Guardduty

This page documents function available when using the Guardduty module, created with @service Guardduty.

Index

Documentation

Main.Guardduty.accept_administrator_invitationMethod
accept_administrator_invitation(administrator_id, detector_id, invitation_id)
accept_administrator_invitation(administrator_id, detector_id, invitation_id, params::Dict{String,<:Any})

Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.

Arguments

  • administrator_id: The account ID of the GuardDuty administrator account whose invitation you're accepting.
  • detector_id: The unique ID of the detector of the GuardDuty member account.
  • invitation_id: The value that is used to validate the administrator account to the member account.
Main.Guardduty.accept_invitationMethod
accept_invitation(detector_id, invitation_id, master_id)
accept_invitation(detector_id, invitation_id, master_id, params::Dict{String,<:Any})

Accepts the invitation to be monitored by a GuardDuty administrator account.

Arguments

  • detector_id: The unique ID of the detector of the GuardDuty member account.
  • invitation_id: The value that is used to validate the administrator account to the member account.
  • master_id: The account ID of the GuardDuty administrator account whose invitation you're accepting.
Main.Guardduty.archive_findingsMethod
archive_findings(detector_id, finding_ids)
archive_findings(detector_id, finding_ids, params::Dict{String,<:Any})

Archives GuardDuty findings that are specified by the list of finding IDs. Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.

Arguments

  • detector_id: The ID of the detector that specifies the GuardDuty service whose findings you want to archive.
  • finding_ids: The IDs of the findings that you want to archive.
Main.Guardduty.create_detectorMethod
create_detector(enable)
create_detector(enable, params::Dict{String,<:Any})

Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • enable: A Boolean value that specifies whether the detector is to be enabled.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "clientToken": The idempotency token for the create request.
  • "dataSources": Describes which data sources will be enabled for the detector. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
  • "features": A list of features that will be configured for the detector.
  • "findingPublishingFrequency": A value that specifies how frequently updated findings are exported.
  • "tags": The tags to be added to a new detector resource.
Main.Guardduty.create_filterMethod
create_filter(detector_id, finding_criteria, name)
create_filter(detector_id, finding_criteria, name, params::Dict{String,<:Any})

Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty.

Arguments

  • detector_id: The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
  • finding_criteria: Represents the criteria to be used in the filter for querying findings. You can only use the following attributes to query findings: accountId region id resource.accessKeyDetails.accessKeyId resource.accessKeyDetails.principalId resource.accessKeyDetails.userName resource.accessKeyDetails.userType resource.instanceDetails.iamInstanceProfile.id resource.instanceDetails.imageId resource.instanceDetails.instanceId resource.instanceDetails.outpostArn resource.instanceDetails.networkInterfaces.ipv6Addresses resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress resource.instanceDetails.networkInterfaces.publicDnsName resource.instanceDetails.networkInterfaces.publicIp resource.instanceDetails.networkInterfaces.securityGroups.groupId resource.instanceDetails.networkInterfaces.securityGroups.groupName resource.instanceDetails.networkInterfaces.subnetId resource.instanceDetails.networkInterfaces.vpcId resource.instanceDetails.tags.key resource.instanceDetails.tags.value resource.resourceType service.action.actionType service.action.awsApiCallAction.api service.action.awsApiCallAction.callerType service.action.awsApiCallAction.errorCode service.action.awsApiCallAction.userAgent service.action.awsApiCallAction.remoteIpDetails.city.cityName service.action.awsApiCallAction.remoteIpDetails.country.countryName service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 service.action.awsApiCallAction.remoteIpDetails.organization.asn service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg service.action.awsApiCallAction.serviceName service.action.dnsRequestAction.domain service.action.networkConnectionAction.blocked service.action.networkConnectionAction.connectionDirection service.action.networkConnectionAction.localPortDetails.port service.action.networkConnectionAction.protocol service.action.networkConnectionAction.localIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.city.cityName service.action.networkConnectionAction.remoteIpDetails.country.countryName service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.organization.asn service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg service.action.networkConnectionAction.remotePortDetails.port service.additionalInfo.threatListName resource.s3BucketDetails.publicAccess.effectivePermissions resource.s3BucketDetails.name resource.s3BucketDetails.tags.key resource.s3BucketDetails.tags.value resource.s3BucketDetails.type service.resourceRole severity type updatedAt Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
  • name: The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "action": Specifies the action that is to be applied to the findings that match the filter.
  • "clientToken": The idempotency token for the create request.
  • "description": The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({ }, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
  • "rank": Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
  • "tags": The tags to be added to a new filter resource.
Main.Guardduty.create_ipsetMethod
create_ipset(activate, detector_id, format, location, name)
create_ipset(activate, detector_id, format, location, name, params::Dict{String,<:Any})

Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

Arguments

  • activate: A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.
  • detector_id: The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.
  • format: The format of the file that contains the IPSet.
  • location: The URI of the file that contains the IPSet.
  • name: The user-friendly name to identify the IPSet. Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_).

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "clientToken": The idempotency token for the create request.
  • "tags": The tags to be added to a new IP set resource.
Main.Guardduty.create_membersMethod
create_members(account_details, detector_id)
create_members(account_details, detector_id, params::Dict{String,<:Any})

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization. When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member. If you are adding accounts by invitation, use this action after GuardDuty has bee enabled in potential member accounts and before using InviteMembers.

Arguments

  • account_details: A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.
  • detector_id: The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.
Main.Guardduty.create_publishing_destinationMethod
create_publishing_destination(destination_properties, destination_type, detector_id)
create_publishing_destination(destination_properties, destination_type, detector_id, params::Dict{String,<:Any})

Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.

Arguments

  • destination_properties: The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.
  • destination_type: The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.
  • detector_id: The ID of the GuardDuty detector associated with the publishing destination.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "clientToken": The idempotency token for the request.
Main.Guardduty.create_sample_findingsMethod
create_sample_findings(detector_id)
create_sample_findings(detector_id, params::Dict{String,<:Any})

Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates sample findings of all supported finding types.

Arguments

  • detector_id: The ID of the detector to create sample findings for.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "findingTypes": The types of sample findings to generate.
Main.Guardduty.create_threat_intel_setMethod
create_threat_intel_set(activate, detector_id, format, location, name)
create_threat_intel_set(activate, detector_id, format, location, name, params::Dict{String,<:Any})

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

Arguments

  • activate: A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
  • detector_id: The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.
  • format: The format of the file that contains the ThreatIntelSet.
  • location: The URI of the file that contains the ThreatIntelSet.
  • name: A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "clientToken": The idempotency token for the create request.
  • "tags": The tags to be added to a new threat list resource.
Main.Guardduty.decline_invitationsMethod
decline_invitations(account_ids)
decline_invitations(account_ids, params::Dict{String,<:Any})

Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Arguments

  • account_ids: A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to decline invitations from.
Main.Guardduty.delete_detectorMethod
delete_detector(detector_id)
delete_detector(detector_id, params::Dict{String,<:Any})

Deletes an Amazon GuardDuty detector that is specified by the detector ID.

Arguments

  • detector_id: The unique ID of the detector that you want to delete.
Main.Guardduty.delete_filterMethod
delete_filter(detector_id, filter_name)
delete_filter(detector_id, filter_name, params::Dict{String,<:Any})

Deletes the filter specified by the filter name.

Arguments

  • detector_id: The unique ID of the detector that the filter is associated with.
  • filter_name: The name of the filter that you want to delete.
Main.Guardduty.delete_invitationsMethod
delete_invitations(account_ids)
delete_invitations(account_ids, params::Dict{String,<:Any})

Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.

Arguments

  • account_ids: A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to delete invitations from.
Main.Guardduty.delete_ipsetMethod
delete_ipset(detector_id, ip_set_id)
delete_ipset(detector_id, ip_set_id, params::Dict{String,<:Any})

Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.

Arguments

  • detector_id: The unique ID of the detector associated with the IPSet.
  • ip_set_id: The unique ID of the IPSet to delete.
Main.Guardduty.delete_membersMethod
delete_members(account_ids, detector_id)
delete_members(account_ids, detector_id, params::Dict{String,<:Any})

Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.

Arguments

  • account_ids: A list of account IDs of the GuardDuty member accounts that you want to delete.
  • detector_id: The unique ID of the detector of the GuardDuty account whose members you want to delete.
Main.Guardduty.delete_publishing_destinationMethod
delete_publishing_destination(destination_id, detector_id)
delete_publishing_destination(destination_id, detector_id, params::Dict{String,<:Any})

Deletes the publishing definition with the specified destinationId.

Arguments

  • destination_id: The ID of the publishing destination to delete.
  • detector_id: The unique ID of the detector associated with the publishing destination to delete.
Main.Guardduty.delete_threat_intel_setMethod
delete_threat_intel_set(detector_id, threat_intel_set_id)
delete_threat_intel_set(detector_id, threat_intel_set_id, params::Dict{String,<:Any})

Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.

Arguments

  • detector_id: The unique ID of the detector that the threatIntelSet is associated with.
  • threat_intel_set_id: The unique ID of the threatIntelSet that you want to delete.
Main.Guardduty.describe_malware_scansMethod
describe_malware_scans(detector_id)
describe_malware_scans(detector_id, params::Dict{String,<:Any})

Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • detector_id: The unique ID of the detector that the request is associated with.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "filterCriteria": Represents the criteria to be used in the filter for describing scan entries.
  • "maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
  • "nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
  • "sortCriteria": Represents the criteria used for sorting scan entries. The attributeName is required and it must be scanStartTime.
Main.Guardduty.describe_organization_configurationMethod
describe_organization_configuration(detector_id)
describe_organization_configuration(detector_id, params::Dict{String,<:Any})

Returns information about the account selected as the delegated administrator for GuardDuty. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • detector_id: The ID of the detector to retrieve information about the delegated administrator from.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": You can use this parameter to indicate the maximum number of items that you want in the response.
  • "nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.describe_publishing_destinationMethod
describe_publishing_destination(destination_id, detector_id)
describe_publishing_destination(destination_id, detector_id, params::Dict{String,<:Any})

Returns information about the publishing destination specified by the provided destinationId.

Arguments

  • destination_id: The ID of the publishing destination to retrieve.
  • detector_id: The unique ID of the detector associated with the publishing destination to retrieve.
Main.Guardduty.disable_organization_admin_accountMethod
disable_organization_admin_account(admin_account_id)
disable_organization_admin_account(admin_account_id, params::Dict{String,<:Any})

Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator.

Arguments

  • admin_account_id: The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.
Main.Guardduty.disassociate_from_administrator_accountMethod
disassociate_from_administrator_account(detector_id)
disassociate_from_administrator_account(detector_id, params::Dict{String,<:Any})

Disassociates the current GuardDuty member account from its administrator account. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty in a member account.

Arguments

  • detector_id: The unique ID of the detector of the GuardDuty member account.
Main.Guardduty.disassociate_from_master_accountMethod
disassociate_from_master_account(detector_id)
disassociate_from_master_account(detector_id, params::Dict{String,<:Any})

Disassociates the current GuardDuty member account from its administrator account.

Arguments

  • detector_id: The unique ID of the detector of the GuardDuty member account.
Main.Guardduty.disassociate_membersMethod
disassociate_members(account_ids, detector_id)
disassociate_members(account_ids, detector_id, params::Dict{String,<:Any})

Disassociates GuardDuty member accounts (to the current administrator account) specified by the account IDs. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disassociate a member account before removing them from your Amazon Web Services organization.

Arguments

  • account_ids: A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.
  • detector_id: The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.
Main.Guardduty.enable_organization_admin_accountMethod
enable_organization_admin_account(admin_account_id)
enable_organization_admin_account(admin_account_id, params::Dict{String,<:Any})

Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator.

Arguments

  • admin_account_id: The Amazon Web Services Account ID for the organization account to be enabled as a GuardDuty delegated administrator.
Main.Guardduty.get_administrator_accountMethod
get_administrator_account(detector_id)
get_administrator_account(detector_id, params::Dict{String,<:Any})

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

Arguments

  • detector_id: The unique ID of the detector of the GuardDuty member account.
Main.Guardduty.get_coverage_statisticsMethod
get_coverage_statistics(detector_id, statistics_type)
get_coverage_statistics(detector_id, statistics_type, params::Dict{String,<:Any})

Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled EKS Runtime Monitoring and have the GuardDuty agent running on their EKS nodes.

Arguments

  • detector_id: The unique ID of the GuardDuty detector associated to the coverage statistics.
  • statistics_type: Represents the statistics type used to aggregate the coverage details.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "filterCriteria": Represents the criteria used to filter the coverage statistics
Main.Guardduty.get_detectorMethod
get_detector(detector_id)
get_detector(detector_id, params::Dict{String,<:Any})

Retrieves an Amazon GuardDuty detector specified by the detectorId. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • detector_id: The unique ID of the detector that you want to get.
Main.Guardduty.get_filterMethod
get_filter(detector_id, filter_name)
get_filter(detector_id, filter_name, params::Dict{String,<:Any})

Returns the details of the filter specified by the filter name.

Arguments

  • detector_id: The unique ID of the detector that the filter is associated with.
  • filter_name: The name of the filter you want to get.
Main.Guardduty.get_findingsMethod
get_findings(detector_id, finding_ids)
get_findings(detector_id, finding_ids, params::Dict{String,<:Any})

Describes Amazon GuardDuty findings specified by finding IDs.

Arguments

  • detector_id: The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
  • finding_ids: The IDs of the findings that you want to retrieve.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "sortCriteria": Represents the criteria used for sorting findings.
Main.Guardduty.get_findings_statisticsMethod
get_findings_statistics(detector_id, finding_statistic_types)
get_findings_statistics(detector_id, finding_statistic_types, params::Dict{String,<:Any})

Lists Amazon GuardDuty findings statistics for the specified detector ID.

Arguments

  • detector_id: The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
  • finding_statistic_types: The types of finding statistics to retrieve.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "findingCriteria": Represents the criteria that is used for querying findings.
Main.Guardduty.get_invitations_countMethod
get_invitations_count()
get_invitations_count(params::Dict{String,<:Any})

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

Main.Guardduty.get_ipsetMethod
get_ipset(detector_id, ip_set_id)
get_ipset(detector_id, ip_set_id, params::Dict{String,<:Any})

Retrieves the IPSet specified by the ipSetId.

Arguments

  • detector_id: The unique ID of the detector that the IPSet is associated with.
  • ip_set_id: The unique ID of the IPSet to retrieve.
Main.Guardduty.get_malware_scan_settingsMethod
get_malware_scan_settings(detector_id)
get_malware_scan_settings(detector_id, params::Dict{String,<:Any})

Returns the details of the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • detector_id: The unique ID of the detector that the scan setting is associated with.
Main.Guardduty.get_master_accountMethod
get_master_account(detector_id)
get_master_account(detector_id, params::Dict{String,<:Any})

Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.

Arguments

  • detector_id: The unique ID of the detector of the GuardDuty member account.
Main.Guardduty.get_member_detectorsMethod
get_member_detectors(account_ids, detector_id)
get_member_detectors(account_ids, detector_id, params::Dict{String,<:Any})

Describes which data sources are enabled for the member account's detector. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • account_ids: The account ID of the member account.
  • detector_id: The detector ID for the administrator account.
Main.Guardduty.get_membersMethod
get_members(account_ids, detector_id)
get_members(account_ids, detector_id, params::Dict{String,<:Any})

Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.

Arguments

  • account_ids: A list of account IDs of the GuardDuty member accounts that you want to describe.
  • detector_id: The unique ID of the detector of the GuardDuty account whose members you want to retrieve.
Main.Guardduty.get_remaining_free_trial_daysMethod
get_remaining_free_trial_days(detector_id)
get_remaining_free_trial_days(detector_id, params::Dict{String,<:Any})

Provides the number of days left for each data source used in the free trial period.

Arguments

  • detector_id: The unique ID of the detector of the GuardDuty member account.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "accountIds": A list of account identifiers of the GuardDuty member account.
Main.Guardduty.get_threat_intel_setMethod
get_threat_intel_set(detector_id, threat_intel_set_id)
get_threat_intel_set(detector_id, threat_intel_set_id, params::Dict{String,<:Any})

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

Arguments

  • detector_id: The unique ID of the detector that the threatIntelSet is associated with.
  • threat_intel_set_id: The unique ID of the threatIntelSet that you want to get.
Main.Guardduty.get_usage_statisticsMethod
get_usage_statistics(detector_id, usage_criteria, usage_statistics_type)
get_usage_statistics(detector_id, usage_criteria, usage_statistics_type, params::Dict{String,<:Any})

Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated.

Arguments

  • detector_id: The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.
  • usage_criteria: Represents the criteria used for querying usage.
  • usage_statistics_type: The type of usage statistics to retrieve.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": The maximum number of results to return in the response.
  • "nextToken": A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
  • "unit": The currency unit you would like to view your usage statistics in. Current valid values are USD.
Main.Guardduty.invite_membersMethod
invite_members(account_ids, detector_id)
invite_members(account_ids, detector_id, params::Dict{String,<:Any})

Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.

Arguments

  • account_ids: A list of account IDs of the accounts that you want to invite to GuardDuty as members.
  • detector_id: The unique ID of the detector of the GuardDuty account that you want to invite members with.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "disableEmailNotification": A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.
  • "message": The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
Main.Guardduty.list_coverageMethod
list_coverage(detector_id)
list_coverage(detector_id, params::Dict{String,<:Any})

Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization. Make sure the accounts have EKS Runtime Monitoring enabled and GuardDuty agent running on their EKS nodes.

Arguments

  • detector_id: The unique ID of the detector whose coverage details you want to retrieve.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "filterCriteria": Represents the criteria used to filter the coverage details.
  • "maxResults": The maximum number of results to return in the response.
  • "nextToken": A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
  • "sortCriteria": Represents the criteria used to sort the coverage details.
Main.Guardduty.list_detectorsMethod
list_detectors()
list_detectors(params::Dict{String,<:Any})

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
  • "nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.list_filtersMethod
list_filters(detector_id)
list_filters(detector_id, params::Dict{String,<:Any})

Returns a paginated list of the current filters.

Arguments

  • detector_id: The unique ID of the detector that the filter is associated with.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
  • "nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.list_findingsMethod
list_findings(detector_id)
list_findings(detector_id, params::Dict{String,<:Any})

Lists Amazon GuardDuty findings for the specified detector ID.

Arguments

  • detector_id: The ID of the detector that specifies the GuardDuty service whose findings you want to list.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "findingCriteria": Represents the criteria used for querying findings. Valid values include: JSON field name accountId region confidence id resource.accessKeyDetails.accessKeyId resource.accessKeyDetails.principalId resource.accessKeyDetails.userName resource.accessKeyDetails.userType resource.instanceDetails.iamInstanceProfile.id resource.instanceDetails.imageId resource.instanceDetails.instanceId resource.instanceDetails.networkInterfaces.ipv6Addresses resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress resource.instanceDetails.networkInterfaces.publicDnsName resource.instanceDetails.networkInterfaces.publicIp resource.instanceDetails.networkInterfaces.securityGroups.groupId resource.instanceDetails.networkInterfaces.securityGroups.groupName resource.instanceDetails.networkInterfaces.subnetId resource.instanceDetails.networkInterfaces.vpcId resource.instanceDetails.tags.key resource.instanceDetails.tags.value resource.resourceType service.action.actionType service.action.awsApiCallAction.api service.action.awsApiCallAction.callerType service.action.awsApiCallAction.remoteIpDetails.city.cityName service.action.awsApiCallAction.remoteIpDetails.country.countryName service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 service.action.awsApiCallAction.remoteIpDetails.organization.asn service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg service.action.awsApiCallAction.serviceName service.action.dnsRequestAction.domain service.action.networkConnectionAction.blocked service.action.networkConnectionAction.connectionDirection service.action.networkConnectionAction.localPortDetails.port service.action.networkConnectionAction.protocol service.action.networkConnectionAction.remoteIpDetails.country.countryName service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.organization.asn service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg service.action.networkConnectionAction.remotePortDetails.port service.additionalInfo.threatListName service.archived When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed. service.resourceRole severity type updatedAt Type: Timestamp in Unix Epoch millisecond format: 1486685375000
  • "maxResults": You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • "nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
  • "sortCriteria": Represents the criteria used for sorting findings.
Main.Guardduty.list_invitationsMethod
list_invitations()
list_invitations(params::Dict{String,<:Any})

Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
  • "nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.list_ipsetsMethod
list_ipsets(detector_id)
list_ipsets(detector_id, params::Dict{String,<:Any})

Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.

Arguments

  • detector_id: The unique ID of the detector that the IPSet is associated with.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • "nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.list_membersMethod
list_members(detector_id)
list_members(detector_id, params::Dict{String,<:Any})

Lists details about all member accounts for the current GuardDuty administrator account.

Arguments

  • detector_id: The unique ID of the detector the member is associated with.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • "nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
  • "onlyAssociated": Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated). Member accounts must have been previously associated with the GuardDuty administrator account using Create Members .
Main.Guardduty.list_organization_admin_accountsMethod
list_organization_admin_accounts()
list_organization_admin_accounts(params::Dict{String,<:Any})

Lists the accounts configured as GuardDuty delegated administrators.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": The maximum number of results to return in the response.
  • "nextToken": A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Main.Guardduty.list_publishing_destinationsMethod
list_publishing_destinations(detector_id)
list_publishing_destinations(detector_id, params::Dict{String,<:Any})

Returns a list of publishing destinations associated with the specified detectorId.

Arguments

  • detector_id: The ID of the detector to retrieve publishing destinations for.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": The maximum number of results to return in the response.
  • "nextToken": A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Main.Guardduty.list_tags_for_resourceMethod
list_tags_for_resource(resource_arn)
list_tags_for_resource(resource_arn, params::Dict{String,<:Any})

Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

Arguments

  • resource_arn: The Amazon Resource Name (ARN) for the given GuardDuty resource.
Main.Guardduty.list_threat_intel_setsMethod
list_threat_intel_sets(detector_id)
list_threat_intel_sets(detector_id, params::Dict{String,<:Any})

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.

Arguments

  • detector_id: The unique ID of the detector that the threatIntelSet is associated with.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
  • "nextToken": You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.start_malware_scanMethod
start_malware_scan(resource_arn)
start_malware_scan(resource_arn, params::Dict{String,<:Any})

Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account.

Arguments

  • resource_arn: Amazon Resource Name (ARN) of the resource for which you invoked the API.
Main.Guardduty.start_monitoring_membersMethod
start_monitoring_members(account_ids, detector_id)
start_monitoring_members(account_ids, detector_id, params::Dict{String,<:Any})

Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.

Arguments

  • account_ids: A list of account IDs of the GuardDuty member accounts to start monitoring.
  • detector_id: The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor.
Main.Guardduty.stop_monitoring_membersMethod
stop_monitoring_members(account_ids, detector_id)
stop_monitoring_members(account_ids, detector_id, params::Dict{String,<:Any})

Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts. With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to stop monitoring the member accounts in your organization.

Arguments

  • account_ids: A list of account IDs for the member accounts to stop monitoring.
  • detector_id: The unique ID of the detector associated with the GuardDuty administrator account that is monitoring member accounts.
Main.Guardduty.tag_resourceMethod
tag_resource(resource_arn, tags)
tag_resource(resource_arn, tags, params::Dict{String,<:Any})

Adds tags to a resource.

Arguments

  • resource_arn: The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.
  • tags: The tags to be added to a resource.
Main.Guardduty.unarchive_findingsMethod
unarchive_findings(detector_id, finding_ids)
unarchive_findings(detector_id, finding_ids, params::Dict{String,<:Any})

Unarchives GuardDuty findings specified by the findingIds.

Arguments

  • detector_id: The ID of the detector associated with the findings to unarchive.
  • finding_ids: The IDs of the findings to unarchive.
Main.Guardduty.untag_resourceMethod
untag_resource(resource_arn, tag_keys)
untag_resource(resource_arn, tag_keys, params::Dict{String,<:Any})

Removes tags from a resource.

Arguments

  • resource_arn: The Amazon Resource Name (ARN) for the resource to remove tags from.
  • tag_keys: The tag keys to remove from the resource.
Main.Guardduty.update_detectorMethod
update_detector(detector_id)
update_detector(detector_id, params::Dict{String,<:Any})

Updates the Amazon GuardDuty detector specified by the detectorId. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • detector_id: The unique ID of the detector to update.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "dataSources": Describes which data sources will be updated. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
  • "enable": Specifies whether the detector is enabled or not enabled.
  • "features": Provides the features that will be updated for the detector.
  • "findingPublishingFrequency": An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.
Main.Guardduty.update_filterMethod
update_filter(detector_id, filter_name)
update_filter(detector_id, filter_name, params::Dict{String,<:Any})

Updates the filter specified by the filter name.

Arguments

  • detector_id: The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
  • filter_name: The name of the filter.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "action": Specifies the action that is to be applied to the findings that match the filter.
  • "description": The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({ }, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
  • "findingCriteria": Represents the criteria to be used in the filter for querying findings.
  • "rank": Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Main.Guardduty.update_findings_feedbackMethod
update_findings_feedback(detector_id, feedback, finding_ids)
update_findings_feedback(detector_id, feedback, finding_ids, params::Dict{String,<:Any})

Marks the specified GuardDuty findings as useful or not useful.

Arguments

  • detector_id: The ID of the detector associated with the findings to update feedback for.
  • feedback: The feedback for the finding.
  • finding_ids: The IDs of the findings that you want to mark as useful or not useful.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "comments": Additional feedback about the GuardDuty findings.
Main.Guardduty.update_ipsetMethod
update_ipset(detector_id, ip_set_id)
update_ipset(detector_id, ip_set_id, params::Dict{String,<:Any})

Updates the IPSet specified by the IPSet ID.

Arguments

  • detector_id: The detectorID that specifies the GuardDuty service whose IPSet you want to update.
  • ip_set_id: The unique ID that specifies the IPSet that you want to update.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "activate": The updated Boolean value that specifies whether the IPSet is active or not.
  • "location": The updated URI of the file that contains the IPSet.
  • "name": The unique ID that specifies the IPSet that you want to update.
Main.Guardduty.update_malware_scan_settingsMethod
update_malware_scan_settings(detector_id)
update_malware_scan_settings(detector_id, params::Dict{String,<:Any})

Updates the malware scan settings. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • detector_id: The unique ID of the detector that specifies the GuardDuty service where you want to update scan settings.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "ebsSnapshotPreservation": An enum value representing possible snapshot preservation settings.
  • "scanResourceCriteria": Represents the criteria to be used in the filter for selecting resources to scan.
Main.Guardduty.update_member_detectorsMethod
update_member_detectors(account_ids, detector_id)
update_member_detectors(account_ids, detector_id, params::Dict{String,<:Any})

Contains information on member accounts to be updated. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • account_ids: A list of member account IDs to be updated.
  • detector_id: The detector ID of the administrator account.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "dataSources": Describes which data sources will be updated.
  • "features": A list of features that will be updated for the specified member accounts.
Main.Guardduty.update_organization_configurationMethod
update_organization_configuration(detector_id)
update_organization_configuration(detector_id, params::Dict{String,<:Any})

Configures the delegated administrator account with the provided values. You must provide the value for either autoEnableOrganizationMembers or autoEnable. There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

Arguments

  • detector_id: The ID of the detector that configures the delegated administrator.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "autoEnable": Indicates whether to automatically enable member accounts in the organization. Even though this is still supported, we recommend using AutoEnableOrganizationMembers to achieve the similar results.
  • "autoEnableOrganizationMembers": Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. NEW: Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically. ALL: Indicates that all accounts in the Amazon Web Services Organization have GuardDuty enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty. NONE: Indicates that GuardDuty will not be automatically enabled for any accounts in the organization. GuardDuty must be managed for each account individually by the administrator.
  • "dataSources": Describes which data sources will be updated.
  • "features": A list of features that will be configured for the organization.
Main.Guardduty.update_publishing_destinationMethod
update_publishing_destination(destination_id, detector_id)
update_publishing_destination(destination_id, detector_id, params::Dict{String,<:Any})

Updates information about the publishing destination specified by the destinationId.

Arguments

  • destination_id: The ID of the publishing destination to update.
  • detector_id: The ID of the detector associated with the publishing destinations to update.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "destinationProperties": A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.
Main.Guardduty.update_threat_intel_setMethod
update_threat_intel_set(detector_id, threat_intel_set_id)
update_threat_intel_set(detector_id, threat_intel_set_id, params::Dict{String,<:Any})

Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

Arguments

  • detector_id: The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
  • threat_intel_set_id: The unique ID that specifies the ThreatIntelSet that you want to update.

Optional Parameters

Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:

  • "activate": The updated Boolean value that specifies whether the ThreateIntelSet is active or not.
  • "location": The updated URI of the file that contains the ThreateIntelSet.
  • "name": The unique ID that specifies the ThreatIntelSet that you want to update.