GuardDuty class

Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin.

GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.

GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the Amazon GuardDuty User Guide .

Constructors

GuardDuty({required String region, AwsClientCredentials? credentials, AwsClientCredentialsProvider? credentialsProvider, Client? client, String? endpointUrl})

Properties

hashCode → int

The hash code for this object.

no setter, inherited

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

Methods

acceptInvitation({required String detectorId, required String invitationId, required String masterId}) → Future<void>

Accepts the invitation to be monitored by a GuardDuty administrator account.

archiveFindings({required String detectorId, required List<String> findingIds}) → Future<void>

Archives GuardDuty findings that are specified by the list of finding IDs.

close() → void

Closes the internal HTTP client if none was provided at creation. If a client was passed as a constructor argument, this becomes a noop.

createDetector({required bool enable, String? clientToken, DataSourceConfigurations? dataSources, FindingPublishingFrequency? findingPublishingFrequency, Map<String, String>? tags}) → Future<CreateDetectorResponse>

Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.

createFilter({required String detectorId, required FindingCriteria findingCriteria, required String name, FilterAction? action, String? clientToken, String? description, int? rank, Map<String, String>? tags}) → Future<CreateFilterResponse>

Creates a filter using the specified finding criteria.

createIPSet({required bool activate, required String detectorId, required IpSetFormat format, required String location, required String name, String? clientToken, Map<String, String>? tags}) → Future<CreateIPSetResponse>

Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with AWS infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

createMembers({required List<AccountDetail> accountDetails, required String detectorId}) → Future<CreateMembersResponse>

Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.

createPublishingDestination({required DestinationProperties destinationProperties, required DestinationType destinationType, required String detectorId, String? clientToken}) → Future<CreatePublishingDestinationResponse>

Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.

createSampleFindings({required String detectorId, List<String>? findingTypes}) → Future<void>

Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.

createThreatIntelSet({required bool activate, required String detectorId, required ThreatIntelSetFormat format, required String location, required String name, String? clientToken, Map<String, String>? tags}) → Future<CreateThreatIntelSetResponse>

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

declineInvitations({required List<String> accountIds}) → Future<DeclineInvitationsResponse>

Declines invitations sent to the current member account by AWS accounts specified by their account IDs.

deleteDetector({required String detectorId}) → Future<void>

Deletes an Amazon GuardDuty detector that is specified by the detector ID.

deleteFilter({required String detectorId, required String filterName}) → Future<void>

Deletes the filter specified by the filter name.

deleteInvitations({required List<String> accountIds}) → Future<DeleteInvitationsResponse>

Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.

deleteIPSet({required String detectorId, required String ipSetId}) → Future<void>

Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.

deleteMembers({required List<String> accountIds, required String detectorId}) → Future<DeleteMembersResponse>

Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.

deletePublishingDestination({required String destinationId, required String detectorId}) → Future<void>

Deletes the publishing definition with the specified destinationId.

deleteThreatIntelSet({required String detectorId, required String threatIntelSetId}) → Future<void>

Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

describeOrganizationConfiguration({required String detectorId}) → Future<DescribeOrganizationConfigurationResponse>

Returns information about the account selected as the delegated administrator for GuardDuty.

describePublishingDestination({required String destinationId, required String detectorId}) → Future<DescribePublishingDestinationResponse>

Returns information about the publishing destination specified by the provided destinationId.

disableOrganizationAdminAccount({required String adminAccountId}) → Future<void>

Disables an AWS account within the Organization as the GuardDuty delegated administrator.

disassociateFromMasterAccount({required String detectorId}) → Future<void>

Disassociates the current GuardDuty member account from its administrator account.

disassociateMembers({required List<String> accountIds, required String detectorId}) → Future<DisassociateMembersResponse>

Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.

enableOrganizationAdminAccount({required String adminAccountId}) → Future<void>

Enables an AWS account within the organization as the GuardDuty delegated administrator.

getDetector({required String detectorId}) → Future<GetDetectorResponse>

Retrieves an Amazon GuardDuty detector specified by the detectorId.

getFilter({required String detectorId, required String filterName}) → Future<GetFilterResponse>

Returns the details of the filter specified by the filter name.

getFindings({required String detectorId, required List<String> findingIds, SortCriteria? sortCriteria}) → Future<GetFindingsResponse>

Describes Amazon GuardDuty findings specified by finding IDs.

getFindingsStatistics({required String detectorId, required List<FindingStatisticType> findingStatisticTypes, FindingCriteria? findingCriteria}) → Future<GetFindingsStatisticsResponse>

Lists Amazon GuardDuty findings statistics for the specified detector ID.

getInvitationsCount() → Future<GetInvitationsCountResponse>

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

getIPSet({required String detectorId, required String ipSetId}) → Future<GetIPSetResponse>

Retrieves the IPSet specified by the ipSetId.

getMasterAccount({required String detectorId}) → Future<GetMasterAccountResponse>

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

getMemberDetectors({required List<String> accountIds, required String detectorId}) → Future<GetMemberDetectorsResponse>

Describes which data sources are enabled for the member account's detector.

getMembers({required List<String> accountIds, required String detectorId}) → Future<GetMembersResponse>

Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.

getThreatIntelSet({required String detectorId, required String threatIntelSetId}) → Future<GetThreatIntelSetResponse>

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

getUsageStatistics({required String detectorId, required UsageCriteria usageCriteria, required UsageStatisticType usageStatisticType, int? maxResults, String? nextToken, String? unit}) → Future<GetUsageStatisticsResponse>

Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources the cost returned will include only the usage so far under 30 days, this may differ from the cost metrics in the console, which projects usage over 30 days to provide a monthly cost estimate. For more information see Understanding How Usage Costs are Calculated.

inviteMembers({required List<String> accountIds, required String detectorId, bool? disableEmailNotification, String? message}) → Future<InviteMembersResponse>

Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty, and allow the current AWS account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.

listDetectors({int? maxResults, String? nextToken}) → Future<ListDetectorsResponse>

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

listFilters({required String detectorId, int? maxResults, String? nextToken}) → Future<ListFiltersResponse>

Returns a paginated list of the current filters.

listFindings({required String detectorId, FindingCriteria? findingCriteria, int? maxResults, String? nextToken, SortCriteria? sortCriteria}) → Future<ListFindingsResponse>

Lists Amazon GuardDuty findings for the specified detector ID.

listInvitations({int? maxResults, String? nextToken}) → Future<ListInvitationsResponse>

Lists all GuardDuty membership invitations that were sent to the current AWS account.

listIPSets({required String detectorId, int? maxResults, String? nextToken}) → Future<ListIPSetsResponse>

Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.

listMembers({required String detectorId, int? maxResults, String? nextToken, String? onlyAssociated}) → Future<ListMembersResponse>

Lists details about all member accounts for the current GuardDuty administrator account.

listOrganizationAdminAccounts({int? maxResults, String? nextToken}) → Future<ListOrganizationAdminAccountsResponse>

Lists the accounts configured as GuardDuty delegated administrators.

listPublishingDestinations({required String detectorId, int? maxResults, String? nextToken}) → Future<ListPublishingDestinationsResponse>

Returns a list of publishing destinations associated with the specified dectectorId.

listTagsForResource({required String resourceArn}) → Future<ListTagsForResourceResponse>

Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

listThreatIntelSets({required String detectorId, int? maxResults, String? nextToken}) → Future<ListThreatIntelSetsResponse>

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

startMonitoringMembers({required List<String> accountIds, required String detectorId}) → Future<StartMonitoringMembersResponse>

Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.

stopMonitoringMembers({required List<String> accountIds, required String detectorId}) → Future<StopMonitoringMembersResponse>

Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts.

tagResource({required String resourceArn, required Map<String, String> tags}) → Future<void>

Adds tags to a resource.

toString() → String

A string representation of this object.

inherited

unarchiveFindings({required String detectorId, required List<String> findingIds}) → Future<void>

Unarchives GuardDuty findings specified by the findingIds.

untagResource({required String resourceArn, required List<String> tagKeys}) → Future<void>

Removes tags from a resource.

updateDetector({required String detectorId, DataSourceConfigurations? dataSources, bool? enable, FindingPublishingFrequency? findingPublishingFrequency}) → Future<void>

Updates the Amazon GuardDuty detector specified by the detectorId.

updateFilter({required String detectorId, required String filterName, FilterAction? action, String? description, FindingCriteria? findingCriteria, int? rank}) → Future<UpdateFilterResponse>

Updates the filter specified by the filter name.

updateFindingsFeedback({required String detectorId, required Feedback feedback, required List<String> findingIds, String? comments}) → Future<void>

Marks the specified GuardDuty findings as useful or not useful.

updateIPSet({required String detectorId, required String ipSetId, bool? activate, String? location, String? name}) → Future<void>

Updates the IPSet specified by the IPSet ID.

updateMemberDetectors({required List<String> accountIds, required String detectorId, DataSourceConfigurations? dataSources}) → Future<UpdateMemberDetectorsResponse>

Contains information on member accounts to be updated.

updateOrganizationConfiguration({required bool autoEnable, required String detectorId, OrganizationDataSourceConfigurations? dataSources}) → Future<void>

Updates the delegated administrator account with the values provided.

updatePublishingDestination({required String destinationId, required String detectorId, DestinationProperties? destinationProperties}) → Future<void>

Updates information about the publishing destination specified by the destinationId.

updateThreatIntelSet({required String detectorId, required String threatIntelSetId, bool? activate, String? location, String? name}) → Future<void>

Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

Operators

operator ==(Object other) → bool

The equality operator.

inherited