@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public interface AmazonGuardDuty
Note: Do not directly implement this interface, new methods are added to it regularly. Extend from
AbstractAmazonGuardDuty
instead.
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following foundational data sources - VPC flow logs, Amazon Web Services CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, DNS logs, Amazon EBS volume data, runtime activity belonging to container workloads, such as Amazon EKS, Amazon ECS (including Amazon Web Services Fargate), and Amazon EC2 instances. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, domains, or presence of malware on your Amazon EC2 instances and container workloads. For example, GuardDuty can detect compromised EC2 instances and container workloads serving malware, or mining bitcoin.
GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise, such as unauthorized infrastructure deployments like EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you about the status of your Amazon Web Services environment by producing security findings that you can view in the GuardDuty console or through Amazon EventBridge. For more information, see the Amazon GuardDuty User Guide .
Modifier and Type | Field and Description |
---|---|
static String |
ENDPOINT_PREFIX
The region metadata service name for computing region endpoints.
|
Modifier and Type | Method and Description |
---|---|
AcceptAdministratorInvitationResult |
acceptAdministratorInvitation(AcceptAdministratorInvitationRequest acceptAdministratorInvitationRequest)
Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent
the invitation.
|
AcceptInvitationResult |
acceptInvitation(AcceptInvitationRequest acceptInvitationRequest)
Deprecated.
|
ArchiveFindingsResult |
archiveFindings(ArchiveFindingsRequest archiveFindingsRequest)
Archives GuardDuty findings that are specified by the list of finding IDs.
|
CreateDetectorResult |
createDetector(CreateDetectorRequest createDetectorRequest)
Creates a single GuardDuty detector.
|
CreateFilterResult |
createFilter(CreateFilterRequest createFilterRequest)
Creates a filter using the specified finding criteria.
|
CreateIPSetResult |
createIPSet(CreateIPSetRequest createIPSetRequest)
Creates a new IPSet, which is called a trusted IP list in the console user interface.
|
CreateMalwareProtectionPlanResult |
createMalwareProtectionPlan(CreateMalwareProtectionPlanRequest createMalwareProtectionPlanRequest)
Creates a new Malware Protection plan for the protected resource.
|
CreateMembersResult |
createMembers(CreateMembersRequest createMembersRequest)
Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services
account IDs.
|
CreatePublishingDestinationResult |
createPublishingDestination(CreatePublishingDestinationRequest createPublishingDestinationRequest)
Creates a publishing destination to export findings to.
|
CreateSampleFindingsResult |
createSampleFindings(CreateSampleFindingsRequest createSampleFindingsRequest)
Generates sample findings of types specified by the list of finding types.
|
CreateThreatIntelSetResult |
createThreatIntelSet(CreateThreatIntelSetRequest createThreatIntelSetRequest)
Creates a new ThreatIntelSet.
|
DeclineInvitationsResult |
declineInvitations(DeclineInvitationsRequest declineInvitationsRequest)
Declines invitations sent to the current member account by Amazon Web Services accounts specified by their
account IDs.
|
DeleteDetectorResult |
deleteDetector(DeleteDetectorRequest deleteDetectorRequest)
Deletes an Amazon GuardDuty detector that is specified by the detector ID.
|
DeleteFilterResult |
deleteFilter(DeleteFilterRequest deleteFilterRequest)
Deletes the filter specified by the filter name.
|
DeleteInvitationsResult |
deleteInvitations(DeleteInvitationsRequest deleteInvitationsRequest)
Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account
IDs.
|
DeleteIPSetResult |
deleteIPSet(DeleteIPSetRequest deleteIPSetRequest)
Deletes the IPSet specified by the
ipSetId . |
DeleteMalwareProtectionPlanResult |
deleteMalwareProtectionPlan(DeleteMalwareProtectionPlanRequest deleteMalwareProtectionPlanRequest)
Deletes the Malware Protection plan ID associated with the Malware Protection plan resource.
|
DeleteMembersResult |
deleteMembers(DeleteMembersRequest deleteMembersRequest)
Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
|
DeletePublishingDestinationResult |
deletePublishingDestination(DeletePublishingDestinationRequest deletePublishingDestinationRequest)
Deletes the publishing definition with the specified
destinationId . |
DeleteThreatIntelSetResult |
deleteThreatIntelSet(DeleteThreatIntelSetRequest deleteThreatIntelSetRequest)
Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.
|
DescribeMalwareScansResult |
describeMalwareScans(DescribeMalwareScansRequest describeMalwareScansRequest)
Returns a list of malware scans.
|
DescribeOrganizationConfigurationResult |
describeOrganizationConfiguration(DescribeOrganizationConfigurationRequest describeOrganizationConfigurationRequest)
Returns information about the account selected as the delegated administrator for GuardDuty.
|
DescribePublishingDestinationResult |
describePublishingDestination(DescribePublishingDestinationRequest describePublishingDestinationRequest)
Returns information about the publishing destination specified by the provided
destinationId . |
DisableOrganizationAdminAccountResult |
disableOrganizationAdminAccount(DisableOrganizationAdminAccountRequest disableOrganizationAdminAccountRequest)
Removes the existing GuardDuty delegated administrator of the organization.
|
DisassociateFromAdministratorAccountResult |
disassociateFromAdministratorAccount(DisassociateFromAdministratorAccountRequest disassociateFromAdministratorAccountRequest)
Disassociates the current GuardDuty member account from its administrator account.
|
DisassociateFromMasterAccountResult |
disassociateFromMasterAccount(DisassociateFromMasterAccountRequest disassociateFromMasterAccountRequest)
Deprecated.
|
DisassociateMembersResult |
disassociateMembers(DisassociateMembersRequest disassociateMembersRequest)
Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs.
|
EnableOrganizationAdminAccountResult |
enableOrganizationAdminAccount(EnableOrganizationAdminAccountRequest enableOrganizationAdminAccountRequest)
Designates an Amazon Web Services account within the organization as your GuardDuty delegated administrator.
|
GetAdministratorAccountResult |
getAdministratorAccount(GetAdministratorAccountRequest getAdministratorAccountRequest)
Provides the details of the GuardDuty administrator account associated with the current GuardDuty member account.
|
ResponseMetadata |
getCachedResponseMetadata(AmazonWebServiceRequest request)
Returns additional metadata for a previously executed successful request, typically used for debugging issues
where a service isn't acting as expected.
|
GetCoverageStatisticsResult |
getCoverageStatistics(GetCoverageStatisticsRequest getCoverageStatisticsRequest)
Retrieves aggregated statistics for your account.
|
GetDetectorResult |
getDetector(GetDetectorRequest getDetectorRequest)
Retrieves an Amazon GuardDuty detector specified by the detectorId.
|
GetFilterResult |
getFilter(GetFilterRequest getFilterRequest)
Returns the details of the filter specified by the filter name.
|
GetFindingsResult |
getFindings(GetFindingsRequest getFindingsRequest)
Describes Amazon GuardDuty findings specified by finding IDs.
|
GetFindingsStatisticsResult |
getFindingsStatistics(GetFindingsStatisticsRequest getFindingsStatisticsRequest)
Lists Amazon GuardDuty findings statistics for the specified detector ID.
|
GetInvitationsCountResult |
getInvitationsCount(GetInvitationsCountRequest getInvitationsCountRequest)
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the
currently accepted invitation.
|
GetIPSetResult |
getIPSet(GetIPSetRequest getIPSetRequest)
Retrieves the IPSet specified by the
ipSetId . |
GetMalwareProtectionPlanResult |
getMalwareProtectionPlan(GetMalwareProtectionPlanRequest getMalwareProtectionPlanRequest)
Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.
|
GetMalwareScanSettingsResult |
getMalwareScanSettings(GetMalwareScanSettingsRequest getMalwareScanSettingsRequest)
Returns the details of the malware scan settings.
|
GetMasterAccountResult |
getMasterAccount(GetMasterAccountRequest getMasterAccountRequest)
Deprecated.
|
GetMemberDetectorsResult |
getMemberDetectors(GetMemberDetectorsRequest getMemberDetectorsRequest)
Describes which data sources are enabled for the member account's detector.
|
GetMembersResult |
getMembers(GetMembersRequest getMembersRequest)
Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account
IDs.
|
GetOrganizationStatisticsResult |
getOrganizationStatistics(GetOrganizationStatisticsRequest getOrganizationStatisticsRequest)
Retrieves how many active member accounts have each feature enabled within GuardDuty.
|
GetRemainingFreeTrialDaysResult |
getRemainingFreeTrialDays(GetRemainingFreeTrialDaysRequest getRemainingFreeTrialDaysRequest)
Provides the number of days left for each data source used in the free trial period.
|
GetThreatIntelSetResult |
getThreatIntelSet(GetThreatIntelSetRequest getThreatIntelSetRequest)
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
|
GetUsageStatisticsResult |
getUsageStatistics(GetUsageStatisticsRequest getUsageStatisticsRequest)
Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID.
|
InviteMembersResult |
inviteMembers(InviteMembersRequest inviteMembersRequest)
Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services
account that invokes this API.
|
ListCoverageResult |
listCoverage(ListCoverageRequest listCoverageRequest)
Lists coverage details for your GuardDuty account.
|
ListDetectorsResult |
listDetectors(ListDetectorsRequest listDetectorsRequest)
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
|
ListFiltersResult |
listFilters(ListFiltersRequest listFiltersRequest)
Returns a paginated list of the current filters.
|
ListFindingsResult |
listFindings(ListFindingsRequest listFindingsRequest)
Lists GuardDuty findings for the specified detector ID.
|
ListInvitationsResult |
listInvitations(ListInvitationsRequest listInvitationsRequest)
Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.
|
ListIPSetsResult |
listIPSets(ListIPSetsRequest listIPSetsRequest)
Lists the IPSets of the GuardDuty service specified by the detector ID.
|
ListMalwareProtectionPlansResult |
listMalwareProtectionPlans(ListMalwareProtectionPlansRequest listMalwareProtectionPlansRequest)
Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services
account.
|
ListMembersResult |
listMembers(ListMembersRequest listMembersRequest)
Lists details about all member accounts for the current GuardDuty administrator account.
|
ListOrganizationAdminAccountsResult |
listOrganizationAdminAccounts(ListOrganizationAdminAccountsRequest listOrganizationAdminAccountsRequest)
Lists the accounts designated as GuardDuty delegated administrators.
|
ListPublishingDestinationsResult |
listPublishingDestinations(ListPublishingDestinationsRequest listPublishingDestinationsRequest)
Returns a list of publishing destinations associated with the specified
detectorId . |
ListTagsForResourceResult |
listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)
Lists tags for a resource.
|
ListThreatIntelSetsResult |
listThreatIntelSets(ListThreatIntelSetsRequest listThreatIntelSetsRequest)
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.
|
void |
shutdown()
Shuts down this client object, releasing any resources that might be held open.
|
StartMalwareScanResult |
startMalwareScan(StartMalwareScanRequest startMalwareScanRequest)
Initiates the malware scan.
|
StartMonitoringMembersResult |
startMonitoringMembers(StartMonitoringMembersRequest startMonitoringMembersRequest)
Turns on GuardDuty monitoring of the specified member accounts.
|
StopMonitoringMembersResult |
stopMonitoringMembers(StopMonitoringMembersRequest stopMonitoringMembersRequest)
Stops GuardDuty monitoring for the specified member accounts.
|
TagResourceResult |
tagResource(TagResourceRequest tagResourceRequest)
Adds tags to a resource.
|
UnarchiveFindingsResult |
unarchiveFindings(UnarchiveFindingsRequest unarchiveFindingsRequest)
Unarchives GuardDuty findings specified by the
findingIds . |
UntagResourceResult |
untagResource(UntagResourceRequest untagResourceRequest)
Removes tags from a resource.
|
UpdateDetectorResult |
updateDetector(UpdateDetectorRequest updateDetectorRequest)
Updates the GuardDuty detector specified by the detector ID.
|
UpdateFilterResult |
updateFilter(UpdateFilterRequest updateFilterRequest)
Updates the filter specified by the filter name.
|
UpdateFindingsFeedbackResult |
updateFindingsFeedback(UpdateFindingsFeedbackRequest updateFindingsFeedbackRequest)
Marks the specified GuardDuty findings as useful or not useful.
|
UpdateIPSetResult |
updateIPSet(UpdateIPSetRequest updateIPSetRequest)
Updates the IPSet specified by the IPSet ID.
|
UpdateMalwareProtectionPlanResult |
updateMalwareProtectionPlan(UpdateMalwareProtectionPlanRequest updateMalwareProtectionPlanRequest)
Updates an existing Malware Protection plan resource.
|
UpdateMalwareScanSettingsResult |
updateMalwareScanSettings(UpdateMalwareScanSettingsRequest updateMalwareScanSettingsRequest)
Updates the malware scan settings.
|
UpdateMemberDetectorsResult |
updateMemberDetectors(UpdateMemberDetectorsRequest updateMemberDetectorsRequest)
Contains information on member accounts to be updated.
|
UpdateOrganizationConfigurationResult |
updateOrganizationConfiguration(UpdateOrganizationConfigurationRequest updateOrganizationConfigurationRequest)
Configures the delegated administrator account with the provided values.
|
UpdatePublishingDestinationResult |
updatePublishingDestination(UpdatePublishingDestinationRequest updatePublishingDestinationRequest)
Updates information about the publishing destination specified by the
destinationId . |
UpdateThreatIntelSetResult |
updateThreatIntelSet(UpdateThreatIntelSetRequest updateThreatIntelSetRequest)
Updates the ThreatIntelSet specified by the ThreatIntelSet ID.
|
static final String ENDPOINT_PREFIX
AcceptAdministratorInvitationResult acceptAdministratorInvitation(AcceptAdministratorInvitationRequest acceptAdministratorInvitationRequest)
Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.
acceptAdministratorInvitationRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.@Deprecated AcceptInvitationResult acceptInvitation(AcceptInvitationRequest acceptInvitationRequest)
Accepts the invitation to be monitored by a GuardDuty administrator account.
acceptInvitationRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ArchiveFindingsResult archiveFindings(ArchiveFindingsRequest archiveFindingsRequest)
Archives GuardDuty findings that are specified by the list of finding IDs.
Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.
archiveFindingsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.CreateDetectorResult createDetector(CreateDetectorRequest createDetectorRequest)
Creates a single GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
When you don't specify any features
, with an exception to RUNTIME_MONITORING
, all the
optional features are enabled by default.
When you specify some of the features
, any feature that is not specified in the API call gets
enabled by default, with an exception to RUNTIME_MONITORING
.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (
RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime
Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
createDetectorRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.CreateFilterResult createFilter(CreateFilterRequest createFilterRequest)
Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty.
createFilterRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.CreateIPSetResult createIPSet(CreateIPSetRequest createIPSetRequest)
Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.
createIPSetRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.CreateMalwareProtectionPlanResult createMalwareProtectionPlan(CreateMalwareProtectionPlanRequest createMalwareProtectionPlanRequest)
Creates a new Malware Protection plan for the protected resource.
When you create a Malware Protection plan, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.
createMalwareProtectionPlanRequest
- BadRequestException
- A bad request exception object.AccessDeniedException
- An access denied exception object.ConflictException
- A request conflict exception object.InternalServerErrorException
- An internal server error exception object.CreateMembersResult createMembers(CreateMembersRequest createMembersRequest)
Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
As a delegated administrator, using CreateMembers
will enable GuardDuty in the added member
accounts, with the exception of the organization delegated administrator account. A delegated administrator must
enable GuardDuty prior to being added as a member.
When you use CreateMembers as an Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration.
If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.
createMembersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.CreatePublishingDestinationResult createPublishingDestination(CreatePublishingDestinationRequest createPublishingDestinationRequest)
Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.
createPublishingDestinationRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.CreateSampleFindingsResult createSampleFindings(CreateSampleFindingsRequest createSampleFindingsRequest)
Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for
findingTypes
, the API generates sample findings of all supported finding types.
createSampleFindingsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.CreateThreatIntelSetResult createThreatIntelSet(CreateThreatIntelSetRequest createThreatIntelSetRequest)
Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.
createThreatIntelSetRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DeclineInvitationsResult declineInvitations(DeclineInvitationsRequest declineInvitationsRequest)
Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
declineInvitationsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DeleteDetectorResult deleteDetector(DeleteDetectorRequest deleteDetectorRequest)
Deletes an Amazon GuardDuty detector that is specified by the detector ID.
deleteDetectorRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DeleteFilterResult deleteFilter(DeleteFilterRequest deleteFilterRequest)
Deletes the filter specified by the filter name.
deleteFilterRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DeleteIPSetResult deleteIPSet(DeleteIPSetRequest deleteIPSetRequest)
Deletes the IPSet specified by the ipSetId
. IPSets are called trusted IP lists in the console user
interface.
deleteIPSetRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DeleteInvitationsResult deleteInvitations(DeleteInvitationsRequest deleteInvitationsRequest)
Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
deleteInvitationsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DeleteMalwareProtectionPlanResult deleteMalwareProtectionPlan(DeleteMalwareProtectionPlanRequest deleteMalwareProtectionPlanRequest)
Deletes the Malware Protection plan ID associated with the Malware Protection plan resource. Use this API only when you no longer want to protect the resource associated with this Malware Protection plan ID.
deleteMalwareProtectionPlanRequest
- BadRequestException
- A bad request exception object.AccessDeniedException
- An access denied exception object.InternalServerErrorException
- An internal server error exception object.ResourceNotFoundException
- The requested resource can't be found.DeleteMembersResult deleteMembers(DeleteMembersRequest deleteMembersRequest)
Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
With autoEnableOrganizationMembers
configuration for your organization set to ALL
,
you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.
deleteMembersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DeletePublishingDestinationResult deletePublishingDestination(DeletePublishingDestinationRequest deletePublishingDestinationRequest)
Deletes the publishing definition with the specified destinationId
.
deletePublishingDestinationRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DeleteThreatIntelSetResult deleteThreatIntelSet(DeleteThreatIntelSetRequest deleteThreatIntelSetRequest)
Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.
deleteThreatIntelSetRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DescribeMalwareScansResult describeMalwareScans(DescribeMalwareScansRequest describeMalwareScansRequest)
Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
describeMalwareScansRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DescribeOrganizationConfigurationResult describeOrganizationConfiguration(DescribeOrganizationConfigurationRequest describeOrganizationConfigurationRequest)
Returns information about the account selected as the delegated administrator for GuardDuty.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
describeOrganizationConfigurationRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DescribePublishingDestinationResult describePublishingDestination(DescribePublishingDestinationRequest describePublishingDestinationRequest)
Returns information about the publishing destination specified by the provided destinationId
.
describePublishingDestinationRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DisableOrganizationAdminAccountResult disableOrganizationAdminAccount(DisableOrganizationAdminAccountRequest disableOrganizationAdminAccountRequest)
Removes the existing GuardDuty delegated administrator of the organization. Only the organization's management account can run this API operation.
disableOrganizationAdminAccountRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DisassociateFromAdministratorAccountResult disassociateFromAdministratorAccount(DisassociateFromAdministratorAccountRequest disassociateFromAdministratorAccountRequest)
Disassociates the current GuardDuty member account from its administrator account.
When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
With autoEnableOrganizationMembers
configuration for your organization set to ALL
,
you'll receive an error if you attempt to disable GuardDuty in a member account.
disassociateFromAdministratorAccountRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.@Deprecated DisassociateFromMasterAccountResult disassociateFromMasterAccount(DisassociateFromMasterAccountRequest disassociateFromMasterAccountRequest)
Disassociates the current GuardDuty member account from its administrator account.
When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
disassociateFromMasterAccountRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.DisassociateMembersResult disassociateMembers(DisassociateMembersRequest disassociateMembersRequest)
Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs.
When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
With autoEnableOrganizationMembers
configuration for your organization set to ALL
,
you'll receive an error if you attempt to disassociate a member account before removing them from your
organization.
If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.
disassociateMembersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.EnableOrganizationAdminAccountResult enableOrganizationAdminAccount(EnableOrganizationAdminAccountRequest enableOrganizationAdminAccountRequest)
Designates an Amazon Web Services account within the organization as your GuardDuty delegated administrator. Only the organization's management account can run this API operation.
enableOrganizationAdminAccountRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetAdministratorAccountResult getAdministratorAccount(GetAdministratorAccountRequest getAdministratorAccountRequest)
Provides the details of the GuardDuty administrator account associated with the current GuardDuty member account.
If the organization's management account or a delegated administrator runs this API, it will return success (
HTTP 200
) but no content.
getAdministratorAccountRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetCoverageStatisticsResult getCoverageStatistics(GetCoverageStatisticsRequest getCoverageStatisticsRequest)
Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled Runtime Monitoring and have the GuardDuty security agent running on their resources.
getCoverageStatisticsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetDetectorResult getDetector(GetDetectorRequest getDetectorRequest)
Retrieves an Amazon GuardDuty detector specified by the detectorId.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
getDetectorRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetFilterResult getFilter(GetFilterRequest getFilterRequest)
Returns the details of the filter specified by the filter name.
getFilterRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetFindingsResult getFindings(GetFindingsRequest getFindingsRequest)
Describes Amazon GuardDuty findings specified by finding IDs.
getFindingsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetFindingsStatisticsResult getFindingsStatistics(GetFindingsStatisticsRequest getFindingsStatisticsRequest)
Lists Amazon GuardDuty findings statistics for the specified detector ID.
There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints.
getFindingsStatisticsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetIPSetResult getIPSet(GetIPSetRequest getIPSetRequest)
Retrieves the IPSet specified by the ipSetId
.
getIPSetRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetInvitationsCountResult getInvitationsCount(GetInvitationsCountRequest getInvitationsCountRequest)
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
getInvitationsCountRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetMalwareProtectionPlanResult getMalwareProtectionPlan(GetMalwareProtectionPlanRequest getMalwareProtectionPlanRequest)
Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.
getMalwareProtectionPlanRequest
- BadRequestException
- A bad request exception object.AccessDeniedException
- An access denied exception object.InternalServerErrorException
- An internal server error exception object.ResourceNotFoundException
- The requested resource can't be found.GetMalwareScanSettingsResult getMalwareScanSettings(GetMalwareScanSettingsRequest getMalwareScanSettingsRequest)
Returns the details of the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
getMalwareScanSettingsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.@Deprecated GetMasterAccountResult getMasterAccount(GetMasterAccountRequest getMasterAccountRequest)
Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
getMasterAccountRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetMemberDetectorsResult getMemberDetectors(GetMemberDetectorsRequest getMemberDetectorsRequest)
Describes which data sources are enabled for the member account's detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
getMemberDetectorsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetMembersResult getMembers(GetMembersRequest getMembersRequest)
Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.
getMembersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetOrganizationStatisticsResult getOrganizationStatistics(GetOrganizationStatisticsRequest getOrganizationStatisticsRequest)
Retrieves how many active member accounts have each feature enabled within GuardDuty. Only a delegated GuardDuty administrator of an organization can run this API.
When you create a new organization, it might take up to 24 hours to generate the statistics for the entire organization.
getOrganizationStatisticsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetRemainingFreeTrialDaysResult getRemainingFreeTrialDays(GetRemainingFreeTrialDaysRequest getRemainingFreeTrialDaysRequest)
Provides the number of days left for each data source used in the free trial period.
getRemainingFreeTrialDaysRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetThreatIntelSetResult getThreatIntelSet(GetThreatIntelSetRequest getThreatIntelSetRequest)
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
getThreatIntelSetRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.GetUsageStatisticsResult getUsageStatistics(GetUsageStatisticsRequest getUsageStatisticsRequest)
Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated.
getUsageStatisticsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.InviteMembersResult inviteMembers(InviteMembersRequest inviteMembersRequest)
Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account that invokes this API. If you are using Amazon Web Services Organizations to manage your GuardDuty environment, this step is not needed. For more information, see Managing accounts with organizations.
To invite Amazon Web Services accounts, the first step is to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API to add accounts by invitation. The invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can choose to accept the invitation from only one Amazon Web Services account. For more information, see Managing GuardDuty accounts by invitation.
After the invite has been accepted and you choose to disassociate a member account (by using DisassociateMembers) from your account, the details of the member account obtained by invoking CreateMembers, including the associated email addresses, will be retained. This is done so that you can invoke InviteMembers without the need to invoke CreateMembers again. To remove the details associated with a member account, you must also invoke DeleteMembers.
If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.
inviteMembersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListCoverageResult listCoverage(ListCoverageRequest listCoverageRequest)
Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization.
Make sure the accounts have Runtime Monitoring enabled and GuardDuty agent running on their resources.
listCoverageRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListDetectorsResult listDetectors(ListDetectorsRequest listDetectorsRequest)
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
listDetectorsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListFiltersResult listFilters(ListFiltersRequest listFiltersRequest)
Returns a paginated list of the current filters.
listFiltersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListFindingsResult listFindings(ListFindingsRequest listFindingsRequest)
Lists GuardDuty findings for the specified detector ID.
There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints.
listFindingsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListIPSetsResult listIPSets(ListIPSetsRequest listIPSetsRequest)
Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.
listIPSetsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListInvitationsResult listInvitations(ListInvitationsRequest listInvitationsRequest)
Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.
listInvitationsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListMalwareProtectionPlansResult listMalwareProtectionPlans(ListMalwareProtectionPlansRequest listMalwareProtectionPlansRequest)
Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services account.
listMalwareProtectionPlansRequest
- BadRequestException
- A bad request exception object.AccessDeniedException
- An access denied exception object.InternalServerErrorException
- An internal server error exception object.ListMembersResult listMembers(ListMembersRequest listMembersRequest)
Lists details about all member accounts for the current GuardDuty administrator account.
listMembersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListOrganizationAdminAccountsResult listOrganizationAdminAccounts(ListOrganizationAdminAccountsRequest listOrganizationAdminAccountsRequest)
Lists the accounts designated as GuardDuty delegated administrators. Only the organization's management account can run this API operation.
listOrganizationAdminAccountsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListPublishingDestinationsResult listPublishingDestinations(ListPublishingDestinationsRequest listPublishingDestinationsRequest)
Returns a list of publishing destinations associated with the specified detectorId
.
listPublishingDestinationsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest listTagsForResourceRequest)
Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, threat intel sets, and publishing destination, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.
listTagsForResourceRequest
- BadRequestException
- A bad request exception object.AccessDeniedException
- An access denied exception object.InternalServerErrorException
- An internal server error exception object.ListThreatIntelSetsResult listThreatIntelSets(ListThreatIntelSetsRequest listThreatIntelSetsRequest)
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.
listThreatIntelSetsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.StartMalwareScanResult startMalwareScan(StartMalwareScanRequest startMalwareScanRequest)
Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account.
When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see DescribeMalwareScans.
startMalwareScanRequest
- BadRequestException
- A bad request exception object.ConflictException
- A request conflict exception object.InternalServerErrorException
- An internal server error exception object.StartMonitoringMembersResult startMonitoringMembers(StartMonitoringMembersRequest startMonitoringMembersRequest)
Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.
startMonitoringMembersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.StopMonitoringMembersResult stopMonitoringMembers(StopMonitoringMembersRequest stopMonitoringMembersRequest)
Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers
operation to restart monitoring for those accounts.
With autoEnableOrganizationMembers
configuration for your organization set to ALL
,
you'll receive an error if you attempt to stop monitoring the member accounts in your organization.
stopMonitoringMembersRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.TagResourceResult tagResource(TagResourceRequest tagResourceRequest)
Adds tags to a resource.
tagResourceRequest
- BadRequestException
- A bad request exception object.AccessDeniedException
- An access denied exception object.InternalServerErrorException
- An internal server error exception object.UnarchiveFindingsResult unarchiveFindings(UnarchiveFindingsRequest unarchiveFindingsRequest)
Unarchives GuardDuty findings specified by the findingIds
.
unarchiveFindingsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest)
Removes tags from a resource.
untagResourceRequest
- BadRequestException
- A bad request exception object.AccessDeniedException
- An access denied exception object.InternalServerErrorException
- An internal server error exception object.UpdateDetectorResult updateDetector(UpdateDetectorRequest updateDetectorRequest)
Updates the GuardDuty detector specified by the detector ID.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (
RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime
Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
updateDetectorRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UpdateFilterResult updateFilter(UpdateFilterRequest updateFilterRequest)
Updates the filter specified by the filter name.
updateFilterRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UpdateFindingsFeedbackResult updateFindingsFeedback(UpdateFindingsFeedbackRequest updateFindingsFeedbackRequest)
Marks the specified GuardDuty findings as useful or not useful.
updateFindingsFeedbackRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UpdateIPSetResult updateIPSet(UpdateIPSetRequest updateIPSetRequest)
Updates the IPSet specified by the IPSet ID.
updateIPSetRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UpdateMalwareProtectionPlanResult updateMalwareProtectionPlan(UpdateMalwareProtectionPlanRequest updateMalwareProtectionPlanRequest)
Updates an existing Malware Protection plan resource.
updateMalwareProtectionPlanRequest
- BadRequestException
- A bad request exception object.AccessDeniedException
- An access denied exception object.ResourceNotFoundException
- The requested resource can't be found.InternalServerErrorException
- An internal server error exception object.UpdateMalwareScanSettingsResult updateMalwareScanSettings(UpdateMalwareScanSettingsRequest updateMalwareScanSettingsRequest)
Updates the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
updateMalwareScanSettingsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UpdateMemberDetectorsResult updateMemberDetectors(UpdateMemberDetectorsRequest updateMemberDetectorsRequest)
Contains information on member accounts to be updated.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (
RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime
Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
updateMemberDetectorsRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UpdateOrganizationConfigurationResult updateOrganizationConfiguration(UpdateOrganizationConfigurationRequest updateOrganizationConfigurationRequest)
Configures the delegated administrator account with the provided values. You must provide a value for either
autoEnableOrganizationMembers
or autoEnable
, but not both.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (
RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime
Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
updateOrganizationConfigurationRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UpdatePublishingDestinationResult updatePublishingDestination(UpdatePublishingDestinationRequest updatePublishingDestinationRequest)
Updates information about the publishing destination specified by the destinationId
.
updatePublishingDestinationRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.UpdateThreatIntelSetResult updateThreatIntelSet(UpdateThreatIntelSetRequest updateThreatIntelSetRequest)
Updates the ThreatIntelSet specified by the ThreatIntelSet ID.
updateThreatIntelSetRequest
- BadRequestException
- A bad request exception object.InternalServerErrorException
- An internal server error exception object.void shutdown()
ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.
request
- The originally executed request.