accept_invitation
Accepts the invitation to be monitored by a master GuardDuty account.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty member account.
Type: string
$body
Type: object
{
"MasterId" : "The account ID of the master GuardDuty account whose invitation you're accepting.",
"InvitationId" : "This value is used to validate the master account to the member account."
}
archive_findings
Archives GuardDuty findings specified by the list of finding IDs.
Only the master account can archive findings. Member accounts do not have permission to archive findings from their accounts.
Parameters
detectorId (required)
The ID of the detector that specifies the GuardDuty service whose findings you want to archive.
Type: string
$body
Type: object
{
"FindingIds" : [ "string" ]
}
create_detector
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each region that you enable the service. You can have only one detector per account per region.
Parameters
$body
Type: object
{
"enable" : "A boolean value that specifies whether the detector is to be enabled.",
"clientToken" : "The idempotency token for the create request.",
"findingPublishingFrequency" : "A enum value that specifies how frequently customer got Finding updates published.",
"tags" : "The tags to be added to a new detector resource."
}
create_filter
Creates a filter using the specified finding criteria.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account for which you want to create a filter.
Type: string
$body
Type: object
{
"Action" : "Specifies the action that is to be applied to the findings that match the filter.",
"Description" : "The description of the filter.",
"FindingCriteria" : {
"criterion" : "Represents a map of finding properties that match specified conditions and values when querying findings."
},
"Rank" : "Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.",
"ClientToken" : "The idempotency token for the create request.",
"Tags" : "The tags to be added to a new filter resource.",
"Name" : "The name of the filter."
}
create_ip_set
Creates a new IPSet, called Trusted IP list in the consoler user interface. An IPSet is a list IP addresses trusted for secure communication with AWS infrastructure and applications. GuardDuty does not generate findings for IP addresses included in IPSets. Only users from the master account can use this operation.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.
Type: string
$body
Type: object
{
"Format" : "The format of the file that contains the IPSet.",
"Activate" : "A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.",
"ClientToken" : "The idempotency token for the create request.",
"Tags" : "The tags to be added to a new IP set resource.",
"Name" : "The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.",
"Location" : "The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)"
}
create_members
Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account with which you want to associate member accounts.
Type: string
$body
Type: object
{
"AccountDetails" : [ {
"accountId" : "Member account ID.",
"email" : "Member account's email address."
} ]
}
create_publishing_destination
Creates a publishing destination to send findings to. The resource to send findings to must exist before you use this operation.
Parameters
detectorId (required)
The ID of the GuardDuty detector associated with the publishing destination.
Type: string
$body
Type: object
{
"DestinationProperties" : {
"destinationArn" : "The ARN of the resource to publish to.",
"kmsKeyArn" : "The ARN of the KMS key to use for encryption."
},
"DestinationType" : "The type of resource for the publishing destination. Currently only S3 is supported.",
"ClientToken" : "The idempotency token for the request."
}
create_sample_findings
Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.
Parameters
detectorId (required)
The ID of the detector to create sample findings for.
Type: string
$body
Type: object
{
"FindingTypes" : [ "string" ]
}
create_threat_intel_set
Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the master account can use this operation.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account for which you want to create a threatIntelSet.
Type: string
$body
Type: object
{
"Format" : "The format of the file that contains the ThreatIntelSet.",
"Activate" : "A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.",
"ClientToken" : "The idempotency token for the create request.",
"Tags" : "The tags to be added to a new Threat List resource.",
"Name" : "A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.",
"Location" : "The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)."
}
decline_invitations
Declines invitations sent to the current member account by AWS account specified by their account IDs.
Parameters
$body
Type: object
{
"accountIds" : [ "string" ]
}
delete_detector
Deletes a Amazon GuardDuty detector specified by the detector ID.
Parameters
detectorId (required)
The unique ID of the detector that you want to delete.
Type: string
delete_filter
Deletes the filter specified by the filter name.
Parameters
detectorId (required)
The unique ID of the detector the filter is associated with.
Type: string
filterName (required)
The name of the filter you want to delete.
Type: string
delete_invitations
Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
Parameters
$body
Type: object
{
"accountIds" : [ "string" ]
}
delete_ip_set
Deletes the IPSet specified by the ipSetId. IPSets are called Trusted IP lists in the console user interface.
Parameters
detectorId (required)
The unique ID of the detector associated with the IPSet.
Type: string
ipSetId (required)
The unique ID of the IPSet to delete.
Type: string
delete_members
Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account whose members you want to delete.
Type: string
$body
Type: object
{
"AccountIds" : [ "string" ]
}
delete_publishing_destination
Deletes the publishing definition with the specified destinationId.
Parameters
destinationId (required)
The ID of the publishing destination to delete.
Type: string
detectorId (required)
The unique ID of the detector associated with the publishing destination to delete.
Type: string
delete_threat_intel_set
Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
Parameters
detectorId (required)
The unique ID of the detector the threatIntelSet is associated with.
Type: string
threatIntelSetId (required)
The unique ID of the threatIntelSet you want to delete.
Type: string
describe_publishing_destination
Returns information about the publishing destination specified by the provided destinationId.
Parameters
destinationId (required)
The ID of the publishing destination to retrieve.
Type: string
detectorId (required)
The unique ID of the detector associated with the publishing destination to retrieve.
Type: string
disassociate_from_master_account
Disassociates the current GuardDuty member account from its master account.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty member account.
Type: string
disassociate_members
Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account whose members you want to disassociate from master.
Type: string
$body
Type: object
{
"AccountIds" : [ "string" ]
}
get_detector
Retrieves an Amazon GuardDuty detector specified by the detectorId.
Parameters
detectorId (required)
The unique ID of the detector that you want to get.
Type: string
get_filter
Returns the details of the filter specified by the filter name.
Parameters
detectorId (required)
The unique ID of the detector the filter is associated with.
Type: string
filterName (required)
The name of the filter you want to get.
Type: string
get_findings
Describes Amazon GuardDuty findings specified by finding IDs.
Parameters
detectorId (required)
The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
Type: string
$body
Type: object
{
"SortCriteria" : {
"orderBy" : "Order by which the sorted findings are to be displayed.",
"attributeName" : "Represents the finding attribute (for example, accountId) by which to sort findings."
},
"FindingIds" : [ "string" ]
}
get_findings_statistics
Lists Amazon GuardDuty findings' statistics for the specified detector ID.
Parameters
detectorId (required)
The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
Type: string
$body
Type: object
{
"FindingCriteria" : {
"criterion" : "Represents a map of finding properties that match specified conditions and values when querying findings."
},
"FindingStatisticTypes" : [ "string. Possible values: COUNT_BY_SEVERITY" ]
}
get_invitations_count
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
Parameters
$body
Type: object
{ }
get_ip_set
Retrieves the IPSet specified by the ipSetId.
Parameters
detectorId (required)
The unique ID of the detector the ipSet is associated with.
Type: string
ipSetId (required)
The unique ID of the IPSet to retrieve.
Type: string
get_master_account
Provides the details for the GuardDuty master account associated with the current GuardDuty member account.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty member account.
Type: string
get_members
Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account whose members you want to retrieve.
Type: string
$body
Type: object
{
"AccountIds" : [ "string" ]
}
get_threat_intel_set
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
Parameters
detectorId (required)
The unique ID of the detector the threatIntelSet is associated with.
Type: string
threatIntelSetId (required)
The unique ID of the threatIntelSet you want to get.
Type: string
invite_members
Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account with which you want to invite members.
Type: string
$body
Type: object
{
"AccountIds" : [ "string" ],
"Message" : "The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.",
"DisableEmailNotification" : "A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members."
}
list_detectors
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
This operation has no parameters
list_filters
Returns a paginated list of the current filters.
Parameters
detectorId (required)
The unique ID of the detector the filter is associated with.
Type: string
list_findings
Lists Amazon GuardDuty findings for the specified detector ID.
Parameters
detectorId (required)
The ID of the detector that specifies the GuardDuty service whose findings you want to list.
Type: string
$body
Type: object
{
"SortCriteria" : {
"orderBy" : "Order by which the sorted findings are to be displayed.",
"attributeName" : "Represents the finding attribute (for example, accountId) by which to sort findings."
},
"FindingCriteria" : {
"criterion" : "Represents a map of finding properties that match specified conditions and values when querying findings."
}
}
list_invitations
Lists all GuardDuty membership invitations that were sent to the current AWS account.
This operation has no parameters
list_ip_sets
Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated master account.
Parameters
detectorId (required)
The unique ID of the detector the ipSet is associated with.
Type: string
list_members
Lists details about all member accounts for the current GuardDuty master account.
Parameters
detectorId (required)
The unique ID of the detector the member is associated with.
Type: string
onlyAssociated
Specifies whether to only return associated members or to return all members (including members which haven't been invited yet or have been disassociated).
Type: string
list_publishing_destinations
Returns a list of publishing destinations associated with the specified dectectorId.
Parameters
detectorId (required)
The ID of the detector to retrieve publishing destinations for.
Type: string
maxResults
The maximum number of results to return in the response.
Type: integer
nextToken
A token to use for paginating results returned in the repsonse. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Type: string
list_tags_for_resource
Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and Threat Intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource..
Parameters
resourceArn (required)
The Amazon Resource Name (ARN) for the given GuardDuty resource
Type: string
list_threat_intel_sets
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the master account are returned.
Parameters
detectorId (required)
The unique ID of the detector the threatIntelSet is associated with.
Type: string
start_monitoring_members
Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty master account associated with the member accounts to monitor.
Type: string
$body
Type: object
{
"AccountIds" : [ "string" ]
}
stop_monitoring_members
Stops GuardDuty monitoring for the specified member accounnts. Use the StartMonitoringMembers to restart monitoring for those accounts.
Parameters
detectorId (required)
The unique ID of the detector of the GuardDuty account that you want to stop from monitor members' findings.
Type: string
$body
Type: object
{
"AccountIds" : [ "string" ]
}
tag_resource
Adds tags to a resource.
Parameters
resourceArn (required)
The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.
Type: string
$body
Type: object
{
"Tags" : "The tags to be added to a resource."
}
unarchive_findings
Unarchives GuardDuty findings specified by the findingIds.
Parameters
detectorId (required)
The ID of the detector associated with the findings to unarchive.
Type: string
$body
Type: object
{
"FindingIds" : [ "string" ]
}
untag_resource
Removes tags from a resource.
Parameters
resourceArn (required)
The Amazon Resource Name (ARN) for the resource to remove tags from.
Type: string
tagKeys (required)
The tag keys to remove from the resource.
Type: array
[ "string" ]
update_detector
Updates the Amazon GuardDuty detector specified by the detectorId.
Parameters
detectorId (required)
The unique ID of the detector to update.
Type: string
$body
Type: object
{
"FindingPublishingFrequency" : "A enum value that specifies how frequently findings are exported, such as to CloudWatch Events.",
"Enable" : "Specifies whether the detector is enabled or not enabled."
}
update_filter
Updates the filter specified by the filter name.
Parameters
detectorId (required)
The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
Type: string
filterName (required)
The name of the filter.
Type: string
$body
Type: object
{
"Action" : "Specifies the action that is to be applied to the findings that match the filter.",
"Description" : "The description of the filter.",
"FindingCriteria" : {
"criterion" : "Represents a map of finding properties that match specified conditions and values when querying findings."
},
"Rank" : "Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings."
}
update_findings_feedback
Marks the specified GuardDuty findings as useful or not useful.
Parameters
detectorId (required)
The ID of the detector associated with the findings to update feedback for.
Type: string
$body
Type: object
{
"Feedback" : "The feedback for the finding.",
"Comments" : "Additional feedback about the GuardDuty findings.",
"FindingIds" : [ "string" ]
}
update_ip_set
Updates the IPSet specified by the IPSet ID.
Parameters
detectorId (required)
The detectorID that specifies the GuardDuty service whose IPSet you want to update.
Type: string
ipSetId (required)
The unique ID that specifies the IPSet that you want to update.
Type: string
$body
Type: object
{
"Activate" : "The updated boolean value that specifies whether the IPSet is active or not.",
"Name" : "The unique ID that specifies the IPSet that you want to update.",
"Location" : "The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)."
}
update_publishing_destination
Updates information about the publishing destination specified by the destinationId.
Parameters
destinationId (required)
The ID of the detector associated with the publishing destinations to update.
Type: string
detectorId (required)
The ID of the
Type: string
$body
Type: object
{
"DestinationProperties" : {
"destinationArn" : "The ARN of the resource to publish to.",
"kmsKeyArn" : "The ARN of the KMS key to use for encryption."
}
}
update_threat_intel_set
Updates the ThreatIntelSet specified by ThreatIntelSet ID.
Parameters
detectorId (required)
The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
Type: string
threatIntelSetId (required)
The unique ID that specifies the ThreatIntelSet that you want to update.
Type: string
$body
Type: object
{
"Activate" : "The updated boolean value that specifies whether the ThreateIntelSet is active or not.",
"Name" : "The unique ID that specifies the ThreatIntelSet that you want to update.",
"Location" : "The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)"
}