GetMalwareScan - Amazon GuardDuty
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

GetMalwareScan

Retrieves the detailed information for a specific malware scan. Each member account can view the malware scan details for their own account. An administrator can view malware scan details for all accounts in the organization.

There might be regional differences because some data sources might not be available in all the AWS Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Request Syntax

GET /malware-scan/scanId HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.

scanId

A unique identifier that gets generated when you invoke the API without any error. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.

Required: Yes

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "adminDetectorId": "string",
   "detectorId": "string",
   "failedResourcesCount": number,
   "resourceArn": "string",
   "resourceType": "string",
   "scanCategory": "string",
   "scanCompletedAt": number,
   "scanConfiguration": { 
      "incrementalScanDetails": { 
         "baselineResourceArn": "string"
      },
      "recoveryPoint": { 
         "backupVaultName": "string"
      },
      "role": "string",
      "triggerDetails": { 
         "description": "string",
         "guardDutyFindingId": "string",
         "triggerType": "string"
      }
   },
   "scanId": "string",
   "scannedResources": [ 
      { 
         "resourceDetails": { 
            "ebsSnapshot": { 
               "deviceName": "string"
            },
            "ebsVolume": { 
               "deviceName": "string",
               "encryptionType": "string",
               "kmsKeyArn": "string",
               "snapshotArn": "string",
               "volumeArn": "string",
               "volumeSizeInGB": number,
               "volumeType": "string"
            }
         },
         "scannedResourceArn": "string",
         "scannedResourceStatus": "string",
         "scannedResourceType": "string",
         "scanStatusReason": "string"
      }
   ],
   "scannedResourcesCount": number,
   "scanResultDetails": { 
      "failedFileCount": number,
      "scanResultStatus": "string",
      "skippedFileCount": number,
      "threatFoundFileCount": number,
      "threats": [ 
         { 
            "count": number,
            "hash": "string",
            "itemDetails": [ 
               { 
                  "additionalInfo": { 
                     "deviceName": "string",
                     "versionId": "string"
                  },
                  "hash": "string",
                  "itemPath": "string",
                  "resourceArn": "string"
               }
            ],
            "name": "string",
            "source": "string"
         }
      ],
      "totalBytes": number,
      "totalFileCount": number,
      "uniqueThreatCount": number
   },
   "scanStartedAt": number,
   "scanStatus": "string",
   "scanStatusReason": "string",
   "scanType": "string",
   "skippedResourcesCount": number
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

adminDetectorId

The unique detector ID of the administrator account that the request is associated with. If the account is an administrator, the AdminDetectorId will be the same as the one used for DetectorId. If the customer is not a GuardDuty customer, this field will not be present..

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

detectorId

The unique ID of the detector that is associated with the request, if it belongs to an account which is a GuardDuty customer.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

failedResourcesCount

The total number of resources that failed to be scanned.

Type: Integer

Valid Range: Minimum value of 0.

resourceArn

Amazon Resource Name (ARN) of the resource on which a malware scan was invoked.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 200.

resourceType

The type of resource that was scanned for malware.

Type: String

Valid Values: EBS_RECOVERY_POINT | EBS_SNAPSHOT | EBS_VOLUME | EC2_AMI | EC2_INSTANCE | EC2_RECOVERY_POINT | S3_RECOVERY_POINT | S3_BUCKET

scanCategory

The category of the malware scan, indicating the type of scan performed.

Type: String

Valid Values: FULL_SCAN | INCREMENTAL_SCAN

scanCompletedAt

The timestamp representing when the malware scan was completed.

Type: Timestamp

scanConfiguration

Information about the scan configuration used for the malware scan.

Type: ScanConfiguration object

scanId

A unique identifier associated with the malware scan. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 200.

scannedResources

A list of resources along with their metadata that were scanned as part of the malware scan operation.

Type: Array of ScannedResource objects

scannedResourcesCount

The total number of resources that were successfully scanned. This is dependent on the resource type.

Type: Integer

Valid Range: Minimum value of 0.

scanResultDetails

Detailed information about the results of the malware scan, if the scan completed.

Type: GetMalwareScanResultDetails object

scanStartedAt

The timestamp representing when the malware scan was started.

Type: Timestamp

scanStatus

A value representing the current status of the malware scan.

Type: String

Valid Values: RUNNING | COMPLETED | COMPLETED_WITH_ISSUES | FAILED | SKIPPED

scanStatusReason

Represents the reason for the current scan status, if applicable.

Type: String

Valid Values: ACCESS_DENIED | RESOURCE_NOT_FOUND | SNAPSHOT_SIZE_LIMIT_EXCEEDED | RESOURCE_UNAVAILABLE | INCONSISTENT_SOURCE | INCREMENTAL_NO_DIFFERENCE | NO_EBS_VOLUMES_FOUND | UNSUPPORTED_PRODUCT_CODE_TYPE | AMI_SNAPSHOT_LIMIT_EXCEEDED | UNRELATED_RESOURCES | BASE_RESOURCE_NOT_SCANNED | BASE_CREATED_AFTER_TARGET | UNSUPPORTED_FOR_INCREMENTAL | UNSUPPORTED_AMI | UNSUPPORTED_SNAPSHOT | UNSUPPORTED_COMPOSITE_RECOVERY_POINT

scanType

A value representing the initiator of the scan.

Type: String

Valid Values: BACKUP_INITIATED | ON_DEMAND | GUARDDUTY_INITIATED

skippedResourcesCount

The total number of resources that were skipped during the scan.

Type: Integer

Valid Range: Minimum value of 0.

Errors

For information about the errors that are common to all actions, see Common Errors.

BadRequestException

A bad request exception object.

Message

The error message.

Type

The error type.

HTTP Status Code: 400

InternalServerErrorException

An internal server error exception object.

Message

The error message.

Type

The error type.

HTTP Status Code: 500

ResourceNotFoundException

The requested resource can't be found.

Message

The error message.

Type

The error type.

HTTP Status Code: 404

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: