guardduty-2017-11-28
library
Classes
-
AcceptInvitationResponse
-
-
AccessControlList
-
Contains information on the current access control policies for the bucket.
-
AccessKeyDetails
-
Contains information about the access keys.
-
AccountDetail
-
Contains information about the account.
-
AccountLevelPermissions
-
Contains information about the account level permissions on the S3 bucket.
-
Action
-
Contains information about actions.
-
AdminAccount
-
The account within the organization specified as the GuardDuty delegated
administrator.
-
ArchiveFindingsResponse
-
-
AwsApiCallAction
-
Contains information about the API action.
-
AwsClientCredentials
-
AWS credentials.
-
BlockPublicAccess
-
Contains information on how the bucker owner's S3 Block Public Access
settings are being applied to the S3 bucket. See S3
Block Public Access for more information.
-
BucketLevelPermissions
-
Contains information about the bucket level permissions for the S3 bucket.
-
BucketPolicy
-
Contains information on the current bucket policies for the S3 bucket.
-
City
-
Contains information about the city associated with the IP address.
-
CloudTrailConfigurationResult
-
Contains information on the status of CloudTrail as a data source for the
detector.
-
Condition
-
Contains information about the condition.
-
Country
-
Contains information about the country where the remote IP address is
located.
-
CreateDetectorResponse
-
-
CreateFilterResponse
-
-
CreateIPSetResponse
-
-
CreateMembersResponse
-
-
CreatePublishingDestinationResponse
-
-
CreateSampleFindingsResponse
-
-
CreateThreatIntelSetResponse
-
-
DataSourceConfigurations
-
Contains information about which data sources are enabled.
-
DataSourceConfigurationsResult
-
Contains information on the status of data sources for the detector.
-
DeclineInvitationsResponse
-
-
DefaultServerSideEncryption
-
Contains information on the server side encryption method used in the S3
bucket. See S3
Server-Side Encryption for more information.
-
DeleteDetectorResponse
-
-
DeleteFilterResponse
-
-
DeleteInvitationsResponse
-
-
DeleteIPSetResponse
-
-
DeleteMembersResponse
-
-
DeletePublishingDestinationResponse
-
-
DeleteThreatIntelSetResponse
-
-
DescribeOrganizationConfigurationResponse
-
-
DescribePublishingDestinationResponse
-
-
Destination
-
Contains information about the publishing destination, including the ID,
type, and status.
-
DestinationProperties
-
Contains the Amazon Resource Name (ARN) of the resource to publish to, such
as an S3 bucket, and the ARN of the KMS key to use to encrypt published
findings.
-
DisableOrganizationAdminAccountResponse
-
-
DisassociateFromMasterAccountResponse
-
-
DisassociateMembersResponse
-
-
DNSLogsConfigurationResult
-
Contains information on the status of DNS logs as a data source.
-
DnsRequestAction
-
Contains information about the DNS_REQUEST action described in this finding.
-
DomainDetails
-
Contains information about the domain.
-
EnableOrganizationAdminAccountResponse
-
-
Evidence
-
Contains information about the reason that the finding was generated.
-
Finding
-
Contains information about the finding, which is generated when abnormal or
suspicious activity is detected.
-
FindingCriteria
-
Contains information about the criteria used for querying findings.
-
FindingStatistics
-
Contains information about finding statistics.
-
FlowLogsConfigurationResult
-
Contains information on the status of VPC flow logs as a data source.
-
GeoLocation
-
Contains information about the location of the remote IP address.
-
GetDetectorResponse
-
-
GetFilterResponse
-
-
GetFindingsResponse
-
-
GetFindingsStatisticsResponse
-
-
GetInvitationsCountResponse
-
-
GetIPSetResponse
-
-
GetMasterAccountResponse
-
-
GetMemberDetectorsResponse
-
-
GetMembersResponse
-
-
GetThreatIntelSetResponse
-
-
GetUsageStatisticsResponse
-
-
GuardDuty
-
Amazon GuardDuty is a continuous security monitoring service that analyzes
and processes the following data sources: VPC Flow Logs, AWS CloudTrail
event logs, and DNS logs. It uses threat intelligence feeds (such as lists
of malicious IPs and domains) and machine learning to identify unexpected,
potentially unauthorized, and malicious activity within your AWS
environment. This can include issues like escalations of privileges, uses of
exposed credentials, or communication with malicious IPs, URLs, or domains.
For example, GuardDuty can detect compromised EC2 instances that serve
malware or mine bitcoin.
-
IamInstanceProfile
-
Contains information about the EC2 instance profile.
-
InstanceDetails
-
Contains information about the details of an instance.
-
Invitation
-
Contains information about the invitation to become a member account.
-
InviteMembersResponse
-
-
ListDetectorsResponse
-
-
ListFiltersResponse
-
-
ListFindingsResponse
-
-
ListInvitationsResponse
-
-
ListIPSetsResponse
-
-
ListMembersResponse
-
-
ListOrganizationAdminAccountsResponse
-
-
ListPublishingDestinationsResponse
-
-
ListTagsForResourceResponse
-
-
ListThreatIntelSetsResponse
-
-
LocalIpDetails
-
Contains information about the local IP address of the connection.
-
LocalPortDetails
-
Contains information about the port for the local connection.
-
Master
-
Contains information about the administrator account and invitation.
-
Member
-
Contains information about the member account.
-
MemberDataSourceConfiguration
-
Contains information on which data sources are enabled for a member account.
-
NetworkConnectionAction
-
Contains information about the NETWORK_CONNECTION action described in the
finding.
-
NetworkInterface
-
Contains information about the elastic network interface of the EC2
instance.
-
Organization
-
Contains information about the ISP organization of the remote IP address.
-
OrganizationDataSourceConfigurations
-
An object that contains information on which data sources will be configured
to be automatically enabled for new members within the organization.
-
OrganizationDataSourceConfigurationsResult
-
An object that contains information on which data sources are automatically
enabled for new members within the organization.
-
OrganizationS3LogsConfiguration
-
Describes whether S3 data event logs will be automatically enabled for new
members of the organization.
-
OrganizationS3LogsConfigurationResult
-
The current configuration of S3 data event logs as a data source for the
organization.
-
Owner
-
Contains information on the owner of the bucket.
-
PermissionConfiguration
-
Contains information about how permissions are configured for the S3 bucket.
-
PortProbeAction
-
Contains information about the PORT_PROBE action described in the finding.
-
PortProbeDetail
-
Contains information about the port probe details.
-
PrivateIpAddressDetails
-
Contains other private IP address information of the EC2 instance.
-
ProductCode
-
Contains information about the product code for the EC2 instance.
-
PublicAccess
-
Describes the public access policies that apply to the S3 bucket.
-
RemoteIpDetails
-
Contains information about the remote IP address of the connection.
-
RemotePortDetails
-
Contains information about the remote port.
-
Resource
-
Contains information about the AWS resource associated with the activity
that prompted GuardDuty to generate a finding.
-
S3BucketDetail
-
Contains information on the S3 bucket.
-
S3LogsConfiguration
-
Describes whether S3 data event logs will be enabled as a data source.
-
S3LogsConfigurationResult
-
Describes whether S3 data event logs will be enabled as a data source.
-
SecurityGroup
-
Contains information about the security groups associated with the EC2
instance.
-
Service
-
Contains additional information about the generated finding.
-
SortCriteria
-
Contains information about the criteria used for sorting findings.
-
StartMonitoringMembersResponse
-
-
StopMonitoringMembersResponse
-
-
Tag
-
Contains information about a tag associated with the EC2 instance.
-
TagResourceResponse
-
-
ThreatIntelligenceDetail
-
An instance of a threat intelligence detail that constitutes evidence for
the finding.
-
Total
-
Contains the total usage with the corresponding currency unit for that
value.
-
UnarchiveFindingsResponse
-
-
UnprocessedAccount
-
Contains information about the accounts that weren't processed.
-
UntagResourceResponse
-
-
UpdateDetectorResponse
-
-
UpdateFilterResponse
-
-
UpdateFindingsFeedbackResponse
-
-
UpdateIPSetResponse
-
-
UpdateMemberDetectorsResponse
-
-
UpdateOrganizationConfigurationResponse
-
-
UpdatePublishingDestinationResponse
-
-
UpdateThreatIntelSetResponse
-
-
UsageAccountResult
-
Contains information on the total of usage based on account IDs.
-
UsageCriteria
-
Contains information about the criteria used to query usage statistics.
-
UsageDataSourceResult
-
Contains information on the result of usage based on data source type.
-
UsageResourceResult
-
Contains information on the sum of usage based on an AWS resource.
-
UsageStatistics
-
Contains the result of GuardDuty usage. If a UsageStatisticType is provided
the result for other types will be null.