Amazon GuardDuty 2017-11-28
- Client: Aws\GuardDuty\GuardDutyClient
- Service ID: guardduty
- Version: 2017-11-28
This page describes the parameters and results for the operations of the Amazon GuardDuty (2017-11-28), and shows how to use the Aws\GuardDuty\GuardDutyClient object to call the described operations. This documentation is specific to the 2017-11-28 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AcceptInvitation ( array $params = [] )
Accepts the invitation to be monitored by a master GuardDuty account.
- ArchiveFindings ( array $params = [] )
Archives Amazon GuardDuty findings specified by the list of finding IDs.
- CreateDetector ( array $params = [] )
Creates a single Amazon GuardDuty detector.
- CreateFilter ( array $params = [] )
Creates a filter using the specified finding criteria.
- CreateIPSet ( array $params = [] )
Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.
- CreateMembers ( array $params = [] )
Creates member accounts of the current AWS account by specifying a list of AWS account IDs.
- CreateSampleFindings ( array $params = [] )
Generates example findings of types specified by the list of finding types.
- CreateThreatIntelSet ( array $params = [] )
Create a new ThreatIntelSet.
- DeclineInvitations ( array $params = [] )
Declines invitations sent to the current member account by AWS account specified by their account IDs.
- DeleteDetector ( array $params = [] )
Deletes a Amazon GuardDuty detector specified by the detector ID.
- DeleteFilter ( array $params = [] )
Deletes the filter specified by the filter name.
- DeleteIPSet ( array $params = [] )
Deletes the IPSet specified by the IPSet ID.
- DeleteInvitations ( array $params = [] )
Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
- DeleteMembers ( array $params = [] )
Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
- DeleteThreatIntelSet ( array $params = [] )
Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
- DisassociateFromMasterAccount ( array $params = [] )
Disassociates the current GuardDuty member account from its master account.
- DisassociateMembers ( array $params = [] )
Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
- GetDetector ( array $params = [] )
Retrieves an Amazon GuardDuty detector specified by the detectorId.
- GetFilter ( array $params = [] )
Returns the details of the filter specified by the filter name.
- GetFindings ( array $params = [] )
Describes Amazon GuardDuty findings specified by finding IDs.
- GetFindingsStatistics ( array $params = [] )
Lists Amazon GuardDuty findings' statistics for the specified detector ID.
- GetIPSet ( array $params = [] )
Retrieves the IPSet specified by the IPSet ID.
- GetInvitationsCount ( array $params = [] )
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
- GetMasterAccount ( array $params = [] )
Provides the details for the GuardDuty master account to the current GuardDuty member account.
- GetMembers ( array $params = [] )
Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
- GetThreatIntelSet ( array $params = [] )
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
- InviteMembers ( array $params = [] )
Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.
- ListDetectors ( array $params = [] )
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
- ListFilters ( array $params = [] )
Returns a paginated list of the current filters.
- ListFindings ( array $params = [] )
Lists Amazon GuardDuty findings for the specified detector ID.
- ListIPSets ( array $params = [] )
Lists the IPSets of the GuardDuty service specified by the detector ID.
- ListInvitations ( array $params = [] )
Lists all GuardDuty membership invitations that were sent to the current AWS account.
- ListMembers ( array $params = [] )
Lists details about all member accounts for the current GuardDuty master account.
- ListThreatIntelSets ( array $params = [] )
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.
- StartMonitoringMembers ( array $params = [] )
Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs.
- StopMonitoringMembers ( array $params = [] )
Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs.
- UnarchiveFindings ( array $params = [] )
Unarchives Amazon GuardDuty findings specified by the list of finding IDs.
- UpdateDetector ( array $params = [] )
Updates an Amazon GuardDuty detector specified by the detectorId.
- UpdateFilter ( array $params = [] )
Updates the filter specified by the filter name.
- UpdateFindingsFeedback ( array $params = [] )
Marks specified Amazon GuardDuty findings as useful or not useful.
- UpdateIPSet ( array $params = [] )
Updates the IPSet specified by the IPSet ID.
- UpdateThreatIntelSet ( array $params = [] )
Updates the ThreatIntelSet specified by ThreatIntelSet ID.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AcceptInvitation
$result = $client->acceptInvitation([/* ... */]); $promise = $client->acceptInvitationAsync([/* ... */]);
Accepts the invitation to be monitored by a master GuardDuty account.
Parameter Syntax
$result = $client->acceptInvitation([
'DetectorId' => '<string>', // REQUIRED
'InvitationId' => '<string>',
'MasterId' => '<string>',
]);
Parameter Details
Members
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
ArchiveFindings
$result = $client->archiveFindings([/* ... */]); $promise = $client->archiveFindingsAsync([/* ... */]);
Archives Amazon GuardDuty findings specified by the list of finding IDs.
Parameter Syntax
$result = $client->archiveFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
CreateDetector
$result = $client->createDetector([/* ... */]); $promise = $client->createDetectorAsync([/* ... */]);
Creates a single Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector must be created in order for GuardDuty to become operational.
Parameter Syntax
$result = $client->createDetector([
'Enable' => true || false,
]);
Parameter Details
Result Syntax
[
'DetectorId' => '<string>',
]
Result Details
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
CreateFilter
$result = $client->createFilter([/* ... */]); $promise = $client->createFilterAsync([/* ... */]);
Creates a filter using the specified finding criteria.
Parameter Syntax
$result = $client->createFilter([
'Action' => 'NOOP|ARCHIVE',
'ClientToken' => '<string>',
'Description' => '<string>',
'DetectorId' => '<string>', // REQUIRED
'FindingCriteria' => [
'Criterion' => [
'<__string>' => [
'Eq' => ['<string>', ...],
'Gt' => <integer>,
'Gte' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
],
// ...
],
],
'Name' => '<string>',
'Rank' => <integer>,
]);
Parameter Details
Members
- Action
-
- Type: string
Specifies the action that is to be applied to the findings that match the filter. - ClientToken
-
- Type: string
The idempotency token for the create request. - Description
-
- Type: string
The description of the filter. - DetectorId
-
- Type: string
- FindingCriteria
-
- Type: FindingCriteria structure
Represents the criteria to be used in the filter for querying findings. - Name
-
- Type: string
The name of the filter. - Rank
-
- Type: int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Result Syntax
[
'Name' => '<string>',
]
Result Details
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
CreateIPSet
$result = $client->createIPSet([/* ... */]); $promise = $client->createIPSetAsync([/* ... */]);
Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.
Parameter Syntax
$result = $client->createIPSet([
'Activate' => true || false,
'DetectorId' => '<string>', // REQUIRED
'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE',
'Location' => '<string>',
'Name' => '<string>',
]);
Parameter Details
Members
- Activate
-
- Type: boolean
A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet. - DetectorId
-
- Type: string
- Format
-
- Type: string
The format of the file that contains the IPSet. - Location
-
- Type: string
The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key) - Name
-
- Type: string
The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.
Result Syntax
[
'IpSetId' => '<string>',
]
Result Details
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
CreateMembers
$result = $client->createMembers([/* ... */]); $promise = $client->createMembersAsync([/* ... */]);
Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.
Parameter Syntax
$result = $client->createMembers([
'AccountDetails' => [
[
'AccountId' => '<string>', // REQUIRED
'Email' => '<string>', // REQUIRED
],
// ...
],
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AccountDetails
-
- Type: Array of AccountDetail structures
A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account. - DetectorId
-
- Type: string
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
CreateSampleFindings
$result = $client->createSampleFindings([/* ... */]); $promise = $client->createSampleFindingsAsync([/* ... */]);
Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.
Parameter Syntax
$result = $client->createSampleFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingTypes' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
CreateThreatIntelSet
$result = $client->createThreatIntelSet([/* ... */]); $promise = $client->createThreatIntelSetAsync([/* ... */]);
Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.
Parameter Syntax
$result = $client->createThreatIntelSet([
'Activate' => true || false,
'DetectorId' => '<string>', // REQUIRED
'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE',
'Location' => '<string>',
'Name' => '<string>',
]);
Parameter Details
Members
- Activate
-
- Type: boolean
A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet. - DetectorId
-
- Type: string
- Format
-
- Type: string
The format of the file that contains the ThreatIntelSet. - Location
-
- Type: string
The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key). - Name
-
- Type: string
A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
Result Syntax
[
'ThreatIntelSetId' => '<string>',
]
Result Details
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DeclineInvitations
$result = $client->declineInvitations([/* ... */]); $promise = $client->declineInvitationsAsync([/* ... */]);
Declines invitations sent to the current member account by AWS account specified by their account IDs.
Parameter Syntax
$result = $client->declineInvitations([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DeleteDetector
$result = $client->deleteDetector([/* ... */]); $promise = $client->deleteDetectorAsync([/* ... */]);
Deletes a Amazon GuardDuty detector specified by the detector ID.
Parameter Syntax
$result = $client->deleteDetector([
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DeleteFilter
$result = $client->deleteFilter([/* ... */]); $promise = $client->deleteFilterAsync([/* ... */]);
Deletes the filter specified by the filter name.
Parameter Syntax
$result = $client->deleteFilter([
'DetectorId' => '<string>', // REQUIRED
'FilterName' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DeleteIPSet
$result = $client->deleteIPSet([/* ... */]); $promise = $client->deleteIPSetAsync([/* ... */]);
Deletes the IPSet specified by the IPSet ID.
Parameter Syntax
$result = $client->deleteIPSet([
'DetectorId' => '<string>', // REQUIRED
'IpSetId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DeleteInvitations
$result = $client->deleteInvitations([/* ... */]); $promise = $client->deleteInvitationsAsync([/* ... */]);
Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
Parameter Syntax
$result = $client->deleteInvitations([
'AccountIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DeleteMembers
$result = $client->deleteMembers([/* ... */]); $promise = $client->deleteMembersAsync([/* ... */]);
Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameter Syntax
$result = $client->deleteMembers([
'AccountIds' => ['<string>', ...],
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DeleteThreatIntelSet
$result = $client->deleteThreatIntelSet([/* ... */]); $promise = $client->deleteThreatIntelSetAsync([/* ... */]);
Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
Parameter Syntax
$result = $client->deleteThreatIntelSet([
'DetectorId' => '<string>', // REQUIRED
'ThreatIntelSetId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DisassociateFromMasterAccount
$result = $client->disassociateFromMasterAccount([/* ... */]); $promise = $client->disassociateFromMasterAccountAsync([/* ... */]);
Disassociates the current GuardDuty member account from its master account.
Parameter Syntax
$result = $client->disassociateFromMasterAccount([
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
DisassociateMembers
$result = $client->disassociateMembers([/* ... */]); $promise = $client->disassociateMembersAsync([/* ... */]);
Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameter Syntax
$result = $client->disassociateMembers([
'AccountIds' => ['<string>', ...],
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetDetector
$result = $client->getDetector([/* ... */]); $promise = $client->getDetectorAsync([/* ... */]);
Retrieves an Amazon GuardDuty detector specified by the detectorId.
Parameter Syntax
$result = $client->getDetector([
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'CreatedAt' => '<string>',
'ServiceRole' => '<string>',
'Status' => 'ENABLED|DISABLED',
'UpdatedAt' => '<string>',
]
Result Details
Members
- CreatedAt
-
- Type: string
The first time a resource was created. The format will be ISO-8601. - ServiceRole
-
- Type: string
Customer serviceRole name or ARN for accessing customer resources - Status
-
- Type: string
The status of detector. - UpdatedAt
-
- Type: string
The first time a resource was created. The format will be ISO-8601.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetFilter
$result = $client->getFilter([/* ... */]); $promise = $client->getFilterAsync([/* ... */]);
Returns the details of the filter specified by the filter name.
Parameter Syntax
$result = $client->getFilter([
'DetectorId' => '<string>', // REQUIRED
'FilterName' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'Action' => 'NOOP|ARCHIVE',
'Description' => '<string>',
'FindingCriteria' => [
'Criterion' => [
'<__string>' => [
'Eq' => ['<string>', ...],
'Gt' => <integer>,
'Gte' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
],
// ...
],
],
'Name' => '<string>',
'Rank' => <integer>,
]
Result Details
Members
- Action
-
- Type: string
Specifies the action that is to be applied to the findings that match the filter. - Description
-
- Type: string
The description of the filter. - FindingCriteria
-
- Type: FindingCriteria structure
Represents the criteria to be used in the filter for querying findings. - Name
-
- Type: string
The name of the filter. - Rank
-
- Type: int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetFindings
$result = $client->getFindings([/* ... */]); $promise = $client->getFindingsAsync([/* ... */]);
Describes Amazon GuardDuty findings specified by finding IDs.
Parameter Syntax
$result = $client->getFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingIds' => ['<string>', ...],
'SortCriteria' => [
'AttributeName' => '<string>',
'OrderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- DetectorId
-
- Type: string
- FindingIds
-
- Type: Array of strings
IDs of the findings that you want to retrieve. - SortCriteria
-
- Type: SortCriteria structure
Represents the criteria used for sorting findings.
Result Syntax
[
'Findings' => [
[
'AccountId' => '<string>',
'Arn' => '<string>',
'Confidence' => <float>,
'CreatedAt' => '<string>',
'Description' => '<string>',
'Id' => '<string>',
'Partition' => '<string>',
'Region' => '<string>',
'Resource' => [
'AccessKeyDetails' => [
'AccessKeyId' => '<string>',
'PrincipalId' => '<string>',
'UserName' => '<string>',
'UserType' => '<string>',
],
'InstanceDetails' => [
'AvailabilityZone' => '<string>',
'IamInstanceProfile' => [
'Arn' => '<string>',
'Id' => '<string>',
],
'ImageDescription' => '<string>',
'ImageId' => '<string>',
'InstanceId' => '<string>',
'InstanceState' => '<string>',
'InstanceType' => '<string>',
'LaunchTime' => '<string>',
'NetworkInterfaces' => [
[
'Ipv6Addresses' => ['<string>', ...],
'NetworkInterfaceId' => '<string>',
'PrivateDnsName' => '<string>',
'PrivateIpAddress' => '<string>',
'PrivateIpAddresses' => [
[
'PrivateDnsName' => '<string>',
'PrivateIpAddress' => '<string>',
],
// ...
],
'PublicDnsName' => '<string>',
'PublicIp' => '<string>',
'SecurityGroups' => [
[
'GroupId' => '<string>',
'GroupName' => '<string>',
],
// ...
],
'SubnetId' => '<string>',
'VpcId' => '<string>',
],
// ...
],
'Platform' => '<string>',
'ProductCodes' => [
[
'Code' => '<string>',
'ProductType' => '<string>',
],
// ...
],
'Tags' => [
[
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
],
'ResourceType' => '<string>',
],
'SchemaVersion' => '<string>',
'Service' => [
'Action' => [
'ActionType' => '<string>',
'AwsApiCallAction' => [
'Api' => '<string>',
'CallerType' => '<string>',
'DomainDetails' => [
],
'RemoteIpDetails' => [
'City' => [
'CityName' => '<string>',
],
'Country' => [
'CountryCode' => '<string>',
'CountryName' => '<string>',
],
'GeoLocation' => [
'Lat' => <float>,
'Lon' => <float>,
],
'IpAddressV4' => '<string>',
'Organization' => [
'Asn' => '<string>',
'AsnOrg' => '<string>',
'Isp' => '<string>',
'Org' => '<string>',
],
],
'ServiceName' => '<string>',
],
'DnsRequestAction' => [
'Domain' => '<string>',
],
'NetworkConnectionAction' => [
'Blocked' => true || false,
'ConnectionDirection' => '<string>',
'LocalPortDetails' => [
'Port' => <integer>,
'PortName' => '<string>',
],
'Protocol' => '<string>',
'RemoteIpDetails' => [
'City' => [
'CityName' => '<string>',
],
'Country' => [
'CountryCode' => '<string>',
'CountryName' => '<string>',
],
'GeoLocation' => [
'Lat' => <float>,
'Lon' => <float>,
],
'IpAddressV4' => '<string>',
'Organization' => [
'Asn' => '<string>',
'AsnOrg' => '<string>',
'Isp' => '<string>',
'Org' => '<string>',
],
],
'RemotePortDetails' => [
'Port' => <integer>,
'PortName' => '<string>',
],
],
'PortProbeAction' => [
'Blocked' => true || false,
'PortProbeDetails' => [
[
'LocalPortDetails' => [
'Port' => <integer>,
'PortName' => '<string>',
],
'RemoteIpDetails' => [
'City' => [
'CityName' => '<string>',
],
'Country' => [
'CountryCode' => '<string>',
'CountryName' => '<string>',
],
'GeoLocation' => [
'Lat' => <float>,
'Lon' => <float>,
],
'IpAddressV4' => '<string>',
'Organization' => [
'Asn' => '<string>',
'AsnOrg' => '<string>',
'Isp' => '<string>',
'Org' => '<string>',
],
],
],
// ...
],
],
],
'Archived' => true || false,
'Count' => <integer>,
'DetectorId' => '<string>',
'EventFirstSeen' => '<string>',
'EventLastSeen' => '<string>',
'ResourceRole' => '<string>',
'ServiceName' => '<string>',
'UserFeedback' => '<string>',
],
'Severity' => <float>,
'Title' => '<string>',
'Type' => '<string>',
'UpdatedAt' => '<string>',
],
// ...
],
]
Result Details
Members
- Findings
-
- Type: Array of Finding structures
A list of findings.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetFindingsStatistics
$result = $client->getFindingsStatistics([/* ... */]); $promise = $client->getFindingsStatisticsAsync([/* ... */]);
Lists Amazon GuardDuty findings' statistics for the specified detector ID.
Parameter Syntax
$result = $client->getFindingsStatistics([
'DetectorId' => '<string>', // REQUIRED
'FindingCriteria' => [
'Criterion' => [
'<__string>' => [
'Eq' => ['<string>', ...],
'Gt' => <integer>,
'Gte' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
],
// ...
],
],
'FindingStatisticTypes' => ['<string>', ...],
]);
Parameter Details
Members
- DetectorId
-
- Type: string
- FindingCriteria
-
- Type: FindingCriteria structure
Represents the criteria used for querying findings. - FindingStatisticTypes
-
- Type: Array of strings
Types of finding statistics to retrieve.
Result Syntax
[
'FindingStatistics' => [
'CountBySeverity' => [<integer>, ...],
],
]
Result Details
Members
- FindingStatistics
-
- Type: FindingStatistics structure
Finding statistics object.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetIPSet
$result = $client->getIPSet([/* ... */]); $promise = $client->getIPSetAsync([/* ... */]);
Retrieves the IPSet specified by the IPSet ID.
Parameter Syntax
$result = $client->getIPSet([
'DetectorId' => '<string>', // REQUIRED
'IpSetId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE',
'Location' => '<string>',
'Name' => '<string>',
'Status' => 'INACTIVE|ACTIVATING|ACTIVE|DEACTIVATING|ERROR|DELETE_PENDING|DELETED',
]
Result Details
Members
- Format
-
- Type: string
The format of the file that contains the IPSet. - Location
-
- Type: string
The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key) - Name
-
- Type: string
The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet. - Status
-
- Type: string
The status of ipSet file uploaded.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetInvitationsCount
$result = $client->getInvitationsCount([/* ... */]); $promise = $client->getInvitationsCountAsync([/* ... */]);
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
Parameter Syntax
$result = $client->getInvitationsCount([ ]);
Parameter Details
Members
Result Syntax
[
'InvitationsCount' => <integer>,
]
Result Details
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetMasterAccount
$result = $client->getMasterAccount([/* ... */]); $promise = $client->getMasterAccountAsync([/* ... */]);
Provides the details for the GuardDuty master account to the current GuardDuty member account.
Parameter Syntax
$result = $client->getMasterAccount([
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'Master' => [
'AccountId' => '<string>',
'InvitationId' => '<string>',
'InvitedAt' => '<string>',
'RelationshipStatus' => '<string>',
],
]
Result Details
Members
- Master
-
- Type: Master structure
Contains details about the master account.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetMembers
$result = $client->getMembers([/* ... */]); $promise = $client->getMembersAsync([/* ... */]);
Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameter Syntax
$result = $client->getMembers([
'AccountIds' => ['<string>', ...],
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Members' => [
[
'AccountId' => '<string>',
'DetectorId' => '<string>',
'Email' => '<string>',
'InvitedAt' => '<string>',
'MasterId' => '<string>',
'RelationshipStatus' => '<string>',
'UpdatedAt' => '<string>',
],
// ...
],
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- Members
-
- Type: Array of Member structures
A list of member descriptions. - UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
GetThreatIntelSet
$result = $client->getThreatIntelSet([/* ... */]); $promise = $client->getThreatIntelSetAsync([/* ... */]);
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
Parameter Syntax
$result = $client->getThreatIntelSet([
'DetectorId' => '<string>', // REQUIRED
'ThreatIntelSetId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE',
'Location' => '<string>',
'Name' => '<string>',
'Status' => 'INACTIVE|ACTIVATING|ACTIVE|DEACTIVATING|ERROR|DELETE_PENDING|DELETED',
]
Result Details
Members
- Format
-
- Type: string
The format of the threatIntelSet. - Location
-
- Type: string
The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key). - Name
-
- Type: string
A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet. - Status
-
- Type: string
The status of threatIntelSet file uploaded.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
InviteMembers
$result = $client->inviteMembers([/* ... */]); $promise = $client->inviteMembersAsync([/* ... */]);
Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.
Parameter Syntax
$result = $client->inviteMembers([
'AccountIds' => ['<string>', ...],
'DetectorId' => '<string>', // REQUIRED
'DisableEmailNotification' => true || false,
'Message' => '<string>',
]);
Parameter Details
Members
- AccountIds
-
- Type: Array of strings
A list of account IDs of the accounts that you want to invite to GuardDuty as members. - DetectorId
-
- Type: string
- DisableEmailNotification
-
- Type: boolean
A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members. - Message
-
- Type: string
The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
ListDetectors
$result = $client->listDetectors([/* ... */]); $promise = $client->listDetectorsAsync([/* ... */]);
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
Parameter Syntax
$result = $client->listDetectors([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'DetectorIds' => ['<string>', ...],
'NextToken' => '<string>',
]
Result Details
Members
- DetectorIds
-
- Type: Array of strings
A list of detector Ids. - NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
ListFilters
$result = $client->listFilters([/* ... */]); $promise = $client->listFiltersAsync([/* ... */]);
Returns a paginated list of the current filters.
Parameter Syntax
$result = $client->listFilters([
'DetectorId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'FilterNames' => ['<string>', ...],
'NextToken' => '<string>',
]
Result Details
Members
- FilterNames
-
- Type: Array of strings
A list of filter names - NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
ListFindings
$result = $client->listFindings([/* ... */]); $promise = $client->listFindingsAsync([/* ... */]);
Lists Amazon GuardDuty findings for the specified detector ID.
Parameter Syntax
$result = $client->listFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingCriteria' => [
'Criterion' => [
'<__string>' => [
'Eq' => ['<string>', ...],
'Gt' => <integer>,
'Gte' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
],
// ...
],
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
'SortCriteria' => [
'AttributeName' => '<string>',
'OrderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- DetectorId
-
- Type: string
- FindingCriteria
-
- Type: FindingCriteria structure
Represents the criteria used for querying findings. - MaxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. - NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListFindings action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data. - SortCriteria
-
- Type: SortCriteria structure
Represents the criteria used for sorting findings.
Result Syntax
[
'FindingIds' => ['<string>', ...],
'NextToken' => '<string>',
]
Result Details
Members
- FindingIds
-
- Type: Array of strings
The list of the Findings. - NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
ListIPSets
$result = $client->listIPSets([/* ... */]); $promise = $client->listIPSetsAsync([/* ... */]);
Lists the IPSets of the GuardDuty service specified by the detector ID.
Parameter Syntax
$result = $client->listIPSets([
'DetectorId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'IpSetIds' => ['<string>', ...],
'NextToken' => '<string>',
]
Result Details
Members
- IpSetIds
-
- Type: Array of strings
A list of the IP set IDs - NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
ListInvitations
$result = $client->listInvitations([/* ... */]); $promise = $client->listInvitationsAsync([/* ... */]);
Lists all GuardDuty membership invitations that were sent to the current AWS account.
Parameter Syntax
$result = $client->listInvitations([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'Invitations' => [
[
'AccountId' => '<string>',
'InvitationId' => '<string>',
'InvitedAt' => '<string>',
'RelationshipStatus' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Invitations
-
- Type: Array of Invitation structures
A list of invitation descriptions. - NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
ListMembers
$result = $client->listMembers([/* ... */]); $promise = $client->listMembersAsync([/* ... */]);
Lists details about all member accounts for the current GuardDuty master account.
Parameter Syntax
$result = $client->listMembers([
'DetectorId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
'OnlyAssociated' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'Members' => [
[
'AccountId' => '<string>',
'DetectorId' => '<string>',
'Email' => '<string>',
'InvitedAt' => '<string>',
'MasterId' => '<string>',
'RelationshipStatus' => '<string>',
'UpdatedAt' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Members
-
- Type: Array of Member structures
A list of member descriptions. - NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
ListThreatIntelSets
$result = $client->listThreatIntelSets([/* ... */]); $promise = $client->listThreatIntelSetsAsync([/* ... */]);
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.
Parameter Syntax
$result = $client->listThreatIntelSets([
'DetectorId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'NextToken' => '<string>',
'ThreatIntelSetIds' => ['<string>', ...],
]
Result Details
Members
- NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data. - ThreatIntelSetIds
-
- Type: Array of strings
The list of the threat intel set IDs
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
StartMonitoringMembers
$result = $client->startMonitoringMembers([/* ... */]); $promise = $client->startMonitoringMembersAsync([/* ... */]);
Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers.
Parameter Syntax
$result = $client->startMonitoringMembers([
'AccountIds' => ['<string>', ...],
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
StopMonitoringMembers
$result = $client->stopMonitoringMembers([/* ... */]); $promise = $client->stopMonitoringMembersAsync([/* ... */]);
Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’ findings.
Parameter Syntax
$result = $client->stopMonitoringMembers([
'AccountIds' => ['<string>', ...],
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
UnarchiveFindings
$result = $client->unarchiveFindings([/* ... */]); $promise = $client->unarchiveFindingsAsync([/* ... */]);
Unarchives Amazon GuardDuty findings specified by the list of finding IDs.
Parameter Syntax
$result = $client->unarchiveFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
UpdateDetector
$result = $client->updateDetector([/* ... */]); $promise = $client->updateDetectorAsync([/* ... */]);
Updates an Amazon GuardDuty detector specified by the detectorId.
Parameter Syntax
$result = $client->updateDetector([
'DetectorId' => '<string>', // REQUIRED
'Enable' => true || false,
]);
Parameter Details
Members
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
UpdateFilter
$result = $client->updateFilter([/* ... */]); $promise = $client->updateFilterAsync([/* ... */]);
Updates the filter specified by the filter name.
Parameter Syntax
$result = $client->updateFilter([
'Action' => 'NOOP|ARCHIVE',
'Description' => '<string>',
'DetectorId' => '<string>', // REQUIRED
'FilterName' => '<string>', // REQUIRED
'FindingCriteria' => [
'Criterion' => [
'<__string>' => [
'Eq' => ['<string>', ...],
'Gt' => <integer>,
'Gte' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
],
// ...
],
],
'Rank' => <integer>,
]);
Parameter Details
Members
- Action
-
- Type: string
Specifies the action that is to be applied to the findings that match the filter. - Description
-
- Type: string
The description of the filter. - DetectorId
-
- Type: string
- FilterName
-
- Type: string
- FindingCriteria
-
- Type: FindingCriteria structure
Represents the criteria to be used in the filter for querying findings. - Rank
-
- Type: int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Result Syntax
[
'Name' => '<string>',
]
Result Details
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
UpdateFindingsFeedback
$result = $client->updateFindingsFeedback([/* ... */]); $promise = $client->updateFindingsFeedbackAsync([/* ... */]);
Marks specified Amazon GuardDuty findings as useful or not useful.
Parameter Syntax
$result = $client->updateFindingsFeedback([
'Comments' => '<string>',
'DetectorId' => '<string>', // REQUIRED
'Feedback' => 'USEFUL|NOT_USEFUL',
'FindingIds' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
UpdateIPSet
$result = $client->updateIPSet([/* ... */]); $promise = $client->updateIPSetAsync([/* ... */]);
Updates the IPSet specified by the IPSet ID.
Parameter Syntax
$result = $client->updateIPSet([
'Activate' => true || false,
'DetectorId' => '<string>', // REQUIRED
'IpSetId' => '<string>', // REQUIRED
'Location' => '<string>',
'Name' => '<string>',
]);
Parameter Details
Members
- Activate
-
- Type: boolean
The updated boolean value that specifies whether the IPSet is active or not. - DetectorId
-
- Type: string
- IpSetId
-
- Type: string
- Location
-
- Type: string
The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key). - Name
-
- Type: string
The unique ID that specifies the IPSet that you want to update.
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
UpdateThreatIntelSet
$result = $client->updateThreatIntelSet([/* ... */]); $promise = $client->updateThreatIntelSetAsync([/* ... */]);
Updates the ThreatIntelSet specified by ThreatIntelSet ID.
Parameter Syntax
$result = $client->updateThreatIntelSet([
'Activate' => true || false,
'DetectorId' => '<string>', // REQUIRED
'Location' => '<string>',
'Name' => '<string>',
'ThreatIntelSetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- Activate
-
- Type: boolean
The updated boolean value that specifies whether the ThreateIntelSet is active or not. - DetectorId
-
- Type: string
- Location
-
- Type: string
The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key) - Name
-
- Type: string
The unique ID that specifies the ThreatIntelSet that you want to update. - ThreatIntelSetId
-
- Type: string
Result Syntax
[]
Result Details
The results for this operation are always empty.
Errors
-
BadRequestException: Error response object.
-
InternalServerErrorException: Error response object.
Shapes
AccessKeyDetails
Description
The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
Members
AccountDetail
Description
An object containing the member's accountId and email address.
Members
Action
Description
Information about the activity described in a finding.
Members
- ActionType
-
- Type: string
GuardDuty Finding activity type. - AwsApiCallAction
-
- Type: AwsApiCallAction structure
Information about the AWS_API_CALL action described in this finding. - DnsRequestAction
-
- Type: DnsRequestAction structure
Information about the DNS_REQUEST action described in this finding. - NetworkConnectionAction
-
- Type: NetworkConnectionAction structure
Information about the NETWORK_CONNECTION action described in this finding. - PortProbeAction
-
- Type: PortProbeAction structure
Information about the PORT_PROBE action described in this finding.
AwsApiCallAction
Description
Information about the AWS_API_CALL action described in this finding.
Members
- Api
-
- Type: string
AWS API name. - CallerType
-
- Type: string
AWS API caller type. - DomainDetails
-
- Type: DomainDetails structure
Domain information for the AWS API call. - RemoteIpDetails
-
- Type: RemoteIpDetails structure
Remote IP information of the connection. - ServiceName
-
- Type: string
AWS service name whose API was invoked.
BadRequestException
City
Description
City information of the remote IP address.
Members
Condition
Description
Finding attribute (for example, accountId) for which conditions and values must be specified when querying findings.
Members
- Eq
-
- Type: Array of strings
Represents the equal condition to be applied to a single field when querying for findings. - Gt
-
- Type: int
Represents the greater than condition to be applied to a single field when querying for findings. - Gte
-
- Type: int
Represents the greater than equal condition to be applied to a single field when querying for findings. - Lt
-
- Type: int
Represents the less than condition to be applied to a single field when querying for findings. - Lte
-
- Type: int
Represents the less than equal condition to be applied to a single field when querying for findings. - Neq
-
- Type: Array of strings
Represents the not equal condition to be applied to a single field when querying for findings.
Country
Description
Country information of the remote IP address.
Members
DnsRequestAction
Description
Information about the DNS_REQUEST action described in this finding.
Members
DomainDetails
Description
Domain information for the AWS API call.
Members
ErrorResponse
Description
Error response object.
Members
Finding
Description
Representation of a abnormal or suspicious activity.
Members
- AccountId
-
- Type: string
AWS account ID where the activity occurred that prompted GuardDuty to generate a finding. - Arn
-
- Type: string
The ARN of a finding described by the action. - Confidence
-
- Type: double
The confidence level of a finding. - CreatedAt
-
- Type: string
The time stamp at which a finding was generated. - Description
-
- Type: string
The description of a finding. - Id
-
- Type: string
The identifier that corresponds to a finding described by the action. - Partition
-
- Type: string
The AWS resource partition. - Region
-
- Type: string
The AWS region where the activity occurred that prompted GuardDuty to generate a finding. - Resource
-
- Type: Resource structure
The AWS resource associated with the activity that prompted GuardDuty to generate a finding. - SchemaVersion
-
- Type: string
Findings' schema version. - Service
-
- Type: Service structure
Additional information assigned to the generated finding by GuardDuty. - Severity
-
- Type: double
The severity of a finding. - Title
-
- Type: string
The title of a finding. - Type
-
- Type: string
The type of a finding described by the action. - UpdatedAt
-
- Type: string
The time stamp at which a finding was last updated.
FindingCriteria
Description
Represents the criteria used for querying findings.
Members
- Criterion
-
- Type: Associative array of custom strings keys (__string) to Condition structures
Represents a map of finding properties that match specified conditions and values when querying findings.
FindingStatistics
Description
Finding statistics object.
Members
GeoLocation
Description
Location information of the remote IP address.
Members
IamInstanceProfile
Description
The profile information of the EC2 instance.
Members
InstanceDetails
Description
The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
Members
- AvailabilityZone
-
- Type: string
The availability zone of the EC2 instance. - IamInstanceProfile
-
- Type: IamInstanceProfile structure
The profile information of the EC2 instance. - ImageDescription
-
- Type: string
The image description of the EC2 instance. - ImageId
-
- Type: string
The image ID of the EC2 instance. - InstanceId
-
- Type: string
The ID of the EC2 instance. - InstanceState
-
- Type: string
The state of the EC2 instance. - InstanceType
-
- Type: string
The type of the EC2 instance. - LaunchTime
-
- Type: string
The launch time of the EC2 instance. - NetworkInterfaces
-
- Type: Array of NetworkInterface structures
The network interface information of the EC2 instance. - Platform
-
- Type: string
The platform of the EC2 instance. - ProductCodes
-
- Type: Array of ProductCode structures
The product code of the EC2 instance. - Tags
-
- Type: Array of Tag structures
The tags of the EC2 instance.
InternalServerErrorException
Invitation
Description
Invitation from an AWS account to become the current account's master.
Members
- AccountId
-
- Type: string
Inviter account ID - InvitationId
-
- Type: string
This value is used to validate the inviter account to the member account. - InvitedAt
-
- Type: string
Timestamp at which the invitation was sent - RelationshipStatus
-
- Type: string
The status of the relationship between the inviter and invitee accounts.
LocalPortDetails
Description
Local port information of the connection.
Members
Master
Description
Contains details about the master account.
Members
- AccountId
-
- Type: string
Master account ID - InvitationId
-
- Type: string
This value is used to validate the master account to the member account. - InvitedAt
-
- Type: string
Timestamp at which the invitation was sent - RelationshipStatus
-
- Type: string
The status of the relationship between the master and member accounts.
Member
Description
Contains details about the member account.
Members
- AccountId
-
- Type: string
AWS account ID. - DetectorId
-
- Type: string
The unique identifier for a detector. -
- Type: string
Member account's email address. - InvitedAt
-
- Type: string
Timestamp at which the invitation was sent - MasterId
-
- Type: string
The master account ID. - RelationshipStatus
-
- Type: string
The status of the relationship between the member and the master. - UpdatedAt
-
- Type: string
The first time a resource was created. The format will be ISO-8601.
NetworkConnectionAction
Description
Information about the NETWORK_CONNECTION action described in this finding.
Members
- Blocked
-
- Type: boolean
Network connection blocked information. - ConnectionDirection
-
- Type: string
Network connection direction. - LocalPortDetails
-
- Type: LocalPortDetails structure
Local port information of the connection. - Protocol
-
- Type: string
Network connection protocol. - RemoteIpDetails
-
- Type: RemoteIpDetails structure
Remote IP information of the connection. - RemotePortDetails
-
- Type: RemotePortDetails structure
Remote port information of the connection.
NetworkInterface
Description
The network interface information of the EC2 instance.
Members
- Ipv6Addresses
-
- Type: Array of strings
A list of EC2 instance IPv6 address information. - NetworkInterfaceId
-
- Type: string
The ID of the network interface - PrivateDnsName
-
- Type: string
Private DNS name of the EC2 instance. - PrivateIpAddress
-
- Type: string
Private IP address of the EC2 instance. - PrivateIpAddresses
-
- Type: Array of PrivateIpAddressDetails structures
Other private IP address information of the EC2 instance. - PublicDnsName
-
- Type: string
Public DNS name of the EC2 instance. - PublicIp
-
- Type: string
Public IP address of the EC2 instance. - SecurityGroups
-
- Type: Array of SecurityGroup structures
Security groups associated with the EC2 instance. - SubnetId
-
- Type: string
The subnet ID of the EC2 instance. - VpcId
-
- Type: string
The VPC ID of the EC2 instance.
Organization
Description
ISP Organization information of the remote IP address.
Members
PortProbeAction
Description
Information about the PORT_PROBE action described in this finding.
Members
- Blocked
-
- Type: boolean
Port probe blocked information. - PortProbeDetails
-
- Type: Array of PortProbeDetail structures
A list of port probe details objects.
PortProbeDetail
Description
Details about the port probe finding.
Members
- LocalPortDetails
-
- Type: LocalPortDetails structure
Local port information of the connection. - RemoteIpDetails
-
- Type: RemoteIpDetails structure
Remote IP information of the connection.
PrivateIpAddressDetails
Description
Other private IP address information of the EC2 instance.
Members
ProductCode
Description
The product code of the EC2 instance.
Members
RemoteIpDetails
Description
Remote IP information of the connection.
Members
- City
-
- Type: City structure
City information of the remote IP address. - Country
-
- Type: Country structure
Country code of the remote IP address. - GeoLocation
-
- Type: GeoLocation structure
Location information of the remote IP address. - IpAddressV4
-
- Type: string
IPV4 remote address of the connection. - Organization
-
- Type: Organization structure
ISP Organization information of the remote IP address.
RemotePortDetails
Description
Remote port information of the connection.
Members
Resource
Description
The AWS resource associated with the activity that prompted GuardDuty to generate a finding.
Members
- AccessKeyDetails
-
- Type: AccessKeyDetails structure
The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding. - InstanceDetails
-
- Type: InstanceDetails structure
The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding. - ResourceType
-
- Type: string
The type of the AWS resource.
SecurityGroup
Description
Security groups associated with the EC2 instance.
Members
Service
Description
Additional information assigned to the generated finding by GuardDuty.
Members
- Action
-
- Type: Action structure
Information about the activity described in a finding. - Archived
-
- Type: boolean
Indicates whether this finding is archived. - Count
-
- Type: int
Total count of the occurrences of this finding type. - DetectorId
-
- Type: string
Detector ID for the GuardDuty service. - EventFirstSeen
-
- Type: string
First seen timestamp of the activity that prompted GuardDuty to generate this finding. - EventLastSeen
-
- Type: string
Last seen timestamp of the activity that prompted GuardDuty to generate this finding. - ResourceRole
-
- Type: string
Resource role information for this finding. - ServiceName
-
- Type: string
The name of the AWS service (GuardDuty) that generated a finding. - UserFeedback
-
- Type: string
Feedback left about the finding.
SortCriteria
Description
Represents the criteria used for sorting findings.
Members
Tag
Description
A tag of the EC2 instance.
