You are viewing documentation for version 3 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: Aws::GuardDuty::Client

Inherits:
Seahorse::Client::Base show all
Includes:
ClientStubs
Defined in:
gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations collapse

Instance Method Summary collapse

Methods included from ClientStubs

#stub_data, #stub_responses

Methods inherited from Seahorse::Client::Base

add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(*args) ⇒ Client

Returns a new instance of Client

Parameters:

  • options (Hash)

    a customizable set of options



142
143
144
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 142

def initialize(*args)
  super
end

Instance Method Details

#accept_invitation(params = {}) ⇒ Struct

Accepts the invitation to be monitored by a master GuardDuty account.

Examples:

Request syntax with placeholder values


resp = client.accept_invitation({
  detector_id: "__string", # required
  invitation_id: "InvitationId",
  master_id: "MasterId",
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :invitation_id (String)

    This value is used to validate the master account to the member account.

  • :master_id (String)

    The account ID of the master GuardDuty account whose invitation you're accepting.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



174
175
176
177
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 174

def accept_invitation(params = {}, options = {})
  req = build_request(:accept_invitation, params)
  req.send_request(options)
end

#archive_findings(params = {}) ⇒ Struct

Archives Amazon GuardDuty findings specified by the list of finding IDs.

Examples:

Request syntax with placeholder values


resp = client.archive_findings({
  detector_id: "__string", # required
  finding_ids: ["FindingId"],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :finding_ids (Array<String>)

    IDs of the findings that you want to archive.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



200
201
202
203
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 200

def archive_findings(params = {}, options = {})
  req = build_request(:archive_findings, params)
  req.send_request(options)
end

#create_detector(params = {}) ⇒ Types::CreateDetectorResponse

Creates a single Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector must be created in order for GuardDuty to become operational.

Examples:

Request syntax with placeholder values


resp = client.create_detector({
  enable: false,
})

Response structure


resp.detector_id #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :enable (Boolean)

    A boolean value that specifies whether the detector is to be enabled.

Returns:

See Also:



230
231
232
233
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 230

def create_detector(params = {}, options = {})
  req = build_request(:create_detector, params)
  req.send_request(options)
end

#create_ip_set(params = {}) ⇒ Types::CreateIPSetResponse

Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.

Examples:

Request syntax with placeholder values


resp = client.create_ip_set({
  activate: false,
  detector_id: "__string", # required
  format: "TXT", # accepts TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE
  location: "Location",
  name: "Name",
})

Response structure


resp.ip_set_id #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :activate (Boolean)

    A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

  • :detector_id (required, String)
  • :format (String)

    The format of the file that contains the IPSet.

  • :location (String)

    The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)

  • :name (String)

    The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.

Returns:

See Also:



279
280
281
282
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 279

def create_ip_set(params = {}, options = {})
  req = build_request(:create_ip_set, params)
  req.send_request(options)
end

#create_members(params = {}) ⇒ Types::CreateMembersResponse

Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.

Examples:

Request syntax with placeholder values


resp = client.create_members({
  account_details: [
    {
      account_id: "AccountId",
      email: "Email",
    },
  ],
  detector_id: "__string", # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_details (Array<Types::AccountDetail>)

    A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account.

  • :detector_id (required, String)

Returns:

See Also:



320
321
322
323
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 320

def create_members(params = {}, options = {})
  req = build_request(:create_members, params)
  req.send_request(options)
end

#create_sample_findings(params = {}) ⇒ Struct

Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.

Examples:

Request syntax with placeholder values


resp = client.create_sample_findings({
  detector_id: "__string", # required
  finding_types: ["FindingType"],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :finding_types (Array<String>)

    Types of sample findings that you want to generate.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



347
348
349
350
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 347

def create_sample_findings(params = {}, options = {})
  req = build_request(:create_sample_findings, params)
  req.send_request(options)
end

#create_threat_intel_set(params = {}) ⇒ Types::CreateThreatIntelSetResponse

Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.

Examples:

Request syntax with placeholder values


resp = client.create_threat_intel_set({
  activate: false,
  detector_id: "__string", # required
  format: "TXT", # accepts TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE
  location: "Location",
  name: "Name",
})

Response structure


resp.threat_intel_set_id #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :activate (Boolean)

    A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

  • :detector_id (required, String)
  • :format (String)

    The format of the file that contains the ThreatIntelSet.

  • :location (String)

    The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).

  • :name (String)

    A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.

Returns:

See Also:



396
397
398
399
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 396

def create_threat_intel_set(params = {}, options = {})
  req = build_request(:create_threat_intel_set, params)
  req.send_request(options)
end

#decline_invitations(params = {}) ⇒ Types::DeclineInvitationsResponse

Declines invitations sent to the current member account by AWS account specified by their account IDs.

Examples:

Request syntax with placeholder values


resp = client.decline_invitations({
  account_ids: ["__string"],
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (Array<String>)

    A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.

Returns:

See Also:



428
429
430
431
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 428

def decline_invitations(params = {}, options = {})
  req = build_request(:decline_invitations, params)
  req.send_request(options)
end

#delete_detector(params = {}) ⇒ Struct

Deletes a Amazon GuardDuty detector specified by the detector ID.

Examples:

Request syntax with placeholder values


resp = client.delete_detector({
  detector_id: "__string", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

Returns:

  • (Struct)

    Returns an empty response.

See Also:



449
450
451
452
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 449

def delete_detector(params = {}, options = {})
  req = build_request(:delete_detector, params)
  req.send_request(options)
end

#delete_invitations(params = {}) ⇒ Types::DeleteInvitationsResponse

Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.

Examples:

Request syntax with placeholder values


resp = client.delete_invitations({
  account_ids: ["__string"],
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (Array<String>)

    A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.

Returns:

See Also:



505
506
507
508
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 505

def delete_invitations(params = {}, options = {})
  req = build_request(:delete_invitations, params)
  req.send_request(options)
end

#delete_ip_set(params = {}) ⇒ Struct

Deletes the IPSet specified by the IPSet ID.

Examples:

Request syntax with placeholder values


resp = client.delete_ip_set({
  detector_id: "__string", # required
  ip_set_id: "__string", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :ip_set_id (required, String)

Returns:

  • (Struct)

    Returns an empty response.

See Also:



473
474
475
476
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 473

def delete_ip_set(params = {}, options = {})
  req = build_request(:delete_ip_set, params)
  req.send_request(options)
end

#delete_members(params = {}) ⇒ Types::DeleteMembersResponse

Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

Examples:

Request syntax with placeholder values


resp = client.delete_members({
  account_ids: ["__string"],
  detector_id: "__string", # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (Array<String>)

    A list of account IDs of the GuardDuty member accounts that you want to delete.

  • :detector_id (required, String)

Returns:

See Also:



540
541
542
543
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 540

def delete_members(params = {}, options = {})
  req = build_request(:delete_members, params)
  req.send_request(options)
end

#delete_threat_intel_set(params = {}) ⇒ Struct

Deletes ThreatIntelSet specified by the ThreatIntelSet ID.

Examples:

Request syntax with placeholder values


resp = client.delete_threat_intel_set({
  detector_id: "__string", # required
  threat_intel_set_id: "__string", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :threat_intel_set_id (required, String)

Returns:

  • (Struct)

    Returns an empty response.

See Also:



564
565
566
567
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 564

def delete_threat_intel_set(params = {}, options = {})
  req = build_request(:delete_threat_intel_set, params)
  req.send_request(options)
end

#disassociate_from_master_account(params = {}) ⇒ Struct

Disassociates the current GuardDuty member account from its master account.

Examples:

Request syntax with placeholder values


resp = client.({
  detector_id: "__string", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

Returns:

  • (Struct)

    Returns an empty response.

See Also:



586
587
588
589
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 586

def (params = {}, options = {})
  req = build_request(:disassociate_from_master_account, params)
  req.send_request(options)
end

#disassociate_members(params = {}) ⇒ Types::DisassociateMembersResponse

Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

Examples:

Request syntax with placeholder values


resp = client.disassociate_members({
  account_ids: ["__string"],
  detector_id: "__string", # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (Array<String>)

    A list of account IDs of the GuardDuty member accounts that you want to disassociate from master.

  • :detector_id (required, String)

Returns:

See Also:



621
622
623
624
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 621

def disassociate_members(params = {}, options = {})
  req = build_request(:disassociate_members, params)
  req.send_request(options)
end

#get_detector(params = {}) ⇒ Types::GetDetectorResponse

Retrieves an Amazon GuardDuty detector specified by the detectorId.

Examples:

Request syntax with placeholder values


resp = client.get_detector({
  detector_id: "__string", # required
})

Response structure


resp.created_at #=> String
resp.service_role #=> String
resp.status #=> String, one of "ENABLED", "DISABLED"
resp.updated_at #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

Returns:

See Also:



654
655
656
657
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 654

def get_detector(params = {}, options = {})
  req = build_request(:get_detector, params)
  req.send_request(options)
end

#get_findings(params = {}) ⇒ Types::GetFindingsResponse

Describes Amazon GuardDuty findings specified by finding IDs.

Examples:

Request syntax with placeholder values


resp = client.get_findings({
  detector_id: "__string", # required
  finding_ids: ["FindingId"],
  sort_criteria: {
    attribute_name: "__string",
    order_by: "ASC", # accepts ASC, DESC
  },
})

Response structure


resp.findings #=> Array
resp.findings[0]. #=> String
resp.findings[0].arn #=> String
resp.findings[0].confidence #=> Float
resp.findings[0].created_at #=> String
resp.findings[0].description #=> String
resp.findings[0].id #=> String
resp.findings[0].partition #=> String
resp.findings[0].region #=> String
resp.findings[0].resource.access_key_details.access_key_id #=> String
resp.findings[0].resource.access_key_details.principal_id #=> String
resp.findings[0].resource.access_key_details.user_name #=> String
resp.findings[0].resource.access_key_details.user_type #=> String
resp.findings[0].resource.instance_details.availability_zone #=> String
resp.findings[0].resource.instance_details.iam_instance_profile.arn #=> String
resp.findings[0].resource.instance_details.iam_instance_profile.id #=> String
resp.findings[0].resource.instance_details.image_id #=> String
resp.findings[0].resource.instance_details.instance_id #=> String
resp.findings[0].resource.instance_details.instance_state #=> String
resp.findings[0].resource.instance_details.instance_type #=> String
resp.findings[0].resource.instance_details.launch_time #=> String
resp.findings[0].resource.instance_details.network_interfaces #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].ipv_6_addresses #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].ipv_6_addresses[0] #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_address #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses[0].private_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses[0].private_ip_address #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].public_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].public_ip #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups[0].group_id #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups[0].group_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].subnet_id #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].vpc_id #=> String
resp.findings[0].resource.instance_details.platform #=> String
resp.findings[0].resource.instance_details.product_codes #=> Array
resp.findings[0].resource.instance_details.product_codes[0].code #=> String
resp.findings[0].resource.instance_details.product_codes[0].product_type #=> String
resp.findings[0].resource.instance_details.tags #=> Array
resp.findings[0].resource.instance_details.tags[0].key #=> String
resp.findings[0].resource.instance_details.tags[0].value #=> String
resp.findings[0].resource.resource_type #=> String
resp.findings[0].schema_version #=> String
resp.findings[0].service.action.action_type #=> String
resp.findings[0].service.action.aws_api_call_action.api #=> String
resp.findings[0].service.action.aws_api_call_action.caller_type #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.org #=> String
resp.findings[0].service.action.aws_api_call_action.service_name #=> String
resp.findings[0].service.action.dns_request_action.domain #=> String
resp.findings[0].service.action.network_connection_action.blocked #=> Boolean
resp.findings[0].service.action.network_connection_action.connection_direction #=> String
resp.findings[0].service.action.network_connection_action.local_port_details.port #=> Integer
resp.findings[0].service.action.network_connection_action.local_port_details.port_name #=> String
resp.findings[0].service.action.network_connection_action.protocol #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.network_connection_action.remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.network_connection_action.remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.org #=> String
resp.findings[0].service.action.network_connection_action.remote_port_details.port #=> Integer
resp.findings[0].service.action.network_connection_action.remote_port_details.port_name #=> String
resp.findings[0].service.action.port_probe_action.blocked #=> Boolean
resp.findings[0].service.action.port_probe_action.port_probe_details #=> Array
resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_port_details.port #=> Integer
resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_port_details.port_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.org #=> String
resp.findings[0].service.archived #=> Boolean
resp.findings[0].service.count #=> Integer
resp.findings[0].service.detector_id #=> String
resp.findings[0].service.event_first_seen #=> String
resp.findings[0].service.event_last_seen #=> String
resp.findings[0].service.resource_role #=> String
resp.findings[0].service.service_name #=> String
resp.findings[0].service.user_feedback #=> String
resp.findings[0].severity #=> Float
resp.findings[0].title #=> String
resp.findings[0].type #=> String
resp.findings[0].updated_at #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :finding_ids (Array<String>)

    IDs of the findings that you want to retrieve.

  • :sort_criteria (Types::SortCriteria)

    Represents the criteria used for sorting findings.

Returns:

See Also:



794
795
796
797
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 794

def get_findings(params = {}, options = {})
  req = build_request(:get_findings, params)
  req.send_request(options)
end

#get_findings_statistics(params = {}) ⇒ Types::GetFindingsStatisticsResponse

Lists Amazon GuardDuty findings' statistics for the specified detector ID.

Examples:

Request syntax with placeholder values


resp = client.get_findings_statistics({
  detector_id: "__string", # required
  finding_criteria: {
    criterion: {
      "__string" => {
        eq: ["__string"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        neq: ["__string"],
      },
    },
  },
  finding_statistic_types: ["COUNT_BY_SEVERITY"], # accepts COUNT_BY_SEVERITY
})

Response structure


resp.finding_statistics.count_by_severity #=> Hash
resp.finding_statistics.count_by_severity["__string"] #=> Integer

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :finding_criteria (Types::FindingCriteria)

    Represents the criteria used for querying findings.

  • :finding_statistic_types (Array<String>)

    Types of finding statistics to retrieve.

Returns:

See Also:



842
843
844
845
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 842

def get_findings_statistics(params = {}, options = {})
  req = build_request(:get_findings_statistics, params)
  req.send_request(options)
end

#get_invitations_count(params = {}) ⇒ Types::GetInvitationsCountResponse

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

Examples:

Response structure


resp.invitations_count #=> Integer

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Returns:

See Also:



899
900
901
902
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 899

def get_invitations_count(params = {}, options = {})
  req = build_request(:get_invitations_count, params)
  req.send_request(options)
end

#get_ip_set(params = {}) ⇒ Types::GetIPSetResponse

Retrieves the IPSet specified by the IPSet ID.

Examples:

Request syntax with placeholder values


resp = client.get_ip_set({
  detector_id: "__string", # required
  ip_set_id: "__string", # required
})

Response structure


resp.format #=> String, one of "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE"
resp.location #=> String
resp.name #=> String
resp.status #=> String, one of "INACTIVE", "ACTIVATING", "ACTIVE", "DEACTIVATING", "ERROR", "DELETE_PENDING", "DELETED"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :ip_set_id (required, String)

Returns:

See Also:



878
879
880
881
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 878

def get_ip_set(params = {}, options = {})
  req = build_request(:get_ip_set, params)
  req.send_request(options)
end

#get_master_account(params = {}) ⇒ Types::GetMasterAccountResponse

Provides the details for the GuardDuty master account to the current GuardDuty member account.

Examples:

Request syntax with placeholder values


resp = client.({
  detector_id: "__string", # required
})

Response structure


resp.master. #=> String
resp.master.invitation_id #=> String
resp.master.invited_at #=> String
resp.master.relationship_status #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

Returns:

See Also:



930
931
932
933
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 930

def (params = {}, options = {})
  req = build_request(:get_master_account, params)
  req.send_request(options)
end

#get_members(params = {}) ⇒ Types::GetMembersResponse

Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

Examples:

Request syntax with placeholder values


resp = client.get_members({
  account_ids: ["__string"],
  detector_id: "__string", # required
})

Response structure


resp.members #=> Array
resp.members[0]. #=> String
resp.members[0].detector_id #=> String
resp.members[0].email #=> String
resp.members[0].invited_at #=> String
resp.members[0].master_id #=> String
resp.members[0].relationship_status #=> String
resp.members[0].updated_at #=> String
resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (Array<String>)

    A list of account IDs of the GuardDuty member accounts that you want to describe.

  • :detector_id (required, String)

Returns:

See Also:



974
975
976
977
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 974

def get_members(params = {}, options = {})
  req = build_request(:get_members, params)
  req.send_request(options)
end

#get_threat_intel_set(params = {}) ⇒ Types::GetThreatIntelSetResponse

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

Examples:

Request syntax with placeholder values


resp = client.get_threat_intel_set({
  detector_id: "__string", # required
  threat_intel_set_id: "__string", # required
})

Response structure


resp.format #=> String, one of "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE"
resp.location #=> String
resp.name #=> String
resp.status #=> String, one of "INACTIVE", "ACTIVATING", "ACTIVE", "DEACTIVATING", "ERROR", "DELETE_PENDING", "DELETED"

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :threat_intel_set_id (required, String)

Returns:

See Also:



1011
1012
1013
1014
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1011

def get_threat_intel_set(params = {}, options = {})
  req = build_request(:get_threat_intel_set, params)
  req.send_request(options)
end

#invite_members(params = {}) ⇒ Types::InviteMembersResponse

Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.

Examples:

Request syntax with placeholder values


resp = client.invite_members({
  account_ids: ["__string"],
  detector_id: "__string", # required
  message: "Message",
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (Array<String>)

    A list of account IDs of the accounts that you want to invite to GuardDuty as members.

  • :detector_id (required, String)
  • :message (String)

    The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.

Returns:

See Also:



1053
1054
1055
1056
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1053

def invite_members(params = {}, options = {})
  req = build_request(:invite_members, params)
  req.send_request(options)
end

#list_detectors(params = {}) ⇒ Types::ListDetectorsResponse

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

Examples:

Request syntax with placeholder values


resp = client.list_detectors({
  max_results: 1,
  next_token: "__string",
})

Response structure


resp.detector_ids #=> Array
resp.detector_ids[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response.

  • :next_token (String)

Returns:

See Also:



1089
1090
1091
1092
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1089

def list_detectors(params = {}, options = {})
  req = build_request(:list_detectors, params)
  req.send_request(options)
end

#list_findings(params = {}) ⇒ Types::ListFindingsResponse

Lists Amazon GuardDuty findings for the specified detector ID.

Examples:

Request syntax with placeholder values


resp = client.list_findings({
  detector_id: "__string", # required
  finding_criteria: {
    criterion: {
      "__string" => {
        eq: ["__string"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        neq: ["__string"],
      },
    },
  },
  max_results: 1,
  next_token: "NextToken",
  sort_criteria: {
    attribute_name: "__string",
    order_by: "ASC", # accepts ASC, DESC
  },
})

Response structure


resp.finding_ids #=> Array
resp.finding_ids[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :finding_criteria (Types::FindingCriteria)

    Represents the criteria used for querying findings.

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

  • :next_token (String)

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListFindings action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.

  • :sort_criteria (Types::SortCriteria)

    Represents the criteria used for sorting findings.

Returns:

See Also:



1155
1156
1157
1158
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1155

def list_findings(params = {}, options = {})
  req = build_request(:list_findings, params)
  req.send_request(options)
end

#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse

Lists all GuardDuty membership invitations that were sent to the current AWS account.

Examples:

Request syntax with placeholder values


resp = client.list_invitations({
  max_results: 1,
  next_token: "__string",
})

Response structure


resp.invitations #=> Array
resp.invitations[0]. #=> String
resp.invitations[0].invitation_id #=> String
resp.invitations[0].invited_at #=> String
resp.invitations[0].relationship_status #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response.

  • :next_token (String)

Returns:

See Also:



1233
1234
1235
1236
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1233

def list_invitations(params = {}, options = {})
  req = build_request(:list_invitations, params)
  req.send_request(options)
end

#list_ip_sets(params = {}) ⇒ Types::ListIPSetsResponse

Lists the IPSets of the GuardDuty service specified by the detector ID.

Examples:

Request syntax with placeholder values


resp = client.list_ip_sets({
  detector_id: "__string", # required
  max_results: 1,
  next_token: "__string",
})

Response structure


resp.ip_set_ids #=> Array
resp.ip_set_ids[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response.

  • :next_token (String)

Returns:

See Also:



1194
1195
1196
1197
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1194

def list_ip_sets(params = {}, options = {})
  req = build_request(:list_ip_sets, params)
  req.send_request(options)
end

#list_members(params = {}) ⇒ Types::ListMembersResponse

Lists details about all member accounts for the current GuardDuty master account.

Examples:

Request syntax with placeholder values


resp = client.list_members({
  detector_id: "__string", # required
  max_results: 1,
  next_token: "__string",
  only_associated: "__string",
})

Response structure


resp.members #=> Array
resp.members[0]. #=> String
resp.members[0].detector_id #=> String
resp.members[0].email #=> String
resp.members[0].invited_at #=> String
resp.members[0].master_id #=> String
resp.members[0].relationship_status #=> String
resp.members[0].updated_at #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response.

  • :next_token (String)
  • :only_associated (String)

Returns:

See Also:



1281
1282
1283
1284
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1281

def list_members(params = {}, options = {})
  req = build_request(:list_members, params)
  req.send_request(options)
end

#list_threat_intel_sets(params = {}) ⇒ Types::ListThreatIntelSetsResponse

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.

Examples:

Request syntax with placeholder values


resp = client.list_threat_intel_sets({
  detector_id: "__string", # required
  max_results: 1,
  next_token: "__string",
})

Response structure


resp.next_token #=> String
resp.threat_intel_set_ids #=> Array
resp.threat_intel_set_ids[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response.

  • :next_token (String)

Returns:

See Also:



1320
1321
1322
1323
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1320

def list_threat_intel_sets(params = {}, options = {})
  req = build_request(:list_threat_intel_sets, params)
  req.send_request(options)
end

#start_monitoring_members(params = {}) ⇒ Types::StartMonitoringMembersResponse

Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers.

Examples:

Request syntax with placeholder values


resp = client.start_monitoring_members({
  account_ids: ["__string"],
  detector_id: "__string", # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (Array<String>)

    A list of account IDs of the GuardDuty member accounts whose findings you want the master account to monitor.

  • :detector_id (required, String)

Returns:

See Also:



1357
1358
1359
1360
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1357

def start_monitoring_members(params = {}, options = {})
  req = build_request(:start_monitoring_members, params)
  req.send_request(options)
end

#stop_monitoring_members(params = {}) ⇒ Types::StopMonitoringMembersResponse

Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members' findings.

Examples:

Request syntax with placeholder values


resp = client.stop_monitoring_members({
  account_ids: ["__string"],
  detector_id: "__string", # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (Array<String>)

    A list of account IDs of the GuardDuty member accounts whose findings you want the master account to stop monitoring.

  • :detector_id (required, String)

Returns:

See Also:



1394
1395
1396
1397
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1394

def stop_monitoring_members(params = {}, options = {})
  req = build_request(:stop_monitoring_members, params)
  req.send_request(options)
end

#unarchive_findings(params = {}) ⇒ Struct

Unarchives Amazon GuardDuty findings specified by the list of finding IDs.

Examples:

Request syntax with placeholder values


resp = client.unarchive_findings({
  detector_id: "__string", # required
  finding_ids: ["FindingId"],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :finding_ids (Array<String>)

    IDs of the findings that you want to unarchive.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1420
1421
1422
1423
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1420

def unarchive_findings(params = {}, options = {})
  req = build_request(:unarchive_findings, params)
  req.send_request(options)
end

#update_detector(params = {}) ⇒ Struct

Updates an Amazon GuardDuty detector specified by the detectorId.

Examples:

Request syntax with placeholder values


resp = client.update_detector({
  detector_id: "__string", # required
  enable: false,
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)
  • :enable (Boolean)

    Updated boolean value for the detector that specifies whether the detector is enabled.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1446
1447
1448
1449
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1446

def update_detector(params = {}, options = {})
  req = build_request(:update_detector, params)
  req.send_request(options)
end

#update_findings_feedback(params = {}) ⇒ Struct

Marks specified Amazon GuardDuty findings as useful or not useful.

Examples:

Request syntax with placeholder values


resp = client.update_findings_feedback({
  comments: "Comments",
  detector_id: "__string", # required
  feedback: "USEFUL", # accepts USEFUL, NOT_USEFUL
  finding_ids: ["FindingId"],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :comments (String)

    Additional feedback about the GuardDuty findings.

  • :detector_id (required, String)
  • :feedback (String)

    Valid values: USEFUL | NOT_USEFUL

  • :finding_ids (Array<String>)

    IDs of the findings that you want to mark as useful or not useful.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1479
1480
1481
1482
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1479

def update_findings_feedback(params = {}, options = {})
  req = build_request(:update_findings_feedback, params)
  req.send_request(options)
end

#update_ip_set(params = {}) ⇒ Struct

Updates the IPSet specified by the IPSet ID.

Examples:

Request syntax with placeholder values


resp = client.update_ip_set({
  activate: false,
  detector_id: "__string", # required
  ip_set_id: "__string", # required
  location: "Location",
  name: "Name",
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :activate (Boolean)

    The updated boolean value that specifies whether the IPSet is active or not.

  • :detector_id (required, String)
  • :ip_set_id (required, String)
  • :location (String)

    The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).

  • :name (String)

    The unique ID that specifies the IPSet that you want to update.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1517
1518
1519
1520
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1517

def update_ip_set(params = {}, options = {})
  req = build_request(:update_ip_set, params)
  req.send_request(options)
end

#update_threat_intel_set(params = {}) ⇒ Struct

Updates the ThreatIntelSet specified by ThreatIntelSet ID.

Examples:

Request syntax with placeholder values


resp = client.update_threat_intel_set({
  activate: false,
  detector_id: "__string", # required
  location: "Location",
  name: "Name",
  threat_intel_set_id: "__string", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :activate (Boolean)

    The updated boolean value that specifies whether the ThreateIntelSet is active or not.

  • :detector_id (required, String)
  • :location (String)

    The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)

  • :name (String)

    The unique ID that specifies the ThreatIntelSet that you want to update.

  • :threat_intel_set_id (required, String)

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1556
1557
1558
1559
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1556

def update_threat_intel_set(params = {}, options = {})
  req = build_request(:update_threat_intel_set, params)
  req.send_request(options)
end