: Specifies the action that is to be applied to the findings that match the filter.
Rank:
allOf:
- $ref: '#/components/schemas/FilterRank'
- xml:
name: rank
description: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria:
allOf:
- $ref: '#/components/schemas/FindingCriteria'
- xml:
name: findingCriteria
description: 'Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
accountId
region
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.outpostArn
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.errorCode
service.action.awsApiCallAction.userAgent
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.localIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
resource.s3BucketDetails.publicAccess.effectivePermissions
resource.s3BucketDetails.name
resource.s3BucketDetails.tags.key
resource.s3BucketDetails.tags.value
resource.s3BucketDetails.type
service.resourceRole
severity
type
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
The user-friendly name to identify the IPSet.
Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_).
Format: allOf: - $ref: '#/components/schemas/IpSetFormat' - xml: name: format description: The format of the file that contains the IPSet. Location: allOf: - $ref: '#/components/schemas/Location' - xml: name: location description: 'The URI of the file that contains the IPSet. ' Activate: allOf: - $ref: '#/components/schemas/Boolean' - xml: name: activate description: A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet. ClientToken: allOf: - $ref: '#/components/schemas/ClientToken' - xml: name: clientToken description: The idempotency token for the create request. Tags: allOf: - $ref: '#/components/schemas/TagMap' - xml: name: tags description: The tags to be added to a new IP set resource. CreateMembersRequest: type: object required: - AccountDetails title: CreateMembersRequest properties: AccountDetails: allOf: - $ref: '#/components/schemas/AccountDetails' - xml: name: accountDetails description: A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account. UnprocessedAccounts: type: array items: $ref: '#/components/schemas/UnprocessedAccount' minItems: 0 maxItems: 50 DestinationType: type: string enum: - S3 minLength: 1 maxLength: 300 DestinationProperties: type: object properties: DestinationArn: allOf: - $ref: '#/components/schemas/String' - xml: name: destinationArn description: 'The ARN of the resource to publish to.
To specify an S3 bucket folder use the following format: arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/
EncryptionType is aws:kms.
description: Contains information on the server side encryption method used in the S3 bucket. See S3
Server-Side Encryption for more information.
DeleteDetectorRequest:
type: object
title: DeleteDetectorRequest
properties: {}
DeleteFilterRequest:
type: object
title: DeleteFilterRequest
properties: {}
DeleteIPSetRequest:
type: object
title: DeleteIPSetRequest
properties: {}
DeleteInvitationsRequest:
type: object
required:
- AccountIds
title: DeleteInvitationsRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to delete invitations from.
DeleteMembersRequest:
type: object
required:
- AccountIds
title: DeleteMembersRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of account IDs of the GuardDuty member accounts that you want to delete.
DeletePublishingDestinationRequest:
type: object
title: DeletePublishingDestinationRequest
properties: {}
DeleteThreatIntelSetRequest:
type: object
title: DeleteThreatIntelSetRequest
properties: {}
IntegerValueWithMax:
type: integer
minimum: 1
maximum: 50
FilterCriteria:
type: object
properties:
FilterCriterion:
allOf:
- $ref: '#/components/schemas/FilterCriterionList'
- xml:
name: filterCriterion
description: Represents a condition that when matched will be added to the response of the operation.
description: Represents the criteria to be used in the filter for describing scan entries.
SortCriteria:
type: object
properties:
AttributeName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: attributeName
description: Represents the finding attribute, such as accountId, that sorts the findings.
OrderBy:
allOf:
- $ref: '#/components/schemas/OrderBy'
- xml:
name: orderBy
description: The order by which the sorted findings are to be displayed.
description: Contains information about the criteria used for sorting findings.
DescribeMalwareScansRequest:
type: object
title: DescribeMalwareScansRequest
properties:
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill
nextToken in the request with the value of NextToken from the previous response to continue listing data.
MaxResults:
allOf:
- $ref: '#/components/schemas/IntegerValueWithMax'
- xml:
name: maxResults
description: You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
FilterCriteria:
allOf:
- $ref: '#/components/schemas/FilterCriteria'
- xml:
name: filterCriteria
description: Represents the criteria to be used in the filter for describing scan entries.
SortCriteria:
allOf:
- $ref: '#/components/schemas/SortCriteria'
- xml:
name: sortCriteria
description: Represents the criteria used for sorting scan entries. The attributeName is required and it must
be scanStartTime.
Scans:
type: array
items:
$ref: '#/components/schemas/Scan'
MaxResults:
type: integer
minimum: 1
maximum: 50
DescribeOrganizationConfigurationRequest:
type: object
title: DescribeOrganizationConfigurationRequest
properties: {}
OrganizationDataSourceConfigurationsResult:
type: object
required:
- S3Logs
properties:
S3Logs:
allOf:
- $ref: '#/components/schemas/OrganizationS3LogsConfigurationResult'
- xml:
name: s3Logs
description: Describes whether S3 data event logs are enabled as a data source.
Kubernetes:
allOf:
- $ref: '#/components/schemas/OrganizationKubernetesConfigurationResult'
- xml:
name: kubernetes
description: Describes the configuration of Kubernetes data sources.
MalwareProtection:
allOf:
- $ref: '#/components/schemas/OrganizationMalwareProtectionConfigurationResult'
- xml:
name: malwareProtection
description: Describes the configuration of Malware Protection data source for an organization.
description: An object that contains information on which data sources are automatically enabled for new members within the organization.
OrganizationFeaturesConfigurationsResults:
type: array
items:
$ref: '#/components/schemas/OrganizationFeatureConfigurationResult'
DescribePublishingDestinationRequest:
type: object
title: DescribePublishingDestinationRequest
properties: {}
PublishingStatus:
type: string
enum:
- PENDING_VERIFICATION
- PUBLISHING
- UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY
- STOPPED
minLength: 1
maxLength: 300
Destination:
type: object
required:
- DestinationId
- DestinationType
- Status
properties:
DestinationId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: destinationId
description: The unique ID of the publishing destination.
DestinationType:
allOf:
- $ref: '#/components/schemas/DestinationType'
- xml:
name: destinationType
description: The type of resource used for the publishing destination. Currently, only Amazon S3 buckets are supported.
Status:
allOf:
- $ref: '#/components/schemas/PublishingStatus'
- xml:
name: status
description: The status of the publishing destination.
description: Contains information about the publishing destination, including the ID, type, and status.
Destinations:
type: array
items:
$ref: '#/components/schemas/Destination'
FeatureAdditionalConfiguration:
type: string
enum:
- EKS_ADDON_MANAGEMENT
FeatureStatus:
type: string
enum:
- ENABLED
- DISABLED
DetectorAdditionalConfiguration:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/FeatureAdditionalConfiguration'
- xml:
name: name
description: Name of the additional configuration.
Status:
allOf:
- $ref: '#/components/schemas/FeatureStatus'
- xml:
name: status
description: Status of the additional configuration.
description: Information about the additional configuration for a feature in your GuardDuty account.
DetectorAdditionalConfigurationResult:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/FeatureAdditionalConfiguration'
- xml:
name: name
description: Name of the additional configuration.
Status:
allOf:
- $ref: '#/components/schemas/FeatureStatus'
- xml:
name: status
description: Status of the additional configuration.
UpdatedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: updatedAt
description: The timestamp at which the additional configuration was last updated. This is in UTC format.
description: Information about the additional configuration.
DetectorAdditionalConfigurationResults:
type: array
items:
$ref: '#/components/schemas/DetectorAdditionalConfigurationResult'
DetectorAdditionalConfigurations:
type: array
items:
$ref: '#/components/schemas/DetectorAdditionalConfiguration'
DetectorFeature:
type: string
enum:
- S3_DATA_EVENTS
- EKS_AUDIT_LOGS
- EBS_MALWARE_PROTECTION
- RDS_LOGIN_EVENTS
- EKS_RUNTIME_MONITORING
- LAMBDA_NETWORK_LOGS
DetectorFeatureResult:
type: string
enum:
- FLOW_LOGS
- CLOUD_TRAIL
- DNS_LOGS
- S3_DATA_EVENTS
- EKS_AUDIT_LOGS
- EBS_MALWARE_PROTECTION
- RDS_LOGIN_EVENTS
- EKS_RUNTIME_MONITORING
- LAMBDA_NETWORK_LOGS
DetectorFeatureConfigurationResult:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/DetectorFeatureResult'
- xml:
name: name
description: Indicates the name of the feature that can be enabled for the detector.
Status:
allOf:
- $ref: '#/components/schemas/FeatureStatus'
- xml:
name: status
description: Indicates the status of the feature that is enabled for the detector.
UpdatedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: updatedAt
description: The timestamp at which the feature object was updated.
AdditionalConfiguration:
allOf:
- $ref: '#/components/schemas/DetectorAdditionalConfigurationResults'
- xml:
name: additionalConfiguration
description: Additional configuration for a resource.
description: Contains information about a GuardDuty feature.
DetectorFeatureConfigurationsResults:
type: array
items:
$ref: '#/components/schemas/DetectorFeatureConfigurationResult'
DetectorIds:
type: array
items:
$ref: '#/components/schemas/DetectorId'
minItems: 0
maxItems: 50
DetectorStatus:
type: string
enum:
- ENABLED
- DISABLED
minLength: 1
maxLength: 300
DisableOrganizationAdminAccountRequest:
type: object
required:
- AdminAccountId
title: DisableOrganizationAdminAccountRequest
properties:
AdminAccountId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: adminAccountId
description: The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.
DisassociateFromAdministratorAccountRequest:
type: object
title: DisassociateFromAdministratorAccountRequest
properties: {}
DisassociateFromMasterAccountRequest:
type: object
deprecated: true
title: DisassociateFromMasterAccountRequest
properties: {}
description: This input is deprecated, use DisassociateFromAdministratorAccountRequest instead
DisassociateMembersRequest:
type: object
required:
- AccountIds
title: DisassociateMembersRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.
Double:
type: number
format: double
EbsSnapshotPreservation:
type: string
enum:
- NO_RETENTION
- RETENTION_WITH_FINDING
VolumeDetails:
type: array
items:
$ref: '#/components/schemas/VolumeDetail'
EbsVolumeDetails:
type: object
properties:
ScannedVolumeDetails:
allOf:
- $ref: '#/components/schemas/VolumeDetails'
- xml:
name: scannedVolumeDetails
description: List of EBS volumes that were scanned.
SkippedVolumeDetails:
allOf:
- $ref: '#/components/schemas/VolumeDetails'
- xml:
name: skippedVolumeDetails
description: List of EBS volumes that were skipped from the malware scan.
description: Contains list of scanned and skipped EBS volumes with details.
Sources:
type: array
items:
$ref: '#/components/schemas/String'
ScanDetections:
type: object
properties:
ScannedItemCount:
allOf:
- $ref: '#/components/schemas/ScannedItemCount'
- xml:
name: scannedItemCount
description: Total number of scanned files.
ThreatsDetectedItemCount:
allOf:
- $ref: '#/components/schemas/ThreatsDetectedItemCount'
- xml:
name: threatsDetectedItemCount
description: Total number of infected files.
HighestSeverityThreatDetails:
allOf:
- $ref: '#/components/schemas/HighestSeverityThreatDetails'
- xml:
name: highestSeverityThreatDetails
description: Details of the highest severity threat detected during malware scan and number of infected files.
ThreatDetectedByName:
allOf:
- $ref: '#/components/schemas/ThreatDetectedByName'
- xml:
name: threatDetectedByName
description: Contains details about identified threats organized by threat name.
description: Contains a complete view providing malware scan result details.
EbsVolumeScanDetails:
type: object
properties:
ScanId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: scanId
description: Unique Id of the malware scan that generated the finding.
ScanStartedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: scanStartedAt
description: Returns the start date and time of the malware scan.
ScanCompletedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: scanCompletedAt
description: Returns the completion date and time of the malware scan.
TriggerFindingId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: triggerFindingId
description: GuardDuty finding ID that triggered a malware scan.
Sources:
allOf:
- $ref: '#/components/schemas/Sources'
- xml:
name: sources
description: Contains list of threat intelligence sources used to detect threats.
ScanDetections:
allOf:
- $ref: '#/components/schemas/ScanDetections'
- xml:
name: scanDetections
description: Contains a complete view providing malware scan result details.
description: Contains details from the malware scan that created a finding.
EbsVolumesResult:
type: object
properties:
Status:
allOf:
- $ref: '#/components/schemas/DataSourceStatus'
- xml:
name: status
description: Describes whether scanning EBS volumes is enabled as a data source.
Reason:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: reason
description: Specifies the reason why scanning EBS volumes (Malware Protection) was not enabled as a data source.
description: Describes the configuration of scanning EBS volumes as a data source.
Tags:
type: array
items:
$ref: '#/components/schemas/Tag'
EcsTaskDetails:
type: object
properties:
Arn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: arn
description: The Amazon Resource Name (ARN) of the task.
DefinitionArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: definitionArn
description: The ARN of the task definition that creates the task.
Version:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: version
description: The version counter for the task.
TaskCreatedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: createdAt
description: The Unix timestamp for the time when the task was created.
StartedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: startedAt
description: The Unix timestamp for the time when the task started.
StartedBy:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: startedBy
description: Contains the tag specified when a task is started.
Tags:
allOf:
- $ref: '#/components/schemas/Tags'
- xml:
name: tags
description: The tags of the ECS Task.
Volumes:
allOf:
- $ref: '#/components/schemas/Volumes'
- xml:
name: volumes
description: The list of data volume definitions for the task.
Containers:
allOf:
- $ref: '#/components/schemas/Containers'
- xml:
name: containers
description: The containers that's associated with the task.
Group:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: group
description: The name of the task group that's associated with the task.
description: Contains information about the task in an ECS cluster.
EcsClusterDetails:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: The name of the ECS Cluster.
Arn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: arn
description: The Amazon Resource Name (ARN) that identifies the cluster.
Status:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: status
description: The status of the ECS cluster.
ActiveServicesCount:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: activeServicesCount
description: The number of services that are running on the cluster in an ACTIVE state.
RegisteredContainerInstancesCount:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: registeredContainerInstancesCount
description: The number of container instances registered into the cluster.
RunningTasksCount:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: runningTasksCount
description: The number of tasks in the cluster that are in the RUNNING state.
Tags:
allOf:
- $ref: '#/components/schemas/Tags'
- xml:
name: tags
description: The tags of the ECS Cluster.
TaskDetails:
allOf:
- $ref: '#/components/schemas/EcsTaskDetails'
- xml:
name: taskDetails
description: Contains information about the details of the ECS Task.
description: Contains information about the details of the ECS Cluster.
Volumes:
type: array
items:
$ref: '#/components/schemas/Volume'
EksClusterDetails:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: EKS cluster name.
Arn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: arn
description: EKS cluster ARN.
VpcId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: vpcId
description: The VPC ID to which the EKS cluster is attached.
Status:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: status
description: The EKS cluster status.
Tags:
allOf:
- $ref: '#/components/schemas/Tags'
- xml:
name: tags
description: The EKS cluster tags.
CreatedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: createdAt
description: The timestamp when the EKS cluster was created.
description: Details about the EKS cluster involved in a Kubernetes finding.
EnableOrganizationAdminAccountRequest:
type: object
required:
- AdminAccountId
title: EnableOrganizationAdminAccountRequest
properties:
AdminAccountId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: adminAccountId
description: The Amazon Web Services Account ID for the organization account to be enabled as a GuardDuty delegated administrator.
ThreatIntelligenceDetails:
type: array
items:
$ref: '#/components/schemas/ThreatIntelligenceDetail'
Evidence:
type: object
properties:
ThreatIntelligenceDetails:
allOf:
- $ref: '#/components/schemas/ThreatIntelligenceDetails'
- xml:
name: threatIntelligenceDetails
description: A list of threat intelligence details related to the evidence.
description: Contains information about the reason that the finding was generated.
Feedback:
type: string
enum:
- USEFUL
- NOT_USEFUL
ScanFilePath:
type: object
properties:
FilePath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: filePath
description: The file path of the infected file.
VolumeArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: volumeArn
description: EBS volume Arn details of the infected file.
Hash:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: hash
description: The hash value of the infected file.
FileName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: fileName
description: File name of the infected file.
description: Contains details of infected file including name, file path and hash.
FilePaths:
type: array
items:
$ref: '#/components/schemas/ScanFilePath'
NonEmptyString:
type: string
minLength: 1
maxLength: 200
LongValue:
type: integer
FilterCondition:
type: object
properties:
EqualsValue:
allOf:
- $ref: '#/components/schemas/NonEmptyString'
- xml:
name: equalsValue
description: Represents an equal condition to be applied to a single field when querying for scan entries.
GreaterThan:
allOf:
- $ref: '#/components/schemas/LongValue'
- xml:
name: greaterThan
description: Represents a greater than condition to be applied to a single field when querying for scan entries.
LessThan:
allOf:
- $ref: '#/components/schemas/LongValue'
- xml:
name: lessThan
description: Represents a less than condition to be applied to a single field when querying for scan entries.
description: Contains information about the condition.
FilterCriterion:
type: object
properties:
CriterionKey:
allOf:
- $ref: '#/components/schemas/CriterionKey'
- xml:
name: criterionKey
description: An enum value representing possible scan properties to match with given scan entries.
FilterCondition:
allOf:
- $ref: '#/components/schemas/FilterCondition'
- xml:
name: filterCondition
description: Contains information about the condition.
description: Represents a condition that when matched will be added to the response of the operation. Irrespective of using any filter criteria, an administrator account can view the scan
entries for all of its member accounts. However, each member account can view the scan entries only for their own account.
FilterNames:
type: array
items:
$ref: '#/components/schemas/FilterName'
minItems: 0
maxItems: 50
Resource:
type: object
properties:
AccessKeyDetails:
allOf:
- $ref: '#/components/schemas/AccessKeyDetails'
- xml:
name: accessKeyDetails
description: The IAM access key details (user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
S3BucketDetails:
allOf:
- $ref: '#/components/schemas/S3BucketDetails'
- xml:
name: s3BucketDetails
description: Contains information on the S3 bucket.
InstanceDetails:
allOf:
- $ref: '#/components/schemas/InstanceDetails'
- xml:
name: instanceDetails
description: The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
EksClusterDetails:
allOf:
- $ref: '#/components/schemas/EksClusterDetails'
- xml:
name: eksClusterDetails
description: Details about the EKS cluster involved in a Kubernetes finding.
KubernetesDetails:
allOf:
- $ref: '#/components/schemas/KubernetesDetails'
- xml:
name: kubernetesDetails
description: Details about the Kubernetes user and workload involved in a Kubernetes finding.
ResourceType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: resourceType
description: The type of Amazon Web Services resource.
EbsVolumeDetails:
allOf:
- $ref: '#/components/schemas/EbsVolumeDetails'
- xml:
name: ebsVolumeDetails
description: Contains list of scanned and skipped EBS volumes with details.
EcsClusterDetails:
allOf:
- $ref: '#/components/schemas/EcsClusterDetails'
- xml:
name: ecsClusterDetails
description: Contains information about the details of the ECS Cluster.
ContainerDetails:
allOf:
- $ref: '#/components/schemas/Container'
- xml:
name: containerDetails
RdsDbInstanceDetails:
allOf:
- $ref: '#/components/schemas/RdsDbInstanceDetails'
- xml:
name: rdsDbInstanceDetails
description: Contains information about the database instance to which an anomalous login attempt was made.
RdsDbUserDetails:
allOf:
- $ref: '#/components/schemas/RdsDbUserDetails'
- xml:
name: rdsDbUserDetails
description: Contains information about the user details through which anomalous login attempt was made.
LambdaDetails:
allOf:
- $ref: '#/components/schemas/LambdaDetails'
- xml:
name: lambdaDetails
description: Contains information about the Lambda function that was involved in a finding.
description: Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to generate a finding.
Service:
type: object
properties:
Action:
allOf:
- $ref: '#/components/schemas/Action'
- xml:
name: action
description: Information about the activity that is described in a finding.
Evidence:
allOf:
- $ref: '#/components/schemas/Evidence'
- xml:
name: evidence
description: An evidence object associated with the service.
Archived:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: archived
description: Indicates whether this finding is archived.
Count:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: count
description: The total count of the occurrences of this finding type.
DetectorId:
allOf:
- $ref: '#/components/schemas/DetectorId'
- xml:
name: detectorId
description: The detector ID for the GuardDuty service.
EventFirstSeen:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: eventFirstSeen
description: The first-seen timestamp of the activity that prompted GuardDuty to generate this finding.
EventLastSeen:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: eventLastSeen
description: The last-seen timestamp of the activity that prompted GuardDuty to generate this finding.
ResourceRole:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: resourceRole
description: The resource role information for this finding.
ServiceName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: serviceName
description: The name of the Amazon Web Services service (GuardDuty) that generated a finding.
UserFeedback:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: userFeedback
description: Feedback that was submitted about the finding.
AdditionalInfo:
allOf:
- $ref: '#/components/schemas/ServiceAdditionalInfo'
- xml:
name: additionalInfo
description: Contains additional information about the generated finding.
FeatureName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: featureName
description: The name of the feature that generated a finding.
EbsVolumeScanDetails:
allOf:
- $ref: '#/components/schemas/EbsVolumeScanDetails'
- xml:
name: ebsVolumeScanDetails
description: Returns details from the malware scan that created a finding.
RuntimeDetails:
allOf:
- $ref: '#/components/schemas/RuntimeDetails'
- xml:
name: runtimeDetails
description: Information about the process and any required context values for a specific finding
description: Contains additional information about the generated finding.
Finding:
type: object
required:
- AccountId
- Arn
- CreatedAt
- Id
- Region
- Resource
- SchemaVersion
- Severity
- Type
- UpdatedAt
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: accountId
description: The ID of the account in which the finding was generated.
Arn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: arn
description: The ARN of the finding.
Confidence:
allOf:
- $ref: '#/components/schemas/Double'
- xml:
name: confidence
description: The confidence score for the finding.
CreatedAt:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: createdAt
description: The time and date when the finding was created.
Description:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: description
description: The description of the finding.
Id:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: id
description: The ID of the finding.
Partition:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: partition
description: The partition associated with the finding.
Region:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: region
description: The Region where the finding was generated.
Resource:
allOf:
- $ref: '#/components/schemas/Resource'
- xml:
name: resource
SchemaVersion:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: schemaVersion
description: The version of the schema used for the finding.
Service:
allOf:
- $ref: '#/components/schemas/Service'
- xml:
name: service
Severity:
allOf:
- $ref: '#/components/schemas/Double'
- xml:
name: severity
description: The severity of the finding.
Title:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: title
description: The title of the finding.
Type:
allOf:
- $ref: '#/components/schemas/FindingType'
- xml:
name: type
description: The type of finding.
UpdatedAt:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: updatedAt
description: The time and date when the finding was last updated.
description: Contains information about the finding, which is generated when abnormal or suspicious activity is detected.
FindingStatisticTypes:
type: array
items:
$ref: '#/components/schemas/FindingStatisticType'
minItems: 0
maxItems: 10
FindingStatistics:
type: object
properties:
CountBySeverity:
allOf:
- $ref: '#/components/schemas/CountBySeverity'
- xml:
name: countBySeverity
description: Represents a map of severity to count statistics for a set of findings.
description: Contains information about finding statistics.
Findings:
type: array
items:
$ref: '#/components/schemas/Finding'
minItems: 0
maxItems: 50
FlagsList:
type: array
items:
$ref: '#/components/schemas/String'
FreeTrialFeatureResult:
type: string
enum:
- FLOW_LOGS
- CLOUD_TRAIL
- DNS_LOGS
- S3_DATA_EVENTS
- EKS_AUDIT_LOGS
- EBS_MALWARE_PROTECTION
- RDS_LOGIN_EVENTS
- EKS_RUNTIME_MONITORING
- LAMBDA_NETWORK_LOGS
FreeTrialFeatureConfigurationResult:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/FreeTrialFeatureResult'
- xml:
name: name
description: The name of the feature for which the free trial is configured.
FreeTrialDaysRemaining:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: freeTrialDaysRemaining
description: The number of the remaining free trial days for the feature.
description: Contains information about the free trial period for a feature.
GeoLocation:
type: object
properties:
Lat:
allOf:
- $ref: '#/components/schemas/Double'
- xml:
name: lat
description: The latitude information of the remote IP address.
Lon:
allOf:
- $ref: '#/components/schemas/Double'
- xml:
name: lon
description: The longitude information of the remote IP address.
description: Contains information about the location of the remote IP address.
GetAdministratorAccountRequest:
type: object
title: GetAdministratorAccountRequest
properties: {}
GetCoverageStatisticsRequest:
type: object
required:
- StatisticsType
title: GetCoverageStatisticsRequest
properties:
FilterCriteria:
allOf:
- $ref: '#/components/schemas/CoverageFilterCriteria'
- xml:
name: filterCriteria
description: Represents the criteria used to filter the coverage statistics
StatisticsType:
allOf:
- $ref: '#/components/schemas/CoverageStatisticsTypeList'
- xml:
name: statisticsType
description: Represents the statistics type used to aggregate the coverage details.
GetDetectorRequest:
type: object
title: GetDetectorRequest
properties: {}
GetFilterRequest:
type: object
title: GetFilterRequest
properties: {}
GetFindingsRequest:
type: object
required:
- FindingIds
title: GetFindingsRequest
properties:
FindingIds:
allOf:
- $ref: '#/components/schemas/FindingIds'
- xml:
name: findingIds
description: The IDs of the findings that you want to retrieve.
SortCriteria:
allOf:
- $ref: '#/components/schemas/SortCriteria'
- xml:
name: sortCriteria
description: Represents the criteria used for sorting findings.
GetFindingsStatisticsRequest:
type: object
required:
- FindingStatisticTypes
title: GetFindingsStatisticsRequest
properties:
FindingStatisticTypes:
allOf:
- $ref: '#/components/schemas/FindingStatisticTypes'
- xml:
name: findingStatisticTypes
description: The types of finding statistics to retrieve.
FindingCriteria:
allOf:
- $ref: '#/components/schemas/FindingCriteria'
- xml:
name: findingCriteria
description: Represents the criteria that is used for querying findings.
GetIPSetRequest:
type: object
title: GetIPSetRequest
properties: {}
IpSetStatus:
type: string
enum:
- INACTIVE
- ACTIVATING
- ACTIVE
- DEACTIVATING
- ERROR
- DELETE_PENDING
- DELETED
minLength: 1
maxLength: 300
GetInvitationsCountRequest:
type: object
title: GetInvitationsCountRequest
properties: {}
GetMalwareScanSettingsRequest:
type: object
title: GetMalwareScanSettingsRequest
properties: {}
ScanResourceCriteria:
type: object
properties:
Include:
allOf:
- $ref: '#/components/schemas/ScanCriterion'
- xml:
name: include
description: Represents condition that when matched will allow a malware scan for a certain resource.
Exclude:
allOf:
- $ref: '#/components/schemas/ScanCriterion'
- xml:
name: exclude
description: Represents condition that when matched will prevent a malware scan for a certain resource.
description: Contains information about criteria used to filter resources before triggering malware scan.
GetMasterAccountRequest:
type: object
deprecated: true
title: GetMasterAccountRequest
properties: {}
description: This input is deprecated, use GetAdministratorAccountRequest instead
Master:
type: object
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/AccountId'
- xml:
name: accountId
description: The ID of the account used as the administrator account.
InvitationId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: invitationId
description: The value used to validate the administrator account to the member account.
RelationshipStatus:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: relationshipStatus
description: The status of the relationship between the administrator and member accounts.
InvitedAt:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: invitedAt
description: The timestamp when the invitation was sent.
description: Contains information about the administrator account and invitation.
GetMemberDetectorsRequest:
type: object
required:
- AccountIds
title: GetMemberDetectorsRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: The account ID of the member account.
MemberDataSourceConfigurations:
type: array
items:
$ref: '#/components/schemas/MemberDataSourceConfiguration'
minItems: 1
maxItems: 50
GetMembersRequest:
type: object
required:
- AccountIds
title: GetMembersRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of account IDs of the GuardDuty member accounts that you want to describe.
Members:
type: array
items:
$ref: '#/components/schemas/Member'
minItems: 0
maxItems: 50
GetRemainingFreeTrialDaysRequest:
type: object
title: GetRemainingFreeTrialDaysRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of account identifiers of the GuardDuty member account.
GetThreatIntelSetRequest:
type: object
title: GetThreatIntelSetRequest
properties: {}
ThreatIntelSetStatus:
type: string
enum:
- INACTIVE
- ACTIVATING
- ACTIVE
- DEACTIVATING
- ERROR
- DELETE_PENDING
- DELETED
minLength: 1
maxLength: 300
UsageStatisticType:
type: string
enum:
- SUM_BY_ACCOUNT
- SUM_BY_DATA_SOURCE
- SUM_BY_RESOURCE
- TOP_RESOURCES
- SUM_BY_FEATURES
UsageCriteria:
type: object
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: The account IDs to aggregate usage statistics from.
DataSources:
allOf:
- $ref: '#/components/schemas/DataSourceList'
- deprecated: true
xml:
name: dataSources
description: The data sources to aggregate usage statistics from.This parameter is deprecated, use Features instead
Resources:
allOf:
- $ref: '#/components/schemas/ResourceList'
- xml:
name: resources
description: The resources to aggregate usage statistics from. Only accepts exact resource names.
Features:
allOf:
- $ref: '#/components/schemas/UsageFeatureList'
- xml:
name: features
description: The features to aggregate usage statistics from.
description: Contains information about the criteria used to query usage statistics.
GetUsageStatisticsRequest:
type: object
required:
- UsageStatisticType
- UsageCriteria
title: GetUsageStatisticsRequest
properties:
UsageStatisticType:
allOf:
- $ref: '#/components/schemas/UsageStatisticType'
- xml:
name: usageStatisticsType
description: The type of usage statistics to retrieve.
UsageCriteria:
allOf:
- $ref: '#/components/schemas/UsageCriteria'
- xml:
name: usageCriteria
description: Represents the criteria used for querying usage.
Unit:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: unit
description: The currency unit you would like to view your usage statistics in. Current valid values are USD.
MaxResults:
allOf:
- $ref: '#/components/schemas/MaxResults'
- xml:
name: maxResults
description: The maximum number of results to return in the response.
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls,
use the NextToken value returned from the previous request to continue listing results after the first page.
UsageStatistics:
type: object
properties:
SumByAccount:
allOf:
- $ref: '#/components/schemas/UsageAccountResultList'
- xml:
name: sumByAccount
description: The usage statistic sum organized by account ID.
SumByDataSource:
allOf:
- $ref: '#/components/schemas/UsageDataSourceResultList'
- xml:
name: sumByDataSource
description: The usage statistic sum organized by on data source.
SumByResource:
allOf:
- $ref: '#/components/schemas/UsageResourceResultList'
- xml:
name: sumByResource
description: The usage statistic sum organized by resource.
TopResources:
allOf:
- $ref: '#/components/schemas/UsageResourceResultList'
- xml:
name: topResources
description: Lists the top 50 resources that have generated the most GuardDuty usage, in order from most to least expensive.
SumByFeature:
allOf:
- $ref: '#/components/schemas/UsageFeatureResultList'
- xml:
name: sumByFeature
description: The usage statistic sum organized by feature.
description: 'Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null. '
Groups:
type: array
items:
$ref: '#/components/schemas/String'
GuardDutyArn:
type: string
pattern: ^arn:[A-Za-z_.-]{1,20}:guardduty:[A-Za-z0-9_/.-]{0,63}:\d+:detector/[A-Za-z0-9_/.-]{32,264}$
HighestSeverityThreatDetails:
type: object
properties:
Severity:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: severity
description: Severity level of the highest severity threat detected.
ThreatName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: threatName
description: Threat name of the highest severity threat detected as part of the malware scan.
Count:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: count
description: Total number of infected files with the highest severity threat detected.
description: Contains details of the highest severity threat detected during scan and number of infected files.
HostPath:
type: object
properties:
Path:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: path
description: Path of the file or directory on the host that the volume maps to.
description: Represents a pre-existing file or directory on the host machine that the volume maps to.
IamInstanceProfile:
type: object
properties:
Arn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: arn
description: The profile ARN of the EC2 instance.
Id:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: id
description: The profile ID of the EC2 instance.
description: Contains information about the EC2 instance profile.
InstanceArn:
type: string
pattern: ^arn:(aws|aws-cn|aws-us-gov):[a-z]+:[a-z]+(-[0-9]+|-[a-z]+)+:([0-9]{12}):[a-z\-]+\/[a-zA-Z0-9]*$
NetworkInterfaces:
type: array
items:
$ref: '#/components/schemas/NetworkInterface'
ProductCodes:
type: array
items:
$ref: '#/components/schemas/ProductCode'
InstanceDetails:
type: object
properties:
AvailabilityZone:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: availabilityZone
description: The Availability Zone of the EC2 instance.
IamInstanceProfile:
allOf:
- $ref: '#/components/schemas/IamInstanceProfile'
- xml:
name: iamInstanceProfile
description: The profile information of the EC2 instance.
ImageDescription:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: imageDescription
description: The image description of the EC2 instance.
ImageId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: imageId
description: The image ID of the EC2 instance.
InstanceId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: instanceId
description: The ID of the EC2 instance.
InstanceState:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: instanceState
description: The state of the EC2 instance.
InstanceType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: instanceType
description: The type of the EC2 instance.
OutpostArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: outpostArn
description: The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only applicable to Amazon Web Services Outposts instances.
LaunchTime:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: launchTime
description: The launch time of the EC2 instance.
NetworkInterfaces:
allOf:
- $ref: '#/components/schemas/NetworkInterfaces'
- xml:
name: networkInterfaces
description: The elastic network interface information of the EC2 instance.
Platform:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: platform
description: The platform of the EC2 instance.
ProductCodes:
allOf:
- $ref: '#/components/schemas/ProductCodes'
- xml:
name: productCodes
description: The product code of the EC2 instance.
Tags:
allOf:
- $ref: '#/components/schemas/Tags'
- xml:
name: tags
description: The tags of the EC2 instance.
description: Contains information about the details of an instance.
Invitation:
type: object
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/AccountId'
- xml:
name: accountId
description: The ID of the account that the invitation was sent from.
InvitationId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: invitationId
description: The ID of the invitation. This value is used to validate the inviter account to the member account.
RelationshipStatus:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: relationshipStatus
description: The status of the relationship between the inviter and invitee accounts.
InvitedAt:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: invitedAt
description: The timestamp when the invitation was sent.
description: Contains information about the invitation to become a member account.
Invitations:
type: array
items:
$ref: '#/components/schemas/Invitation'
minItems: 0
maxItems: 50
InviteMembersRequest:
type: object
required:
- AccountIds
title: InviteMembersRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of account IDs of the accounts that you want to invite to GuardDuty as members.
DisableEmailNotification:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: disableEmailNotification
description: A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.
Message:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: message
description: The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
IpSetIds:
type: array
items:
$ref: '#/components/schemas/String'
minItems: 0
maxItems: 50
Ipv6Addresses:
type: array
items:
$ref: '#/components/schemas/String'
SourceIps:
type: array
items:
$ref: '#/components/schemas/String'
KubernetesAuditLogsConfiguration:
type: object
required:
- Enable
properties:
Enable:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: enable
description: The status of Kubernetes audit logs as a data source.
description: Describes whether Kubernetes audit logs are enabled as a data source.
KubernetesAuditLogsConfigurationResult:
type: object
required:
- Status
properties:
Status:
allOf:
- $ref: '#/components/schemas/DataSourceStatus'
- xml:
name: status
description: A value that describes whether Kubernetes audit logs are enabled as a data source.
description: Describes whether Kubernetes audit logs are enabled as a data source.
KubernetesUserDetails:
type: object
properties:
Username:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: username
description: The username of the user who called the Kubernetes API.
Uid:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: uid
description: The user ID of the user who called the Kubernetes API.
Groups:
allOf:
- $ref: '#/components/schemas/Groups'
- xml:
name: groups
description: The groups that include the user who called the Kubernetes API.
description: Details about the Kubernetes user involved in a Kubernetes finding.
KubernetesWorkloadDetails:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: Kubernetes workload name.
Type:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: type
description: Kubernetes workload type (e.g. Pod, Deployment, etc.).
Uid:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: uid
description: Kubernetes workload ID.
Namespace:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: namespace
description: Kubernetes namespace that the workload is part of.
HostNetwork:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: hostNetwork
description: Whether the hostNetwork flag is enabled for the pods included in the workload.
Containers:
allOf:
- $ref: '#/components/schemas/Containers'
- xml:
name: containers
description: Containers running as part of the Kubernetes workload.
Volumes:
allOf:
- $ref: '#/components/schemas/Volumes'
- xml:
name: volumes
description: Volumes used by the Kubernetes workload.
description: Details about the Kubernetes workload involved in a Kubernetes finding.
KubernetesDetails:
type: object
properties:
KubernetesUserDetails:
allOf:
- $ref: '#/components/schemas/KubernetesUserDetails'
- xml:
name: kubernetesUserDetails
description: Details about the Kubernetes user involved in a Kubernetes finding.
KubernetesWorkloadDetails:
allOf:
- $ref: '#/components/schemas/KubernetesWorkloadDetails'
- xml:
name: kubernetesWorkloadDetails
description: Details about the Kubernetes workload involved in a Kubernetes finding.
description: Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.
VpcConfig:
type: object
properties:
SubnetIds:
allOf:
- $ref: '#/components/schemas/SubnetIds'
- xml:
name: subnetIds
description: The identifiers of the subnets that are associated with your Lambda function.
VpcId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: vpcId
description: The identifier of the Amazon Virtual Private Cloud.
SecurityGroups:
allOf:
- $ref: '#/components/schemas/SecurityGroups'
- xml:
name: securityGroups
description: The identifier of the security group attached to the Lambda function.
description: Amazon Virtual Private Cloud configuration details associated with your Lambda function.
LambdaDetails:
type: object
properties:
FunctionArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: functionArn
description: Amazon Resource Name (ARN) of the Lambda function.
FunctionName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: functionName
description: Name of the Lambda function.
Description:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: description
description: Description of the Lambda function.
LastModifiedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: lastModifiedAt
description: The timestamp when the Lambda function was last modified. This field is in the UTC date string format (2023-03-22T19:37:20.168Z).
RevisionId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: revisionId
description: The revision ID of the Lambda function version.
FunctionVersion:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: functionVersion
description: The version of the Lambda function.
Role:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: role
description: The execution role of the Lambda function.
VpcConfig:
allOf:
- $ref: '#/components/schemas/VpcConfig'
- xml:
name: vpcConfig
description: Amazon Virtual Private Cloud configuration details associated with your Lambda function.
Tags:
allOf:
- $ref: '#/components/schemas/Tags'
- xml:
name: tags
description: A list of tags attached to this resource, listed in the format of key:value pair.
description: Information about the Lambda function involved in the finding.
LineageObject:
type: object
properties:
StartTime:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: startTime
description: The time when the process started. This is in UTC format.
NamespacePid:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: namespacePid
description: The process ID of the child process.
UserId:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: userId
description: The user ID of the user that executed the process.
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: The name of the process.
Pid:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: pid
description: The ID of the process.
Uuid:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: uuid
description: The unique ID assigned to the process by GuardDuty.
ExecutablePath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: executablePath
description: The absolute path of the process executable file.
Euid:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: euid
description: The effective user ID that was used to execute the process.
ParentUuid:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: parentUuid
description: The unique ID of the parent process. This ID is assigned to the parent process by GuardDuty.
description: Information about the runtime process details.
Lineage:
type: array
items:
$ref: '#/components/schemas/LineageObject'
ListCoverageRequest:
type: object
title: ListCoverageRequest
properties:
NextToken:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: nextToken
description: A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls,
use the NextToken value returned from the previous request to continue listing results after the first page.
MaxResults:
allOf:
- $ref: '#/components/schemas/MaxResults'
- xml:
name: maxResults
description: The maximum number of results to return in the response.
FilterCriteria:
allOf:
- $ref: '#/components/schemas/CoverageFilterCriteria'
- xml:
name: filterCriteria
description: Represents the criteria used to filter the coverage details.
SortCriteria:
allOf:
- $ref: '#/components/schemas/CoverageSortCriteria'
- xml:
name: sortCriteria
description: Represents the criteria used to sort the coverage details.
ListDetectorsRequest:
type: object
title: ListDetectorsRequest
properties: {}
ListFiltersRequest:
type: object
title: ListFiltersRequest
properties: {}
ListFindingsRequest:
type: object
title: ListFindingsRequest
properties:
FindingCriteria:
allOf:
- $ref: '#/components/schemas/FindingCriteria'
- xml:
name: findingCriteria
description: "Represents the criteria used for querying findings. Valid values include:
JSON field name
accountId
region
confidence
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
service.archived
When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
service.resourceRole
severity
type
updatedAt
Type: Timestamp in Unix Epoch millisecond format: 1486685375000
Describes how The status of the additional configuration that are configured for the member accounts within the organization.
If you set AutoEnable to
NEW, a feature will be configured for only the new accounts when they join the organization.
If you set AutoEnable to NONE, no feature will
be configured for the accounts when they join the organization.
Describes how The status of the feature that are configured for the member accounts within the organization.
If you set AutoEnable to NEW,
a feature will be configured for only the new accounts when they join the organization.
If you set AutoEnable to NONE, no feature will be configured for
the accounts when they join the organization.
SHA256 hash of the process executable.
NamespacePid:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: namespacePid
description: The ID of the child process.
Pwd:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: pwd
description: The present working directory of the process.
Pid:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: pid
description: The ID of the process.
StartTime:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: startTime
description: The time when the process started. This is in UTC format.
Uuid:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: uuid
description: The unique ID assigned to the process by GuardDuty.
ParentUuid:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: parentUuid
description: The unique ID of the parent process. This ID is assigned to the parent process by GuardDuty.
User:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: user
description: The user that executed the process.
UserId:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: userId
description: The unique ID of the user that executed the process.
Euid:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: euid
description: The effective user ID of the user that executed the process.
Lineage:
allOf:
- $ref: '#/components/schemas/Lineage'
- xml:
name: lineage
description: Information about the process's lineage.
description: Information about the observed process.
ProductCode:
type: object
properties:
Code:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: productCodeId
description: The product code information.
ProductType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: productCodeType
description: The product code type.
description: Contains information about the product code for the EC2 instance.
PublicAccess:
type: object
properties:
PermissionConfiguration:
allOf:
- $ref: '#/components/schemas/PermissionConfiguration'
- xml:
name: permissionConfiguration
description: Contains information about how permissions are configured for the S3 bucket.
EffectivePermission:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: effectivePermission
description: Describes the effective permission on this bucket after factoring all attached policies.
description: Describes the public access policies that apply to the S3 bucket.
RdsDbInstanceDetails:
type: object
properties:
DbInstanceIdentifier:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: dbInstanceIdentifier
description: The identifier associated to the database instance that was involved in the finding.
Engine:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: engine
description: The database engine of the database instance involved in the finding.
EngineVersion:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: engineVersion
description: The version of the database engine that was involved in the finding.
DbClusterIdentifier:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: dbClusterIdentifier
description: The identifier of the database cluster that contains the database instance ID involved in the finding.
DbInstanceArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: dbInstanceArn
description: The Amazon Resource Name (ARN) that identifies the database instance involved in the finding.
Tags:
allOf:
- $ref: '#/components/schemas/Tags'
- xml:
name: tags
description: Instance tag key-value pairs associated with the database instance ID.
description: Contains information about the resource type RDSDBInstance involved in a GuardDuty finding.
RdsDbUserDetails:
type: object
properties:
User:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: user
description: The user name used in the anomalous login attempt.
Application:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: application
description: The application name used in the anomalous login attempt.
Database:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: database
description: The name of the database instance involved in the anomalous login attempt.
Ssl:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: ssl
description: The version of the Secure Socket Layer (SSL) used for the network.
AuthMethod:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: authMethod
description: The authentication method used by the user involved in the finding.
description: Contains information about the user and authentication details for a database instance involved in the finding.
S3BucketDetails:
type: array
items:
$ref: '#/components/schemas/S3BucketDetail'
ResourceDetails:
type: object
properties:
InstanceArn:
allOf:
- $ref: '#/components/schemas/InstanceArn'
- xml:
name: instanceArn
description: InstanceArn that was scanned in the scan entry.
description: Represents the resources that were scanned in the scan entry.
RuntimeContext:
type: object
properties:
ModifyingProcess:
allOf:
- $ref: '#/components/schemas/ProcessDetails'
- xml:
name: modifyingProcess
description: Information about the process that modified the current process. This is available for multiple finding types.
ModifiedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: modifiedAt
description: The timestamp at which the process modified the current process. The timestamp is in UTC date string format.
ScriptPath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: scriptPath
description: The path to the script that was executed.
LibraryPath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: libraryPath
description: The path to the new library that was loaded.
LdPreloadValue:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: ldPreloadValue
description: The value of the LD_PRELOAD environment variable.
SocketPath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: socketPath
description: The path to the docket socket that was accessed.
RuncBinaryPath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: runcBinaryPath
description: The path to the leveraged runc implementation.
ReleaseAgentPath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: releaseAgentPath
description: The path in the container that modified the release agent file.
MountSource:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: mountSource
description: The path on the host that is mounted by the container.
MountTarget:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: mountTarget
description: The path in the container that is mapped to the host directory.
FileSystemType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: fileSystemType
description: Represents the type of mounted fileSystem.
Flags:
allOf:
- $ref: '#/components/schemas/FlagsList'
- xml:
name: flags
description: Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
ModuleName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: moduleName
description: The name of the module loaded into the kernel.
ModuleFilePath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: moduleFilePath
description: The path to the module loaded into the kernel.
ModuleSha256:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: moduleSha256
description: The SHA256 hash of the module.
ShellHistoryFilePath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: shellHistoryFilePath
description: The path to the modified shell history file.
TargetProcess:
allOf:
- $ref: '#/components/schemas/ProcessDetails'
- xml:
name: targetProcess
description: Information about the process that had its memory overwritten by the current process.
AddressFamily:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: addressFamily
description: Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.
IanaProtocolNumber:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: ianaProtocolNumber
description: Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only
has the IP protocol.
MemoryRegions:
allOf:
- $ref: '#/components/schemas/MemoryRegionsList'
- xml:
name: memoryRegions
description: Specifies the Region of a process's address space such as stack and heap.
description: Additional information about the suspicious activity.
RuntimeDetails:
type: object
properties:
Process:
allOf:
- $ref: '#/components/schemas/ProcessDetails'
- xml:
name: process
description: Information about the observed process.
Context:
allOf:
- $ref: '#/components/schemas/RuntimeContext'
- xml:
name: context
description: Additional information about the suspicious activity.
description: Information about the process and any required context values for a specific finding.
S3BucketDetail:
type: object
properties:
Arn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: arn
description: The Amazon Resource Name (ARN) of the S3 bucket.
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: The name of the S3 bucket.
Type:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: type
description: Describes whether the bucket is a source or destination bucket.
CreatedAt:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: createdAt
description: The date and time the bucket was created at.
Owner:
allOf:
- $ref: '#/components/schemas/Owner'
- xml:
name: owner
description: The owner of the S3 bucket.
Tags:
allOf:
- $ref: '#/components/schemas/Tags'
- xml:
name: tags
description: All tags attached to the S3 bucket
DefaultServerSideEncryption:
allOf:
- $ref: '#/components/schemas/DefaultServerSideEncryption'
- xml:
name: defaultServerSideEncryption
description: Describes the server side encryption method used in the S3 bucket.
PublicAccess:
allOf:
- $ref: '#/components/schemas/PublicAccess'
- xml:
name: publicAccess
description: Describes the public access policies that apply to the S3 bucket.
description: Contains information on the S3 bucket.
ScanStatus:
type: string
enum:
- RUNNING
- COMPLETED
- FAILED
TriggerDetails:
type: object
properties:
GuardDutyFindingId:
allOf:
- $ref: '#/components/schemas/NonEmptyString'
- xml:
name: guardDutyFindingId
description: The ID of the GuardDuty finding that triggered the malware scan.
Description:
allOf:
- $ref: '#/components/schemas/NonEmptyString'
- xml:
name: description
description: The description of the scan trigger.
description: Represents the reason the scan was triggered.
ScanResultDetails:
type: object
properties:
ScanResult:
allOf:
- $ref: '#/components/schemas/ScanResult'
- xml:
name: scanResult
description: An enum value representing possible scan results.
description: Represents the result of the scan.
Scan:
type: object
properties:
DetectorId:
allOf:
- $ref: '#/components/schemas/DetectorId'
- xml:
name: detectorId
description: The unique ID of the detector that the request is associated with.
AdminDetectorId:
allOf:
- $ref: '#/components/schemas/DetectorId'
- xml:
name: adminDetectorId
description: The unique detector ID of the administrator account that the request is associated with. Note that this value will be the same as the one used for DetectorId if
the account is an administrator.
ScanId:
allOf:
- $ref: '#/components/schemas/NonEmptyString'
- xml:
name: scanId
description: The unique scan ID associated with a scan entry.
ScanStatus:
allOf:
- $ref: '#/components/schemas/ScanStatus'
- xml:
name: scanStatus
description: An enum value representing possible scan statuses.
FailureReason:
allOf:
- $ref: '#/components/schemas/NonEmptyString'
- xml:
name: failureReason
description: Represents the reason for FAILED scan status.
ScanStartTime:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: scanStartTime
description: The timestamp of when the scan was triggered.
ScanEndTime:
allOf:
- $ref: '#/components/schemas/Timestamp'
- xml:
name: scanEndTime
description: The timestamp of when the scan was finished.
TriggerDetails:
allOf:
- $ref: '#/components/schemas/TriggerDetails'
- xml:
name: triggerDetails
description: Specifies the reason why the scan was initiated.
ResourceDetails:
allOf:
- $ref: '#/components/schemas/ResourceDetails'
- xml:
name: resourceDetails
description: Represents the resources that were scanned in the scan entry.
ScanResultDetails:
allOf:
- $ref: '#/components/schemas/ScanResultDetails'
- xml:
name: scanResultDetails
description: Represents the result of the scan.
AccountId:
allOf:
- $ref: '#/components/schemas/AccountId'
- xml:
name: accountId
description: The ID for the account that belongs to the scan.
TotalBytes:
allOf:
- $ref: '#/components/schemas/PositiveLong'
- xml:
name: totalBytes
description: Represents total bytes that were scanned.
FileCount:
allOf:
- $ref: '#/components/schemas/PositiveLong'
- xml:
name: fileCount
description: Represents the number of files that were scanned.
AttachedVolumes:
allOf:
- $ref: '#/components/schemas/VolumeDetails'
- xml:
name: attachedVolumes
description: List of volumes that were attached to the original instance to be scanned.
description: Contains information about a malware scan.
ScanCondition:
type: object
required:
- MapEquals
properties:
MapEquals:
allOf:
- $ref: '#/components/schemas/MapEquals'
- xml:
name: mapEquals
description: Represents an mapEqual condition to be applied to a single field when triggering for malware scan.
description: Contains information about the condition.
ScanCriterionKey:
type: string
enum:
- EC2_INSTANCE_TAG
description: An enum value representing possible resource properties to match with given scan condition.
ScannedItemCount:
type: object
properties:
TotalGb:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: totalGb
description: Total GB of files scanned for malware.
Files:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: files
description: Number of files scanned.
Volumes:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: volumes
description: Total number of scanned volumes.
description: Total number of scanned files.
ThreatsDetectedItemCount:
type: object
properties:
Files:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: files
description: Total number of infected files.
description: Contains total number of infected files.
ThreatDetectedByName:
type: object
properties:
ItemCount:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: itemCount
description: Total number of infected files identified.
UniqueThreatNameCount:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: uniqueThreatNameCount
description: Total number of unique threats by name identified, as part of the malware scan.
Shortened:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: shortened
description: Flag to determine if the finding contains every single infected file-path and/or every threat.
ThreatNames:
allOf:
- $ref: '#/components/schemas/ScanThreatNames'
- xml:
name: threatNames
description: List of identified threats with details, organized by threat name.
description: Contains details about identified threats organized by threat name.
ScanResult:
type: string
enum:
- CLEAN
- INFECTED
ScanThreatName:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: The name of the identified threat.
Severity:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: severity
description: Severity of threat identified as part of the malware scan.
ItemCount:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: itemCount
description: Total number of files infected with given threat.
FilePaths:
allOf:
- $ref: '#/components/schemas/FilePaths'
- xml:
name: filePaths
description: List of infected files in EBS volume with details.
description: Contains files infected with the given threat providing details of malware name and severity.
ScanThreatNames:
type: array
items:
$ref: '#/components/schemas/ScanThreatName'
SecurityGroup:
type: object
properties:
GroupId:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: groupId
description: The security group ID of the EC2 instance.
GroupName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: groupName
description: The security group name of the EC2 instance.
description: Contains information about the security groups associated with the EC2 instance.
ServiceAdditionalInfo:
type: object
properties:
Value:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: value
description: This field specifies the value of the additional information.
Type:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: type
description: Describes the type of the additional information.
description: Additional information about the generated finding.
StartMonitoringMembersRequest:
type: object
required:
- AccountIds
title: StartMonitoringMembersRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of account IDs of the GuardDuty member accounts to start monitoring.
StopMonitoringMembersRequest:
type: object
required:
- AccountIds
title: StopMonitoringMembersRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of account IDs for the member accounts to stop monitoring.
SubnetIds:
type: array
items:
$ref: '#/components/schemas/String'
Tag:
type: object
properties:
Key:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: key
description: The EC2 instance tag key.
Value:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: value
description: The EC2 instance tag value.
description: Contains information about a tag associated with the EC2 instance.
TagKeyList:
type: array
items:
$ref: '#/components/schemas/TagKey'
minItems: 1
maxItems: 200
TagResourceRequest:
type: object
required:
- Tags
title: TagResourceRequest
properties:
Tags:
allOf:
- $ref: '#/components/schemas/TagMap'
- xml:
name: tags
description: The tags to be added to a resource.
ThreatNames:
type: array
items:
$ref: '#/components/schemas/String'
ThreatIntelligenceDetail:
type: object
properties:
ThreatListName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: threatListName
description: The name of the threat intelligence list that triggered the finding.
ThreatNames:
allOf:
- $ref: '#/components/schemas/ThreatNames'
- xml:
name: threatNames
description: A list of names of the threats in the threat intelligence list that triggered the finding.
description: An instance of a threat intelligence detail that constitutes evidence for the finding.
Total:
type: object
properties:
Amount:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: amount
description: The total usage.
Unit:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: unit
description: The currency unit that the amount is given in.
description: Contains the total usage with the corresponding currency unit for that value.
UnarchiveFindingsRequest:
type: object
required:
- FindingIds
title: UnarchiveFindingsRequest
properties:
FindingIds:
allOf:
- $ref: '#/components/schemas/FindingIds'
- xml:
name: findingIds
description: The IDs of the findings to unarchive.
UnprocessedAccount:
type: object
required:
- AccountId
- Result
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/AccountId'
- xml:
name: accountId
description: The Amazon Web Services account ID.
Result:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: result
description: A reason why the account hasn't been processed.
description: Contains information about the accounts that weren't processed.
UntagResourceRequest:
type: object
title: UntagResourceRequest
properties: {}
UpdateDetectorRequest:
type: object
title: UpdateDetectorRequest
properties:
Enable:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: enable
description: Specifies whether the detector is enabled or not enabled.
FindingPublishingFrequency:
allOf:
- $ref: '#/components/schemas/FindingPublishingFrequency'
- xml:
name: findingPublishingFrequency
description: An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.
DataSources:
allOf:
- $ref: '#/components/schemas/DataSourceConfigurations'
- deprecated: true
xml:
name: dataSources
description: Describes which data sources will be updated.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
This parameter is deprecated, use Features instead Features: allOf: - $ref: '#/components/schemas/DetectorFeatureConfigurations' - xml: name: features description: Provides the features that will be updated for the detector. UpdateFilterRequest: type: object title: UpdateFilterRequest properties: Description: allOf: - $ref: '#/components/schemas/FilterDescription' - xml: name: description description: The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({
}, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
Action:
allOf:
- $ref: '#/components/schemas/FilterAction'
- xml:
name: action
description: Specifies the action that is to be applied to the findings that match the filter.
Rank:
allOf:
- $ref: '#/components/schemas/FilterRank'
- xml:
name: rank
description: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria:
allOf:
- $ref: '#/components/schemas/FindingCriteria'
- xml:
name: findingCriteria
description: Represents the criteria to be used in the filter for querying findings.
UpdateFindingsFeedbackRequest:
type: object
required:
- FindingIds
- Feedback
title: UpdateFindingsFeedbackRequest
properties:
FindingIds:
allOf:
- $ref: '#/components/schemas/FindingIds'
- xml:
name: findingIds
description: The IDs of the findings that you want to mark as useful or not useful.
Feedback:
allOf:
- $ref: '#/components/schemas/Feedback'
- xml:
name: feedback
description: The feedback for the finding.
Comments:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: comments
description: Additional feedback about the GuardDuty findings.
UpdateIPSetRequest:
type: object
title: UpdateIPSetRequest
properties:
Name:
allOf:
- $ref: '#/components/schemas/Name'
- xml:
name: name
description: The unique ID that specifies the IPSet that you want to update.
Location:
allOf:
- $ref: '#/components/schemas/Location'
- xml:
name: location
description: 'The updated URI of the file that contains the IPSet. '
Activate:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: activate
description: The updated Boolean value that specifies whether the IPSet is active or not.
UpdateMalwareScanSettingsRequest:
type: object
title: UpdateMalwareScanSettingsRequest
properties:
ScanResourceCriteria:
allOf:
- $ref: '#/components/schemas/ScanResourceCriteria'
- xml:
name: scanResourceCriteria
description: Represents the criteria to be used in the filter for selecting resources to scan.
EbsSnapshotPreservation:
allOf:
- $ref: '#/components/schemas/EbsSnapshotPreservation'
- xml:
name: ebsSnapshotPreservation
description: An enum value representing possible snapshot preservation settings.
UpdateMemberDetectorsRequest:
type: object
required:
- AccountIds
title: UpdateMemberDetectorsRequest
properties:
AccountIds:
allOf:
- $ref: '#/components/schemas/AccountIds'
- xml:
name: accountIds
description: A list of member account IDs to be updated.
DataSources:
allOf:
- $ref: '#/components/schemas/DataSourceConfigurations'
- deprecated: true
xml:
name: dataSources
description: Describes which data sources will be updated.This parameter is deprecated, use Features instead
Features:
allOf:
- $ref: '#/components/schemas/MemberFeaturesConfigurations'
- xml:
name: features
description: A list of features that will be updated for the specified member accounts.
UpdateOrganizationConfigurationRequest:
type: object
title: UpdateOrganizationConfigurationRequest
properties:
AutoEnable:
allOf:
- $ref: '#/components/schemas/Boolean'
- deprecated: true
xml:
name: autoEnable
description: Indicates whether to automatically enable member accounts in the organization.
Even though this is still supported, we recommend using
AutoEnableOrganizationMembers to achieve the similar results.
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization.
NEW: Indicates that when a new account
joins the organization, they will have GuardDuty enabled automatically.
ALL: Indicates that all accounts in the Amazon Web Services Organization have GuardDuty
enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE: Indicates that GuardDuty will not be automatically enabled for any accounts in the organization. GuardDuty must be managed for each account individually by the
administrator.
DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.
UpdateThreatIntelSetRequest:
type: object
title: UpdateThreatIntelSetRequest
properties:
Name:
allOf:
- $ref: '#/components/schemas/Name'
- xml:
name: name
description: The unique ID that specifies the ThreatIntelSet that you want to update.
Location:
allOf:
- $ref: '#/components/schemas/Location'
- xml:
name: location
description: The updated URI of the file that contains the ThreateIntelSet.
Activate:
allOf:
- $ref: '#/components/schemas/Boolean'
- xml:
name: activate
description: The updated Boolean value that specifies whether the ThreateIntelSet is active or not.
UsageAccountResult:
type: object
properties:
AccountId:
allOf:
- $ref: '#/components/schemas/AccountId'
- xml:
name: accountId
description: The Account ID that generated usage.
Total:
allOf:
- $ref: '#/components/schemas/Total'
- xml:
name: total
description: Represents the total of usage for the Account ID.
description: Contains information on the total of usage based on account IDs.
UsageAccountResultList:
type: array
items:
$ref: '#/components/schemas/UsageAccountResult'
UsageDataSourceResult:
type: object
properties:
DataSource:
allOf:
- $ref: '#/components/schemas/DataSource'
- xml:
name: dataSource
description: The data source type that generated usage.
Total:
allOf:
- $ref: '#/components/schemas/Total'
- xml:
name: total
description: Represents the total of usage for the specified data source.
description: Contains information on the result of usage based on data source type.
UsageDataSourceResultList:
type: array
items:
$ref: '#/components/schemas/UsageDataSourceResult'
UsageFeature:
type: string
enum:
- FLOW_LOGS
- CLOUD_TRAIL
- DNS_LOGS
- S3_DATA_EVENTS
- EKS_AUDIT_LOGS
- EBS_MALWARE_PROTECTION
- RDS_LOGIN_EVENTS
- LAMBDA_NETWORK_LOGS
- EKS_RUNTIME_MONITORING
UsageFeatureResult:
type: object
properties:
Feature:
allOf:
- $ref: '#/components/schemas/UsageFeature'
- xml:
name: feature
description: The feature that generated the usage cost.
Total:
allOf:
- $ref: '#/components/schemas/Total'
- xml:
name: total
description: Contains information about the result of the total usage based on the feature.
UsageFeatureResultList:
type: array
items:
$ref: '#/components/schemas/UsageFeatureResult'
UsageResourceResult:
type: object
properties:
Resource:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: resource
description: The Amazon Web Services resource that generated usage.
Total:
allOf:
- $ref: '#/components/schemas/Total'
- xml:
name: total
description: Represents the sum total of usage for the specified resource type.
description: Contains information on the sum of usage based on an Amazon Web Services resource.
UsageResourceResultList:
type: array
items:
$ref: '#/components/schemas/UsageResourceResult'
Volume:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: Volume name.
HostPath:
allOf:
- $ref: '#/components/schemas/HostPath'
- xml:
name: hostPath
description: Represents a pre-existing file or directory on the host machine that the volume maps to.
description: Volume used by the Kubernetes workload.
VolumeDetail:
type: object
properties:
VolumeArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: volumeArn
description: EBS volume Arn information.
VolumeType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: volumeType
description: The EBS volume type.
DeviceName:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: deviceName
description: The device name for the EBS volume.
VolumeSizeInGB:
allOf:
- $ref: '#/components/schemas/Integer'
- xml:
name: volumeSizeInGB
description: EBS volume size in GB.
EncryptionType:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: encryptionType
description: EBS volume encryption type.
SnapshotArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: snapshotArn
description: Snapshot Arn of the EBS volume.
KmsKeyArn:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: kmsKeyArn
description: KMS key Arn used to encrypt the EBS volume.
description: Contains EBS volume details.
VolumeMount:
type: object
properties:
Name:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: name
description: Volume mount name.
MountPath:
allOf:
- $ref: '#/components/schemas/String'
- xml:
name: mountPath
description: Volume mount path.
description: Container volume mount.
security:
- hmac: []