Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . guardduty ]

create-threat-intel-set

Description

Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis

  create-threat-intel-set
[--activate | --no-activate]
--detector-id <value>
[--format <value>]
[--location <value>]
[--name <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--activate | --no-activate (boolean) A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

--detector-id (string) The unique ID of the detector that you want to update.

--format (string) The format of the file that contains the ThreatIntelSet.

Possible values:

  • TXT
  • STIX
  • OTX_CSV
  • ALIEN_VAULT
  • PROOF_POINT
  • FIRE_EYE

--location (string) The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).

--name (string) A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Output

ThreatIntelSetId -> (string)

The unique identifier for an threat intel set