Module Awso_guardduty_syncSource

Sourceval delete_malware_protection_plan : ?endpoint_url:string -> ?cfg:Awso.Cfg.t -> Awso_guardduty.Values.DeleteMalwareProtectionPlanRequest.t -> (unit, unit) Result.t
Sourceval update_malware_protection_plan : ?endpoint_url:string -> ?cfg:Awso.Cfg.t -> Awso_guardduty.Values.UpdateMalwareProtectionPlanRequest.t -> (unit, unit) Result.t
include module type of struct include Awso_guardduty.Values end
Sourceval service : Awso.Service.t
Sourceval apiVersion : string
Sourceval endpointPrefix : string
Sourceval serviceFullName : string
Sourceval signatureVersion : string
Sourceval protocol : string
Sourceval globalEndpoint : string
Sourceval simple_to_json : ('a -> Awso__Botodata.value) -> 'a -> Yojson.Safe.t
Sourceval composed_to_json : ('a -> Awso__Botodata.value) -> 'a -> Yojson.Safe.t
Sourceval to_query : ('a -> Awso.Client.Query.value) -> 'a -> Awso.Client.Query.t
Sourceval structure_to_value_aux : ('a * 'b option) list -> f:(('a * 'b) list -> 'c) -> [> `Structure of 'c ]
Sourceval structure_to_value : ('a * 'b option) list -> [> `Structure of ('a * 'b) list ]
Sourceval structure_to_wrapped_value : wrapper:'a -> response:'a -> ('b * 'c option) list -> [> `Structure of ('a * [> `Structure of ('b * 'c) list ]) list ]
Sourcemodule String_ = Awso_guardduty.Values.String_

Contains information about the product code for the EC2 instance.

Contains other private IP address information of the EC2 instance.

Contains information about the security groups associated with the EC2 instance.

Sourcemodule PublicBucketRestrictBehavior = Awso_guardduty.Values.PublicBucketRestrictBehavior

Contains information about the observed behavior.

Contains information about the EC2 instance profile.

Describes public access policies that apply to the Amazon S3 bucket. For information about each of the following settings, see Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.

Contains details of infected file including name, file path and hash.

Container volume mount.

Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.

Contains information on the current access control policies for the bucket.

Contains information on the current bucket policies for the S3 bucket.

Contains information about the city associated with the IP address.

Contains information about the country where the remote IP address is located.

Contains information about the location of the remote IP address. By default, GuardDuty returns Geolocation with Lat and Lon as 0.0.

Contains information about the ISP organization of the remote IP address.

Contains information about the unusual anomalies.

Contains information about the Amazon Web Services account within which the activity took place.

Contains information about the access keys.

Sourcemodule AutoscalingAutoScalingGroup = Awso_guardduty.Values.AutoscalingAutoScalingGroup

Contains information about the Auto Scaling Group involved in a GuardDuty finding, including unique identifiers of the Amazon EC2 instances.

Contains information about the CloudFormation stack involved in a GuardDuty finding, including unique identifiers of the Amazon EC2 instances.

Contains information about container resources involved in a GuardDuty finding. This structure provides details about containers that were identified as part of suspicious or malicious activity.

Contains information about the Amazon EC2 Image involved in a GuardDuty finding, including unique identifiers of the Amazon EC2 instances.

Details about the potentially impacted Amazon EC2 instance resource.

Contains information about the Amazon EC2 launch template involved in a GuardDuty finding, including unique identifiers of the Amazon EC2 instances.

Contains information about the elastic network interface of the Amazon EC2 instance.

Contains information about the Amazon EC2 VPC involved in a GuardDuty finding, including unique identifiers of the Amazon EC2 instances.

Contains information about the Amazon ECS cluster involved in a GuardDuty finding, including cluster identification and status.

Contains information about Amazon ECS task involved in a GuardDuty finding, including task definition and container identifiers.

Contains information about the Amazon EKS cluster involved in a GuardDuty finding, including cluster identification, status, and network configuration.

Contains information about the IAM instance profile involved in a GuardDuty finding, including unique identifiers of the Amazon EC2 instances.

Contains information about Kubernetes workloads involved in a GuardDuty finding, including pods, deployments, and other Kubernetes resources.

Contains information about the Amazon S3 bucket policies and encryption.

Contains information about the Amazon S3 object.

Contains information about a tag key-value pair.

Contains information about the indicators that include a set of signals observed in an attack sequence.

Contains additional information about the detected threat.

Container security context.

Represents a pre-existing file or directory on the host machine that the volume maps to.

Contains information about the account level permissions on the S3 bucket.

Contains information about the bucket level permissions for the S3 bucket.

Contains information about the local IP address of the connection.

Contains information about the port for the local connection.

Contains information about the remote IP address of the connection.

Sourcemodule AnomalyProfileFeatureObjects = Awso_guardduty.Values.AnomalyProfileFeatureObjects
Sourcemodule AnomalyUnusualBehaviorFeature = Awso_guardduty.Values.AnomalyUnusualBehaviorFeature

Contains information about a process involved in a GuardDuty finding, including process identification, execution details, and file information.

Contains information about the authenticated session.

Contains information about the user involved in the attack sequence.

Contains information about the Autonomous System (AS) associated with the network endpoints involved in an attack sequence.

Contains information about the network connection.

Contains information about network endpoint location.

Contains information about the Amazon Web Services resource that is associated with the activity that prompted GuardDuty to generate a finding.

Contains files infected with the given threat providing details of malware name and severity.

Contains detailed information about where a threat was detected.

Information about the nested item path and hash of the protected resource.

Information about the runtime process details.

Sourcemodule OrgFeatureAdditionalConfiguration = Awso_guardduty.Values.OrgFeatureAdditionalConfiguration

Details of a container.

Volume used by the Kubernetes workload.

Contains information about how permissions are configured for the S3 bucket.

Information about the S3 object that was scanned

Contains information about the port probe details.

Information about the login attempts.

Information about the actors involved in an attack sequence.

Contains information about network endpoints that were observed in the attack sequence.

Contains information about the Amazon Web Services resource that is associated with the GuardDuty finding.

Contains information about the signals involved in the attack sequence.

Contains the total usage with the corresponding currency unit for that value.

Sourcemodule OrganizationFeatureStatisticsAdditionalConfiguration = Awso_guardduty.Values.OrganizationFeatureStatisticsAdditionalConfiguration

Information about the coverage statistic for the additional configuration of the feature.

Describes the configuration of scanning EBS volumes as a data source.

Sourcemodule MemberAdditionalConfigurationResult = Awso_guardduty.Values.MemberAdditionalConfigurationResult

Information about the additional configuration for the member account.

Contains EBS volume details.

Contains information about the elastic network interface of the EC2 instance.

Contains information about the impersonated user.

Sourcemodule DefaultServerSideEncryption = Awso_guardduty.Values.DefaultServerSideEncryption

Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.

Contains information on the owner of the bucket.

Describes the public access policies that apply to the S3 bucket.

Contains information about the domain.

Contains details about the remote Amazon Web Services account that made the API call.

Contains information about the remote port.

Contains information about the behavior of the anomaly that is new to GuardDuty.

Sourcemodule HighestSeverityThreatDetails = Awso_guardduty.Values.HighestSeverityThreatDetails

Contains details of the highest severity threat detected during scan and number of infected files.

Total number of scanned files.

Contains details about identified threats organized by threat name.

Contains total number of infected files.

An instance of a threat intelligence detail that constitutes evidence for the finding.

Contains information about the incremental scan configuration.

Information about the detected threats associated with the generated finding.

Information about the observed process.

Represents the key:value pair to be matched against given resource property.

Sourcemodule FeatureAdditionalConfiguration = Awso_guardduty.Values.FeatureAdditionalConfiguration

Information about the installed GuardDuty security agent.

Contains information about the Amazon EC2 instance that is running the Amazon ECS container.

Contains information about Amazon Web Services Fargate details associated with an Amazon ECS cluster.

Information about the installed EKS add-on (GuardDuty security agent).

Contains information on the total of usage based on the topmost 50 account IDs.

Contains information about which data sources are enabled for the GuardDuty member account.

Sourcemodule OrganizationFeatureStatisticsAdditionalConfigurations = Awso_guardduty.Values.OrganizationFeatureStatisticsAdditionalConfigurations
Sourcemodule KubernetesAuditLogsConfigurationResult = Awso_guardduty.Values.KubernetesAuditLogsConfigurationResult

Describes whether Kubernetes audit logs are enabled as a data source.

Sourcemodule ScanEc2InstanceWithFindingsResult = Awso_guardduty.Values.ScanEc2InstanceWithFindingsResult

An object that contains information on the status of whether Malware Protection for EC2 instances with findings will be enabled as a data source.

Sourcemodule MemberAdditionalConfigurationResults = Awso_guardduty.Values.MemberAdditionalConfigurationResults

Contains information about the task in an ECS cluster.

Details about the Kubernetes user involved in a Kubernetes finding.

Details about the Kubernetes workload involved in a Kubernetes finding.

Amazon Virtual Private Cloud configuration details associated with your Lambda function.

Contains information on the S3 bucket.

Contains information about the API action.

Contains information about the DNS_REQUEST action described in this finding.

Information about the Kubernetes API call action described in this finding.

Sourcemodule KubernetesPermissionCheckedDetails = Awso_guardduty.Values.KubernetesPermissionCheckedDetails

Information about the Kubernetes API for which you check if you have permission to call.

Sourcemodule KubernetesRoleBindingDetails = Awso_guardduty.Values.KubernetesRoleBindingDetails

Contains information about the role binding that grants the permission defined in a Kubernetes role.

Information about the Kubernetes role name and role type.

Contains information about the NETWORK_CONNECTION action described in the finding.

Contains information about the PORT_PROBE action described in the finding.

Indicates that a login attempt was made to the potentially compromised database from a remote IP address.

Contains information about the anomalies.

Contains information about the GuardDuty attack sequence finding.

Contains a complete view providing malware scan result details.

Sourcemodule MalwareProtectionFindingsScanConfiguration = Awso_guardduty.Values.MalwareProtectionFindingsScanConfiguration

Contains finding configuration details about the malware scan.

Additional information about the suspicious activity.

Organization-wide EBS volumes scan configuration.

Sourcemodule OrganizationAdditionalConfiguration = Awso_guardduty.Values.OrganizationAdditionalConfiguration

A list of additional configurations which will be configured for the organization. Additional configuration applies to only GuardDuty Runtime Monitoring protection plan.

Sourcemodule MemberAdditionalConfiguration = Awso_guardduty.Values.MemberAdditionalConfiguration

Information about the additional configuration for the member account.

Sourcemodule DetectorAdditionalConfiguration = Awso_guardduty.Values.DetectorAdditionalConfiguration

Information about the additional configuration for a feature in your GuardDuty account.

Contains information about the condition.

Sourcemodule ListMalwareScansCriterionKey = Awso_guardduty.Values.ListMalwareScansCriterionKey
Sourcemodule CoverageEc2InstanceDetails = Awso_guardduty.Values.CoverageEc2InstanceDetails

Contains information about the Amazon EC2 instance runtime coverage details.

Contains information about Amazon ECS cluster runtime coverage details.

Information about the EKS cluster that has a coverage status.

Represents a condition that when matched will be added to the response of the operation.

Sourcemodule CoverageFilterCriterionKey = Awso_guardduty.Values.CoverageFilterCriterionKey
Sourcemodule UsageTopAccountsByFeatureList = Awso_guardduty.Values.UsageTopAccountsByFeatureList
Sourcemodule KubernetesDataSourceFreeTrial = Awso_guardduty.Values.KubernetesDataSourceFreeTrial

Provides details about the Kubernetes resources when it is enabled as a data source.

Sourcemodule MalwareProtectionDataSourceFreeTrial = Awso_guardduty.Values.MalwareProtectionDataSourceFreeTrial

Provides details about Malware Protection when it is enabled as a data source.

Sourcemodule FreeTrialFeatureConfigurationResult = Awso_guardduty.Values.FreeTrialFeatureConfigurationResult

Contains information about the free trial period for a feature.

Sourcemodule OrganizationFeatureStatistics = Awso_guardduty.Values.OrganizationFeatureStatistics

Information about the number of accounts that have enabled a specific feature.

Sourcemodule CloudTrailConfigurationResult = Awso_guardduty.Values.CloudTrailConfigurationResult

Contains information on the status of CloudTrail as a data source for the detector.

Sourcemodule DNSLogsConfigurationResult = Awso_guardduty.Values.DNSLogsConfigurationResult

Contains information on the status of DNS logs as a data source.

Sourcemodule FlowLogsConfigurationResult = Awso_guardduty.Values.FlowLogsConfigurationResult

Contains information on the status of VPC flow logs as a data source.

Sourcemodule KubernetesConfigurationResult = Awso_guardduty.Values.KubernetesConfigurationResult

Describes whether any Kubernetes logs will be enabled as a data source.

Sourcemodule MalwareProtectionConfigurationResult = Awso_guardduty.Values.MalwareProtectionConfigurationResult

An object that contains information on the status of all Malware Protection data sources.

Describes whether S3 data event logs will be enabled as a data source.

Sourcemodule MemberFeaturesConfigurationResult = Awso_guardduty.Values.MemberFeaturesConfigurationResult

Contains information about the features for the member account.

Contains information about an EBS snapshot that was scanned for malware.

Contains information about the access keys.

Contains details about the EBS snapshot that was scanned for malware.

Contains list of scanned and skipped EBS volumes with details.

Contains details about the EC2 AMI that was scanned.

Contains information about the details of the ECS Cluster.

Details about the EKS cluster involved in a Kubernetes finding.

Contains information about the details of an instance.

Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.

Information about the Lambda function involved in the finding.

Contains information about the resource type RDSDBInstance involved in a GuardDuty finding.

Contains information about the user and authentication details for a database instance involved in the finding.

Contains information about the resource type RDSLimitlessDB that is involved in a GuardDuty finding.

Contains details about the backup recovery point.

Contains information about actions.

Contains information about the detected behavior.

Contains details from the malware scan that created a finding.

Contains information about the reason that the finding was generated.

Information about the malware scan that generated a GuardDuty finding.

Information about the process and any required context values for a specific finding.

Additional information about the generated finding.

Sourcemodule DetectorAdditionalConfigurationResult = Awso_guardduty.Values.DetectorAdditionalConfigurationResult

Information about the additional configuration.

Sourcemodule OrganizationEbsVolumesResult = Awso_guardduty.Values.OrganizationEbsVolumesResult

An object that contains information on the status of whether EBS volumes scanning will be enabled as a data source for an organization.

Sourcemodule OrganizationAdditionalConfigurationResult = Awso_guardduty.Values.OrganizationAdditionalConfigurationResult

A list of additional configuration which will be configured for the organization.

Sourcemodule OrganizationKubernetesAuditLogsConfiguration = Awso_guardduty.Values.OrganizationKubernetesAuditLogsConfiguration

Organization-wide Kubernetes audit logs configuration.

Sourcemodule OrganizationScanEc2InstanceWithFindings = Awso_guardduty.Values.OrganizationScanEc2InstanceWithFindings

Organization-wide EC2 instances with findings scan configuration.

Sourcemodule OrganizationAdditionalConfigurations = Awso_guardduty.Values.OrganizationAdditionalConfigurations
Sourcemodule KubernetesAuditLogsConfiguration = Awso_guardduty.Values.KubernetesAuditLogsConfiguration

Describes whether Kubernetes audit logs are enabled as a data source.

Sourcemodule ScanEc2InstanceWithFindings = Awso_guardduty.Values.ScanEc2InstanceWithFindings

Describes whether Malware Protection for EC2 instances with findings will be enabled as a data source.

Sourcemodule MemberAdditionalConfigurations = Awso_guardduty.Values.MemberAdditionalConfigurations

Contains information about the condition.

Sourcemodule MalwareProtectionPlanTaggingActionStatus = Awso_guardduty.Values.MalwareProtectionPlanTaggingActionStatus
Sourcemodule MalwareProtectionPlanObjectPrefixesList = Awso_guardduty.Values.MalwareProtectionPlanObjectPrefixesList

Contains information about the condition.

Sourcemodule DetectorAdditionalConfigurations = Awso_guardduty.Values.DetectorAdditionalConfigurations
Sourcemodule MalwareProtectionResourceType = Awso_guardduty.Values.MalwareProtectionResourceType
Sourcemodule MalwareProtectionScanStatus = Awso_guardduty.Values.MalwareProtectionScanStatus
Sourcemodule ListMalwareScansFilterCriterion = Awso_guardduty.Values.ListMalwareScansFilterCriterion

Represents a condition that when matched will be added to the response of the operation. Irrespective of using any filter criteria, an administrator account can view the scan entries for all of its member accounts. However, each member account can view the scan entries only for their own account.

Information about the resource for each individual EKS cluster.

Represents a condition that when matched will be added to the response of the operation.

Contains information on the total of usage based on account IDs.

Contains information on the result of usage based on data source type.

Contains information about the result of the total usage based on the feature.

Contains information on the sum of usage based on an Amazon Web Services resource.

Information about the usage statistics, calculated by top accounts by feature.

Contains information about which data sources are enabled for the GuardDuty member account.

Sourcemodule FreeTrialFeatureConfigurationsResults = Awso_guardduty.Values.FreeTrialFeatureConfigurationsResults
Sourcemodule OrganizationFeatureStatisticsResults = Awso_guardduty.Values.OrganizationFeatureStatisticsResults
Sourcemodule DataSourceConfigurationsResult = Awso_guardduty.Values.DataSourceConfigurationsResult

Contains information on the status of data sources for the detector.

Sourcemodule MemberFeaturesConfigurationsResults = Awso_guardduty.Values.MemberFeaturesConfigurationsResults

Contains information about a specific threat that was detected during the malware scan.

Contains additional information about a resource that was scanned.

Represents a list of map of accounts with the number of findings associated with each account.

Represents list a map of dates with a count of total findings generated on each date.

Information about each finding type associated with the groupedByFindingType statistics.

Information about each resource type associated with the groupedByResource statistics.

Information about severity level for each finding type.

Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to generate a finding.

Contains additional information about the generated finding.

Sourcemodule DetectorAdditionalConfigurationResults = Awso_guardduty.Values.DetectorAdditionalConfigurationResults
Sourcemodule OrganizationKubernetesAuditLogsConfigurationResult = Awso_guardduty.Values.OrganizationKubernetesAuditLogsConfigurationResult

The current configuration of Kubernetes audit logs as a data source for the organization.

Sourcemodule OrganizationScanEc2InstanceWithFindingsResult = Awso_guardduty.Values.OrganizationScanEc2InstanceWithFindingsResult

An object that contains information on the status of scanning EC2 instances with findings for an organization.

Sourcemodule OrganizationAdditionalConfigurationResults = Awso_guardduty.Values.OrganizationAdditionalConfigurationResults

Represents the resources that were scanned in the scan entry.

Represents the result of the scan.

Represents the reason the scan was triggered.

Represents a condition that when matched will be added to the response of the operation. Irrespective of using any filter criteria, an administrator account can view the scan entries for all of its member accounts. However, each member account can view the scan entries only for their own account.

Sourcemodule OrganizationKubernetesConfiguration = Awso_guardduty.Values.OrganizationKubernetesConfiguration

Organization-wide Kubernetes data sources configurations.

Sourcemodule OrganizationMalwareProtectionConfiguration = Awso_guardduty.Values.OrganizationMalwareProtectionConfiguration

Organization-wide Malware Protection configurations.

Sourcemodule OrganizationS3LogsConfiguration = Awso_guardduty.Values.OrganizationS3LogsConfiguration

Describes whether S3 data event logs will be automatically enabled for new members of the organization.

Sourcemodule OrganizationFeatureConfiguration = Awso_guardduty.Values.OrganizationFeatureConfiguration

A list of features which will be configured for the organization.

Contains information about the accounts that weren't processed.

Describes whether any Kubernetes data sources are enabled.

Sourcemodule MalwareProtectionConfiguration = Awso_guardduty.Values.MalwareProtectionConfiguration

Describes whether Malware Protection will be enabled as a data source.

Describes whether S3 data event logs will be enabled as a data source.

Sourcemodule MemberFeaturesConfiguration = Awso_guardduty.Values.MemberFeaturesConfiguration

Contains information about the features for the member account.

Sourcemodule MalwareProtectionPlanTaggingAction = Awso_guardduty.Values.MalwareProtectionPlanTaggingAction

Information about adding tags to the scanned S3 object after the scan result.

Information about the protected S3 bucket resource.

Sourcemodule DetectorFeatureConfiguration = Awso_guardduty.Values.DetectorFeatureConfiguration

Contains information about a GuardDuty feature. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.

Contains information about the recovery point configuration for scanning backup data from Amazon Web Services Backup.

Contains information about the publishing destination, including the ID, type, and status.

The account within the organization specified as the GuardDuty delegated administrator.

Contains information about the member account.

Contains information about a particular malware scan.

Sourcemodule ListMalwareScansFilterCriterionList = Awso_guardduty.Values.ListMalwareScansFilterCriterionList
Sourcemodule MalwareProtectionPlanSummary = Awso_guardduty.Values.MalwareProtectionPlanSummary

Information about the Malware Protection plan resource.

Contains information about the invitation to become a member account.

Information about the resource of the GuardDuty account.

Sourcemodule CoverageFilterCriterionList = Awso_guardduty.Values.CoverageFilterCriterionList
Sourcemodule UsageTopAccountsResultList = Awso_guardduty.Values.UsageTopAccountsResultList

Provides details of the GuardDuty member account that uses a free trial service.

Information about the coverage statistics of the features for the entire Amazon Web Services organization. When you create a new Amazon Web Services organization, it might take up to 24 hours to generate the statistics summary for this organization.

Sourcemodule MemberDataSourceConfiguration = Awso_guardduty.Values.MemberDataSourceConfiguration

Contains information on which data sources are enabled for a member account.

Sourcemodule ScanConfigurationRecoveryPoint = Awso_guardduty.Values.ScanConfigurationRecoveryPoint

Contains information about the recovery point configuration used in the scan.

Contains information about a resource that was scanned as part of the malware scan operation.

Information about the protected S3 bucket resource.

Sourcemodule MalwareProtectionPlanStatusReason = Awso_guardduty.Values.MalwareProtectionPlanStatusReason

Information about the issue code and message associated to the status of your Malware Protection plan.

Contains information about the finding that is generated when abnormal or suspicious activity is detected.

Sourcemodule DetectorFeatureConfigurationResult = Awso_guardduty.Values.DetectorFeatureConfigurationResult

Contains information about a GuardDuty feature. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.

Sourcemodule OrganizationKubernetesConfigurationResult = Awso_guardduty.Values.OrganizationKubernetesConfigurationResult

The current configuration of all Kubernetes data sources for the organization.

Sourcemodule OrganizationMalwareProtectionConfigurationResult = Awso_guardduty.Values.OrganizationMalwareProtectionConfigurationResult

An object that contains information on the status of all Malware Protection data source for an organization.

Sourcemodule OrganizationS3LogsConfigurationResult = Awso_guardduty.Values.OrganizationS3LogsConfigurationResult

The current configuration of S3 data event logs as a data source for the organization.

Sourcemodule OrganizationFeatureConfigurationResult = Awso_guardduty.Values.OrganizationFeatureConfigurationResult

A list of features which will be configured for the organization.

Contains information about malware scans associated with GuardDuty Malware Protection for EC2.

Contains information about the account.

A bad request exception object.

Sourcemodule InternalServerErrorException = Awso_guardduty.Values.InternalServerErrorException

An internal server error exception object.

An access denied exception object.

Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.

Sourcemodule OrganizationDataSourceConfigurations = Awso_guardduty.Values.OrganizationDataSourceConfigurations

An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.

Sourcemodule OrganizationFeaturesConfigurations = Awso_guardduty.Values.OrganizationFeaturesConfigurations

Contains information about which data sources are enabled.

Sourcemodule MemberFeaturesConfigurations = Awso_guardduty.Values.MemberFeaturesConfigurations

Contains information about criteria used to filter resources before triggering malware scan.

Sourcemodule MalwareProtectionPlanActions = Awso_guardduty.Values.MalwareProtectionPlanActions

Information about whether the tags will be added to the S3 object after scanning.

Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.

Contains information about the criteria used for querying findings.

Sourcemodule DetectorFeatureConfigurations = Awso_guardduty.Values.DetectorFeatureConfigurations
Sourcemodule FindingPublishingFrequency = Awso_guardduty.Values.FindingPublishingFrequency

A request conflict exception object.

Sourcemodule StartMalwareScanConfiguration = Awso_guardduty.Values.StartMalwareScanConfiguration

Contains information about the configuration to be used for the malware scan.

Sourcemodule S3ObjectForSendObjectMalwareScan = Awso_guardduty.Values.S3ObjectForSendObjectMalwareScan

The S3 object path to initiate a scan, including bucket name, object key, and optional version ID.

Sourcemodule ListMalwareScansFilterCriteria = Awso_guardduty.Values.ListMalwareScansFilterCriteria

Represents the criteria used to filter the malware scan entries.

Contains information about the criteria used for sorting findings.

Sourcemodule MalwareProtectionPlansSummary = Awso_guardduty.Values.MalwareProtectionPlansSummary

Represents the criteria used in the filter.

Information about the sorting criteria used in the coverage statistics.

Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null.

Contains information about the criteria used to query usage statistics.

Information about GuardDuty coverage statistics for members in your Amazon Web Services organization.

Sourcemodule MemberDataSourceConfigurations = Awso_guardduty.Values.MemberDataSourceConfigurations

Contains information about the administrator account and invitation.

Sourcemodule GetMalwareScanResultDetails = Awso_guardduty.Values.GetMalwareScanResultDetails

Contains information about the results of the malware scan.

The requested resource can't be found.

Contains information about the configuration used for the malware scan.

Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.

Sourcemodule MalwareProtectionPlanStatus = Awso_guardduty.Values.MalwareProtectionPlanStatus
Sourcemodule MalwareProtectionPlanStatusReasonsList = Awso_guardduty.Values.MalwareProtectionPlanStatusReasonsList

Contains information about finding statistics.

Sourcemodule DetectorFeatureConfigurationsResults = Awso_guardduty.Values.DetectorFeatureConfigurationsResults

Information about the coverage statistics for a resource.

Sourcemodule CoverageStatisticsTypeList = Awso_guardduty.Values.CoverageStatisticsTypeList

Contains information about the administrator account and invitation.

Sourcemodule OrganizationDataSourceConfigurationsResult = Awso_guardduty.Values.OrganizationDataSourceConfigurationsResult

An object that contains information on which data sources are automatically enabled for new members within the organization.

Sourcemodule OrganizationFeaturesConfigurationsResults = Awso_guardduty.Values.OrganizationFeaturesConfigurationsResults

Represents the criteria to be used in the filter for describing scan entries.

Sourcemodule UnprocessedDataSourcesResult = Awso_guardduty.Values.UnprocessedDataSourcesResult

Specifies the names of the data sources that couldn't be enabled.

Sourcemodule UpdateTrustedEntitySetResponse = Awso_guardduty.Values.UpdateTrustedEntitySetResponse

Updates the trusted entity set associated with the specified trustedEntitySetId.

Sourcemodule UpdateTrustedEntitySetRequest = Awso_guardduty.Values.UpdateTrustedEntitySetRequest

Updates the trusted entity set associated with the specified trustedEntitySetId.

Sourcemodule UpdateThreatIntelSetResponse = Awso_guardduty.Values.UpdateThreatIntelSetResponse

Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

Sourcemodule UpdateThreatIntelSetRequest = Awso_guardduty.Values.UpdateThreatIntelSetRequest

Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

Sourcemodule UpdateThreatEntitySetResponse = Awso_guardduty.Values.UpdateThreatEntitySetResponse

Updates the threat entity set associated with the specified threatEntitySetId.

Sourcemodule UpdateThreatEntitySetRequest = Awso_guardduty.Values.UpdateThreatEntitySetRequest

Updates the threat entity set associated with the specified threatEntitySetId.

Sourcemodule UpdatePublishingDestinationResponse = Awso_guardduty.Values.UpdatePublishingDestinationResponse

Updates information about the publishing destination specified by the destinationId.

Sourcemodule UpdatePublishingDestinationRequest = Awso_guardduty.Values.UpdatePublishingDestinationRequest

Updates information about the publishing destination specified by the destinationId.

Sourcemodule UpdateOrganizationConfigurationResponse = Awso_guardduty.Values.UpdateOrganizationConfigurationResponse

Configures the delegated administrator account with the provided values. You must provide a value for either autoEnableOrganizationMembers or autoEnable, but not both. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule UpdateOrganizationConfigurationRequest = Awso_guardduty.Values.UpdateOrganizationConfigurationRequest

Configures the delegated administrator account with the provided values. You must provide a value for either autoEnableOrganizationMembers or autoEnable, but not both. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule UpdateMemberDetectorsResponse = Awso_guardduty.Values.UpdateMemberDetectorsResponse

Contains information on member accounts to be updated. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule UpdateMemberDetectorsRequest = Awso_guardduty.Values.UpdateMemberDetectorsRequest

Contains information on member accounts to be updated. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule UpdateMalwareScanSettingsResponse = Awso_guardduty.Values.UpdateMalwareScanSettingsResponse

Updates the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule UpdateMalwareScanSettingsRequest = Awso_guardduty.Values.UpdateMalwareScanSettingsRequest

Updates the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule UpdateMalwareProtectionPlanRequest = Awso_guardduty.Values.UpdateMalwareProtectionPlanRequest

Updates an existing Malware Protection plan resource.

Updates the IPSet specified by the IPSet ID.

Updates the IPSet specified by the IPSet ID.

Sourcemodule UpdateFindingsFeedbackResponse = Awso_guardduty.Values.UpdateFindingsFeedbackResponse

Marks the specified GuardDuty findings as useful or not useful.

Sourcemodule UpdateFindingsFeedbackRequest = Awso_guardduty.Values.UpdateFindingsFeedbackRequest

Marks the specified GuardDuty findings as useful or not useful.

Updates the filter specified by the filter name.

Updates the filter specified by the filter name.

Updates the GuardDuty detector specified by the detector ID. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Updates the GuardDuty detector specified by the detector ID. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Removes tags from a resource.

Removes tags from a resource.

Unarchives GuardDuty findings specified by the findingIds.

Unarchives GuardDuty findings specified by the findingIds.

Adds tags to a resource.

Adds tags to a resource.

Sourcemodule StopMonitoringMembersResponse = Awso_guardduty.Values.StopMonitoringMembersResponse

Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to stop monitoring the member accounts in your organization.

Sourcemodule StopMonitoringMembersRequest = Awso_guardduty.Values.StopMonitoringMembersRequest

Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to stop monitoring the member accounts in your organization.

Sourcemodule StartMonitoringMembersResponse = Awso_guardduty.Values.StartMonitoringMembersResponse

Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.

Sourcemodule StartMonitoringMembersRequest = Awso_guardduty.Values.StartMonitoringMembersRequest

Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.

Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account if the resourceArn belongs to an EC2 instance. When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see ListMalwareScans and GetMalwareScan. When you use this API, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.

Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account if the resourceArn belongs to an EC2 instance. When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see ListMalwareScans and GetMalwareScan. When you use this API, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.

Sourcemodule SendObjectMalwareScanResponse = Awso_guardduty.Values.SendObjectMalwareScanResponse

Initiates a malware scan for a specific S3 object. This API allows you to perform on-demand malware scanning of individual objects in S3 buckets that have Malware Protection for S3 enabled. When you use this API, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.

Sourcemodule SendObjectMalwareScanRequest = Awso_guardduty.Values.SendObjectMalwareScanRequest

Initiates a malware scan for a specific S3 object. This API allows you to perform on-demand malware scanning of individual objects in S3 buckets that have Malware Protection for S3 enabled. When you use this API, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.

Sourcemodule ListTrustedEntitySetsResponse = Awso_guardduty.Values.ListTrustedEntitySetsResponse

Lists the trusted entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the trusted entity sets that are returned as a response, belong to the administrator account.

Sourcemodule ListTrustedEntitySetsRequest = Awso_guardduty.Values.ListTrustedEntitySetsRequest

Lists the trusted entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the trusted entity sets that are returned as a response, belong to the administrator account.

Sourcemodule ListThreatIntelSetsResponse = Awso_guardduty.Values.ListThreatIntelSetsResponse

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.

Sourcemodule ListThreatIntelSetsRequest = Awso_guardduty.Values.ListThreatIntelSetsRequest

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.

Sourcemodule ListThreatEntitySetsResponse = Awso_guardduty.Values.ListThreatEntitySetsResponse

Lists the threat entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the threat entity sets that are returned as a response, belong to the administrator account.

Sourcemodule ListThreatEntitySetsRequest = Awso_guardduty.Values.ListThreatEntitySetsRequest

Lists the threat entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the threat entity sets that are returned as a response, belong to the administrator account.

Sourcemodule ListTagsForResourceResponse = Awso_guardduty.Values.ListTagsForResourceResponse

Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, threat intel sets, and publishing destination, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

Sourcemodule ListTagsForResourceRequest = Awso_guardduty.Values.ListTagsForResourceRequest

Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, threat intel sets, and publishing destination, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

Sourcemodule ListPublishingDestinationsResponse = Awso_guardduty.Values.ListPublishingDestinationsResponse

Returns a list of publishing destinations associated with the specified detectorId.

Sourcemodule ListPublishingDestinationsRequest = Awso_guardduty.Values.ListPublishingDestinationsRequest

Returns a list of publishing destinations associated with the specified detectorId.

Sourcemodule ListOrganizationAdminAccountsResponse = Awso_guardduty.Values.ListOrganizationAdminAccountsResponse

Lists the accounts designated as GuardDuty delegated administrators. Only the organization's management account can run this API operation.

Sourcemodule ListOrganizationAdminAccountsRequest = Awso_guardduty.Values.ListOrganizationAdminAccountsRequest

Lists the accounts designated as GuardDuty delegated administrators. Only the organization's management account can run this API operation.

Lists details about all member accounts for the current GuardDuty administrator account.

Lists details about all member accounts for the current GuardDuty administrator account.

Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all of its members' accounts.

Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all of its members' accounts.

Sourcemodule ListMalwareProtectionPlansResponse = Awso_guardduty.Values.ListMalwareProtectionPlansResponse

Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services account.

Sourcemodule ListMalwareProtectionPlansRequest = Awso_guardduty.Values.ListMalwareProtectionPlansRequest

Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services account.

Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.

Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.

Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.

Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.

Lists GuardDuty findings for the specified detector ID. There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints.

Lists GuardDuty findings for the specified detector ID. There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints.

Returns a paginated list of the current filters.

Returns a paginated list of the current filters.

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization. Make sure the accounts have Runtime Monitoring enabled and GuardDuty agent running on their resources.

Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization. Make sure the accounts have Runtime Monitoring enabled and GuardDuty agent running on their resources.

Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account that invokes this API. If you are using Amazon Web Services Organizations to manage your GuardDuty environment, this step is not needed. For more information, see Managing accounts with organizations. To invite Amazon Web Services accounts, the first step is to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API to add accounts by invitation. The invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can choose to accept the invitation from only one Amazon Web Services account. For more information, see Managing GuardDuty accounts by invitation. After the invite has been accepted and you choose to disassociate a member account (by using DisassociateMembers) from your account, the details of the member account obtained by invoking CreateMembers, including the associated email addresses, will be retained. This is done so that you can invoke InviteMembers without the need to invoke CreateMembers again. To remove the details associated with a member account, you must also invoke DeleteMembers. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account that invokes this API. If you are using Amazon Web Services Organizations to manage your GuardDuty environment, this step is not needed. For more information, see Managing accounts with organizations. To invite Amazon Web Services accounts, the first step is to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API to add accounts by invitation. The invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can choose to accept the invitation from only one Amazon Web Services account. For more information, see Managing GuardDuty accounts by invitation. After the invite has been accepted and you choose to disassociate a member account (by using DisassociateMembers) from your account, the details of the member account obtained by invoking CreateMembers, including the associated email addresses, will be retained. This is done so that you can invoke InviteMembers without the need to invoke CreateMembers again. To remove the details associated with a member account, you must also invoke DeleteMembers. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

Sourcemodule GetUsageStatisticsResponse = Awso_guardduty.Values.GetUsageStatisticsResponse

Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated.

Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated.

Sourcemodule GetTrustedEntitySetResponse = Awso_guardduty.Values.GetTrustedEntitySetResponse

Retrieves the trusted entity set associated with the specified trustedEntitySetId.

Sourcemodule GetTrustedEntitySetRequest = Awso_guardduty.Values.GetTrustedEntitySetRequest

Retrieves the trusted entity set associated with the specified trustedEntitySetId.

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

Sourcemodule GetThreatEntitySetResponse = Awso_guardduty.Values.GetThreatEntitySetResponse

Retrieves the threat entity set associated with the specified threatEntitySetId.

Retrieves the threat entity set associated with the specified threatEntitySetId.

Sourcemodule GetRemainingFreeTrialDaysResponse = Awso_guardduty.Values.GetRemainingFreeTrialDaysResponse

Provides the number of days left for each data source used in the free trial period.

Sourcemodule GetRemainingFreeTrialDaysRequest = Awso_guardduty.Values.GetRemainingFreeTrialDaysRequest

Provides the number of days left for each data source used in the free trial period.

Sourcemodule GetOrganizationStatisticsResponse = Awso_guardduty.Values.GetOrganizationStatisticsResponse

Retrieves how many active member accounts have each feature enabled within GuardDuty. Only a delegated GuardDuty administrator of an organization can run this API. When you create a new organization, it might take up to 24 hours to generate the statistics for the entire organization.

Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.

Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.

Sourcemodule GetMemberDetectorsResponse = Awso_guardduty.Values.GetMemberDetectorsResponse

Describes which data sources are enabled for the member account's detector. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Describes which data sources are enabled for the member account's detector. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

Sourcemodule GetMalwareScanSettingsResponse = Awso_guardduty.Values.GetMalwareScanSettingsResponse

Returns the details of the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule GetMalwareScanSettingsRequest = Awso_guardduty.Values.GetMalwareScanSettingsRequest

Returns the details of the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Retrieves the detailed information for a specific malware scan. Each member account can view the malware scan details for their own account. An administrator can view malware scan details for all accounts in the organization. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Retrieves the detailed information for a specific malware scan. Each member account can view the malware scan details for their own account. An administrator can view malware scan details for all accounts in the organization. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule GetMalwareProtectionPlanResponse = Awso_guardduty.Values.GetMalwareProtectionPlanResponse

Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.

Sourcemodule GetMalwareProtectionPlanRequest = Awso_guardduty.Values.GetMalwareProtectionPlanRequest

Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.

Sourcemodule GetInvitationsCountResponse = Awso_guardduty.Values.GetInvitationsCountResponse

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

Sourcemodule GetInvitationsCountRequest = Awso_guardduty.Values.GetInvitationsCountRequest

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

Retrieves the IPSet specified by the ipSetId.

Retrieves the IPSet specified by the ipSetId.

Sourcemodule GetFindingsStatisticsResponse = Awso_guardduty.Values.GetFindingsStatisticsResponse

Lists GuardDuty findings statistics for the specified detector ID. You must provide either findingStatisticTypes or groupBy parameter, and not both. You can use the maxResults and orderBy parameters only when using groupBy. There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints.

Sourcemodule GetFindingsStatisticsRequest = Awso_guardduty.Values.GetFindingsStatisticsRequest

Lists GuardDuty findings statistics for the specified detector ID. You must provide either findingStatisticTypes or groupBy parameter, and not both. You can use the maxResults and orderBy parameters only when using groupBy. There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints.

Describes Amazon GuardDuty findings specified by finding IDs.

Describes Amazon GuardDuty findings specified by finding IDs.

Returns the details of the filter specified by the filter name.

Returns the details of the filter specified by the filter name.

Retrieves a GuardDuty detector specified by the detectorId. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Retrieves a GuardDuty detector specified by the detectorId. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule GetCoverageStatisticsResponse = Awso_guardduty.Values.GetCoverageStatisticsResponse

Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled Runtime Monitoring and have the GuardDuty security agent running on their resources.

Sourcemodule GetCoverageStatisticsRequest = Awso_guardduty.Values.GetCoverageStatisticsRequest

Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled Runtime Monitoring and have the GuardDuty security agent running on their resources.

Sourcemodule GetAdministratorAccountResponse = Awso_guardduty.Values.GetAdministratorAccountResponse

Provides the details of the GuardDuty administrator account associated with the current GuardDuty member account. Based on the type of account that runs this API, the following list shows how the API behavior varies: When the GuardDuty administrator account runs this API, it will return success (HTTP 200) but no content. When a member account runs this API, it will return the details of the GuardDuty administrator account that is associated with this calling member account. When an individual account (not associated with an organization) runs this API, it will return success (HTTP 200) but no content.

Sourcemodule GetAdministratorAccountRequest = Awso_guardduty.Values.GetAdministratorAccountRequest

Provides the details of the GuardDuty administrator account associated with the current GuardDuty member account. Based on the type of account that runs this API, the following list shows how the API behavior varies: When the GuardDuty administrator account runs this API, it will return success (HTTP 200) but no content. When a member account runs this API, it will return the details of the GuardDuty administrator account that is associated with this calling member account. When an individual account (not associated with an organization) runs this API, it will return success (HTTP 200) but no content.

Sourcemodule EnableOrganizationAdminAccountResponse = Awso_guardduty.Values.EnableOrganizationAdminAccountResponse

Designates an Amazon Web Services account within the organization as your GuardDuty delegated administrator. Only the organization's management account can run this API operation.

Sourcemodule EnableOrganizationAdminAccountRequest = Awso_guardduty.Values.EnableOrganizationAdminAccountRequest

Designates an Amazon Web Services account within the organization as your GuardDuty delegated administrator. Only the organization's management account can run this API operation.

Sourcemodule DisassociateMembersResponse = Awso_guardduty.Values.DisassociateMembersResponse

Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disassociate a member account before removing them from your organization. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

Sourcemodule DisassociateMembersRequest = Awso_guardduty.Values.DisassociateMembersRequest

Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disassociate a member account before removing them from your organization. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

Sourcemodule DisassociateFromMasterAccountResponse = Awso_guardduty.Values.DisassociateFromMasterAccountResponse

Disassociates the current GuardDuty member account from its administrator account. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.

Sourcemodule DisassociateFromMasterAccountRequest = Awso_guardduty.Values.DisassociateFromMasterAccountRequest

Disassociates the current GuardDuty member account from its administrator account. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.

Sourcemodule DisassociateFromAdministratorAccountResponse = Awso_guardduty.Values.DisassociateFromAdministratorAccountResponse

Disassociates the current GuardDuty member account from its administrator account. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty in a member account.

Sourcemodule DisassociateFromAdministratorAccountRequest = Awso_guardduty.Values.DisassociateFromAdministratorAccountRequest

Disassociates the current GuardDuty member account from its administrator account. When you disassociate an invited member from a GuardDuty delegated administrator, the member account details obtained from the CreateMembers API, including the associated email addresses, are retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty in a member account.

Sourcemodule DisableOrganizationAdminAccountResponse = Awso_guardduty.Values.DisableOrganizationAdminAccountResponse

Removes the existing GuardDuty delegated administrator of the organization. Only the organization's management account can run this API operation.

Sourcemodule DisableOrganizationAdminAccountRequest = Awso_guardduty.Values.DisableOrganizationAdminAccountRequest

Removes the existing GuardDuty delegated administrator of the organization. Only the organization's management account can run this API operation.

Sourcemodule DescribePublishingDestinationResponse = Awso_guardduty.Values.DescribePublishingDestinationResponse

Returns information about the publishing destination specified by the provided destinationId.

Sourcemodule DescribePublishingDestinationRequest = Awso_guardduty.Values.DescribePublishingDestinationRequest

Returns information about the publishing destination specified by the provided destinationId.

Sourcemodule DescribeOrganizationConfigurationResponse = Awso_guardduty.Values.DescribeOrganizationConfigurationResponse

Returns information about the account selected as the delegated administrator for GuardDuty. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule DescribeOrganizationConfigurationRequest = Awso_guardduty.Values.DescribeOrganizationConfigurationRequest

Returns information about the account selected as the delegated administrator for GuardDuty. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule DescribeMalwareScansResponse = Awso_guardduty.Values.DescribeMalwareScansResponse

Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule DescribeMalwareScansRequest = Awso_guardduty.Values.DescribeMalwareScansRequest

Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Sourcemodule DeleteTrustedEntitySetResponse = Awso_guardduty.Values.DeleteTrustedEntitySetResponse

Deletes the trusted entity set that is associated with the specified trustedEntitySetId.

Sourcemodule DeleteTrustedEntitySetRequest = Awso_guardduty.Values.DeleteTrustedEntitySetRequest

Deletes the trusted entity set that is associated with the specified trustedEntitySetId.

Sourcemodule DeleteThreatIntelSetResponse = Awso_guardduty.Values.DeleteThreatIntelSetResponse

Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

Sourcemodule DeleteThreatIntelSetRequest = Awso_guardduty.Values.DeleteThreatIntelSetRequest

Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

Sourcemodule DeleteThreatEntitySetResponse = Awso_guardduty.Values.DeleteThreatEntitySetResponse

Deletes the threat entity set that is associated with the specified threatEntitySetId.

Sourcemodule DeleteThreatEntitySetRequest = Awso_guardduty.Values.DeleteThreatEntitySetRequest

Deletes the threat entity set that is associated with the specified threatEntitySetId.

Sourcemodule DeletePublishingDestinationResponse = Awso_guardduty.Values.DeletePublishingDestinationResponse

Deletes the publishing definition with the specified destinationId.

Sourcemodule DeletePublishingDestinationRequest = Awso_guardduty.Values.DeletePublishingDestinationRequest

Deletes the publishing definition with the specified destinationId.

Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.

Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.

Sourcemodule DeleteMalwareProtectionPlanRequest = Awso_guardduty.Values.DeleteMalwareProtectionPlanRequest

Deletes the Malware Protection plan ID associated with the Malware Protection plan resource. Use this API only when you no longer want to protect the resource associated with this Malware Protection plan ID.

Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.

Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.

Deletes the filter specified by the filter name.

Deletes the filter specified by the filter name.

Deletes an Amazon GuardDuty detector that is specified by the detector ID.

Deletes an Amazon GuardDuty detector that is specified by the detector ID.

Sourcemodule DeclineInvitationsResponse = Awso_guardduty.Values.DeclineInvitationsResponse

Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Sourcemodule CreateTrustedEntitySetResponse = Awso_guardduty.Values.CreateTrustedEntitySetResponse

Creates a new trusted entity set. In the trusted entity set, you can provide IP addresses and domains that you believe are secure for communication in your Amazon Web Services environment. GuardDuty will not generate findings for the entries that are specified in a trusted entity set. At any given time, you can have only one trusted entity set. Only users of the administrator account can manage the entity sets, which automatically apply to member accounts.

Sourcemodule CreateTrustedEntitySetRequest = Awso_guardduty.Values.CreateTrustedEntitySetRequest

Creates a new trusted entity set. In the trusted entity set, you can provide IP addresses and domains that you believe are secure for communication in your Amazon Web Services environment. GuardDuty will not generate findings for the entries that are specified in a trusted entity set. At any given time, you can have only one trusted entity set. Only users of the administrator account can manage the entity sets, which automatically apply to member accounts.

Sourcemodule CreateThreatIntelSetResponse = Awso_guardduty.Values.CreateThreatIntelSetResponse

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

Sourcemodule CreateThreatIntelSetRequest = Awso_guardduty.Values.CreateThreatIntelSetRequest

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

Sourcemodule CreateThreatEntitySetResponse = Awso_guardduty.Values.CreateThreatEntitySetResponse

Creates a new threat entity set. In a threat entity set, you can provide known malicious IP addresses and domains for your Amazon Web Services environment. GuardDuty generates findings based on the entries in the threat entity sets. Only users of the administrator account can manage entity sets, which automatically apply to member accounts.

Sourcemodule CreateThreatEntitySetRequest = Awso_guardduty.Values.CreateThreatEntitySetRequest

Creates a new threat entity set. In a threat entity set, you can provide known malicious IP addresses and domains for your Amazon Web Services environment. GuardDuty generates findings based on the entries in the threat entity sets. Only users of the administrator account can manage entity sets, which automatically apply to member accounts.

Sourcemodule CreateSampleFindingsResponse = Awso_guardduty.Values.CreateSampleFindingsResponse

Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates sample findings of all supported finding types.

Sourcemodule CreateSampleFindingsRequest = Awso_guardduty.Values.CreateSampleFindingsRequest

Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates sample findings of all supported finding types.

Sourcemodule CreatePublishingDestinationResponse = Awso_guardduty.Values.CreatePublishingDestinationResponse

Creates a publishing destination where you can export your GuardDuty findings. Before you start exporting the findings, the destination resource must exist.

Sourcemodule CreatePublishingDestinationRequest = Awso_guardduty.Values.CreatePublishingDestinationRequest

Creates a publishing destination where you can export your GuardDuty findings. Before you start exporting the findings, the destination resource must exist.

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization. As a delegated administrator, using CreateMembers will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account. A delegated administrator must enable GuardDuty prior to being added as a member. When you use CreateMembers as an Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization. As a delegated administrator, using CreateMembers will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account. A delegated administrator must enable GuardDuty prior to being added as a member. When you use CreateMembers as an Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration. If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API. When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.

Sourcemodule CreateMalwareProtectionPlanResponse = Awso_guardduty.Values.CreateMalwareProtectionPlanResponse

Creates a new Malware Protection plan for the protected resource. When you create a Malware Protection plan, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.

Sourcemodule CreateMalwareProtectionPlanRequest = Awso_guardduty.Values.CreateMalwareProtectionPlanRequest

Creates a new Malware Protection plan for the protected resource. When you create a Malware Protection plan, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.

Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty.

Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty.

Creates a single GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default. When you don't specify any features, with an exception to RUNTIME_MONITORING, all the optional features are enabled by default. When you specify some of the features, any feature that is not specified in the API call gets enabled by default, with an exception to RUNTIME_MONITORING. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Creates a single GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default. When you don't specify any features, with an exception to RUNTIME_MONITORING, all the optional features are enabled by default. When you specify some of the features, any feature that is not specified in the API call gets enabled by default, with an exception to RUNTIME_MONITORING. Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Archives GuardDuty findings that are specified by the list of finding IDs. Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.

Archives GuardDuty findings that are specified by the list of finding IDs. Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.

Accepts the invitation to be monitored by a GuardDuty administrator account.

Accepts the invitation to be monitored by a GuardDuty administrator account.

Sourcemodule AcceptAdministratorInvitationResponse = Awso_guardduty.Values.AcceptAdministratorInvitationResponse

Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.

Sourcemodule AcceptAdministratorInvitationRequest = Awso_guardduty.Values.AcceptAdministratorInvitationRequest

Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.