String detectorId
The unique ID of the detector of the GuardDuty member account.
String masterId
The account ID of the master GuardDuty account whose invitation you're accepting.
String invitationId
This value is used to validate the master account to the member account.
String actionType
GuardDuty Finding activity type.
AwsApiCallAction awsApiCallAction
Information about the AWS_API_CALL action described in this finding.
DnsRequestAction dnsRequestAction
Information about the DNS_REQUEST action described in this finding.
NetworkConnectionAction networkConnectionAction
Information about the NETWORK_CONNECTION action described in this finding.
PortProbeAction portProbeAction
Information about the PORT_PROBE action described in this finding.
String api
AWS API name.
String callerType
AWS API caller type.
DomainDetails domainDetails
Domain information for the AWS API call.
RemoteIpDetails remoteIpDetails
Remote IP information of the connection.
String serviceName
AWS service name whose API was invoked.
String type
The error type.
String cityName
City name of the remote IP address.
List<E> eq
Represents the equal condition to be applied to a single field when querying for findings.
List<E> neq
Represents the not equal condition to be applied to a single field when querying for findings.
Integer gt
Represents a greater than condition to be applied to a single field when querying for findings.
Integer gte
Represents a greater than equal condition to be applied to a single field when querying for findings.
Integer lt
Represents a less than condition to be applied to a single field when querying for findings.
Integer lte
Represents a less than equal condition to be applied to a single field when querying for findings.
List<E> equals
Represents an equal condition to be applied to a single field when querying for findings.
List<E> notEquals
Represents an not equal condition to be applied to a single field when querying for findings.
Long greaterThan
Represents a greater than condition to be applied to a single field when querying for findings.
Long greaterThanOrEqual
Represents a greater than equal condition to be applied to a single field when querying for findings.
Long lessThan
Represents a less than condition to be applied to a single field when querying for findings.
Long lessThanOrEqual
Represents a less than equal condition to be applied to a single field when querying for findings.
Boolean enable
A boolean value that specifies whether the detector is to be enabled.
String clientToken
The idempotency token for the create request.
String findingPublishingFrequency
A enum value that specifies how frequently customer got Finding updates published.
Map<K,V> tags
The tags to be added to a new detector resource.
String detectorId
The unique ID of the created detector.
String detectorId
The unique ID of the detector of the GuardDuty account for which you want to create a filter.
String name
The name of the filter.
String description
The description of the filter.
String action
Specifies the action that is to be applied to the findings that match the filter.
Integer rank
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria findingCriteria
Represents the criteria to be used in the filter for querying findings.
String clientToken
The idempotency token for the create request.
Map<K,V> tags
The tags to be added to a new filter resource.
String name
The name of the successfully created filter.
String detectorId
The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.
String name
The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.
String format
The format of the file that contains the IPSet.
String location
The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
Boolean activate
A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.
String clientToken
The idempotency token for the create request.
Map<K,V> tags
The tags to be added to a new IP set resource.
String ipSetId
The ID of the IPSet resource.
String detectorId
The ID of the GuardDuty detector associated with the publishing destination.
String destinationType
The type of resource for the publishing destination. Currently only S3 is supported.
DestinationProperties destinationProperties
Properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.
String clientToken
The idempotency token for the request.
String destinationId
The ID of the publishing destination created.
String detectorId
The unique ID of the detector of the GuardDuty account for which you want to create a threatIntelSet.
String name
A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
String format
The format of the file that contains the ThreatIntelSet.
String location
The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
Boolean activate
A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
String clientToken
The idempotency token for the create request.
Map<K,V> tags
The tags to be added to a new Threat List resource.
String threatIntelSetId
The ID of the ThreatIntelSet resource.
String detectorId
The unique ID of the detector that you want to delete.
String destinationId
The ID of the publishing destination.
String destinationType
The type of the publishing destination. Currently, only S3 is supported.
String status
The status of the publishing destination.
Long publishingFailureStartTimestamp
The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.
DestinationProperties destinationProperties
A DestinationProperties object that includes the DestinationArn and
KmsKeyArn of the publishing destination.
String detectorId
The unique ID of the detector of the GuardDuty member account.
String domain
Domain information for the API request.
String domain
Domain information for the AWS API call.
String accountId
The ID of the account in which the finding was generated.
String arn
The ARN for the finding.
Double confidence
The confidence score for the finding.
String createdAt
The time and date at which the finding was created.
String description
The description of the finding.
String id
The ID of the finding.
String partition
The partition associated with the finding.
String region
The Region in which the finding was generated.
Resource resource
String schemaVersion
The version of the schema used for the finding.
Service service
Double severity
The severity of the finding.
String title
The title for the finding.
String type
The type of the finding.
String updatedAt
The time and date at which the finding was laste updated.
String detectorId
The unique ID of the detector that you want to get.
String createdAt
Detector creation timestamp.
String findingPublishingFrequency
Finding publishing frequency.
String serviceRole
The GuardDuty service role.
String status
The detector status.
String updatedAt
Detector last update timestamp.
Map<K,V> tags
The tags of the detector resource.
String name
The name of the filter.
String description
The description of the filter.
String action
Specifies the action that is to be applied to the findings that match the filter.
Integer rank
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria findingCriteria
Represents the criteria to be used in the filter for querying findings.
Map<K,V> tags
The tags of the filter resource.
String detectorId
The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
List<E> findingIds
IDs of the findings that you want to retrieve.
SortCriteria sortCriteria
Represents the criteria used for sorting findings.
String detectorId
The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
List<E> findingStatisticTypes
Types of finding statistics to retrieve.
FindingCriteria findingCriteria
Represents the criteria used for querying findings.
FindingStatistics findingStatistics
Finding statistics object.
Integer invitationsCount
The number of received invitations.
String name
The user friendly name for the IPSet.
String format
The format of the file that contains the IPSet.
String location
The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
String status
The status of ipSet file uploaded.
Map<K,V> tags
The tags of the IP set resource.
String detectorId
The unique ID of the detector of the GuardDuty member account.
Master master
Master account details.
String name
A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
String format
The format of the threatIntelSet.
String location
The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
String status
The status of threatIntelSet file uploaded.
Map<K,V> tags
The tags of the Threat List resource.
String availabilityZone
The availability zone of the EC2 instance.
IamInstanceProfile iamInstanceProfile
The profile information of the EC2 instance.
String imageDescription
The image description of the EC2 instance.
String imageId
The image ID of the EC2 instance.
String instanceId
The ID of the EC2 instance.
String instanceState
The state of the EC2 instance.
String instanceType
The type of the EC2 instance.
String launchTime
The launch time of the EC2 instance.
List<E> networkInterfaces
The network interface information of the EC2 instance.
String platform
The platform of the EC2 instance.
List<E> productCodes
The product code of the EC2 instance.
List<E> tags
The tags of the EC2 instance.
String type
The error type.
String accountId
The ID of the account from which the invitations was sent.
String invitationId
The ID of the invitation. This value is used to validate the inviter account to the member account.
String relationshipStatus
The status of the relationship between the inviter and invitee accounts.
String invitedAt
Timestamp at which the invitation was sent.
String detectorId
The unique ID of the detector of the GuardDuty account with which you want to invite members.
List<E> accountIds
A list of account IDs of the accounts that you want to invite to GuardDuty as members.
Boolean disableEmailNotification
A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members.
String message
The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String detectorId
The unique ID of the detector the filter is associated with.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String detectorId
The ID of the detector that specifies the GuardDuty service whose findings you want to list.
FindingCriteria findingCriteria
Represents the criteria used for querying findings. Valid values include:
JSON field name
accountId
region
confidence
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
service.archived
When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
service.resourceRole
severity
type
updatedAt
Type: Timestamp in Unix Epoch millisecond format: 1486685375000
SortCriteria sortCriteria
Represents the criteria used for sorting findings.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String detectorId
The unique ID of the detector the ipSet is associated with.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String detectorId
The unique ID of the detector the member is associated with.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String onlyAssociated
Specifies whether to only return associated members or to return all members (including members which haven't been invited yet or have been disassociated).
String detectorId
The ID of the detector to retrieve publishing destinations for.
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token to use for paginating results returned in the repsonse. Set the value of this parameter to null for the
first request to a list action. For subsequent calls, use the NextToken value returned from the
previous request to continue listing results after the first page.
List<E> destinations
A Destinations obect that includes information about each publishing destination returned.
String nextToken
A token to use for paginating results returned in the repsonse. Set the value of this parameter to null for the
first request to a list action. For subsequent calls, use the NextToken value returned from the
previous request to continue listing results after the first page.
String resourceArn
The Amazon Resource Name (ARN) for the given GuardDuty resource
String detectorId
The unique ID of the detector the threatIntelSet is associated with.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String accountId
The ID of the account used as the Master account.
String invitationId
This value is used to validate the master account to the member account.
String relationshipStatus
The status of the relationship between the master and member accounts.
String invitedAt
Timestamp at which the invitation was sent.
String accountId
Member account ID.
String detectorId
Member account's detector ID.
String masterId
Master account ID.
String email
Member account's email address.
String relationshipStatus
The status of the relationship between the member and the master.
String invitedAt
Timestamp at which the invitation was sent
String updatedAt
Member last updated timestamp.
Boolean blocked
Network connection blocked information.
String connectionDirection
Network connection direction.
LocalPortDetails localPortDetails
Local port information of the connection.
String protocol
Network connection protocol.
RemoteIpDetails remoteIpDetails
Remote IP information of the connection.
RemotePortDetails remotePortDetails
Remote port information of the connection.
List<E> ipv6Addresses
A list of EC2 instance IPv6 address information.
String networkInterfaceId
The ID of the network interface
String privateDnsName
Private DNS name of the EC2 instance.
String privateIpAddress
Private IP address of the EC2 instance.
List<E> privateIpAddresses
Other private IP address information of the EC2 instance.
String publicDnsName
Public DNS name of the EC2 instance.
String publicIp
Public IP address of the EC2 instance.
List<E> securityGroups
Security groups associated with the EC2 instance.
String subnetId
The subnet ID of the EC2 instance.
String vpcId
The VPC ID of the EC2 instance.
LocalPortDetails localPortDetails
Local port information of the connection.
RemoteIpDetails remoteIpDetails
Remote IP information of the connection.
City city
City information of the remote IP address.
Country country
Country code of the remote IP address.
GeoLocation geoLocation
Location information of the remote IP address.
String ipAddressV4
IPV4 remote address of the connection.
Organization organization
ISP Organization information of the remote IP address.
AccessKeyDetails accessKeyDetails
The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
InstanceDetails instanceDetails
The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
String resourceType
The type of the AWS resource.
Action action
Information about the activity described in a finding.
Evidence evidence
An evidence object associated with the service.
Boolean archived
Indicates whether this finding is archived.
Integer count
Total count of the occurrences of this finding type.
String detectorId
Detector ID for the GuardDuty service.
String eventFirstSeen
First seen timestamp of the activity that prompted GuardDuty to generate this finding.
String eventLastSeen
Last seen timestamp of the activity that prompted GuardDuty to generate this finding.
String resourceRole
Resource role information for this finding.
String serviceName
The name of the AWS service (GuardDuty) that generated a finding.
String userFeedback
Feedback left about the finding.
String detectorId
The unique ID of the detector to update.
Boolean enable
Specifies whether the detector is enabled or not enabled.
String findingPublishingFrequency
A enum value that specifies how frequently findings are exported, such as to CloudWatch Events.
String detectorId
The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
String filterName
The name of the filter.
String description
The description of the filter.
String action
Specifies the action that is to be applied to the findings that match the filter.
Integer rank
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria findingCriteria
Represents the criteria to be used in the filter for querying findings.
String name
The name of the filter.
String detectorId
The ID of the detector associated with the findings to update feedback for.
List<E> findingIds
IDs of the findings that you want to mark as useful or not useful.
String feedback
The feedback for the finding.
String comments
Additional feedback about the GuardDuty findings.
String detectorId
The detectorID that specifies the GuardDuty service whose IPSet you want to update.
String ipSetId
The unique ID that specifies the IPSet that you want to update.
String name
The unique ID that specifies the IPSet that you want to update.
String location
The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
Boolean activate
The updated boolean value that specifies whether the IPSet is active or not.
String detectorId
The ID of the
String destinationId
The ID of the detector associated with the publishing destinations to update.
DestinationProperties destinationProperties
A DestinationProperties object that includes the DestinationArn and
KmsKeyArn of the publishing destination.
String detectorId
The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
String threatIntelSetId
The unique ID that specifies the ThreatIntelSet that you want to update.
String name
The unique ID that specifies the ThreatIntelSet that you want to update.
String location
The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
Boolean activate
The updated boolean value that specifies whether the ThreateIntelSet is active or not.
Copyright © 2019. All rights reserved.