AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Interface for accessing GuardDuty
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following foundational data sources - VPC flow logs, Amazon Web Services CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, DNS logs, Amazon EBS volume data, runtime activity belonging to container workloads, such as Amazon EKS, Amazon ECS (including Amazon Web Services Fargate), and Amazon EC2 instances. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, domains, or presence of malware on your Amazon EC2 instances and container workloads. For example, GuardDuty can detect compromised EC2 instances and container workloads serving malware, or mining bitcoin.GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise, such as unauthorized infrastructure deployments like EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you about the status of your Amazon Web Services environment by producing security findings that you can view in the GuardDuty console or through Amazon EventBridge. For more information, see the Amazon GuardDuty User Guide .
Namespace: Amazon.GuardDuty
Assembly: AWSSDK.GuardDuty.dll
Version: 3.x.y.z
public interface IAmazonGuardDuty IAmazonService, IDisposable
The IAmazonGuardDuty type exposes the following members
Name | Type | Description | |
---|---|---|---|
Paginators | Amazon.GuardDuty.Model.IGuardDutyPaginatorFactory |
Paginators for the service |
Name | Description | |
---|---|---|
AcceptAdministratorInvitation(AcceptAdministratorInvitationRequest) |
Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation. |
|
AcceptAdministratorInvitationAsync(AcceptAdministratorInvitationRequest, CancellationToken) |
Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation. |
|
AcceptInvitation(AcceptInvitationRequest) |
Accepts the invitation to be monitored by a GuardDuty administrator account. |
|
AcceptInvitationAsync(AcceptInvitationRequest, CancellationToken) |
Accepts the invitation to be monitored by a GuardDuty administrator account. |
|
ArchiveFindings(ArchiveFindingsRequest) |
Archives GuardDuty findings that are specified by the list of finding IDs.
Only the administrator account can archive findings. Member accounts don't have permission
to archive findings from their accounts.
|
|
ArchiveFindingsAsync(ArchiveFindingsRequest, CancellationToken) |
Archives GuardDuty findings that are specified by the list of finding IDs.
Only the administrator account can archive findings. Member accounts don't have permission
to archive findings from their accounts.
|
|
CreateDetector(CreateDetectorRequest) |
Creates a single GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
Specifying both EKS Runtime Monitoring ( There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
CreateDetectorAsync(CreateDetectorRequest, CancellationToken) |
Creates a single GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
Specifying both EKS Runtime Monitoring ( There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
CreateFilter(CreateFilterRequest) |
Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty. |
|
CreateFilterAsync(CreateFilterRequest, CancellationToken) |
Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty. |
|
CreateIPSet(CreateIPSetRequest) |
Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation. |
|
CreateIPSetAsync(CreateIPSetRequest, CancellationToken) |
Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation. |
|
CreateMembers(CreateMembersRequest) |
Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
As a delegated administrator, using When you use CreateMembers as an Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API. |
|
CreateMembersAsync(CreateMembersRequest, CancellationToken) |
Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
As a delegated administrator, using When you use CreateMembers as an Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API. |
|
CreatePublishingDestination(CreatePublishingDestinationRequest) |
Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation. |
|
CreatePublishingDestinationAsync(CreatePublishingDestinationRequest, CancellationToken) |
Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation. |
|
CreateSampleFindings(CreateSampleFindingsRequest) |
Generates sample findings of types specified by the list of finding types. If 'NULL'
is specified for |
|
CreateSampleFindingsAsync(CreateSampleFindingsRequest, CancellationToken) |
Generates sample findings of types specified by the list of finding types. If 'NULL'
is specified for |
|
CreateThreatIntelSet(CreateThreatIntelSetRequest) |
Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation. |
|
CreateThreatIntelSetAsync(CreateThreatIntelSetRequest, CancellationToken) |
Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation. |
|
DeclineInvitations(DeclineInvitationsRequest) |
Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs. |
|
DeclineInvitationsAsync(DeclineInvitationsRequest, CancellationToken) |
Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs. |
|
DeleteDetector(DeleteDetectorRequest) |
Deletes an Amazon GuardDuty detector that is specified by the detector ID. |
|
DeleteDetectorAsync(DeleteDetectorRequest, CancellationToken) |
Deletes an Amazon GuardDuty detector that is specified by the detector ID. |
|
DeleteFilter(DeleteFilterRequest) |
Deletes the filter specified by the filter name. |
|
DeleteFilterAsync(DeleteFilterRequest, CancellationToken) |
Deletes the filter specified by the filter name. |
|
DeleteInvitations(DeleteInvitationsRequest) |
Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs. |
|
DeleteInvitationsAsync(DeleteInvitationsRequest, CancellationToken) |
Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs. |
|
DeleteIPSet(DeleteIPSetRequest) |
Deletes the IPSet specified by the |
|
DeleteIPSetAsync(DeleteIPSetRequest, CancellationToken) |
Deletes the IPSet specified by the |
|
DeleteMembers(DeleteMembersRequest) |
Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
With |
|
DeleteMembersAsync(DeleteMembersRequest, CancellationToken) |
Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
With |
|
DeletePublishingDestination(DeletePublishingDestinationRequest) |
Deletes the publishing definition with the specified |
|
DeletePublishingDestinationAsync(DeletePublishingDestinationRequest, CancellationToken) |
Deletes the publishing definition with the specified |
|
DeleteThreatIntelSet(DeleteThreatIntelSetRequest) |
Deletes the ThreatIntelSet specified by the ThreatIntelSet ID. |
|
DeleteThreatIntelSetAsync(DeleteThreatIntelSetRequest, CancellationToken) |
Deletes the ThreatIntelSet specified by the ThreatIntelSet ID. |
|
DescribeMalwareScans(DescribeMalwareScansRequest) |
Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
DescribeMalwareScansAsync(DescribeMalwareScansRequest, CancellationToken) |
Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
DescribeOrganizationConfiguration(DescribeOrganizationConfigurationRequest) |
Returns information about the account selected as the delegated administrator for GuardDuty. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
DescribeOrganizationConfigurationAsync(DescribeOrganizationConfigurationRequest, CancellationToken) |
Returns information about the account selected as the delegated administrator for GuardDuty. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
DescribePublishingDestination(DescribePublishingDestinationRequest) |
Returns information about the publishing destination specified by the provided |
|
DescribePublishingDestinationAsync(DescribePublishingDestinationRequest, CancellationToken) |
Returns information about the publishing destination specified by the provided |
|
DetermineServiceOperationEndpoint(AmazonWebServiceRequest) |
Returns the endpoint that will be used for a particular request. |
|
DisableOrganizationAdminAccount(DisableOrganizationAdminAccountRequest) |
Removes the existing GuardDuty delegated administrator of the organization. Only the organization's management account can run this API operation. |
|
DisableOrganizationAdminAccountAsync(DisableOrganizationAdminAccountRequest, CancellationToken) |
Removes the existing GuardDuty delegated administrator of the organization. Only the organization's management account can run this API operation. |
|
DisassociateFromAdministratorAccount(DisassociateFromAdministratorAccountRequest) |
Disassociates the current GuardDuty member account from its administrator account. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
With |
|
DisassociateFromAdministratorAccountAsync(DisassociateFromAdministratorAccountRequest, CancellationToken) |
Disassociates the current GuardDuty member account from its administrator account. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
With |
|
DisassociateFromMasterAccount(DisassociateFromMasterAccountRequest) |
Disassociates the current GuardDuty member account from its administrator account. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. |
|
DisassociateFromMasterAccountAsync(DisassociateFromMasterAccountRequest, CancellationToken) |
Disassociates the current GuardDuty member account from its administrator account. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. |
|
DisassociateMembers(DisassociateMembersRequest) |
Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
With If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API. |
|
DisassociateMembersAsync(DisassociateMembersRequest, CancellationToken) |
Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
With If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API. |
|
EnableOrganizationAdminAccount(EnableOrganizationAdminAccountRequest) |
Designates an Amazon Web Services account within the organization as your GuardDuty delegated administrator. Only the organization's management account can run this API operation. |
|
EnableOrganizationAdminAccountAsync(EnableOrganizationAdminAccountRequest, CancellationToken) |
Designates an Amazon Web Services account within the organization as your GuardDuty delegated administrator. Only the organization's management account can run this API operation. |
|
GetAdministratorAccount(GetAdministratorAccountRequest) |
Provides the details of the GuardDuty administrator account associated with the current
GuardDuty member account.
If the organization's management account or a delegated administrator runs this API,
it will return success ( |
|
GetAdministratorAccountAsync(GetAdministratorAccountRequest, CancellationToken) |
Provides the details of the GuardDuty administrator account associated with the current
GuardDuty member account.
If the organization's management account or a delegated administrator runs this API,
it will return success ( |
|
GetCoverageStatistics(GetCoverageStatisticsRequest) |
Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled Runtime Monitoring and have the GuardDuty security agent running on their resources. |
|
GetCoverageStatisticsAsync(GetCoverageStatisticsRequest, CancellationToken) |
Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled Runtime Monitoring and have the GuardDuty security agent running on their resources. |
|
GetDetector(GetDetectorRequest) |
Retrieves an Amazon GuardDuty detector specified by the detectorId. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
GetDetectorAsync(GetDetectorRequest, CancellationToken) |
Retrieves an Amazon GuardDuty detector specified by the detectorId. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
GetFilter(GetFilterRequest) |
Returns the details of the filter specified by the filter name. |
|
GetFilterAsync(GetFilterRequest, CancellationToken) |
Returns the details of the filter specified by the filter name. |
|
GetFindings(GetFindingsRequest) |
Describes Amazon GuardDuty findings specified by finding IDs. |
|
GetFindingsAsync(GetFindingsRequest, CancellationToken) |
Describes Amazon GuardDuty findings specified by finding IDs. |
|
GetFindingsStatistics(GetFindingsStatisticsRequest) |
Lists Amazon GuardDuty findings statistics for the specified detector ID. There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints. |
|
GetFindingsStatisticsAsync(GetFindingsStatisticsRequest, CancellationToken) |
Lists Amazon GuardDuty findings statistics for the specified detector ID. There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints. |
|
GetInvitationsCount(GetInvitationsCountRequest) |
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation. |
|
GetInvitationsCountAsync(GetInvitationsCountRequest, CancellationToken) |
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation. |
|
GetIPSet(GetIPSetRequest) |
Retrieves the IPSet specified by the |
|
GetIPSetAsync(GetIPSetRequest, CancellationToken) |
Retrieves the IPSet specified by the |
|
GetMalwareScanSettings(GetMalwareScanSettingsRequest) |
Returns the details of the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
GetMalwareScanSettingsAsync(GetMalwareScanSettingsRequest, CancellationToken) |
Returns the details of the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
GetMasterAccount(GetMasterAccountRequest) |
Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account. |
|
GetMasterAccountAsync(GetMasterAccountRequest, CancellationToken) |
Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account. |
|
GetMemberDetectors(GetMemberDetectorsRequest) |
Describes which data sources are enabled for the member account's detector. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
GetMemberDetectorsAsync(GetMemberDetectorsRequest, CancellationToken) |
Describes which data sources are enabled for the member account's detector. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
GetMembers(GetMembersRequest) |
Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs. |
|
GetMembersAsync(GetMembersRequest, CancellationToken) |
Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs. |
|
GetOrganizationStatistics(GetOrganizationStatisticsRequest) |
Retrieves how many active member accounts have each feature enabled within GuardDuty. Only a delegated GuardDuty administrator of an organization can run this API. When you create a new organization, it might take up to 24 hours to generate the statistics for the entire organization. |
|
GetOrganizationStatisticsAsync(GetOrganizationStatisticsRequest, CancellationToken) |
Retrieves how many active member accounts have each feature enabled within GuardDuty. Only a delegated GuardDuty administrator of an organization can run this API. When you create a new organization, it might take up to 24 hours to generate the statistics for the entire organization. |
|
GetRemainingFreeTrialDays(GetRemainingFreeTrialDaysRequest) |
Provides the number of days left for each data source used in the free trial period. |
|
GetRemainingFreeTrialDaysAsync(GetRemainingFreeTrialDaysRequest, CancellationToken) |
Provides the number of days left for each data source used in the free trial period. |
|
GetThreatIntelSet(GetThreatIntelSetRequest) |
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID. |
|
GetThreatIntelSetAsync(GetThreatIntelSetRequest, CancellationToken) |
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID. |
|
GetUsageStatistics(GetUsageStatisticsRequest) |
Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated. |
|
GetUsageStatisticsAsync(GetUsageStatisticsRequest, CancellationToken) |
Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated. |
|
InviteMembers(InviteMembersRequest) |
Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account that invokes this API. If you are using Amazon Web Services Organizations to manage your GuardDuty environment, this step is not needed. For more information, see Managing accounts with organizations. To invite Amazon Web Services accounts, the first step is to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API to add accounts by invitation. The invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can choose to accept the invitation from only one Amazon Web Services account. For more information, see Managing GuardDuty accounts by invitation. After the invite has been accepted and you choose to disassociate a member account (by using DisassociateMembers) from your account, the details of the member account obtained by invoking CreateMembers, including the associated email addresses, will be retained. This is done so that you can invoke InviteMembers without the need to invoke CreateMembers again. To remove the details associated with a member account, you must also invoke DeleteMembers. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API. |
|
InviteMembersAsync(InviteMembersRequest, CancellationToken) |
Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account that invokes this API. If you are using Amazon Web Services Organizations to manage your GuardDuty environment, this step is not needed. For more information, see Managing accounts with organizations. To invite Amazon Web Services accounts, the first step is to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API to add accounts by invitation. The invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can choose to accept the invitation from only one Amazon Web Services account. For more information, see Managing GuardDuty accounts by invitation. After the invite has been accepted and you choose to disassociate a member account (by using DisassociateMembers) from your account, the details of the member account obtained by invoking CreateMembers, including the associated email addresses, will be retained. This is done so that you can invoke InviteMembers without the need to invoke CreateMembers again. To remove the details associated with a member account, you must also invoke DeleteMembers. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API. |
|
ListCoverage(ListCoverageRequest) |
Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization. Make sure the accounts have Runtime Monitoring enabled and GuardDuty agent running on their resources. |
|
ListCoverageAsync(ListCoverageRequest, CancellationToken) |
Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization. Make sure the accounts have Runtime Monitoring enabled and GuardDuty agent running on their resources. |
|
ListDetectors(ListDetectorsRequest) |
Lists detectorIds of all the existing Amazon GuardDuty detector resources. |
|
ListDetectorsAsync(ListDetectorsRequest, CancellationToken) |
Lists detectorIds of all the existing Amazon GuardDuty detector resources. |
|
ListFilters(ListFiltersRequest) |
Returns a paginated list of the current filters. |
|
ListFiltersAsync(ListFiltersRequest, CancellationToken) |
Returns a paginated list of the current filters. |
|
ListFindings(ListFindingsRequest) |
Lists GuardDuty findings for the specified detector ID. There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints. |
|
ListFindingsAsync(ListFindingsRequest, CancellationToken) |
Lists GuardDuty findings for the specified detector ID. There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints. |
|
ListInvitations(ListInvitationsRequest) |
Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account. |
|
ListInvitationsAsync(ListInvitationsRequest, CancellationToken) |
Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account. |
|
ListIPSets(ListIPSetsRequest) |
Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account. |
|
ListIPSetsAsync(ListIPSetsRequest, CancellationToken) |
Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account. |
|
ListMembers(ListMembersRequest) |
Lists details about all member accounts for the current GuardDuty administrator account. |
|
ListMembersAsync(ListMembersRequest, CancellationToken) |
Lists details about all member accounts for the current GuardDuty administrator account. |
|
ListOrganizationAdminAccounts(ListOrganizationAdminAccountsRequest) |
Lists the accounts designated as GuardDuty delegated administrators. Only the organization's management account can run this API operation. |
|
ListOrganizationAdminAccountsAsync(ListOrganizationAdminAccountsRequest, CancellationToken) |
Lists the accounts designated as GuardDuty delegated administrators. Only the organization's management account can run this API operation. |
|
ListPublishingDestinations(ListPublishingDestinationsRequest) |
Returns a list of publishing destinations associated with the specified |
|
ListPublishingDestinationsAsync(ListPublishingDestinationsRequest, CancellationToken) |
Returns a list of publishing destinations associated with the specified |
|
ListTagsForResource(ListTagsForResourceRequest) |
Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, threat intel sets, and publishing destination, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource. |
|
ListTagsForResourceAsync(ListTagsForResourceRequest, CancellationToken) |
Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, threat intel sets, and publishing destination, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource. |
|
ListThreatIntelSets(ListThreatIntelSetsRequest) |
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned. |
|
ListThreatIntelSetsAsync(ListThreatIntelSetsRequest, CancellationToken) |
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned. |
|
StartMalwareScan(StartMalwareScanRequest) |
Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account. When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see DescribeMalwareScans. |
|
StartMalwareScanAsync(StartMalwareScanRequest, CancellationToken) |
Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account. When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see DescribeMalwareScans. |
|
StartMonitoringMembers(StartMonitoringMembersRequest) |
Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation. |
|
StartMonitoringMembersAsync(StartMonitoringMembersRequest, CancellationToken) |
Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation. |
|
StopMonitoringMembers(StopMonitoringMembersRequest) |
Stops GuardDuty monitoring for the specified member accounts. Use the
With |
|
StopMonitoringMembersAsync(StopMonitoringMembersRequest, CancellationToken) |
Stops GuardDuty monitoring for the specified member accounts. Use the
With |
|
TagResource(TagResourceRequest) |
Adds tags to a resource. |
|
TagResourceAsync(TagResourceRequest, CancellationToken) |
Adds tags to a resource. |
|
UnarchiveFindings(UnarchiveFindingsRequest) |
Unarchives GuardDuty findings specified by the |
|
UnarchiveFindingsAsync(UnarchiveFindingsRequest, CancellationToken) |
Unarchives GuardDuty findings specified by the |
|
UntagResource(UntagResourceRequest) |
Removes tags from a resource. |
|
UntagResourceAsync(UntagResourceRequest, CancellationToken) |
Removes tags from a resource. |
|
UpdateDetector(UpdateDetectorRequest) |
Updates the GuardDuty detector specified by the detector ID.
Specifying both EKS Runtime Monitoring ( There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
UpdateDetectorAsync(UpdateDetectorRequest, CancellationToken) |
Updates the GuardDuty detector specified by the detector ID.
Specifying both EKS Runtime Monitoring ( There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
UpdateFilter(UpdateFilterRequest) |
Updates the filter specified by the filter name. |
|
UpdateFilterAsync(UpdateFilterRequest, CancellationToken) |
Updates the filter specified by the filter name. |
|
UpdateFindingsFeedback(UpdateFindingsFeedbackRequest) |
Marks the specified GuardDuty findings as useful or not useful. |
|
UpdateFindingsFeedbackAsync(UpdateFindingsFeedbackRequest, CancellationToken) |
Marks the specified GuardDuty findings as useful or not useful. |
|
UpdateIPSet(UpdateIPSetRequest) |
Updates the IPSet specified by the IPSet ID. |
|
UpdateIPSetAsync(UpdateIPSetRequest, CancellationToken) |
Updates the IPSet specified by the IPSet ID. |
|
UpdateMalwareScanSettings(UpdateMalwareScanSettingsRequest) |
Updates the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
UpdateMalwareScanSettingsAsync(UpdateMalwareScanSettingsRequest, CancellationToken) |
Updates the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
UpdateMemberDetectors(UpdateMemberDetectorsRequest) |
Contains information on member accounts to be updated.
Specifying both EKS Runtime Monitoring ( There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
UpdateMemberDetectorsAsync(UpdateMemberDetectorsRequest, CancellationToken) |
Contains information on member accounts to be updated.
Specifying both EKS Runtime Monitoring ( There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
UpdateOrganizationConfiguration(UpdateOrganizationConfigurationRequest) |
Configures the delegated administrator account with the provided values. You must
provide a value for either
Specifying both EKS Runtime Monitoring ( There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
UpdateOrganizationConfigurationAsync(UpdateOrganizationConfigurationRequest, CancellationToken) |
Configures the delegated administrator account with the provided values. You must
provide a value for either
Specifying both EKS Runtime Monitoring ( There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints. |
|
UpdatePublishingDestination(UpdatePublishingDestinationRequest) |
Updates information about the publishing destination specified by the |
|
UpdatePublishingDestinationAsync(UpdatePublishingDestinationRequest, CancellationToken) |
Updates information about the publishing destination specified by the |
|
UpdateThreatIntelSet(UpdateThreatIntelSetRequest) |
Updates the ThreatIntelSet specified by the ThreatIntelSet ID. |
|
UpdateThreatIntelSetAsync(UpdateThreatIntelSetRequest, CancellationToken) |
Updates the ThreatIntelSet specified by the ThreatIntelSet ID. |
.NET Core App:
Supported in: 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5, 4.0, 3.5