Class: Aws::GuardDuty::Client

Inherits:
Seahorse::Client::Base show all
Includes:
ClientStubs
Defined in:
gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb

Overview

An API client for GuardDuty. To construct a client, you need to configure a :region and :credentials.

client = Aws::GuardDuty::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the developer guide.

See #initialize for a full list of supported configuration options.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations collapse

Instance Method Summary collapse

Methods included from ClientStubs

#api_requests, #stub_data, #stub_responses

Methods inherited from Seahorse::Client::Base

add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

  • options (Hash)

Options Hash (options):

  • :credentials (required, Aws::CredentialProvider)

    Your AWS credentials. This can be an instance of any one of the following classes:

    • Aws::Credentials - Used for configuring static, non-refreshing credentials.

    • Aws::SharedCredentials - Used for loading static credentials from a shared file, such as ~/.aws/config.

    • Aws::AssumeRoleCredentials - Used when you need to assume a role.

    • Aws::AssumeRoleWebIdentityCredentials - Used when you need to assume a role after providing credentials via the web.

    • Aws::SSOCredentials - Used for loading credentials from AWS SSO using an access token generated from aws login.

    • Aws::ProcessCredentials - Used for loading credentials from a process that outputs to stdout.

    • Aws::InstanceProfileCredentials - Used for loading credentials from an EC2 IMDS on an EC2 instance.

    • Aws::ECSCredentials - Used for loading credentials from instances running in ECS.

    • Aws::CognitoIdentityCredentials - Used for loading credentials from the Cognito Identity service.

    When :credentials are not configured directly, the following locations will be searched for credentials:

    • Aws.config[:credentials]
    • The :access_key_id, :secret_access_key, and :session_token options.
    • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
    • ~/.aws/credentials
    • ~/.aws/config
    • EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of Aws::InstanceProfileCredentails or Aws::ECSCredentials to enable retries and extended timeouts. Instance profile credential fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED'] to true.
  • :region (required, String)

    The AWS region to connect to. The configured :region is used to determine the service :endpoint. When not passed, a default :region is searched for in the following locations:

    • Aws.config[:region]
    • ENV['AWS_REGION']
    • ENV['AMAZON_REGION']
    • ENV['AWS_DEFAULT_REGION']
    • ~/.aws/credentials
    • ~/.aws/config
  • :access_key_id (String)
  • :active_endpoint_cache (Boolean) — default: false

    When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false.

  • :adaptive_retry_wait_to_fill (Boolean) — default: true

    Used only in adaptive retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a RetryCapacityNotAvailableError and will not retry instead of sleeping.

  • :client_side_monitoring (Boolean) — default: false

    When true, client-side metrics will be collected for all API requests from this client.

  • :client_side_monitoring_client_id (String) — default: ""

    Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

  • :client_side_monitoring_host (String) — default: "127.0.0.1"

    Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_port (Integer) — default: 31000

    Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher

    Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

  • :convert_params (Boolean) — default: true

    When true, an attempt is made to coerce request parameters into the required types.

  • :correct_clock_skew (Boolean) — default: true

    Used only in standard and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

  • :defaults_mode (String) — default: "legacy"

    See DefaultsModeConfiguration for a list of the accepted modes and the configuration defaults that are included.

  • :disable_host_prefix_injection (Boolean) — default: false

    Set to true to disable SDK automatically adding host prefix to default service endpoint when available.

  • :endpoint (String)

    The client endpoint is normally constructed from the :region option. You should only configure an :endpoint when connecting to test or custom endpoints. This should be a valid HTTP(S) URI.

  • :endpoint_cache_max_entries (Integer) — default: 1000

    Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

  • :endpoint_cache_max_threads (Integer) — default: 10

    Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

  • :endpoint_cache_poll_interval (Integer) — default: 60

    When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

  • :endpoint_discovery (Boolean) — default: false

    When set to true, endpoint discovery will be enabled for operations when available.

  • :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default

    The log formatter.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the :logger at.

  • :logger (Logger)

    The Logger instance to send log messages to. If this option is not set, logging will be disabled.

  • :max_attempts (Integer) — default: 3

    An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in standard and adaptive retry modes.

  • :profile (String) — default: "default"

    Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used.

  • :retry_backoff (Proc)

    A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the legacy retry mode.

  • :retry_base_delay (Float) — default: 0.3

    The base delay in seconds used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_jitter (Symbol) — default: :none

    A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the legacy retry mode.

    @see https://www.awsarchitectureblog.com/2015/03/backoff.html

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the legacy retry mode.

  • :retry_max_delay (Integer) — default: 0

    The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_mode (String) — default: "legacy"

    Specifies which retry algorithm to use. Values are:

    • legacy - The pre-existing retry behavior. This is default value if no retry mode is provided.

    • standard - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

    • adaptive - An experimental retry mode that includes all the functionality of standard mode along with automatic client side throttling. This is a provisional mode that may change behavior in the future.

  • :secret_access_key (String)
  • :session_token (String)
  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

    Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

  • :use_dualstack_endpoint (Boolean)

    When set to true, dualstack enabled endpoints (with .aws TLD) will be used if available.

  • :use_fips_endpoint (Boolean)

    When set to true, fips compatible endpoints will be used if available. When a fips region is used, the region is normalized and this config is set to true.

  • :validate_params (Boolean) — default: true

    When true, request parameters are validated before sending the request.

  • :http_proxy (URI::HTTP, String)

    A proxy to send requests through. Formatted like 'http://proxy.com:123'.

  • :http_open_timeout (Float) — default: 15

    The number of seconds to wait when opening a HTTP session before raising a Timeout::Error.

  • :http_read_timeout (Float) — default: 60

    The default number of seconds to wait for response data. This value can safely be set per-request on the session.

  • :http_idle_timeout (Float) — default: 5

    The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

  • :http_continue_timeout (Float) — default: 1

    The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has "Expect" header set to "100-continue". Defaults to nil which disables this behaviour. This value can safely be set per request on the session.

  • :ssl_timeout (Float) — default: nil

    Sets the SSL timeout in seconds.

  • :http_wire_trace (Boolean) — default: false

    When true, HTTP debug output will be sent to the :logger.

  • :ssl_verify_peer (Boolean) — default: true

    When true, SSL peer certificates are verified when establishing a connection.

  • :ssl_ca_bundle (String)

    Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.

  • :ssl_ca_directory (String)

    Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.



348
349
350
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 348

def initialize(*args)
  super
end

Instance Method Details

#accept_invitation(params = {}) ⇒ Struct

Accepts the invitation to be monitored by a GuardDuty administrator account.

Examples:

Request syntax with placeholder values


resp = client.accept_invitation({
  detector_id: "DetectorId", # required
  master_id: "String", # required
  invitation_id: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty member account.

  • :master_id (required, String)

    The account ID of the GuardDuty administrator account whose invitation you're accepting.

  • :invitation_id (required, String)

    The value that is used to validate the administrator account to the member account.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



382
383
384
385
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 382

def accept_invitation(params = {}, options = {})
  req = build_request(:accept_invitation, params)
  req.send_request(options)
end

#archive_findings(params = {}) ⇒ Struct

Archives GuardDuty findings that are specified by the list of finding IDs.

Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.

Examples:

Request syntax with placeholder values


resp = client.archive_findings({
  detector_id: "DetectorId", # required
  finding_ids: ["FindingId"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector that specifies the GuardDuty service whose findings you want to archive.

  • :finding_ids (required, Array<String>)

    The IDs of the findings that you want to archive.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



415
416
417
418
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 415

def archive_findings(params = {}, options = {})
  req = build_request(:archive_findings, params)
  req.send_request(options)
end

#create_detector(params = {}) ⇒ Types::CreateDetectorResponse

Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.

Examples:

Request syntax with placeholder values


resp = client.create_detector({
  enable: false, # required
  client_token: "ClientToken",
  finding_publishing_frequency: "FIFTEEN_MINUTES", # accepts FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
  data_sources: {
    s3_logs: {
      enable: false, # required
    },
    kubernetes: {
      audit_logs: { # required
        enable: false, # required
      },
    },
  },
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.detector_id #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :enable (required, Boolean)

    A Boolean value that specifies whether the detector is to be enabled.

  • :client_token (String)

    The idempotency token for the create request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :finding_publishing_frequency (String)

    A value that specifies how frequently updated findings are exported.

  • :data_sources (Types::DataSourceConfigurations)

    Describes which data sources will be enabled for the detector.

  • :tags (Hash<String,String>)

    The tags to be added to a new detector resource.

Returns:

See Also:



477
478
479
480
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 477

def create_detector(params = {}, options = {})
  req = build_request(:create_detector, params)
  req.send_request(options)
end

#create_filter(params = {}) ⇒ Types::CreateFilterResponse

Creates a filter using the specified finding criteria.

Examples:

Request syntax with placeholder values


resp = client.create_filter({
  detector_id: "DetectorId", # required
  name: "FilterName", # required
  description: "FilterDescription",
  action: "NOOP", # accepts NOOP, ARCHIVE
  rank: 1,
  finding_criteria: { # required
    criterion: {
      "String" => {
        eq: ["String"],
        neq: ["String"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        equals: ["String"],
        not_equals: ["String"],
        greater_than: 1,
        greater_than_or_equal: 1,
        less_than: 1,
        less_than_or_equal: 1,
      },
    },
  },
  client_token: "ClientToken",
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.name #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

  • :name (required, String)

    The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

  • :description (String)

    The description of the filter.

  • :action (String)

    Specifies the action that is to be applied to the findings that match the filter.

  • :rank (Integer)

    Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

  • :finding_criteria (required, Types::FindingCriteria)

    Represents the criteria to be used in the filter for querying findings.

    You can only use the following attributes to query findings:

    • accountId

    • region

    • confidence

    • id

    • resource.accessKeyDetails.accessKeyId

    • resource.accessKeyDetails.principalId

    • resource.accessKeyDetails.userName

    • resource.accessKeyDetails.userType

    • resource.instanceDetails.iamInstanceProfile.id

    • resource.instanceDetails.imageId

    • resource.instanceDetails.instanceId

    • resource.instanceDetails.outpostArn

    • resource.instanceDetails.networkInterfaces.ipv6Addresses

    • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

    • resource.instanceDetails.networkInterfaces.publicDnsName

    • resource.instanceDetails.networkInterfaces.publicIp

    • resource.instanceDetails.networkInterfaces.securityGroups.groupId

    • resource.instanceDetails.networkInterfaces.securityGroups.groupName

    • resource.instanceDetails.networkInterfaces.subnetId

    • resource.instanceDetails.networkInterfaces.vpcId

    • resource.instanceDetails.tags.key

    • resource.instanceDetails.tags.value

    • resource.resourceType

    • service.action.actionType

    • service.action.awsApiCallAction.api

    • service.action.awsApiCallAction.callerType

    • service.action.awsApiCallAction.errorCode

    • service.action.awsApiCallAction.userAgent

    • service.action.awsApiCallAction.remoteIpDetails.city.cityName

    • service.action.awsApiCallAction.remoteIpDetails.country.countryName

    • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

    • service.action.awsApiCallAction.remoteIpDetails.organization.asn

    • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

    • service.action.awsApiCallAction.serviceName

    • service.action.dnsRequestAction.domain

    • service.action.networkConnectionAction.blocked

    • service.action.networkConnectionAction.connectionDirection

    • service.action.networkConnectionAction.localPortDetails.port

    • service.action.networkConnectionAction.protocol

    • service.action.networkConnectionAction.localIpDetails.ipAddressV4

    • service.action.networkConnectionAction.remoteIpDetails.city.cityName

    • service.action.networkConnectionAction.remoteIpDetails.country.countryName

    • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

    • service.action.networkConnectionAction.remoteIpDetails.organization.asn

    • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

    • service.action.networkConnectionAction.remotePortDetails.port

    • service.additionalInfo.threatListName

    • resource.s3BucketDetails.publicAccess.effectivePermissions

    • resource.s3BucketDetails.name

    • resource.s3BucketDetails.tags.key

    • resource.s3BucketDetails.tags.value

    • resource.s3BucketDetails.type

    • service.archived

      When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

    • service.resourceRole

    • severity

    • type

    • updatedAt

      Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

  • :client_token (String)

    The idempotency token for the create request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    The tags to be added to a new filter resource.

Returns:

See Also:



687
688
689
690
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 687

def create_filter(params = {}, options = {})
  req = build_request(:create_filter, params)
  req.send_request(options)
end

#create_ip_set(params = {}) ⇒ Types::CreateIPSetResponse

Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

Examples:

Request syntax with placeholder values


resp = client.create_ip_set({
  detector_id: "DetectorId", # required
  name: "Name", # required
  format: "TXT", # required, accepts TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE
  location: "Location", # required
  activate: false, # required
  client_token: "ClientToken",
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.ip_set_id #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.

  • :name (required, String)

    The user-friendly name to identify the IPSet.

    Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_).

  • :format (required, String)

    The format of the file that contains the IPSet.

  • :location (required, String)

    The URI of the file that contains the IPSet.

  • :activate (required, Boolean)

    A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

  • :client_token (String)

    The idempotency token for the create request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    The tags to be added to a new IP set resource.

Returns:

See Also:



754
755
756
757
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 754

def create_ip_set(params = {}, options = {})
  req = build_request(:create_ip_set, params)
  req.send_request(options)
end

#create_members(params = {}) ⇒ Types::CreateMembersResponse

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.

When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member.

If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using Invite Members .

Examples:

Request syntax with placeholder values


resp = client.create_members({
  detector_id: "DetectorId", # required
  account_details: [ # required
    {
      account_id: "AccountId", # required
      email: "Email", # required
    },
  ],
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.

  • :account_details (required, Array<Types::AccountDetail>)

    A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.

Returns:

See Also:



812
813
814
815
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 812

def create_members(params = {}, options = {})
  req = build_request(:create_members, params)
  req.send_request(options)
end

#create_publishing_destination(params = {}) ⇒ Types::CreatePublishingDestinationResponse

Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.

Examples:

Request syntax with placeholder values


resp = client.create_publishing_destination({
  detector_id: "DetectorId", # required
  destination_type: "S3", # required, accepts S3
  destination_properties: { # required
    destination_arn: "String",
    kms_key_arn: "String",
  },
  client_token: "ClientToken",
})

Response structure


resp.destination_id #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the GuardDuty detector associated with the publishing destination.

  • :destination_type (required, String)

    The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.

  • :destination_properties (required, Types::DestinationProperties)

    The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.

  • :client_token (String)

    The idempotency token for the request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

Returns:

See Also:



862
863
864
865
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 862

def create_publishing_destination(params = {}, options = {})
  req = build_request(:create_publishing_destination, params)
  req.send_request(options)
end

#create_sample_findings(params = {}) ⇒ Struct

Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.

Examples:

Request syntax with placeholder values


resp = client.create_sample_findings({
  detector_id: "DetectorId", # required
  finding_types: ["FindingType"],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector to create sample findings for.

  • :finding_types (Array<String>)

    The types of sample findings to generate.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



890
891
892
893
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 890

def create_sample_findings(params = {}, options = {})
  req = build_request(:create_sample_findings, params)
  req.send_request(options)
end

#create_threat_intel_set(params = {}) ⇒ Types::CreateThreatIntelSetResponse

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

Examples:

Request syntax with placeholder values


resp = client.create_threat_intel_set({
  detector_id: "DetectorId", # required
  name: "Name", # required
  format: "TXT", # required, accepts TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE
  location: "Location", # required
  activate: false, # required
  client_token: "ClientToken",
  tags: {
    "TagKey" => "TagValue",
  },
})

Response structure


resp.threat_intel_set_id #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.

  • :name (required, String)

    A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

  • :format (required, String)

    The format of the file that contains the ThreatIntelSet.

  • :location (required, String)

    The URI of the file that contains the ThreatIntelSet.

  • :activate (required, Boolean)

    A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

  • :client_token (String)

    The idempotency token for the create request.

    A suitable default value is auto-generated. You should normally not need to pass this option.**

  • :tags (Hash<String,String>)

    The tags to be added to a new threat list resource.

Returns:

See Also:



954
955
956
957
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 954

def create_threat_intel_set(params = {}, options = {})
  req = build_request(:create_threat_intel_set, params)
  req.send_request(options)
end

#decline_invitations(params = {}) ⇒ Types::DeclineInvitationsResponse

Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Examples:

Request syntax with placeholder values


resp = client.decline_invitations({
  account_ids: ["AccountId"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (required, Array<String>)

    A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to decline invitations from.

Returns:

See Also:



987
988
989
990
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 987

def decline_invitations(params = {}, options = {})
  req = build_request(:decline_invitations, params)
  req.send_request(options)
end

#delete_detector(params = {}) ⇒ Struct

Deletes an Amazon GuardDuty detector that is specified by the detector ID.

Examples:

Request syntax with placeholder values


resp = client.delete_detector({
  detector_id: "DetectorId", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that you want to delete.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1010
1011
1012
1013
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1010

def delete_detector(params = {}, options = {})
  req = build_request(:delete_detector, params)
  req.send_request(options)
end

#delete_filter(params = {}) ⇒ Struct

Deletes the filter specified by the filter name.

Examples:

Request syntax with placeholder values


resp = client.delete_filter({
  detector_id: "DetectorId", # required
  filter_name: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that the filter is associated with.

  • :filter_name (required, String)

    The name of the filter that you want to delete.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1036
1037
1038
1039
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1036

def delete_filter(params = {}, options = {})
  req = build_request(:delete_filter, params)
  req.send_request(options)
end

#delete_invitations(params = {}) ⇒ Types::DeleteInvitationsResponse

Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Examples:

Request syntax with placeholder values


resp = client.delete_invitations({
  account_ids: ["AccountId"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :account_ids (required, Array<String>)

    A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to delete invitations from.

Returns:

See Also:



1096
1097
1098
1099
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1096

def delete_invitations(params = {}, options = {})
  req = build_request(:delete_invitations, params)
  req.send_request(options)
end

#delete_ip_set(params = {}) ⇒ Struct

Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.

Examples:

Request syntax with placeholder values


resp = client.delete_ip_set({
  detector_id: "DetectorId", # required
  ip_set_id: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector associated with the IPSet.

  • :ip_set_id (required, String)

    The unique ID of the IPSet to delete.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1063
1064
1065
1066
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1063

def delete_ip_set(params = {}, options = {})
  req = build_request(:delete_ip_set, params)
  req.send_request(options)
end

#delete_members(params = {}) ⇒ Types::DeleteMembersResponse

Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.

Examples:

Request syntax with placeholder values


resp = client.delete_members({
  detector_id: "DetectorId", # required
  account_ids: ["AccountId"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty account whose members you want to delete.

  • :account_ids (required, Array<String>)

    A list of account IDs of the GuardDuty member accounts that you want to delete.

Returns:

See Also:



1133
1134
1135
1136
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1133

def delete_members(params = {}, options = {})
  req = build_request(:delete_members, params)
  req.send_request(options)
end

#delete_publishing_destination(params = {}) ⇒ Struct

Deletes the publishing definition with the specified destinationId.

Examples:

Request syntax with placeholder values


resp = client.delete_publishing_destination({
  detector_id: "DetectorId", # required
  destination_id: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector associated with the publishing destination to delete.

  • :destination_id (required, String)

    The ID of the publishing destination to delete.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1160
1161
1162
1163
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1160

def delete_publishing_destination(params = {}, options = {})
  req = build_request(:delete_publishing_destination, params)
  req.send_request(options)
end

#delete_threat_intel_set(params = {}) ⇒ Struct

Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

Examples:

Request syntax with placeholder values


resp = client.delete_threat_intel_set({
  detector_id: "DetectorId", # required
  threat_intel_set_id: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that the threatIntelSet is associated with.

  • :threat_intel_set_id (required, String)

    The unique ID of the threatIntelSet that you want to delete.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1187
1188
1189
1190
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1187

def delete_threat_intel_set(params = {}, options = {})
  req = build_request(:delete_threat_intel_set, params)
  req.send_request(options)
end

#describe_organization_configuration(params = {}) ⇒ Types::DescribeOrganizationConfigurationResponse

Returns information about the account selected as the delegated administrator for GuardDuty.

Examples:

Request syntax with placeholder values


resp = client.describe_organization_configuration({
  detector_id: "DetectorId", # required
})

Response structure


resp.auto_enable #=> Boolean
resp. #=> Boolean
resp.data_sources.s3_logs.auto_enable #=> Boolean
resp.data_sources.kubernetes.audit_logs.auto_enable #=> Boolean

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector to retrieve information about the delegated administrator from.

Returns:

See Also:



1222
1223
1224
1225
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1222

def describe_organization_configuration(params = {}, options = {})
  req = build_request(:describe_organization_configuration, params)
  req.send_request(options)
end

#describe_publishing_destination(params = {}) ⇒ Types::DescribePublishingDestinationResponse

Returns information about the publishing destination specified by the provided destinationId.

Examples:

Request syntax with placeholder values


resp = client.describe_publishing_destination({
  detector_id: "DetectorId", # required
  destination_id: "String", # required
})

Response structure


resp.destination_id #=> String
resp.destination_type #=> String, one of "S3"
resp.status #=> String, one of "PENDING_VERIFICATION", "PUBLISHING", "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY", "STOPPED"
resp.publishing_failure_start_timestamp #=> Integer
resp.destination_properties.destination_arn #=> String
resp.destination_properties.kms_key_arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector associated with the publishing destination to retrieve.

  • :destination_id (required, String)

    The ID of the publishing destination to retrieve.

Returns:

See Also:



1265
1266
1267
1268
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1265

def describe_publishing_destination(params = {}, options = {})
  req = build_request(:describe_publishing_destination, params)
  req.send_request(options)
end

#disable_organization_admin_account(params = {}) ⇒ Struct

Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator.

Examples:

Request syntax with placeholder values


resp = client.({
  admin_account_id: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :admin_account_id (required, String)

    The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1289
1290
1291
1292
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1289

def (params = {}, options = {})
  req = build_request(:disable_organization_admin_account, params)
  req.send_request(options)
end

#disassociate_from_master_account(params = {}) ⇒ Struct

Disassociates the current GuardDuty member account from its administrator account.

Examples:

Request syntax with placeholder values


resp = client.({
  detector_id: "DetectorId", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty member account.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1312
1313
1314
1315
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1312

def (params = {}, options = {})
  req = build_request(:disassociate_from_master_account, params)
  req.send_request(options)
end

#disassociate_members(params = {}) ⇒ Types::DisassociateMembersResponse

Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. Member accounts added through Invitation get deleted from the current GuardDuty administrator account after 30 days of disassociation.

Examples:

Request syntax with placeholder values


resp = client.disassociate_members({
  detector_id: "DetectorId", # required
  account_ids: ["AccountId"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.

  • :account_ids (required, Array<String>)

    A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.

Returns:

See Also:



1355
1356
1357
1358
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1355

def disassociate_members(params = {}, options = {})
  req = build_request(:disassociate_members, params)
  req.send_request(options)
end

#enable_organization_admin_account(params = {}) ⇒ Struct

Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator.

Examples:

Request syntax with placeholder values


resp = client.({
  admin_account_id: "String", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :admin_account_id (required, String)

    The Amazon Web Services Account ID for the organization account to be enabled as a GuardDuty delegated administrator.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1379
1380
1381
1382
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1379

def (params = {}, options = {})
  req = build_request(:enable_organization_admin_account, params)
  req.send_request(options)
end

#get_detector(params = {}) ⇒ Types::GetDetectorResponse

Retrieves an Amazon GuardDuty detector specified by the detectorId.

Examples:

Request syntax with placeholder values


resp = client.get_detector({
  detector_id: "DetectorId", # required
})

Response structure


resp.created_at #=> String
resp.finding_publishing_frequency #=> String, one of "FIFTEEN_MINUTES", "ONE_HOUR", "SIX_HOURS"
resp.service_role #=> String
resp.status #=> String, one of "ENABLED", "DISABLED"
resp.updated_at #=> String
resp.data_sources.cloud_trail.status #=> String, one of "ENABLED", "DISABLED"
resp.data_sources.dns_logs.status #=> String, one of "ENABLED", "DISABLED"
resp.data_sources.flow_logs.status #=> String, one of "ENABLED", "DISABLED"
resp.data_sources.s3_logs.status #=> String, one of "ENABLED", "DISABLED"
resp.data_sources.kubernetes.audit_logs.status #=> String, one of "ENABLED", "DISABLED"
resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that you want to get.

Returns:

See Also:



1424
1425
1426
1427
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1424

def get_detector(params = {}, options = {})
  req = build_request(:get_detector, params)
  req.send_request(options)
end

#get_filter(params = {}) ⇒ Types::GetFilterResponse

Returns the details of the filter specified by the filter name.

Examples:

Request syntax with placeholder values


resp = client.get_filter({
  detector_id: "DetectorId", # required
  filter_name: "String", # required
})

Response structure


resp.name #=> String
resp.description #=> String
resp.action #=> String, one of "NOOP", "ARCHIVE"
resp.rank #=> Integer
resp.finding_criteria.criterion #=> Hash
resp.finding_criteria.criterion["String"].eq #=> Array
resp.finding_criteria.criterion["String"].eq[0] #=> String
resp.finding_criteria.criterion["String"].neq #=> Array
resp.finding_criteria.criterion["String"].neq[0] #=> String
resp.finding_criteria.criterion["String"].gt #=> Integer
resp.finding_criteria.criterion["String"].gte #=> Integer
resp.finding_criteria.criterion["String"].lt #=> Integer
resp.finding_criteria.criterion["String"].lte #=> Integer
resp.finding_criteria.criterion["String"].equals #=> Array
resp.finding_criteria.criterion["String"].equals[0] #=> String
resp.finding_criteria.criterion["String"].not_equals #=> Array
resp.finding_criteria.criterion["String"].not_equals[0] #=> String
resp.finding_criteria.criterion["String"].greater_than #=> Integer
resp.finding_criteria.criterion["String"].greater_than_or_equal #=> Integer
resp.finding_criteria.criterion["String"].less_than #=> Integer
resp.finding_criteria.criterion["String"].less_than_or_equal #=> Integer
resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that the filter is associated with.

  • :filter_name (required, String)

    The name of the filter you want to get.

Returns:

See Also:



1483
1484
1485
1486
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1483

def get_filter(params = {}, options = {})
  req = build_request(:get_filter, params)
  req.send_request(options)
end

#get_findings(params = {}) ⇒ Types::GetFindingsResponse

Describes Amazon GuardDuty findings specified by finding IDs.

Examples:

Request syntax with placeholder values


resp = client.get_findings({
  detector_id: "DetectorId", # required
  finding_ids: ["FindingId"], # required
  sort_criteria: {
    attribute_name: "String",
    order_by: "ASC", # accepts ASC, DESC
  },
})

Response structure


resp.findings #=> Array
resp.findings[0]. #=> String
resp.findings[0].arn #=> String
resp.findings[0].confidence #=> Float
resp.findings[0].created_at #=> String
resp.findings[0].description #=> String
resp.findings[0].id #=> String
resp.findings[0].partition #=> String
resp.findings[0].region #=> String
resp.findings[0].resource.access_key_details.access_key_id #=> String
resp.findings[0].resource.access_key_details.principal_id #=> String
resp.findings[0].resource.access_key_details.user_name #=> String
resp.findings[0].resource.access_key_details.user_type #=> String
resp.findings[0].resource.s3_bucket_details #=> Array
resp.findings[0].resource.s3_bucket_details[0].arn #=> String
resp.findings[0].resource.s3_bucket_details[0].name #=> String
resp.findings[0].resource.s3_bucket_details[0].type #=> String
resp.findings[0].resource.s3_bucket_details[0].created_at #=> Time
resp.findings[0].resource.s3_bucket_details[0].owner.id #=> String
resp.findings[0].resource.s3_bucket_details[0].tags #=> Array
resp.findings[0].resource.s3_bucket_details[0].tags[0].key #=> String
resp.findings[0].resource.s3_bucket_details[0].tags[0].value #=> String
resp.findings[0].resource.s3_bucket_details[0].default_server_side_encryption.encryption_type #=> String
resp.findings[0].resource.s3_bucket_details[0].default_server_side_encryption.kms_master_key_arn #=> String
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.access_control_list.allows_public_read_access #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.access_control_list.allows_public_write_access #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.bucket_policy.allows_public_read_access #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.bucket_policy.allows_public_write_access #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.block_public_access.ignore_public_acls #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.block_public_access.restrict_public_buckets #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.block_public_access.block_public_acls #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration.bucket_level_permissions.block_public_access.block_public_policy #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration..block_public_access.ignore_public_acls #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration..block_public_access.restrict_public_buckets #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration..block_public_access.block_public_acls #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.permission_configuration..block_public_access.block_public_policy #=> Boolean
resp.findings[0].resource.s3_bucket_details[0].public_access.effective_permission #=> String
resp.findings[0].resource.instance_details.availability_zone #=> String
resp.findings[0].resource.instance_details.iam_instance_profile.arn #=> String
resp.findings[0].resource.instance_details.iam_instance_profile.id #=> String
resp.findings[0].resource.instance_details.image_description #=> String
resp.findings[0].resource.instance_details.image_id #=> String
resp.findings[0].resource.instance_details.instance_id #=> String
resp.findings[0].resource.instance_details.instance_state #=> String
resp.findings[0].resource.instance_details.instance_type #=> String
resp.findings[0].resource.instance_details.outpost_arn #=> String
resp.findings[0].resource.instance_details.launch_time #=> String
resp.findings[0].resource.instance_details.network_interfaces #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].ipv_6_addresses #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].ipv_6_addresses[0] #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].network_interface_id #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_address #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses[0].private_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses[0].private_ip_address #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].public_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].public_ip #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups[0].group_id #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups[0].group_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].subnet_id #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].vpc_id #=> String
resp.findings[0].resource.instance_details.platform #=> String
resp.findings[0].resource.instance_details.product_codes #=> Array
resp.findings[0].resource.instance_details.product_codes[0].code #=> String
resp.findings[0].resource.instance_details.product_codes[0].product_type #=> String
resp.findings[0].resource.instance_details.tags #=> Array
resp.findings[0].resource.instance_details.tags[0].key #=> String
resp.findings[0].resource.instance_details.tags[0].value #=> String
resp.findings[0].resource.eks_cluster_details.name #=> String
resp.findings[0].resource.eks_cluster_details.arn #=> String
resp.findings[0].resource.eks_cluster_details.vpc_id #=> String
resp.findings[0].resource.eks_cluster_details.status #=> String
resp.findings[0].resource.eks_cluster_details.tags #=> Array
resp.findings[0].resource.eks_cluster_details.tags[0].key #=> String
resp.findings[0].resource.eks_cluster_details.tags[0].value #=> String
resp.findings[0].resource.eks_cluster_details.created_at #=> Time
resp.findings[0].resource.kubernetes_details.kubernetes_user_details.username #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_user_details.uid #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_user_details.groups #=> Array
resp.findings[0].resource.kubernetes_details.kubernetes_user_details.groups[0] #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.name #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.type #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.uid #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.namespace #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.host_network #=> Boolean
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers #=> Array
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].container_runtime #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].id #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].name #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].image #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].image_prefix #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].volume_mounts #=> Array
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].volume_mounts[0].name #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].volume_mounts[0].mount_path #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].security_context.privileged #=> Boolean
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes #=> Array
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes[0].name #=> String
resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes[0].host_path.path #=> String
resp.findings[0].resource.resource_type #=> String
resp.findings[0].schema_version #=> String
resp.findings[0].service.action.action_type #=> String
resp.findings[0].service.action.aws_api_call_action.api #=> String
resp.findings[0].service.action.aws_api_call_action.caller_type #=> String
resp.findings[0].service.action.aws_api_call_action.domain_details.domain #=> String
resp.findings[0].service.action.aws_api_call_action.error_code #=> String
resp.findings[0].service.action.aws_api_call_action.user_agent #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.org #=> String
resp.findings[0].service.action.aws_api_call_action.service_name #=> String
resp.findings[0].service.action.aws_api_call_action.. #=> String
resp.findings[0].service.action.aws_api_call_action..affiliated #=> Boolean
resp.findings[0].service.action.dns_request_action.domain #=> String
resp.findings[0].service.action.network_connection_action.blocked #=> Boolean
resp.findings[0].service.action.network_connection_action.connection_direction #=> String
resp.findings[0].service.action.network_connection_action.local_port_details.port #=> Integer
resp.findings[0].service.action.network_connection_action.local_port_details.port_name #=> String
resp.findings[0].service.action.network_connection_action.protocol #=> String
resp.findings[0].service.action.network_connection_action.local_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.network_connection_action.remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.network_connection_action.remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.org #=> String
resp.findings[0].service.action.network_connection_action.remote_port_details.port #=> Integer
resp.findings[0].service.action.network_connection_action.remote_port_details.port_name #=> String
resp.findings[0].service.action.port_probe_action.blocked #=> Boolean
resp.findings[0].service.action.port_probe_action.port_probe_details #=> Array
resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_port_details.port #=> Integer
resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_port_details.port_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.org #=> String
resp.findings[0].service.action.kubernetes_api_call_action.request_uri #=> String
resp.findings[0].service.action.kubernetes_api_call_action.verb #=> String
resp.findings[0].service.action.kubernetes_api_call_action.source_ips #=> Array
resp.findings[0].service.action.kubernetes_api_call_action.source_ips[0] #=> String
resp.findings[0].service.action.kubernetes_api_call_action.user_agent #=> String
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.org #=> String
resp.findings[0].service.action.kubernetes_api_call_action.status_code #=> Integer
resp.findings[0].service.action.kubernetes_api_call_action.parameters #=> String
resp.findings[0].service.evidence.threat_intelligence_details #=> Array
resp.findings[0].service.evidence.threat_intelligence_details[0].threat_list_name #=> String
resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names #=> Array
resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names[0] #=> String
resp.findings[0].service.archived #=> Boolean
resp.findings[0].service.count #=> Integer
resp.findings[0].service.detector_id #=> String
resp.findings[0].service.event_first_seen #=> String
resp.findings[0].service.event_last_seen #=> String
resp.findings[0].service.resource_role #=> String
resp.findings[0].service.service_name #=> String
resp.findings[0].service.user_feedback #=> String
resp.findings[0].severity #=> Float
resp.findings[0].title #=> String
resp.findings[0].type #=> String
resp.findings[0].updated_at #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.

  • :finding_ids (required, Array<String>)

    The IDs of the findings that you want to retrieve.

  • :sort_criteria (Types::SortCriteria)

    Represents the criteria used for sorting findings.

Returns:

See Also:



1710
1711
1712
1713
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1710

def get_findings(params = {}, options = {})
  req = build_request(:get_findings, params)
  req.send_request(options)
end

#get_findings_statistics(params = {}) ⇒ Types::GetFindingsStatisticsResponse

Lists Amazon GuardDuty findings statistics for the specified detector ID.

Examples:

Request syntax with placeholder values


resp = client.get_findings_statistics({
  detector_id: "DetectorId", # required
  finding_statistic_types: ["COUNT_BY_SEVERITY"], # required, accepts COUNT_BY_SEVERITY
  finding_criteria: {
    criterion: {
      "String" => {
        eq: ["String"],
        neq: ["String"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        equals: ["String"],
        not_equals: ["String"],
        greater_than: 1,
        greater_than_or_equal: 1,
        less_than: 1,
        less_than_or_equal: 1,
      },
    },
  },
})

Response structure


resp.finding_statistics.count_by_severity #=> Hash
resp.finding_statistics.count_by_severity["String"] #=> Integer

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.

  • :finding_statistic_types (required, Array<String>)

    The types of finding statistics to retrieve.

  • :finding_criteria (Types::FindingCriteria)

    Represents the criteria that is used for querying findings.

Returns:

See Also:



1766
1767
1768
1769
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1766

def get_findings_statistics(params = {}, options = {})
  req = build_request(:get_findings_statistics, params)
  req.send_request(options)
end

#get_invitations_count(params = {}) ⇒ Types::GetInvitationsCountResponse

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

Examples:

Response structure


resp.invitations_count #=> Integer

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Returns:

See Also:



1828
1829
1830
1831
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1828

def get_invitations_count(params = {}, options = {})
  req = build_request(:get_invitations_count, params)
  req.send_request(options)
end

#get_ip_set(params = {}) ⇒ Types::GetIPSetResponse

Retrieves the IPSet specified by the ipSetId.

Examples:

Request syntax with placeholder values


resp = client.get_ip_set({
  detector_id: "DetectorId", # required
  ip_set_id: "String", # required
})

Response structure


resp.name #=> String
resp.format #=> String, one of "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE"
resp.location #=> String
resp.status #=> String, one of "INACTIVE", "ACTIVATING", "ACTIVE", "DEACTIVATING", "ERROR", "DELETE_PENDING", "DELETED"
resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that the IPSet is associated with.

  • :ip_set_id (required, String)

    The unique ID of the IPSet to retrieve.

Returns:

See Also:



1807
1808
1809
1810
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1807

def get_ip_set(params = {}, options = {})
  req = build_request(:get_ip_set, params)
  req.send_request(options)
end

#get_master_account(params = {}) ⇒ Types::GetMasterAccountResponse

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

Examples:

Request syntax with placeholder values


resp = client.({
  detector_id: "DetectorId", # required
})

Response structure


resp.master. #=> String
resp.master.invitation_id #=> String
resp.master.relationship_status #=> String
resp.master.invited_at #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty member account.

Returns:

See Also:



1860
1861
1862
1863
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1860

def (params = {}, options = {})
  req = build_request(:get_master_account, params)
  req.send_request(options)
end

#get_member_detectors(params = {}) ⇒ Types::GetMemberDetectorsResponse

Describes which data sources are enabled for the member account's detector.

Examples:

Request syntax with placeholder values


resp = client.get_member_detectors({
  detector_id: "DetectorId", # required
  account_ids: ["AccountId"], # required
})

Response structure


resp.member_data_source_configurations #=> Array
resp.member_data_source_configurations[0]. #=> String
resp.member_data_source_configurations[0].data_sources.cloud_trail.status #=> String, one of "ENABLED", "DISABLED"
resp.member_data_source_configurations[0].data_sources.dns_logs.status #=> String, one of "ENABLED", "DISABLED"
resp.member_data_source_configurations[0].data_sources.flow_logs.status #=> String, one of "ENABLED", "DISABLED"
resp.member_data_source_configurations[0].data_sources.s3_logs.status #=> String, one of "ENABLED", "DISABLED"
resp.member_data_source_configurations[0].data_sources.kubernetes.audit_logs.status #=> String, one of "ENABLED", "DISABLED"
resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The detector ID for the administrator account.

  • :account_ids (required, Array<String>)

    The account ID of the member account.

Returns:

See Also:



1903
1904
1905
1906
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1903

def get_member_detectors(params = {}, options = {})
  req = build_request(:get_member_detectors, params)
  req.send_request(options)
end

#get_members(params = {}) ⇒ Types::GetMembersResponse

Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.

Examples:

Request syntax with placeholder values


resp = client.get_members({
  detector_id: "DetectorId", # required
  account_ids: ["AccountId"], # required
})

Response structure


resp.members #=> Array
resp.members[0]. #=> String
resp.members[0].detector_id #=> String
resp.members[0].master_id #=> String
resp.members[0].email #=> String
resp.members[0].relationship_status #=> String
resp.members[0].invited_at #=> String
resp.members[0].updated_at #=> String
resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty account whose members you want to retrieve.

  • :account_ids (required, Array<String>)

    A list of account IDs of the GuardDuty member accounts that you want to describe.

Returns:

See Also:



1949
1950
1951
1952
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1949

def get_members(params = {}, options = {})
  req = build_request(:get_members, params)
  req.send_request(options)
end

#get_threat_intel_set(params = {}) ⇒ Types::GetThreatIntelSetResponse

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

Examples:

Request syntax with placeholder values


resp = client.get_threat_intel_set({
  detector_id: "DetectorId", # required
  threat_intel_set_id: "String", # required
})

Response structure


resp.name #=> String
resp.format #=> String, one of "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE"
resp.location #=> String
resp.status #=> String, one of "INACTIVE", "ACTIVATING", "ACTIVE", "DEACTIVATING", "ERROR", "DELETE_PENDING", "DELETED"
resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that the threatIntelSet is associated with.

  • :threat_intel_set_id (required, String)

    The unique ID of the threatIntelSet that you want to get.

Returns:

See Also:



1992
1993
1994
1995
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 1992

def get_threat_intel_set(params = {}, options = {})
  req = build_request(:get_threat_intel_set, params)
  req.send_request(options)
end

#get_usage_statistics(params = {}) ⇒ Types::GetUsageStatisticsResponse

Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources the cost returned will include only the usage so far under 30 days, this may differ from the cost metrics in the console, which projects usage over 30 days to provide a monthly cost estimate. For more information see Understanding How Usage Costs are Calculated.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.get_usage_statistics({
  detector_id: "DetectorId", # required
  usage_statistic_type: "SUM_BY_ACCOUNT", # required, accepts SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES
  usage_criteria: { # required
    account_ids: ["AccountId"],
    data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
    resources: ["String"],
  },
  unit: "String",
  max_results: 1,
  next_token: "String",
})

Response structure


resp.usage_statistics. #=> Array
resp.usage_statistics.[0]. #=> String
resp.usage_statistics.[0].total.amount #=> String
resp.usage_statistics.[0].total.unit #=> String
resp.usage_statistics.sum_by_data_source #=> Array
resp.usage_statistics.sum_by_data_source[0].data_source #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_LOGS", "KUBERNETES_AUDIT_LOGS"
resp.usage_statistics.sum_by_data_source[0].total.amount #=> String
resp.usage_statistics.sum_by_data_source[0].total.unit #=> String
resp.usage_statistics.sum_by_resource #=> Array
resp.usage_statistics.sum_by_resource[0].resource #=> String
resp.usage_statistics.sum_by_resource[0].total.amount #=> String
resp.usage_statistics.sum_by_resource[0].total.unit #=> String
resp.usage_statistics.top_resources #=> Array
resp.usage_statistics.top_resources[0].resource #=> String
resp.usage_statistics.top_resources[0].total.amount #=> String
resp.usage_statistics.top_resources[0].total.unit #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.

  • :usage_statistic_type (required, String)

    The type of usage statistics to retrieve.

  • :usage_criteria (required, Types::UsageCriteria)

    Represents the criteria used for querying usage.

  • :unit (String)

    The currency unit you would like to view your usage statistics in. Current valid values are USD.

  • :max_results (Integer)

    The maximum number of results to return in the response.

  • :next_token (String)

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Returns:

See Also:



2078
2079
2080
2081
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2078

def get_usage_statistics(params = {}, options = {})
  req = build_request(:get_usage_statistics, params)
  req.send_request(options)
end

#invite_members(params = {}) ⇒ Types::InviteMembersResponse

Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.

Examples:

Request syntax with placeholder values


resp = client.invite_members({
  detector_id: "DetectorId", # required
  account_ids: ["AccountId"], # required
  disable_email_notification: false,
  message: "String",
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty account that you want to invite members with.

  • :account_ids (required, Array<String>)

    A list of account IDs of the accounts that you want to invite to GuardDuty as members.

  • :disable_email_notification (Boolean)

    A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.

  • :message (String)

    The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.

Returns:

See Also:



2129
2130
2131
2132
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2129

def invite_members(params = {}, options = {})
  req = build_request(:invite_members, params)
  req.send_request(options)
end

#list_detectors(params = {}) ⇒ Types::ListDetectorsResponse

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_detectors({
  max_results: 1,
  next_token: "String",
})

Response structure


resp.detector_ids #=> Array
resp.detector_ids[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

  • :next_token (String)

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Returns:

See Also:



2173
2174
2175
2176
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2173

def list_detectors(params = {}, options = {})
  req = build_request(:list_detectors, params)
  req.send_request(options)
end

#list_filters(params = {}) ⇒ Types::ListFiltersResponse

Returns a paginated list of the current filters.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_filters({
  detector_id: "DetectorId", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.filter_names #=> Array
resp.filter_names[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that the filter is associated with.

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

  • :next_token (String)

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Returns:

See Also:



2220
2221
2222
2223
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2220

def list_filters(params = {}, options = {})
  req = build_request(:list_filters, params)
  req.send_request(options)
end

#list_findings(params = {}) ⇒ Types::ListFindingsResponse

Lists Amazon GuardDuty findings for the specified detector ID.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_findings({
  detector_id: "DetectorId", # required
  finding_criteria: {
    criterion: {
      "String" => {
        eq: ["String"],
        neq: ["String"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        equals: ["String"],
        not_equals: ["String"],
        greater_than: 1,
        greater_than_or_equal: 1,
        less_than: 1,
        less_than_or_equal: 1,
      },
    },
  },
  sort_criteria: {
    attribute_name: "String",
    order_by: "ASC", # accepts ASC, DESC
  },
  max_results: 1,
  next_token: "String",
})

Response structure


resp.finding_ids #=> Array
resp.finding_ids[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector that specifies the GuardDuty service whose findings you want to list.

  • :finding_criteria (Types::FindingCriteria)

    Represents the criteria used for querying findings. Valid values include:

    • JSON field name

    • accountId

    • region

    • confidence

    • id

    • resource.accessKeyDetails.accessKeyId

    • resource.accessKeyDetails.principalId

    • resource.accessKeyDetails.userName

    • resource.accessKeyDetails.userType

    • resource.instanceDetails.iamInstanceProfile.id

    • resource.instanceDetails.imageId

    • resource.instanceDetails.instanceId

    • resource.instanceDetails.networkInterfaces.ipv6Addresses

    • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

    • resource.instanceDetails.networkInterfaces.publicDnsName

    • resource.instanceDetails.networkInterfaces.publicIp

    • resource.instanceDetails.networkInterfaces.securityGroups.groupId

    • resource.instanceDetails.networkInterfaces.securityGroups.groupName

    • resource.instanceDetails.networkInterfaces.subnetId

    • resource.instanceDetails.networkInterfaces.vpcId

    • resource.instanceDetails.tags.key

    • resource.instanceDetails.tags.value

    • resource.resourceType

    • service.action.actionType

    • service.action.awsApiCallAction.api

    • service.action.awsApiCallAction.callerType

    • service.action.awsApiCallAction.remoteIpDetails.city.cityName

    • service.action.awsApiCallAction.remoteIpDetails.country.countryName

    • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

    • service.action.awsApiCallAction.remoteIpDetails.organization.asn

    • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

    • service.action.awsApiCallAction.serviceName

    • service.action.dnsRequestAction.domain

    • service.action.networkConnectionAction.blocked

    • service.action.networkConnectionAction.connectionDirection

    • service.action.networkConnectionAction.localPortDetails.port

    • service.action.networkConnectionAction.protocol

    • service.action.networkConnectionAction.remoteIpDetails.country.countryName

    • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

    • service.action.networkConnectionAction.remoteIpDetails.organization.asn

    • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

    • service.action.networkConnectionAction.remotePortDetails.port

    • service.additionalInfo.threatListName

    • service.archived

      When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

    • service.resourceRole

    • severity

    • type

    • updatedAt

      Type: Timestamp in Unix Epoch millisecond format: 1486685375000

  • :sort_criteria (Types::SortCriteria)

    Represents the criteria used for sorting findings.

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

  • :next_token (String)

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Returns:

See Also:



2400
2401
2402
2403
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2400

def list_findings(params = {}, options = {})
  req = build_request(:list_findings, params)
  req.send_request(options)
end

#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse

Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_invitations({
  max_results: 1,
  next_token: "String",
})

Response structure


resp.invitations #=> Array
resp.invitations[0]. #=> String
resp.invitations[0].invitation_id #=> String
resp.invitations[0].relationship_status #=> String
resp.invitations[0].invited_at #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

  • :next_token (String)

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Returns:

See Also:



2496
2497
2498
2499
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2496

def list_invitations(params = {}, options = {})
  req = build_request(:list_invitations, params)
  req.send_request(options)
end

#list_ip_sets(params = {}) ⇒ Types::ListIPSetsResponse

Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_ip_sets({
  detector_id: "DetectorId", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.ip_set_ids #=> Array
resp.ip_set_ids[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that the IPSet is associated with.

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

  • :next_token (String)

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Returns:

See Also:



2449
2450
2451
2452
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2449

def list_ip_sets(params = {}, options = {})
  req = build_request(:list_ip_sets, params)
  req.send_request(options)
end

#list_members(params = {}) ⇒ Types::ListMembersResponse

Lists details about all member accounts for the current GuardDuty administrator account.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_members({
  detector_id: "DetectorId", # required
  max_results: 1,
  next_token: "String",
  only_associated: "String",
})

Response structure


resp.members #=> Array
resp.members[0]. #=> String
resp.members[0].detector_id #=> String
resp.members[0].master_id #=> String
resp.members[0].email #=> String
resp.members[0].relationship_status #=> String
resp.members[0].invited_at #=> String
resp.members[0].updated_at #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector the member is associated with.

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

  • :next_token (String)

    You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

  • :only_associated (String)

    Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated).

Returns:

See Also:



2556
2557
2558
2559
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2556

def list_members(params = {}, options = {})
  req = build_request(:list_members, params)
  req.send_request(options)
end

#list_organization_admin_accounts(params = {}) ⇒ Types::ListOrganizationAdminAccountsResponse

Lists the accounts configured as GuardDuty delegated administrators.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_organization_admin_accounts({
  max_results: 1,
  next_token: "String",
})

Response structure


resp.admin_accounts #=> Array
resp.admin_accounts[0]. #=> String
resp.admin_accounts[0].admin_status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS"
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :max_results (Integer)

    The maximum number of results to return in the response.

  • :next_token (String)

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Returns:

See Also:



2598
2599
2600
2601
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2598

def list_organization_admin_accounts(params = {}, options = {})
  req = build_request(:list_organization_admin_accounts, params)
  req.send_request(options)
end

#list_publishing_destinations(params = {}) ⇒ Types::ListPublishingDestinationsResponse

Returns a list of publishing destinations associated with the specified detectorId.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_publishing_destinations({
  detector_id: "DetectorId", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.destinations #=> Array
resp.destinations[0].destination_id #=> String
resp.destinations[0].destination_type #=> String, one of "S3"
resp.destinations[0].status #=> String, one of "PENDING_VERIFICATION", "PUBLISHING", "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY", "STOPPED"
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector to retrieve publishing destinations for.

  • :max_results (Integer)

    The maximum number of results to return in the response.

  • :next_token (String)

    A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

Returns:

See Also:



2646
2647
2648
2649
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2646

def list_publishing_destinations(params = {}, options = {})
  req = build_request(:list_publishing_destinations, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

Examples:

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  resource_arn: "GuardDutyArn", # required
})

Response structure


resp.tags #=> Hash
resp.tags["TagKey"] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) for the given GuardDuty resource.

Returns:

See Also:



2678
2679
2680
2681
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2678

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#list_threat_intel_sets(params = {}) ⇒ Types::ListThreatIntelSetsResponse

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.

The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.

Examples:

Request syntax with placeholder values


resp = client.list_threat_intel_sets({
  detector_id: "DetectorId", # required
  max_results: 1,
  next_token: "String",
})

Response structure


resp.threat_intel_set_ids #=> Array
resp.threat_intel_set_ids[0] #=> String
resp.next_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that the threatIntelSet is associated with.

  • :max_results (Integer)

    You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

  • :next_token (String)

    You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Returns:

See Also:



2729
2730
2731
2732
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2729

def list_threat_intel_sets(params = {}, options = {})
  req = build_request(:list_threat_intel_sets, params)
  req.send_request(options)
end

#start_monitoring_members(params = {}) ⇒ Types::StartMonitoringMembersResponse

Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.

Examples:

Request syntax with placeholder values


resp = client.start_monitoring_members({
  detector_id: "DetectorId", # required
  account_ids: ["AccountId"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor.

  • :account_ids (required, Array<String>)

    A list of account IDs of the GuardDuty member accounts to start monitoring.

Returns:

See Also:



2767
2768
2769
2770
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2767

def start_monitoring_members(params = {}, options = {})
  req = build_request(:start_monitoring_members, params)
  req.send_request(options)
end

#stop_monitoring_members(params = {}) ⇒ Types::StopMonitoringMembersResponse

Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts.

Examples:

Request syntax with placeholder values


resp = client.stop_monitoring_members({
  detector_id: "DetectorId", # required
  account_ids: ["AccountId"], # required
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector associated with the GuardDuty administrator account that is monitoring member accounts.

  • :account_ids (required, Array<String>)

    A list of account IDs for the member accounts to stop monitoring.

Returns:

See Also:



2804
2805
2806
2807
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2804

def stop_monitoring_members(params = {}, options = {})
  req = build_request(:stop_monitoring_members, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ Struct

Adds tags to a resource.

Examples:

Request syntax with placeholder values


resp = client.tag_resource({
  resource_arn: "GuardDutyArn", # required
  tags: { # required
    "TagKey" => "TagValue",
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.

  • :tags (required, Hash<String,String>)

    The tags to be added to a resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



2833
2834
2835
2836
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2833

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#unarchive_findings(params = {}) ⇒ Struct

Unarchives GuardDuty findings specified by the findingIds.

Examples:

Request syntax with placeholder values


resp = client.unarchive_findings({
  detector_id: "DetectorId", # required
  finding_ids: ["FindingId"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector associated with the findings to unarchive.

  • :finding_ids (required, Array<String>)

    The IDs of the findings to unarchive.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



2859
2860
2861
2862
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2859

def unarchive_findings(params = {}, options = {})
  req = build_request(:unarchive_findings, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ Struct

Removes tags from a resource.

Examples:

Request syntax with placeholder values


resp = client.untag_resource({
  resource_arn: "GuardDutyArn", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) for the resource to remove tags from.

  • :tag_keys (required, Array<String>)

    The tag keys to remove from the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



2885
2886
2887
2888
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2885

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_detector(params = {}) ⇒ Struct

Updates the Amazon GuardDuty detector specified by the detectorId.

Examples:

Request syntax with placeholder values


resp = client.update_detector({
  detector_id: "DetectorId", # required
  enable: false,
  finding_publishing_frequency: "FIFTEEN_MINUTES", # accepts FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
  data_sources: {
    s3_logs: {
      enable: false, # required
    },
    kubernetes: {
      audit_logs: { # required
        enable: false, # required
      },
    },
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector to update.

  • :enable (Boolean)

    Specifies whether the detector is enabled or not enabled.

  • :finding_publishing_frequency (String)

    An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.

  • :data_sources (Types::DataSourceConfigurations)

    Describes which data sources will be updated.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



2929
2930
2931
2932
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2929

def update_detector(params = {}, options = {})
  req = build_request(:update_detector, params)
  req.send_request(options)
end

#update_filter(params = {}) ⇒ Types::UpdateFilterResponse

Updates the filter specified by the filter name.

Examples:

Request syntax with placeholder values


resp = client.update_filter({
  detector_id: "DetectorId", # required
  filter_name: "String", # required
  description: "FilterDescription",
  action: "NOOP", # accepts NOOP, ARCHIVE
  rank: 1,
  finding_criteria: {
    criterion: {
      "String" => {
        eq: ["String"],
        neq: ["String"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        equals: ["String"],
        not_equals: ["String"],
        greater_than: 1,
        greater_than_or_equal: 1,
        less_than: 1,
        less_than_or_equal: 1,
      },
    },
  },
})

Response structure


resp.name #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.

  • :filter_name (required, String)

    The name of the filter.

  • :description (String)

    The description of the filter.

  • :action (String)

    Specifies the action that is to be applied to the findings that match the filter.

  • :rank (Integer)

    Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

  • :finding_criteria (Types::FindingCriteria)

    Represents the criteria to be used in the filter for querying findings.

Returns:

See Also:



2999
3000
3001
3002
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 2999

def update_filter(params = {}, options = {})
  req = build_request(:update_filter, params)
  req.send_request(options)
end

#update_findings_feedback(params = {}) ⇒ Struct

Marks the specified GuardDuty findings as useful or not useful.

Examples:

Request syntax with placeholder values


resp = client.update_findings_feedback({
  detector_id: "DetectorId", # required
  finding_ids: ["FindingId"], # required
  feedback: "USEFUL", # required, accepts USEFUL, NOT_USEFUL
  comments: "String",
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector associated with the findings to update feedback for.

  • :finding_ids (required, Array<String>)

    The IDs of the findings that you want to mark as useful or not useful.

  • :feedback (required, String)

    The feedback for the finding.

  • :comments (String)

    Additional feedback about the GuardDuty findings.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3034
3035
3036
3037
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 3034

def update_findings_feedback(params = {}, options = {})
  req = build_request(:update_findings_feedback, params)
  req.send_request(options)
end

#update_ip_set(params = {}) ⇒ Struct

Updates the IPSet specified by the IPSet ID.

Examples:

Request syntax with placeholder values


resp = client.update_ip_set({
  detector_id: "DetectorId", # required
  ip_set_id: "String", # required
  name: "Name",
  location: "Location",
  activate: false,
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The detectorID that specifies the GuardDuty service whose IPSet you want to update.

  • :ip_set_id (required, String)

    The unique ID that specifies the IPSet that you want to update.

  • :name (String)

    The unique ID that specifies the IPSet that you want to update.

  • :location (String)

    The updated URI of the file that contains the IPSet.

  • :activate (Boolean)

    The updated Boolean value that specifies whether the IPSet is active or not.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3074
3075
3076
3077
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 3074

def update_ip_set(params = {}, options = {})
  req = build_request(:update_ip_set, params)
  req.send_request(options)
end

#update_member_detectors(params = {}) ⇒ Types::UpdateMemberDetectorsResponse

Contains information on member accounts to be updated.

Examples:

Request syntax with placeholder values


resp = client.update_member_detectors({
  detector_id: "DetectorId", # required
  account_ids: ["AccountId"], # required
  data_sources: {
    s3_logs: {
      enable: false, # required
    },
    kubernetes: {
      audit_logs: { # required
        enable: false, # required
      },
    },
  },
})

Response structure


resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0]. #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The detector ID of the administrator account.

  • :account_ids (required, Array<String>)

    A list of member account IDs to be updated.

  • :data_sources (Types::DataSourceConfigurations)

    Describes which data sources will be updated.

Returns:

See Also:



3121
3122
3123
3124
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 3121

def update_member_detectors(params = {}, options = {})
  req = build_request(:update_member_detectors, params)
  req.send_request(options)
end

#update_organization_configuration(params = {}) ⇒ Struct

Updates the delegated administrator account with the values provided.

Examples:

Request syntax with placeholder values


resp = client.update_organization_configuration({
  detector_id: "DetectorId", # required
  auto_enable: false, # required
  data_sources: {
    s3_logs: {
      auto_enable: false, # required
    },
    kubernetes: {
      audit_logs: { # required
        auto_enable: false, # required
      },
    },
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector to update the delegated administrator for.

  • :auto_enable (required, Boolean)

    Indicates whether to automatically enable member accounts in the organization.

  • :data_sources (Types::OrganizationDataSourceConfigurations)

    Describes which data sources will be updated.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3161
3162
3163
3164
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 3161

def update_organization_configuration(params = {}, options = {})
  req = build_request(:update_organization_configuration, params)
  req.send_request(options)
end

#update_publishing_destination(params = {}) ⇒ Struct

Updates information about the publishing destination specified by the destinationId.

Examples:

Request syntax with placeholder values


resp = client.update_publishing_destination({
  detector_id: "DetectorId", # required
  destination_id: "String", # required
  destination_properties: {
    destination_arn: "String",
    kms_key_arn: "String",
  },
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The ID of the detector associated with the publishing destinations to update.

  • :destination_id (required, String)

    The ID of the publishing destination to update.

  • :destination_properties (Types::DestinationProperties)

    A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3197
3198
3199
3200
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 3197

def update_publishing_destination(params = {}, options = {})
  req = build_request(:update_publishing_destination, params)
  req.send_request(options)
end

#update_threat_intel_set(params = {}) ⇒ Struct

Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

Examples:

Request syntax with placeholder values


resp = client.update_threat_intel_set({
  detector_id: "DetectorId", # required
  threat_intel_set_id: "String", # required
  name: "Name",
  location: "Location",
  activate: false,
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :detector_id (required, String)

    The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.

  • :threat_intel_set_id (required, String)

    The unique ID that specifies the ThreatIntelSet that you want to update.

  • :name (String)

    The unique ID that specifies the ThreatIntelSet that you want to update.

  • :location (String)

    The updated URI of the file that contains the ThreateIntelSet.

  • :activate (Boolean)

    The updated Boolean value that specifies whether the ThreateIntelSet is active or not.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3239
3240
3241
3242
# File 'gems/aws-sdk-guardduty/lib/aws-sdk-guardduty/client.rb', line 3239

def update_threat_intel_set(params = {}, options = {})
  req = build_request(:update_threat_intel_set, params)
  req.send_request(options)
end