String detectorId
The unique ID of the detector of the GuardDuty member account.
String masterId
The account ID of the GuardDuty administrator account whose invitation you're accepting.
String invitationId
The value that is used to validate the administrator account to the member account.
Boolean allowsPublicReadAccess
A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL).
Boolean allowsPublicWriteAccess
A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL).
BlockPublicAccess blockPublicAccess
Describes the S3 Block Public Access settings of the bucket's parent account.
String actionType
The GuardDuty finding activity type.
AwsApiCallAction awsApiCallAction
Information about the AWS_API_CALL action described in this finding.
DnsRequestAction dnsRequestAction
Information about the DNS_REQUEST action described in this finding.
NetworkConnectionAction networkConnectionAction
Information about the NETWORK_CONNECTION action described in this finding.
PortProbeAction portProbeAction
Information about the PORT_PROBE action described in this finding.
String api
The AWS API name.
String callerType
The AWS API caller type.
DomainDetails domainDetails
The domain information for the AWS API call.
String errorCode
The error code of the failed AWS API action.
RemoteIpDetails remoteIpDetails
The remote IP information of the connection that initiated the AWS API call.
String serviceName
The AWS service name whose API was invoked.
String type
The error type.
Boolean ignorePublicAcls
Indicates if S3 Block Public Access is set to IgnorePublicAcls.
Boolean restrictPublicBuckets
Indicates if S3 Block Public Access is set to RestrictPublicBuckets.
Boolean blockPublicAcls
Indicates if S3 Block Public Access is set to BlockPublicAcls.
Boolean blockPublicPolicy
Indicates if S3 Block Public Access is set to BlockPublicPolicy.
AccessControlList accessControlList
Contains information on how Access Control Policies are applied to the bucket.
BucketPolicy bucketPolicy
Contains information on the bucket policies for the S3 bucket.
BlockPublicAccess blockPublicAccess
Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket.
Boolean allowsPublicReadAccess
A value that indicates whether public read access for the bucket is enabled through a bucket policy.
Boolean allowsPublicWriteAccess
A value that indicates whether public write access for the bucket is enabled through a bucket policy.
String cityName
The city name of the remote IP address.
String status
Describes whether CloudTrail is enabled as a data source for the detector.
List<E> eq
Represents the equal condition to be applied to a single field when querying for findings.
List<E> neq
Represents the not equal condition to be applied to a single field when querying for findings.
Integer gt
Represents a greater than condition to be applied to a single field when querying for findings.
Integer gte
Represents a greater than or equal condition to be applied to a single field when querying for findings.
Integer lt
Represents a less than condition to be applied to a single field when querying for findings.
Integer lte
Represents a less than or equal condition to be applied to a single field when querying for findings.
List<E> equals
Represents an equal condition to be applied to a single field when querying for findings.
List<E> notEquals
Represents a not equal condition to be applied to a single field when querying for findings.
Long greaterThan
Represents a greater than condition to be applied to a single field when querying for findings.
Long greaterThanOrEqual
Represents a greater than or equal condition to be applied to a single field when querying for findings.
Long lessThan
Represents a less than condition to be applied to a single field when querying for findings.
Long lessThanOrEqual
Represents a less than or equal condition to be applied to a single field when querying for findings.
Boolean enable
A Boolean value that specifies whether the detector is to be enabled.
String clientToken
The idempotency token for the create request.
String findingPublishingFrequency
A value that specifies how frequently updated findings are exported.
DataSourceConfigurations dataSources
Describes which data sources will be enabled for the detector.
Map<K,V> tags
The tags to be added to a new detector resource.
String detectorId
The unique ID of the created detector.
String detectorId
The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
String name
The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.
String description
The description of the filter.
String action
Specifies the action that is to be applied to the findings that match the filter.
Integer rank
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria findingCriteria
Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
accountId
region
confidence
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.outpostArn
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.errorCode
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.localIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
service.archived
When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
service.resourceRole
severity
type
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
String clientToken
The idempotency token for the create request.
Map<K,V> tags
The tags to be added to a new filter resource.
String name
The name of the successfully created filter.
String detectorId
The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.
String name
The user-friendly name to identify the IPSet.
Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_).
String format
The format of the file that contains the IPSet.
String location
The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
Boolean activate
A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.
String clientToken
The idempotency token for the create request.
Map<K,V> tags
The tags to be added to a new IP set resource.
String ipSetId
The ID of the IPSet resource.
String detectorId
The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.
List<E> accountDetails
A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.
String detectorId
The ID of the GuardDuty detector associated with the publishing destination.
String destinationType
The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.
DestinationProperties destinationProperties
The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.
String clientToken
The idempotency token for the request.
String destinationId
The ID of the publishing destination that is created.
String detectorId
The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.
String name
A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
String format
The format of the file that contains the ThreatIntelSet.
String location
The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
Boolean activate
A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
String clientToken
The idempotency token for the create request.
Map<K,V> tags
The tags to be added to a new threat list resource.
String threatIntelSetId
The ID of the ThreatIntelSet resource.
S3LogsConfiguration s3Logs
Describes whether S3 data event logs are enabled as a data source.
CloudTrailConfigurationResult cloudTrail
An object that contains information on the status of CloudTrail as a data source.
DNSLogsConfigurationResult dNSLogs
An object that contains information on the status of DNS logs as a data source.
FlowLogsConfigurationResult flowLogs
An object that contains information on the status of VPC flow logs as a data source.
S3LogsConfigurationResult s3Logs
An object that contains information on the status of S3 Data event logs as a data source.
String detectorId
The unique ID of the detector that you want to delete.
String detectorId
The ID of the detector to retrieve information about the delegated administrator from.
Boolean autoEnable
Indicates whether GuardDuty is automatically enabled for accounts added to the organization.
Boolean memberAccountLimitReached
Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator account for your organization.
OrganizationDataSourceConfigurationsResult dataSources
Describes which data sources are enabled automatically for member accounts.
String destinationId
The ID of the publishing destination.
String destinationType
The type of publishing destination. Currently, only Amazon S3 buckets are supported.
String status
The status of the publishing destination.
Long publishingFailureStartTimestamp
The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.
DestinationProperties destinationProperties
A DestinationProperties object that includes the DestinationArn and
KmsKeyArn of the publishing destination.
String adminAccountId
The AWS Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.
String detectorId
The unique ID of the detector of the GuardDuty member account.
String detectorId
The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.
List<E> accountIds
A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.
String status
Denotes whether DNS logs is enabled as a data source.
String domain
The domain information for the API request.
String domain
The domain information for the AWS API call.
String adminAccountId
The AWS Account ID for the organization account to be enabled as a GuardDuty delegated administrator.
String accountId
The ID of the account in which the finding was generated.
String arn
The ARN of the finding.
Double confidence
The confidence score for the finding.
String createdAt
The time and date when the finding was created.
String description
The description of the finding.
String id
The ID of the finding.
String partition
The partition associated with the finding.
String region
The Region where the finding was generated.
Resource resource
String schemaVersion
The version of the schema used for the finding.
Service service
Double severity
The severity of the finding.
String title
The title of the finding.
String type
The type of finding.
String updatedAt
The time and date when the finding was last updated.
String status
Denotes whether VPC flow logs is enabled as a data source.
String detectorId
The unique ID of the detector that you want to get.
String createdAt
The timestamp of when the detector was created.
String findingPublishingFrequency
The publishing frequency of the finding.
String serviceRole
The GuardDuty service role.
String status
The detector status.
String updatedAt
The last-updated timestamp for the detector.
DataSourceConfigurationsResult dataSources
Describes which data sources are enabled for the detector.
Map<K,V> tags
The tags of the detector resource.
String name
The name of the filter.
String description
The description of the filter.
String action
Specifies the action that is to be applied to the findings that match the filter.
Integer rank
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria findingCriteria
Represents the criteria to be used in the filter for querying findings.
Map<K,V> tags
The tags of the filter resource.
String detectorId
The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
List<E> findingIds
The IDs of the findings that you want to retrieve.
SortCriteria sortCriteria
Represents the criteria used for sorting findings.
String detectorId
The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
List<E> findingStatisticTypes
The types of finding statistics to retrieve.
FindingCriteria findingCriteria
Represents the criteria that is used for querying findings.
FindingStatistics findingStatistics
The finding statistics object.
Integer invitationsCount
The number of received invitations.
String name
The user-friendly name for the IPSet.
String format
The format of the file that contains the IPSet.
String location
The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
String status
The status of IPSet file that was uploaded.
Map<K,V> tags
The tags of the IPSet resource.
String detectorId
The unique ID of the detector of the GuardDuty member account.
Master master
The administrator account details.
List<E> memberDataSourceConfigurations
An object that describes which data sources are enabled for a member account.
List<E> unprocessedAccounts
A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.
String name
A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
String format
The format of the threatIntelSet.
String location
The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
String status
The status of threatIntelSet file uploaded.
Map<K,V> tags
The tags of the threat list resource.
String detectorId
The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.
String usageStatisticType
The type of usage statistics to retrieve.
UsageCriteria usageCriteria
Represents the criteria used for querying usage.
String unit
The currency unit you would like to view your usage statistics in. Current valid values are USD.
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
UsageStatistics usageStatistics
The usage statistics object. If a UsageStatisticType was provided, the objects representing other types will be null.
String nextToken
The pagination parameter to be used on the next list operation to retrieve more items.
String availabilityZone
The Availability Zone of the EC2 instance.
IamInstanceProfile iamInstanceProfile
The profile information of the EC2 instance.
String imageDescription
The image description of the EC2 instance.
String imageId
The image ID of the EC2 instance.
String instanceId
The ID of the EC2 instance.
String instanceState
The state of the EC2 instance.
String instanceType
The type of the EC2 instance.
String outpostArn
The Amazon Resource Name (ARN) of the AWS Outpost. Only applicable to AWS Outposts instances.
String launchTime
The launch time of the EC2 instance.
List<E> networkInterfaces
The elastic network interface information of the EC2 instance.
String platform
The platform of the EC2 instance.
List<E> productCodes
The product code of the EC2 instance.
List<E> tags
The tags of the EC2 instance.
String type
The error type.
String accountId
The ID of the account that the invitation was sent from.
String invitationId
The ID of the invitation. This value is used to validate the inviter account to the member account.
String relationshipStatus
The status of the relationship between the inviter and invitee accounts.
String invitedAt
The timestamp when the invitation was sent.
String detectorId
The unique ID of the detector of the GuardDuty account that you want to invite members with.
List<E> accountIds
A list of account IDs of the accounts that you want to invite to GuardDuty as members.
Boolean disableEmailNotification
A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.
String message
The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
Integer maxResults
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String detectorId
The unique ID of the detector that the filter is associated with.
Integer maxResults
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String detectorId
The ID of the detector that specifies the GuardDuty service whose findings you want to list.
FindingCriteria findingCriteria
Represents the criteria used for querying findings. Valid values include:
JSON field name
accountId
region
confidence
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
service.archived
When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
service.resourceRole
severity
type
updatedAt
Type: Timestamp in Unix Epoch millisecond format: 1486685375000
SortCriteria sortCriteria
Represents the criteria used for sorting findings.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Integer maxResults
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String detectorId
The unique ID of the detector that the IPSet is associated with.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String detectorId
The unique ID of the detector the member is associated with.
Integer maxResults
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String onlyAssociated
Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated).
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token to use for paginating results that are returned in the response. Set the value of this parameter to null
for the first request to a list action. For subsequent calls, use the NextToken value returned from
the previous request to continue listing results after the first page.
String detectorId
The ID of the detector to retrieve publishing destinations for.
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token to use for paginating results that are returned in the response. Set the value of this parameter to null
for the first request to a list action. For subsequent calls, use the NextToken value returned from
the previous request to continue listing results after the first page.
List<E> destinations
A Destinations object that includes information about each publishing destination returned.
String nextToken
A token to use for paginating results that are returned in the response. Set the value of this parameter to null
for the first request to a list action. For subsequent calls, use the NextToken value returned from
the previous request to continue listing results after the first page.
String resourceArn
The Amazon Resource Name (ARN) for the given GuardDuty resource.
String detectorId
The unique ID of the detector that the threatIntelSet is associated with.
Integer maxResults
You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
String nextToken
You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
String ipAddressV4
The IPv4 local address of the connection.
String accountId
The ID of the account used as the administrator account.
String invitationId
The value used to validate the administrator account to the member account.
String relationshipStatus
The status of the relationship between the administrator and member accounts.
String invitedAt
The timestamp when the invitation was sent.
String accountId
The ID of the member account.
String detectorId
The detector ID of the member account.
String masterId
The administrator account ID.
String email
The email address of the member account.
String relationshipStatus
The status of the relationship between the member and the administrator.
String invitedAt
The timestamp when the invitation was sent.
String updatedAt
The last-updated timestamp of the member.
String accountId
The account ID for the member account.
DataSourceConfigurationsResult dataSources
Contains information on the status of data sources for the account.
Boolean blocked
Indicates whether EC2 blocked the network connection to your instance.
String connectionDirection
The network connection direction.
LocalPortDetails localPortDetails
The local port information of the connection.
String protocol
The network connection protocol.
LocalIpDetails localIpDetails
The local IP information of the connection.
RemoteIpDetails remoteIpDetails
The remote IP information of the connection.
RemotePortDetails remotePortDetails
The remote port information of the connection.
List<E> ipv6Addresses
A list of IPv6 addresses for the EC2 instance.
String networkInterfaceId
The ID of the network interface.
String privateDnsName
The private DNS name of the EC2 instance.
String privateIpAddress
The private IP address of the EC2 instance.
List<E> privateIpAddresses
Other private IP address information of the EC2 instance.
String publicDnsName
The public DNS name of the EC2 instance.
String publicIp
The public IP address of the EC2 instance.
List<E> securityGroups
The security groups associated with the EC2 instance.
String subnetId
The subnet ID of the EC2 instance.
String vpcId
The VPC ID of the EC2 instance.
OrganizationS3LogsConfiguration s3Logs
Describes whether S3 data event logs are enabled for new members of the organization.
OrganizationS3LogsConfigurationResult s3Logs
Describes whether S3 data event logs are enabled as a data source.
Boolean autoEnable
A value that contains information on whether S3 data event logs will be enabled automatically as a data source for the organization.
Boolean autoEnable
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
String id
The canonical user ID of the bucket owner. For information about locating your canonical user ID see Finding Your Account Canonical User ID.
BucketLevelPermissions bucketLevelPermissions
Contains information about the bucket level permissions for the S3 bucket.
AccountLevelPermissions accountLevelPermissions
Contains information about the account level permissions on the S3 bucket.
LocalPortDetails localPortDetails
The local port information of the connection.
LocalIpDetails localIpDetails
The local IP information of the connection.
RemoteIpDetails remoteIpDetails
The remote IP information of the connection.
PermissionConfiguration permissionConfiguration
Contains information about how permissions are configured for the S3 bucket.
String effectivePermission
Describes the effective permission on this bucket after factoring all attached policies.
City city
The city information of the remote IP address.
Country country
The country code of the remote IP address.
GeoLocation geoLocation
The location information of the remote IP address.
String ipAddressV4
The IPv4 remote address of the connection.
Organization organization
The ISP organization information of the remote IP address.
AccessKeyDetails accessKeyDetails
The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
List<E> s3BucketDetails
Contains information on the S3 bucket.
InstanceDetails instanceDetails
The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
String resourceType
The type of AWS resource.
String arn
The Amazon Resource Name (ARN) of the S3 bucket.
String name
The name of the S3 bucket.
String type
Describes whether the bucket is a source or destination bucket.
Date createdAt
The date and time the bucket was created at.
Owner owner
The owner of the S3 bucket.
List<E> tags
All tags attached to the S3 bucket
DefaultServerSideEncryption defaultServerSideEncryption
Describes the server side encryption method used in the S3 bucket.
PublicAccess publicAccess
Describes the public access policies that apply to the S3 bucket.
Boolean enable
The status of S3 data event logs as a data source.
String status
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
Action action
Information about the activity that is described in a finding.
Evidence evidence
An evidence object associated with the service.
Boolean archived
Indicates whether this finding is archived.
Integer count
The total count of the occurrences of this finding type.
String detectorId
The detector ID for the GuardDuty service.
String eventFirstSeen
The first-seen timestamp of the activity that prompted GuardDuty to generate this finding.
String eventLastSeen
The last-seen timestamp of the activity that prompted GuardDuty to generate this finding.
String resourceRole
The resource role information for this finding.
String serviceName
The name of the AWS service (GuardDuty) that generated a finding.
String userFeedback
Feedback that was submitted about the finding.
String detectorId
The unique ID of the detector to update.
Boolean enable
Specifies whether the detector is enabled or not enabled.
String findingPublishingFrequency
An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.
DataSourceConfigurations dataSources
Describes which data sources will be updated.
String detectorId
The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
String filterName
The name of the filter.
String description
The description of the filter.
String action
Specifies the action that is to be applied to the findings that match the filter.
Integer rank
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
FindingCriteria findingCriteria
Represents the criteria to be used in the filter for querying findings.
String name
The name of the filter.
String detectorId
The ID of the detector associated with the findings to update feedback for.
List<E> findingIds
The IDs of the findings that you want to mark as useful or not useful.
String feedback
The feedback for the finding.
String comments
Additional feedback about the GuardDuty findings.
String detectorId
The detectorID that specifies the GuardDuty service whose IPSet you want to update.
String ipSetId
The unique ID that specifies the IPSet that you want to update.
String name
The unique ID that specifies the IPSet that you want to update.
String location
The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
Boolean activate
The updated Boolean value that specifies whether the IPSet is active or not.
String detectorId
The detector ID of the administrator account.
List<E> accountIds
A list of member account IDs to be updated.
DataSourceConfigurations dataSources
Describes which data sources will be updated.
String detectorId
The ID of the detector to update the delegated administrator for.
Boolean autoEnable
Indicates whether to automatically enable member accounts in the organization.
OrganizationDataSourceConfigurations dataSources
Describes which data sources will be updated.
String detectorId
The ID of the detector associated with the publishing destinations to update.
String destinationId
The ID of the publishing destination to update.
DestinationProperties destinationProperties
A DestinationProperties object that includes the DestinationArn and
KmsKeyArn of the publishing destination.
String detectorId
The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
String threatIntelSetId
The unique ID that specifies the ThreatIntelSet that you want to update.
String name
The unique ID that specifies the ThreatIntelSet that you want to update.
String location
The updated URI of the file that contains the ThreateIntelSet.
Boolean activate
The updated Boolean value that specifies whether the ThreateIntelSet is active or not.
List<E> sumByAccount
The usage statistic sum organized by account ID.
List<E> sumByDataSource
The usage statistic sum organized by on data source.
List<E> sumByResource
The usage statistic sum organized by resource.
List<E> topResources
Lists the top 50 resources that have generated the most GuardDuty usage, in order from most to least expensive.
Copyright © 2021. All rights reserved.