Amazon GuardDuty 2017-11-28
- Client: Aws\GuardDuty\GuardDutyClient
- Service ID: guardduty
- Version: 2017-11-28
This page describes the parameters and results for the operations of the Amazon GuardDuty (2017-11-28), and shows how to use the Aws\GuardDuty\GuardDutyClient object to call the described operations. This documentation is specific to the 2017-11-28 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AcceptInvitation ( array $params = [] )
Accepts the invitation to be monitored by a master GuardDuty account.
- ArchiveFindings ( array $params = [] )
Archives GuardDuty findings specified by the list of finding IDs.
- CreateDetector ( array $params = [] )
Creates a single Amazon GuardDuty detector.
- CreateFilter ( array $params = [] )
Creates a filter using the specified finding criteria.
- CreateIPSet ( array $params = [] )
Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.
- CreateMembers ( array $params = [] )
Creates member accounts of the current AWS account by specifying a list of AWS account IDs.
- CreateSampleFindings ( array $params = [] )
Generates example findings of types specified by the list of finding types.
- CreateThreatIntelSet ( array $params = [] )
Create a new ThreatIntelSet.
- DeclineInvitations ( array $params = [] )
Declines invitations sent to the current member account by AWS account specified by their account IDs.
- DeleteDetector ( array $params = [] )
Deletes a Amazon GuardDuty detector specified by the detector ID.
- DeleteFilter ( array $params = [] )
Deletes the filter specified by the filter name.
- DeleteIPSet ( array $params = [] )
Deletes the IPSet specified by the IPSet ID.
- DeleteInvitations ( array $params = [] )
Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
- DeleteMembers ( array $params = [] )
Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
- DeleteThreatIntelSet ( array $params = [] )
Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
- DisassociateFromMasterAccount ( array $params = [] )
Disassociates the current GuardDuty member account from its master account.
- DisassociateMembers ( array $params = [] )
Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
- GetDetector ( array $params = [] )
Retrieves an Amazon GuardDuty detector specified by the detectorId.
- GetFilter ( array $params = [] )
Returns the details of the filter specified by the filter name.
- GetFindings ( array $params = [] )
Describes Amazon GuardDuty findings specified by finding IDs.
- GetFindingsStatistics ( array $params = [] )
Lists Amazon GuardDuty findings' statistics for the specified detector ID.
- GetIPSet ( array $params = [] )
Retrieves the IPSet specified by the IPSet ID.
- GetInvitationsCount ( array $params = [] )
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
- GetMasterAccount ( array $params = [] )
Provides the details for the GuardDuty master account associated with the current GuardDuty member account.
- GetMembers ( array $params = [] )
Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
- GetThreatIntelSet ( array $params = [] )
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
- InviteMembers ( array $params = [] )
Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.
- ListDetectors ( array $params = [] )
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
- ListFilters ( array $params = [] )
Returns a paginated list of the current filters.
- ListFindings ( array $params = [] )
Lists Amazon GuardDuty findings for the specified detector ID.
- ListIPSets ( array $params = [] )
Lists the IPSets of the GuardDuty service specified by the detector ID.
- ListInvitations ( array $params = [] )
Lists all GuardDuty membership invitations that were sent to the current AWS account.
- ListMembers ( array $params = [] )
Lists details about all member accounts for the current GuardDuty master account.
- ListTagsForResource ( array $params = [] )
Lists tags for a resource.
- ListThreatIntelSets ( array $params = [] )
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.
- StartMonitoringMembers ( array $params = [] )
Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs.
- StopMonitoringMembers ( array $params = [] )
Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs.
- TagResource ( array $params = [] )
Adds tags to a resource.
- UnarchiveFindings ( array $params = [] )
Unarchives Amazon GuardDuty findings specified by the list of finding IDs.
- UntagResource ( array $params = [] )
Removes tags from a resource.
- UpdateDetector ( array $params = [] )
Updates an Amazon GuardDuty detector specified by the detectorId.
- UpdateFilter ( array $params = [] )
Updates the filter specified by the filter name.
- UpdateFindingsFeedback ( array $params = [] )
Marks specified Amazon GuardDuty findings as useful or not useful.
- UpdateIPSet ( array $params = [] )
Updates the IPSet specified by the IPSet ID.
- UpdateThreatIntelSet ( array $params = [] )
Updates the ThreatIntelSet specified by ThreatIntelSet ID.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AcceptInvitation
$result = $client->acceptInvitation([/* ... */]); $promise = $client->acceptInvitationAsync([/* ... */]);
Accepts the invitation to be monitored by a master GuardDuty account.
Parameter Syntax
$result = $client->acceptInvitation([
'DetectorId' => '<string>', // REQUIRED
'InvitationId' => '<string>', // REQUIRED
'MasterId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector of the GuardDuty member account.
- InvitationId
-
- Required: Yes
- Type: string
This value is used to validate the master account to the member account.
- MasterId
-
- Required: Yes
- Type: string
The account ID of the master GuardDuty account whose invitation you're accepting.
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
ArchiveFindings
$result = $client->archiveFindings([/* ... */]); $promise = $client->archiveFindingsAsync([/* ... */]);
Archives GuardDuty findings specified by the list of finding IDs.
Only the master account can archive findings. Member accounts do not have permission to archive findings from their accounts.
Parameter Syntax
$result = $client->archiveFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
CreateDetector
$result = $client->createDetector([/* ... */]); $promise = $client->createDetectorAsync([/* ... */]);
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each region that you enable the service. You can have only one detector per account per region.
Parameter Syntax
$result = $client->createDetector([
'ClientToken' => '<string>',
'Enable' => true || false, // REQUIRED
'FindingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
'Tags' => ['<string>', ...],
]);
Parameter Details
Members
- ClientToken
-
- Type: string
The idempotency token for the create request.
- Enable
-
- Required: Yes
- Type: boolean
A boolean value that specifies whether the detector is to be enabled.
- FindingPublishingFrequency
-
- Type: string
A enum value that specifies how frequently customer got Finding updates published.
- Tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to be added to a new detector resource.
Result Syntax
[
'DetectorId' => '<string>',
]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
CreateFilter
$result = $client->createFilter([/* ... */]); $promise = $client->createFilterAsync([/* ... */]);
Creates a filter using the specified finding criteria.
Parameter Syntax
$result = $client->createFilter([
'Action' => 'NOOP|ARCHIVE',
'ClientToken' => '<string>',
'Description' => '<string>',
'DetectorId' => '<string>', // REQUIRED
'FindingCriteria' => [ // REQUIRED
'Criterion' => [
'<String>' => [
'Eq' => ['<string>', ...],
'Equals' => ['<string>', ...],
'GreaterThan' => <integer>,
'GreaterThanOrEqual' => <integer>,
'Gt' => <integer>,
'Gte' => <integer>,
'LessThan' => <integer>,
'LessThanOrEqual' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
'NotEquals' => ['<string>', ...],
],
// ...
],
],
'Name' => '<string>', // REQUIRED
'Rank' => <integer>,
'Tags' => ['<string>', ...],
]);
Parameter Details
Members
- Action
-
- Type: string
Specifies the action that is to be applied to the findings that match the filter.
- ClientToken
-
- Type: string
The idempotency token for the create request.
- Description
-
- Type: string
The description of the filter.
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector of the GuardDuty account for which you want to create a filter.
- FindingCriteria
-
- Required: Yes
- Type: FindingCriteria structure
Represents the criteria to be used in the filter for querying findings.
- Name
-
- Required: Yes
- Type: string
The name of the filter.
- Rank
-
- Type: int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- Tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to be added to a new filter resource.
Result Syntax
[
'Name' => '<string>',
]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
CreateIPSet
$result = $client->createIPSet([/* ... */]); $promise = $client->createIPSetAsync([/* ... */]);
Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.
Parameter Syntax
$result = $client->createIPSet([
'Activate' => true || false, // REQUIRED
'ClientToken' => '<string>',
'DetectorId' => '<string>', // REQUIRED
'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE', // REQUIRED
'Location' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
'Tags' => ['<string>', ...],
]);
Parameter Details
Members
- Activate
-
- Required: Yes
- Type: boolean
A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.
- ClientToken
-
- Type: string
The idempotency token for the create request.
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.
- Format
-
- Required: Yes
- Type: string
The format of the file that contains the IPSet.
- Location
-
- Required: Yes
- Type: string
The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
- Name
-
- Required: Yes
- Type: string
The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.
- Tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to be added to a new IP set resource.
Result Syntax
[
'IpSetId' => '<string>',
]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
CreateMembers
$result = $client->createMembers([/* ... */]); $promise = $client->createMembersAsync([/* ... */]);
Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.
Parameter Syntax
$result = $client->createMembers([
'AccountDetails' => [ // REQUIRED
[
'AccountId' => '<string>', // REQUIRED
'Email' => '<string>', // REQUIRED
],
// ...
],
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AccountDetails
-
- Required: Yes
- Type: Array of AccountDetail structures
A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account.
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector of the GuardDuty account with which you want to associate member accounts.
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
CreateSampleFindings
$result = $client->createSampleFindings([/* ... */]); $promise = $client->createSampleFindingsAsync([/* ... */]);
Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.
Parameter Syntax
$result = $client->createSampleFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingTypes' => ['<string>', ...],
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
CreateThreatIntelSet
$result = $client->createThreatIntelSet([/* ... */]); $promise = $client->createThreatIntelSetAsync([/* ... */]);
Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.
Parameter Syntax
$result = $client->createThreatIntelSet([
'Activate' => true || false, // REQUIRED
'ClientToken' => '<string>',
'DetectorId' => '<string>', // REQUIRED
'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE', // REQUIRED
'Location' => '<string>', // REQUIRED
'Name' => '<string>', // REQUIRED
'Tags' => ['<string>', ...],
]);
Parameter Details
Members
- Activate
-
- Required: Yes
- Type: boolean
A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
- ClientToken
-
- Type: string
The idempotency token for the create request.
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector of the GuardDuty account for which you want to create a threatIntelSet.
- Format
-
- Required: Yes
- Type: string
The format of the file that contains the ThreatIntelSet.
- Location
-
- Required: Yes
- Type: string
The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
- Name
-
- Required: Yes
- Type: string
A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
- Tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags to be added to a new Threat List resource.
Result Syntax
[
'ThreatIntelSetId' => '<string>',
]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
DeclineInvitations
$result = $client->declineInvitations([/* ... */]); $promise = $client->declineInvitationsAsync([/* ... */]);
Declines invitations sent to the current member account by AWS account specified by their account IDs.
Parameter Syntax
$result = $client->declineInvitations([
'AccountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
DeleteDetector
$result = $client->deleteDetector([/* ... */]); $promise = $client->deleteDetectorAsync([/* ... */]);
Deletes a Amazon GuardDuty detector specified by the detector ID.
Parameter Syntax
$result = $client->deleteDetector([
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
DeleteFilter
$result = $client->deleteFilter([/* ... */]); $promise = $client->deleteFilterAsync([/* ... */]);
Deletes the filter specified by the filter name.
Parameter Syntax
$result = $client->deleteFilter([
'DetectorId' => '<string>', // REQUIRED
'FilterName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
DeleteIPSet
$result = $client->deleteIPSet([/* ... */]); $promise = $client->deleteIPSetAsync([/* ... */]);
Deletes the IPSet specified by the IPSet ID.
Parameter Syntax
$result = $client->deleteIPSet([
'DetectorId' => '<string>', // REQUIRED
'IpSetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
DeleteInvitations
$result = $client->deleteInvitations([/* ... */]); $promise = $client->deleteInvitationsAsync([/* ... */]);
Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
Parameter Syntax
$result = $client->deleteInvitations([
'AccountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
DeleteMembers
$result = $client->deleteMembers([/* ... */]); $promise = $client->deleteMembersAsync([/* ... */]);
Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameter Syntax
$result = $client->deleteMembers([
'AccountIds' => ['<string>', ...], // REQUIRED
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
The accounts that could not be processed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
DeleteThreatIntelSet
$result = $client->deleteThreatIntelSet([/* ... */]); $promise = $client->deleteThreatIntelSetAsync([/* ... */]);
Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
Parameter Syntax
$result = $client->deleteThreatIntelSet([
'DetectorId' => '<string>', // REQUIRED
'ThreatIntelSetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
DisassociateFromMasterAccount
$result = $client->disassociateFromMasterAccount([/* ... */]); $promise = $client->disassociateFromMasterAccountAsync([/* ... */]);
Disassociates the current GuardDuty member account from its master account.
Parameter Syntax
$result = $client->disassociateFromMasterAccount([
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
DisassociateMembers
$result = $client->disassociateMembers([/* ... */]); $promise = $client->disassociateMembersAsync([/* ... */]);
Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameter Syntax
$result = $client->disassociateMembers([
'AccountIds' => ['<string>', ...], // REQUIRED
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetDetector
$result = $client->getDetector([/* ... */]); $promise = $client->getDetectorAsync([/* ... */]);
Retrieves an Amazon GuardDuty detector specified by the detectorId.
Parameter Syntax
$result = $client->getDetector([
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'CreatedAt' => '<string>',
'FindingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
'ServiceRole' => '<string>',
'Status' => 'ENABLED|DISABLED',
'Tags' => ['<string>', ...],
'UpdatedAt' => '<string>',
]
Result Details
Members
- CreatedAt
-
- Type: string
Detector creation timestamp.
- FindingPublishingFrequency
-
- Type: string
Finding publishing frequency.
- ServiceRole
-
- Required: Yes
- Type: string
The GuardDuty service role.
- Status
-
- Required: Yes
- Type: string
The detector status.
- Tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags of the detector resource.
- UpdatedAt
-
- Type: string
Detector last update timestamp.
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetFilter
$result = $client->getFilter([/* ... */]); $promise = $client->getFilterAsync([/* ... */]);
Returns the details of the filter specified by the filter name.
Parameter Syntax
$result = $client->getFilter([
'DetectorId' => '<string>', // REQUIRED
'FilterName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Action' => 'NOOP|ARCHIVE',
'Description' => '<string>',
'FindingCriteria' => [
'Criterion' => [
'<String>' => [
'Eq' => ['<string>', ...],
'Equals' => ['<string>', ...],
'GreaterThan' => <integer>,
'GreaterThanOrEqual' => <integer>,
'Gt' => <integer>,
'Gte' => <integer>,
'LessThan' => <integer>,
'LessThanOrEqual' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
'NotEquals' => ['<string>', ...],
],
// ...
],
],
'Name' => '<string>',
'Rank' => <integer>,
'Tags' => ['<string>', ...],
]
Result Details
Members
- Action
-
- Required: Yes
- Type: string
Specifies the action that is to be applied to the findings that match the filter.
- Description
-
- Type: string
The description of the filter.
- FindingCriteria
-
- Required: Yes
- Type: FindingCriteria structure
Represents the criteria to be used in the filter for querying findings.
- Name
-
- Required: Yes
- Type: string
The name of the filter.
- Rank
-
- Type: int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- Tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags of the filter resource.
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetFindings
$result = $client->getFindings([/* ... */]); $promise = $client->getFindingsAsync([/* ... */]);
Describes Amazon GuardDuty findings specified by finding IDs.
Parameter Syntax
$result = $client->getFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingIds' => ['<string>', ...], // REQUIRED
'SortCriteria' => [
'AttributeName' => '<string>',
'OrderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
- FindingIds
-
- Required: Yes
- Type: Array of strings
IDs of the findings that you want to retrieve.
- SortCriteria
-
- Type: SortCriteria structure
Represents the criteria used for sorting findings.
Result Syntax
[
'Findings' => [
[
'AccountId' => '<string>',
'Arn' => '<string>',
'Confidence' => <float>,
'CreatedAt' => '<string>',
'Description' => '<string>',
'Id' => '<string>',
'Partition' => '<string>',
'Region' => '<string>',
'Resource' => [
'AccessKeyDetails' => [
'AccessKeyId' => '<string>',
'PrincipalId' => '<string>',
'UserName' => '<string>',
'UserType' => '<string>',
],
'InstanceDetails' => [
'AvailabilityZone' => '<string>',
'IamInstanceProfile' => [
'Arn' => '<string>',
'Id' => '<string>',
],
'ImageDescription' => '<string>',
'ImageId' => '<string>',
'InstanceId' => '<string>',
'InstanceState' => '<string>',
'InstanceType' => '<string>',
'LaunchTime' => '<string>',
'NetworkInterfaces' => [
[
'Ipv6Addresses' => ['<string>', ...],
'NetworkInterfaceId' => '<string>',
'PrivateDnsName' => '<string>',
'PrivateIpAddress' => '<string>',
'PrivateIpAddresses' => [
[
'PrivateDnsName' => '<string>',
'PrivateIpAddress' => '<string>',
],
// ...
],
'PublicDnsName' => '<string>',
'PublicIp' => '<string>',
'SecurityGroups' => [
[
'GroupId' => '<string>',
'GroupName' => '<string>',
],
// ...
],
'SubnetId' => '<string>',
'VpcId' => '<string>',
],
// ...
],
'Platform' => '<string>',
'ProductCodes' => [
[
'Code' => '<string>',
'ProductType' => '<string>',
],
// ...
],
'Tags' => [
[
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
],
'ResourceType' => '<string>',
],
'SchemaVersion' => '<string>',
'Service' => [
'Action' => [
'ActionType' => '<string>',
'AwsApiCallAction' => [
'Api' => '<string>',
'CallerType' => '<string>',
'DomainDetails' => [
'Domain' => '<string>',
],
'RemoteIpDetails' => [
'City' => [
'CityName' => '<string>',
],
'Country' => [
'CountryCode' => '<string>',
'CountryName' => '<string>',
],
'GeoLocation' => [
'Lat' => <float>,
'Lon' => <float>,
],
'IpAddressV4' => '<string>',
'Organization' => [
'Asn' => '<string>',
'AsnOrg' => '<string>',
'Isp' => '<string>',
'Org' => '<string>',
],
],
'ServiceName' => '<string>',
],
'DnsRequestAction' => [
'Domain' => '<string>',
],
'NetworkConnectionAction' => [
'Blocked' => true || false,
'ConnectionDirection' => '<string>',
'LocalPortDetails' => [
'Port' => <integer>,
'PortName' => '<string>',
],
'Protocol' => '<string>',
'RemoteIpDetails' => [
'City' => [
'CityName' => '<string>',
],
'Country' => [
'CountryCode' => '<string>',
'CountryName' => '<string>',
],
'GeoLocation' => [
'Lat' => <float>,
'Lon' => <float>,
],
'IpAddressV4' => '<string>',
'Organization' => [
'Asn' => '<string>',
'AsnOrg' => '<string>',
'Isp' => '<string>',
'Org' => '<string>',
],
],
'RemotePortDetails' => [
'Port' => <integer>,
'PortName' => '<string>',
],
],
'PortProbeAction' => [
'Blocked' => true || false,
'PortProbeDetails' => [
[
'LocalPortDetails' => [
'Port' => <integer>,
'PortName' => '<string>',
],
'RemoteIpDetails' => [
'City' => [
'CityName' => '<string>',
],
'Country' => [
'CountryCode' => '<string>',
'CountryName' => '<string>',
],
'GeoLocation' => [
'Lat' => <float>,
'Lon' => <float>,
],
'IpAddressV4' => '<string>',
'Organization' => [
'Asn' => '<string>',
'AsnOrg' => '<string>',
'Isp' => '<string>',
'Org' => '<string>',
],
],
],
// ...
],
],
],
'Archived' => true || false,
'Count' => <integer>,
'DetectorId' => '<string>',
'EventFirstSeen' => '<string>',
'EventLastSeen' => '<string>',
'Evidence' => [
'ThreatIntelligenceDetails' => [
[
'ThreatListName' => '<string>',
'ThreatNames' => ['<string>', ...],
],
// ...
],
],
'ResourceRole' => '<string>',
'ServiceName' => '<string>',
'UserFeedback' => '<string>',
],
'Severity' => <float>,
'Title' => '<string>',
'Type' => '<string>',
'UpdatedAt' => '<string>',
],
// ...
],
]
Result Details
Members
- Findings
-
- Required: Yes
- Type: Array of Finding structures
A list of findings.
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetFindingsStatistics
$result = $client->getFindingsStatistics([/* ... */]); $promise = $client->getFindingsStatisticsAsync([/* ... */]);
Lists Amazon GuardDuty findings' statistics for the specified detector ID.
Parameter Syntax
$result = $client->getFindingsStatistics([
'DetectorId' => '<string>', // REQUIRED
'FindingCriteria' => [
'Criterion' => [
'<String>' => [
'Eq' => ['<string>', ...],
'Equals' => ['<string>', ...],
'GreaterThan' => <integer>,
'GreaterThanOrEqual' => <integer>,
'Gt' => <integer>,
'Gte' => <integer>,
'LessThan' => <integer>,
'LessThanOrEqual' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
'NotEquals' => ['<string>', ...],
],
// ...
],
],
'FindingStatisticTypes' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
- FindingCriteria
-
- Type: FindingCriteria structure
Represents the criteria used for querying findings.
- FindingStatisticTypes
-
- Required: Yes
- Type: Array of strings
Types of finding statistics to retrieve.
Result Syntax
[
'FindingStatistics' => [
'CountBySeverity' => [<integer>, ...],
],
]
Result Details
Members
- FindingStatistics
-
- Required: Yes
- Type: FindingStatistics structure
Finding statistics object.
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetIPSet
$result = $client->getIPSet([/* ... */]); $promise = $client->getIPSetAsync([/* ... */]);
Retrieves the IPSet specified by the IPSet ID.
Parameter Syntax
$result = $client->getIPSet([
'DetectorId' => '<string>', // REQUIRED
'IpSetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE',
'Location' => '<string>',
'Name' => '<string>',
'Status' => 'INACTIVE|ACTIVATING|ACTIVE|DEACTIVATING|ERROR|DELETE_PENDING|DELETED',
'Tags' => ['<string>', ...],
]
Result Details
Members
- Format
-
- Required: Yes
- Type: string
The format of the file that contains the IPSet.
- Location
-
- Required: Yes
- Type: string
The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
- Name
-
- Required: Yes
- Type: string
The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.
- Status
-
- Required: Yes
- Type: string
The status of ipSet file uploaded.
- Tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags of the IP set resource.
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetInvitationsCount
$result = $client->getInvitationsCount([/* ... */]); $promise = $client->getInvitationsCountAsync([/* ... */]);
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
Parameter Syntax
$result = $client->getInvitationsCount([ ]);
Parameter Details
Members
Result Syntax
[
'InvitationsCount' => <integer>,
]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetMasterAccount
$result = $client->getMasterAccount([/* ... */]); $promise = $client->getMasterAccountAsync([/* ... */]);
Provides the details for the GuardDuty master account associated with the current GuardDuty member account.
Parameter Syntax
$result = $client->getMasterAccount([
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Master' => [
'AccountId' => '<string>',
'InvitationId' => '<string>',
'InvitedAt' => '<string>',
'RelationshipStatus' => '<string>',
],
]
Result Details
Members
- Master
-
- Required: Yes
- Type: Master structure
Master account details.
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetMembers
$result = $client->getMembers([/* ... */]); $promise = $client->getMembersAsync([/* ... */]);
Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameter Syntax
$result = $client->getMembers([
'AccountIds' => ['<string>', ...], // REQUIRED
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Members' => [
[
'AccountId' => '<string>',
'DetectorId' => '<string>',
'Email' => '<string>',
'InvitedAt' => '<string>',
'MasterId' => '<string>',
'RelationshipStatus' => '<string>',
'UpdatedAt' => '<string>',
],
// ...
],
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- Members
-
- Required: Yes
- Type: Array of Member structures
A list of members.
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
GetThreatIntelSet
$result = $client->getThreatIntelSet([/* ... */]); $promise = $client->getThreatIntelSetAsync([/* ... */]);
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
Parameter Syntax
$result = $client->getThreatIntelSet([
'DetectorId' => '<string>', // REQUIRED
'ThreatIntelSetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Format' => 'TXT|STIX|OTX_CSV|ALIEN_VAULT|PROOF_POINT|FIRE_EYE',
'Location' => '<string>',
'Name' => '<string>',
'Status' => 'INACTIVE|ACTIVATING|ACTIVE|DEACTIVATING|ERROR|DELETE_PENDING|DELETED',
'Tags' => ['<string>', ...],
]
Result Details
Members
- Format
-
- Required: Yes
- Type: string
The format of the threatIntelSet.
- Location
-
- Required: Yes
- Type: string
The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
- Name
-
- Required: Yes
- Type: string
A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
- Status
-
- Required: Yes
- Type: string
The status of threatIntelSet file uploaded.
- Tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags of the Threat List resource.
Errors
-
Bad request exception object.
-
Internal server error exception object.
InviteMembers
$result = $client->inviteMembers([/* ... */]); $promise = $client->inviteMembersAsync([/* ... */]);
Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.
Parameter Syntax
$result = $client->inviteMembers([
'AccountIds' => ['<string>', ...], // REQUIRED
'DetectorId' => '<string>', // REQUIRED
'DisableEmailNotification' => true || false,
'Message' => '<string>',
]);
Parameter Details
Members
- AccountIds
-
- Required: Yes
- Type: Array of strings
A list of account IDs of the accounts that you want to invite to GuardDuty as members.
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector of the GuardDuty account with which you want to invite members.
- DisableEmailNotification
-
- Type: boolean
A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members.
- Message
-
- Type: string
The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
ListDetectors
$result = $client->listDetectors([/* ... */]); $promise = $client->listDetectorsAsync([/* ... */]);
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
Parameter Syntax
$result = $client->listDetectors([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- MaxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
- NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'DetectorIds' => ['<string>', ...],
'NextToken' => '<string>',
]
Result Details
Members
Errors
-
Bad request exception object.
-
Internal server error exception object.
ListFilters
$result = $client->listFilters([/* ... */]); $promise = $client->listFiltersAsync([/* ... */]);
Returns a paginated list of the current filters.
Parameter Syntax
$result = $client->listFilters([
'DetectorId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector the filter is associated with.
- MaxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
- NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'FilterNames' => ['<string>', ...],
'NextToken' => '<string>',
]
Result Details
Members
Errors
-
Bad request exception object.
-
Internal server error exception object.
ListFindings
$result = $client->listFindings([/* ... */]); $promise = $client->listFindingsAsync([/* ... */]);
Lists Amazon GuardDuty findings for the specified detector ID.
Parameter Syntax
$result = $client->listFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingCriteria' => [
'Criterion' => [
'<String>' => [
'Eq' => ['<string>', ...],
'Equals' => ['<string>', ...],
'GreaterThan' => <integer>,
'GreaterThanOrEqual' => <integer>,
'Gt' => <integer>,
'Gte' => <integer>,
'LessThan' => <integer>,
'LessThanOrEqual' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
'NotEquals' => ['<string>', ...],
],
// ...
],
],
'MaxResults' => <integer>,
'NextToken' => '<string>',
'SortCriteria' => [
'AttributeName' => '<string>',
'OrderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The ID of the detector that specifies the GuardDuty service whose findings you want to list.
- FindingCriteria
-
- Type: FindingCriteria structure
Represents the criteria used for querying findings.
- MaxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
- NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
- SortCriteria
-
- Type: SortCriteria structure
Represents the criteria used for sorting findings.
Result Syntax
[
'FindingIds' => ['<string>', ...],
'NextToken' => '<string>',
]
Result Details
Members
Errors
-
Bad request exception object.
-
Internal server error exception object.
ListIPSets
$result = $client->listIPSets([/* ... */]); $promise = $client->listIPSetsAsync([/* ... */]);
Lists the IPSets of the GuardDuty service specified by the detector ID.
Parameter Syntax
$result = $client->listIPSets([
'DetectorId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector the ipSet is associated with.
- MaxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
- NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'IpSetIds' => ['<string>', ...],
'NextToken' => '<string>',
]
Result Details
Members
Errors
-
Bad request exception object.
-
Internal server error exception object.
ListInvitations
$result = $client->listInvitations([/* ... */]); $promise = $client->listInvitationsAsync([/* ... */]);
Lists all GuardDuty membership invitations that were sent to the current AWS account.
Parameter Syntax
$result = $client->listInvitations([
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- MaxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
- NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'Invitations' => [
[
'AccountId' => '<string>',
'InvitationId' => '<string>',
'InvitedAt' => '<string>',
'RelationshipStatus' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Invitations
-
- Type: Array of Invitation structures
A list of invitation descriptions.
- NextToken
-
- Type: string
Pagination parameter to be used on the next list operation to retrieve more items.
Errors
-
Bad request exception object.
-
Internal server error exception object.
ListMembers
$result = $client->listMembers([/* ... */]); $promise = $client->listMembersAsync([/* ... */]);
Lists details about all member accounts for the current GuardDuty master account.
Parameter Syntax
$result = $client->listMembers([
'DetectorId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
'OnlyAssociated' => '<string>',
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector the member is associated with.
- MaxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
- NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
- OnlyAssociated
-
- Type: string
Specifies whether to only return associated members or to return all members (including members which haven't been invited yet or have been disassociated).
Result Syntax
[
'Members' => [
[
'AccountId' => '<string>',
'DetectorId' => '<string>',
'Email' => '<string>',
'InvitedAt' => '<string>',
'MasterId' => '<string>',
'RelationshipStatus' => '<string>',
'UpdatedAt' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- Members
-
- Type: Array of Member structures
A list of members.
- NextToken
-
- Type: string
Pagination parameter to be used on the next list operation to retrieve more items.
Errors
-
Bad request exception object.
-
Internal server error exception object.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and Threat Intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource..
Parameter Syntax
$result = $client->listTagsForResource([
'ResourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Tags' => ['<string>', ...],
]
Result Details
Members
Errors
-
Bad request exception object.
-
Internal server error exception object.
ListThreatIntelSets
$result = $client->listThreatIntelSets([/* ... */]); $promise = $client->listThreatIntelSetsAsync([/* ... */]);
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.
Parameter Syntax
$result = $client->listThreatIntelSets([
'DetectorId' => '<string>', // REQUIRED
'MaxResults' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector the threatIntelSet is associated with.
- MaxResults
-
- Type: int
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
- NextToken
-
- Type: string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Result Syntax
[
'NextToken' => '<string>',
'ThreatIntelSetIds' => ['<string>', ...],
]
Result Details
Members
Errors
-
Bad request exception object.
-
Internal server error exception object.
StartMonitoringMembers
$result = $client->startMonitoringMembers([/* ... */]); $promise = $client->startMonitoringMembersAsync([/* ... */]);
Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers.
Parameter Syntax
$result = $client->startMonitoringMembers([
'AccountIds' => ['<string>', ...], // REQUIRED
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AccountIds
-
- Required: Yes
- Type: Array of strings
A list of account IDs of the GuardDuty member accounts whose findings you want the master account to monitor.
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector of the GuardDuty account whom you want to re-enable to monitor members' findings.
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
StopMonitoringMembers
$result = $client->stopMonitoringMembers([/* ... */]); $promise = $client->stopMonitoringMembersAsync([/* ... */]);
Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’ findings.
Parameter Syntax
$result = $client->stopMonitoringMembers([
'AccountIds' => ['<string>', ...], // REQUIRED
'DetectorId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- AccountIds
-
- Required: Yes
- Type: Array of strings
A list of account IDs of the GuardDuty member accounts whose findings you want the master account to stop monitoring.
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector of the GuardDuty account that you want to stop from monitor members' findings.
Result Syntax
[
'UnprocessedAccounts' => [
[
'AccountId' => '<string>',
'Result' => '<string>',
],
// ...
],
]
Result Details
Members
- UnprocessedAccounts
-
- Required: Yes
- Type: Array of UnprocessedAccount structures
A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
Errors
-
Bad request exception object.
-
Internal server error exception object.
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Adds tags to a resource.
Parameter Syntax
$result = $client->tagResource([
'ResourceArn' => '<string>', // REQUIRED
'Tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
UnarchiveFindings
$result = $client->unarchiveFindings([/* ... */]); $promise = $client->unarchiveFindingsAsync([/* ... */]);
Unarchives Amazon GuardDuty findings specified by the list of finding IDs.
Parameter Syntax
$result = $client->unarchiveFindings([
'DetectorId' => '<string>', // REQUIRED
'FindingIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes tags from a resource.
Parameter Syntax
$result = $client->untagResource([
'ResourceArn' => '<string>', // REQUIRED
'TagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
UpdateDetector
$result = $client->updateDetector([/* ... */]); $promise = $client->updateDetectorAsync([/* ... */]);
Updates an Amazon GuardDuty detector specified by the detectorId.
Parameter Syntax
$result = $client->updateDetector([
'DetectorId' => '<string>', // REQUIRED
'Enable' => true || false,
'FindingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
]);
Parameter Details
Members
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector that you want to update.
- Enable
-
- Type: boolean
Updated boolean value for the detector that specifies whether the detector is enabled.
- FindingPublishingFrequency
-
- Type: string
A enum value that specifies how frequently customer got Finding updates published.
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
UpdateFilter
$result = $client->updateFilter([/* ... */]); $promise = $client->updateFilterAsync([/* ... */]);
Updates the filter specified by the filter name.
Parameter Syntax
$result = $client->updateFilter([
'Action' => 'NOOP|ARCHIVE',
'Description' => '<string>',
'DetectorId' => '<string>', // REQUIRED
'FilterName' => '<string>', // REQUIRED
'FindingCriteria' => [
'Criterion' => [
'<String>' => [
'Eq' => ['<string>', ...],
'Equals' => ['<string>', ...],
'GreaterThan' => <integer>,
'GreaterThanOrEqual' => <integer>,
'Gt' => <integer>,
'Gte' => <integer>,
'LessThan' => <integer>,
'LessThanOrEqual' => <integer>,
'Lt' => <integer>,
'Lte' => <integer>,
'Neq' => ['<string>', ...],
'NotEquals' => ['<string>', ...],
],
// ...
],
],
'Rank' => <integer>,
]);
Parameter Details
Members
- Action
-
- Type: string
Specifies the action that is to be applied to the findings that match the filter.
- Description
-
- Type: string
The description of the filter.
- DetectorId
-
- Required: Yes
- Type: string
The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
- FilterName
-
- Required: Yes
- Type: string
The name of the filter.
- FindingCriteria
-
- Type: FindingCriteria structure
Represents the criteria to be used in the filter for querying findings.
- Rank
-
- Type: int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Result Syntax
[
'Name' => '<string>',
]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
UpdateFindingsFeedback
$result = $client->updateFindingsFeedback([/* ... */]); $promise = $client->updateFindingsFeedbackAsync([/* ... */]);
Marks specified Amazon GuardDuty findings as useful or not useful.
Parameter Syntax
$result = $client->updateFindingsFeedback([
'Comments' => '<string>',
'DetectorId' => '<string>', // REQUIRED
'Feedback' => 'USEFUL|NOT_USEFUL', // REQUIRED
'FindingIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- Comments
-
- Type: string
Additional feedback about the GuardDuty findings.
- DetectorId
-
- Required: Yes
- Type: string
The ID of the detector that specifies the GuardDuty service whose findings you want to mark as useful or not useful.
- Feedback
-
- Required: Yes
- Type: string
Valid values: USEFUL | NOT_USEFUL
- FindingIds
-
- Required: Yes
- Type: Array of strings
IDs of the findings that you want to mark as useful or not useful.
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
UpdateIPSet
$result = $client->updateIPSet([/* ... */]); $promise = $client->updateIPSetAsync([/* ... */]);
Updates the IPSet specified by the IPSet ID.
Parameter Syntax
$result = $client->updateIPSet([
'Activate' => true || false,
'DetectorId' => '<string>', // REQUIRED
'IpSetId' => '<string>', // REQUIRED
'Location' => '<string>',
'Name' => '<string>',
]);
Parameter Details
Members
- Activate
-
- Type: boolean
The updated boolean value that specifies whether the IPSet is active or not.
- DetectorId
-
- Required: Yes
- Type: string
The detectorID that specifies the GuardDuty service whose IPSet you want to update.
- IpSetId
-
- Required: Yes
- Type: string
The unique ID that specifies the IPSet that you want to update.
- Location
-
- Type: string
The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
- Name
-
- Type: string
The unique ID that specifies the IPSet that you want to update.
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
UpdateThreatIntelSet
$result = $client->updateThreatIntelSet([/* ... */]); $promise = $client->updateThreatIntelSetAsync([/* ... */]);
Updates the ThreatIntelSet specified by ThreatIntelSet ID.
Parameter Syntax
$result = $client->updateThreatIntelSet([
'Activate' => true || false,
'DetectorId' => '<string>', // REQUIRED
'Location' => '<string>',
'Name' => '<string>',
'ThreatIntelSetId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- Activate
-
- Type: boolean
The updated boolean value that specifies whether the ThreateIntelSet is active or not.
- DetectorId
-
- Required: Yes
- Type: string
The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
- Location
-
- Type: string
The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
- Name
-
- Type: string
The unique ID that specifies the ThreatIntelSet that you want to update.
- ThreatIntelSetId
-
- Required: Yes
- Type: string
The unique ID that specifies the ThreatIntelSet that you want to update.
Result Syntax
[]
Result Details
Errors
-
Bad request exception object.
-
Internal server error exception object.
Shapes
AccessKeyDetails
Description
Contains information about the access keys.
Members
AccountDetail
Description
Contains information about the account.
Members
Action
Description
Contains information about action.
Members
- ActionType
-
- Type: string
GuardDuty Finding activity type.
- AwsApiCallAction
-
- Type: AwsApiCallAction structure
Information about the AWS_API_CALL action described in this finding.
- DnsRequestAction
-
- Type: DnsRequestAction structure
Information about the DNS_REQUEST action described in this finding.
- NetworkConnectionAction
-
- Type: NetworkConnectionAction structure
Information about the NETWORK_CONNECTION action described in this finding.
- PortProbeAction
-
- Type: PortProbeAction structure
Information about the PORT_PROBE action described in this finding.
AwsApiCallAction
Description
Contains information about the API operation.
Members
- Api
-
- Type: string
AWS API name.
- CallerType
-
- Type: string
AWS API caller type.
- DomainDetails
-
- Type: DomainDetails structure
Domain information for the AWS API call.
- RemoteIpDetails
-
- Type: RemoteIpDetails structure
Remote IP information of the connection.
- ServiceName
-
- Type: string
AWS service name whose API was invoked.
BadRequestException
Description
Bad request exception object.
Members
City
Description
Contains information about the city associated with the IP address.
Members
Condition
Description
Contains information about the condition.
Members
- Eq
-
- Type: Array of strings
Deprecated. Represents the equal condition to be applied to a single field when querying for findings.
- Equals
-
- Type: Array of strings
Represents an equal condition to be applied to a single field when querying for findings.
- GreaterThan
-
- Type: long (int|float)
Represents a greater than condition to be applied to a single field when querying for findings.
- GreaterThanOrEqual
-
- Type: long (int|float)
Represents a greater than equal condition to be applied to a single field when querying for findings.
- Gt
-
- Type: int
Deprecated. Represents a greater than condition to be applied to a single field when querying for findings.
- Gte
-
- Type: int
Deprecated. Represents a greater than equal condition to be applied to a single field when querying for findings.
- LessThan
-
- Type: long (int|float)
Represents a less than condition to be applied to a single field when querying for findings.
- LessThanOrEqual
-
- Type: long (int|float)
Represents a less than equal condition to be applied to a single field when querying for findings.
- Lt
-
- Type: int
Deprecated. Represents a less than condition to be applied to a single field when querying for findings.
- Lte
-
- Type: int
Deprecated. Represents a less than equal condition to be applied to a single field when querying for findings.
- Neq
-
- Type: Array of strings
Deprecated. Represents the not equal condition to be applied to a single field when querying for findings.
- NotEquals
-
- Type: Array of strings
Represents an not equal condition to be applied to a single field when querying for findings.
Country
Description
Contains information about the country.
Members
DnsRequestAction
Description
Contains information about the DNS request.
Members
DomainDetails
Description
Contains information about the domain.
Members
Evidence
Description
Contains information about the reason that the finding was generated.
Members
- ThreatIntelligenceDetails
-
- Type: Array of ThreatIntelligenceDetail structures
A list of threat intelligence details related to the evidence.
Finding
Description
Contains information about the finding.
Members
- AccountId
-
- Required: Yes
- Type: string
The ID of the account in which the finding was generated.
- Arn
-
- Required: Yes
- Type: string
The ARN for the finding.
- Confidence
-
- Type: double
The confidence score for the finding.
- CreatedAt
-
- Required: Yes
- Type: string
The time and date at which the finding was created.
- Description
-
- Type: string
The description of the finding.
- Id
-
- Required: Yes
- Type: string
The ID of the finding.
- Partition
-
- Type: string
The partition associated with the finding.
- Region
-
- Required: Yes
- Type: string
The Region in which the finding was generated.
- Resource
-
- Required: Yes
- Type: Resource structure
Contains information about the resource.
- SchemaVersion
-
- Required: Yes
- Type: string
The version of the schema used for the finding.
- Service
-
- Type: Service structure
Contains information about the service.
- Severity
-
- Required: Yes
- Type: double
The severity of the finding.
- Title
-
- Type: string
The title for the finding.
- Type
-
- Required: Yes
- Type: string
The type of the finding.
- UpdatedAt
-
- Required: Yes
- Type: string
The time and date at which the finding was laste updated.
FindingCriteria
Description
Contains finding criteria information.
Members
- Criterion
-
- Type: Associative array of custom strings keys (String) to Condition structures
Represents a map of finding properties that match specified conditions and values when querying findings.
FindingStatistics
Description
Contains information about finding statistics.
Members
GeoLocation
Description
Contains information about the
Members
IamInstanceProfile
Description
Contains information about the instance profile.
Members
InstanceDetails
Description
Contains information about the details of an instance.
Members
- AvailabilityZone
-
- Type: string
The availability zone of the EC2 instance.
- IamInstanceProfile
-
- Type: IamInstanceProfile structure
The profile information of the EC2 instance.
- ImageDescription
-
- Type: string
The image description of the EC2 instance.
- ImageId
-
- Type: string
The image ID of the EC2 instance.
- InstanceId
-
- Type: string
The ID of the EC2 instance.
- InstanceState
-
- Type: string
The state of the EC2 instance.
- InstanceType
-
- Type: string
The type of the EC2 instance.
- LaunchTime
-
- Type: string
The launch time of the EC2 instance.
- NetworkInterfaces
-
- Type: Array of NetworkInterface structures
The network interface information of the EC2 instance.
- Platform
-
- Type: string
The platform of the EC2 instance.
- ProductCodes
-
- Type: Array of ProductCode structures
The product code of the EC2 instance.
- Tags
-
- Type: Array of Tag structures
The tags of the EC2 instance.
InternalServerErrorException
Description
Internal server error exception object.
Members
Invitation
Description
Contains information about the invitation.
Members
- AccountId
-
- Type: string
Inviter account ID
- InvitationId
-
- Type: string
This value is used to validate the inviter account to the member account.
- InvitedAt
-
- Type: string
Timestamp at which the invitation was sent
- RelationshipStatus
-
- Type: string
The status of the relationship between the inviter and invitee accounts.
LocalPortDetails
Description
Contains information about the port for the local connection.
Members
Master
Description
Contains information about the Master account and invitation.
Members
- AccountId
-
- Type: string
The ID of the account used as the Master account.
- InvitationId
-
- Type: string
This value is used to validate the master account to the member account.
- InvitedAt
-
- Type: string
Timestamp at which the invitation was sent.
- RelationshipStatus
-
- Type: string
The status of the relationship between the master and member accounts.
Member
Description
Continas information about the member account
Members
- AccountId
-
- Required: Yes
- Type: string
Member account ID.
- DetectorId
-
- Type: string
Member account's detector ID.
-
- Required: Yes
- Type: string
Member account's email address.
- InvitedAt
-
- Type: string
Timestamp at which the invitation was sent
- MasterId
-
- Required: Yes
- Type: string
Master account ID.
- RelationshipStatus
-
- Required: Yes
- Type: string
The status of the relationship between the member and the master.
- UpdatedAt
-
- Required: Yes
- Type: string
Member last updated timestamp.
NetworkConnectionAction
Description
Contains information about the network connection.
Members
- Blocked
-
- Type: boolean
Network connection blocked information.
- ConnectionDirection
-
- Type: string
Network connection direction.
- LocalPortDetails
-
- Type: LocalPortDetails structure
Local port information of the connection.
- Protocol
-
- Type: string
Network connection protocol.
- RemoteIpDetails
-
- Type: RemoteIpDetails structure
Remote IP information of the connection.
- RemotePortDetails
-
- Type: RemotePortDetails structure
Remote port information of the connection.
NetworkInterface
Description
Contains information about the network interface.
Members
- Ipv6Addresses
-
- Type: Array of strings
A list of EC2 instance IPv6 address information.
- NetworkInterfaceId
-
- Type: string
The ID of the network interface
- PrivateDnsName
-
- Type: string
Private DNS name of the EC2 instance.
- PrivateIpAddress
-
- Type: string
Private IP address of the EC2 instance.
- PrivateIpAddresses
-
- Type: Array of PrivateIpAddressDetails structures
Other private IP address information of the EC2 instance.
- PublicDnsName
-
- Type: string
Public DNS name of the EC2 instance.
- PublicIp
-
- Type: string
Public IP address of the EC2 instance.
- SecurityGroups
-
- Type: Array of SecurityGroup structures
Security groups associated with the EC2 instance.
- SubnetId
-
- Type: string
The subnet ID of the EC2 instance.
- VpcId
-
- Type: string
The VPC ID of the EC2 instance.
Organization
Description
Continas information about the organization.
Members
PortProbeAction
Description
Contains information about the port probe.
Members
- Blocked
-
- Type: boolean
Port probe blocked information.
- PortProbeDetails
-
- Type: Array of PortProbeDetail structures
A list of port probe details objects.
PortProbeDetail
Description
Contains information about the port probe details.
Members
- LocalPortDetails
-
- Type: LocalPortDetails structure
Local port information of the connection.
- RemoteIpDetails
-
- Type: RemoteIpDetails structure
Remote IP information of the connection.
PrivateIpAddressDetails
Description
Contains information about the private IP address.
Members
ProductCode
Description
Contains information about the product code.
Members
RemoteIpDetails
Description
Continas information about the remote IP address.
Members
- City
-
- Type: City structure
City information of the remote IP address.
- Country
-
- Type: Country structure
Country code of the remote IP address.
- GeoLocation
-
- Type: GeoLocation structure
Location information of the remote IP address.
- IpAddressV4
-
- Type: string
IPV4 remote address of the connection.
- Organization
-
- Type: Organization structure
ISP Organization information of the remote IP address.
RemotePortDetails
Description
Contains information about the remote port.
Members
Resource
Description
Contains information about the resource.
Members
- AccessKeyDetails
-
- Type: AccessKeyDetails structure
The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
- InstanceDetails
-
- Type: InstanceDetails structure
The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
- ResourceType
-
- Type: string
The type of the AWS resource.
SecurityGroup
Description
Contains information about the security group.
Members
Service
Description
Contains information about the service.
Members
- Action
-
- Type: Action structure
Information about the activity described in a finding.
- Archived
-
- Type: boolean
Indicates whether this finding is archived.
- Count
-
- Type: int
Total count of the occurrences of this finding type.
- DetectorId
-
- Type: string
Detector ID for the GuardDuty service.
- EventFirstSeen
-
- Type: string
First seen timestamp of the activity that prompted GuardDuty to generate this finding.
- EventLastSeen
-
- Type: string
Last seen timestamp of the activity that prompted GuardDuty to generate this finding.
- Evidence
-
- Type: Evidence structure
An evidence object associated with the service.
- ResourceRole
-
- Type: string
Resource role information for this finding.
- ServiceName
-
- Type: string
The name of the AWS service (GuardDuty) that generated a finding.
- UserFeedback
-
- Type: string
Feedback left about the finding.
SortCriteria
Description
Contains information about the criteria for sorting.
Members
Tag
Description
Contains information about the tag associated with the resource.
Members
ThreatIntelligenceDetail
Description
An instance of a threat intelligence detail that constitutes evidence for the finding.
