guardduty-2017-11-28 library

Classes

AcceptInvitationResponse
AccessControlList
Contains information on the current access control policies for the bucket.
AccessKeyDetails
Contains information about the access keys.
AccountDetail
Contains information about the account.
AccountLevelPermissions
Contains information about the account level permissions on the S3 bucket.
Action
Contains information about actions.
AdminAccount
The account within the organization specified as the GuardDuty delegated administrator.
ArchiveFindingsResponse
AwsApiCallAction
Contains information about the API action.
AwsClientCredentials
AWS credentials.
BlockPublicAccess
Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.
BucketLevelPermissions
Contains information about the bucket level permissions for the S3 bucket.
BucketPolicy
Contains information on the current bucket policies for the S3 bucket.
City
Contains information about the city associated with the IP address.
CloudTrailConfigurationResult
Contains information on the status of CloudTrail as a data source for the detector.
Condition
Contains information about the condition.
Country
Contains information about the country where the remote IP address is located.
CreateDetectorResponse
CreateFilterResponse
CreateIPSetResponse
CreateMembersResponse
CreatePublishingDestinationResponse
CreateSampleFindingsResponse
CreateThreatIntelSetResponse
DataSourceConfigurations
Contains information about which data sources are enabled.
DataSourceConfigurationsResult
Contains information on the status of data sources for the detector.
DeclineInvitationsResponse
DefaultServerSideEncryption
Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.
DeleteDetectorResponse
DeleteFilterResponse
DeleteInvitationsResponse
DeleteIPSetResponse
DeleteMembersResponse
DeletePublishingDestinationResponse
DeleteThreatIntelSetResponse
DescribeOrganizationConfigurationResponse
DescribePublishingDestinationResponse
Destination
Contains information about the publishing destination, including the ID, type, and status.
DestinationProperties
Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.
DisableOrganizationAdminAccountResponse
DisassociateFromMasterAccountResponse
DisassociateMembersResponse
DNSLogsConfigurationResult
Contains information on the status of DNS logs as a data source.
DnsRequestAction
Contains information about the DNS_REQUEST action described in this finding.
DomainDetails
Contains information about the domain.
EnableOrganizationAdminAccountResponse
Evidence
Contains information about the reason that the finding was generated.
Finding
Contains information about the finding, which is generated when abnormal or suspicious activity is detected.
FindingCriteria
Contains information about the criteria used for querying findings.
FindingStatistics
Contains information about finding statistics.
FlowLogsConfigurationResult
Contains information on the status of VPC flow logs as a data source.
GeoLocation
Contains information about the location of the remote IP address.
GetDetectorResponse
GetFilterResponse
GetFindingsResponse
GetFindingsStatisticsResponse
GetInvitationsCountResponse
GetIPSetResponse
GetMasterAccountResponse
GetMemberDetectorsResponse
GetMembersResponse
GetThreatIntelSetResponse
GetUsageStatisticsResponse
GuardDuty
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin.
IamInstanceProfile
Contains information about the EC2 instance profile.
InstanceDetails
Contains information about the details of an instance.
Invitation
Contains information about the invitation to become a member account.
InviteMembersResponse
ListDetectorsResponse
ListFiltersResponse
ListFindingsResponse
ListInvitationsResponse
ListIPSetsResponse
ListMembersResponse
ListOrganizationAdminAccountsResponse
ListPublishingDestinationsResponse
ListTagsForResourceResponse
ListThreatIntelSetsResponse
LocalIpDetails
Contains information about the local IP address of the connection.
LocalPortDetails
Contains information about the port for the local connection.
Master
Contains information about the administrator account and invitation.
Member
Contains information about the member account.
MemberDataSourceConfiguration
Contains information on which data sources are enabled for a member account.
NetworkConnectionAction
Contains information about the NETWORK_CONNECTION action described in the finding.
NetworkInterface
Contains information about the elastic network interface of the EC2 instance.
Organization
Contains information about the ISP organization of the remote IP address.
OrganizationDataSourceConfigurations
An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.
OrganizationDataSourceConfigurationsResult
An object that contains information on which data sources are automatically enabled for new members within the organization.
OrganizationS3LogsConfiguration
Describes whether S3 data event logs will be automatically enabled for new members of the organization.
OrganizationS3LogsConfigurationResult
The current configuration of S3 data event logs as a data source for the organization.
Owner
Contains information on the owner of the bucket.
PermissionConfiguration
Contains information about how permissions are configured for the S3 bucket.
PortProbeAction
Contains information about the PORT_PROBE action described in the finding.
PortProbeDetail
Contains information about the port probe details.
PrivateIpAddressDetails
Contains other private IP address information of the EC2 instance.
ProductCode
Contains information about the product code for the EC2 instance.
PublicAccess
Describes the public access policies that apply to the S3 bucket.
RemoteIpDetails
Contains information about the remote IP address of the connection.
RemotePortDetails
Contains information about the remote port.
Resource
Contains information about the AWS resource associated with the activity that prompted GuardDuty to generate a finding.
S3BucketDetail
Contains information on the S3 bucket.
S3LogsConfiguration
Describes whether S3 data event logs will be enabled as a data source.
S3LogsConfigurationResult
Describes whether S3 data event logs will be enabled as a data source.
SecurityGroup
Contains information about the security groups associated with the EC2 instance.
Service
Contains additional information about the generated finding.
SortCriteria
Contains information about the criteria used for sorting findings.
StartMonitoringMembersResponse
StopMonitoringMembersResponse
Tag
Contains information about a tag associated with the EC2 instance.
TagResourceResponse
ThreatIntelligenceDetail
An instance of a threat intelligence detail that constitutes evidence for the finding.
Total
Contains the total usage with the corresponding currency unit for that value.
UnarchiveFindingsResponse
UnprocessedAccount
Contains information about the accounts that weren't processed.
UntagResourceResponse
UpdateDetectorResponse
UpdateFilterResponse
UpdateFindingsFeedbackResponse
UpdateIPSetResponse
UpdateMemberDetectorsResponse
UpdateOrganizationConfigurationResponse
UpdatePublishingDestinationResponse
UpdateThreatIntelSetResponse
UsageAccountResult
Contains information on the total of usage based on account IDs.
UsageCriteria
Contains information about the criteria used to query usage statistics.
UsageDataSourceResult
Contains information on the result of usage based on data source type.
UsageResourceResult
Contains information on the sum of usage based on an AWS resource.
UsageStatistics
Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null.