| Class | Description |
|---|---|
| AcceptAdministratorInvitationRequest | |
| AcceptAdministratorInvitationResult | |
| AcceptInvitationRequest | |
| AcceptInvitationResult | Deprecated |
| AccessControlList |
Contains information on the current access control policies for the bucket.
|
| AccessKeyDetails |
Contains information about the access keys.
|
| AccountDetail |
Contains information about the account.
|
| AccountFreeTrialInfo |
Provides details of the GuardDuty member account that uses a free trial service.
|
| AccountLevelPermissions |
Contains information about the account level permissions on the S3 bucket.
|
| Action |
Contains information about actions.
|
| AdminAccount |
The account within the organization specified as the GuardDuty delegated administrator.
|
| Administrator |
Contains information about the administrator account and invitation.
|
| ArchiveFindingsRequest | |
| ArchiveFindingsResult | |
| AwsApiCallAction |
Contains information about the API action.
|
| BlockPublicAccess |
Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket.
|
| BucketLevelPermissions |
Contains information about the bucket level permissions for the S3 bucket.
|
| BucketPolicy |
Contains information on the current bucket policies for the S3 bucket.
|
| City |
Contains information about the city associated with the IP address.
|
| CloudTrailConfigurationResult |
Contains information on the status of CloudTrail as a data source for the detector.
|
| Condition |
Contains information about the condition.
|
| Container |
Details of a container.
|
| Country |
Contains information about the country where the remote IP address is located.
|
| CreateDetectorRequest | |
| CreateDetectorResult | |
| CreateFilterRequest | |
| CreateFilterResult | |
| CreateIPSetRequest | |
| CreateIPSetResult | |
| CreateMembersRequest | |
| CreateMembersResult | |
| CreatePublishingDestinationRequest | |
| CreatePublishingDestinationResult | |
| CreateSampleFindingsRequest | |
| CreateSampleFindingsResult | |
| CreateThreatIntelSetRequest | |
| CreateThreatIntelSetResult | |
| DataSourceConfigurations |
Contains information about which data sources are enabled.
|
| DataSourceConfigurationsResult |
Contains information on the status of data sources for the detector.
|
| DataSourceFreeTrial |
Contains information about which data sources are enabled for the GuardDuty member account.
|
| DataSourcesFreeTrial |
Contains information about which data sources are enabled for the GuardDuty member account.
|
| DeclineInvitationsRequest | |
| DeclineInvitationsResult | |
| DefaultServerSideEncryption |
Contains information on the server side encryption method used in the S3 bucket.
|
| DeleteDetectorRequest | |
| DeleteDetectorResult | |
| DeleteFilterRequest | |
| DeleteFilterResult | |
| DeleteInvitationsRequest | |
| DeleteInvitationsResult | |
| DeleteIPSetRequest | |
| DeleteIPSetResult | |
| DeleteMembersRequest | |
| DeleteMembersResult | |
| DeletePublishingDestinationRequest | |
| DeletePublishingDestinationResult | |
| DeleteThreatIntelSetRequest | |
| DeleteThreatIntelSetResult | |
| DescribeMalwareScansRequest | |
| DescribeMalwareScansResult | |
| DescribeOrganizationConfigurationRequest | |
| DescribeOrganizationConfigurationResult | |
| DescribePublishingDestinationRequest | |
| DescribePublishingDestinationResult | |
| Destination |
Contains information about the publishing destination, including the ID, type, and status.
|
| DestinationProperties |
Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS
key to use to encrypt published findings.
|
| DisableOrganizationAdminAccountRequest | |
| DisableOrganizationAdminAccountResult | |
| DisassociateFromAdministratorAccountRequest | |
| DisassociateFromAdministratorAccountResult | |
| DisassociateFromMasterAccountRequest | |
| DisassociateFromMasterAccountResult | Deprecated |
| DisassociateMembersRequest | |
| DisassociateMembersResult | |
| DNSLogsConfigurationResult |
Contains information on the status of DNS logs as a data source.
|
| DnsRequestAction |
Contains information about the DNS_REQUEST action described in this finding.
|
| DomainDetails |
Contains information about the domain.
|
| EbsVolumeDetails |
Contains list of scanned and skipped EBS volumes with details.
|
| EbsVolumeScanDetails |
Contains details from the malware scan that created a finding.
|
| EbsVolumesResult |
Describes the configuration of scanning EBS volumes as a data source.
|
| EcsClusterDetails |
Contains information about the details of the ECS Cluster.
|
| EcsTaskDetails |
Contains information about the task in an ECS cluster.
|
| EksClusterDetails |
Details about the EKS cluster involved in a Kubernetes finding.
|
| EnableOrganizationAdminAccountRequest | |
| EnableOrganizationAdminAccountResult | |
| Evidence |
Contains information about the reason that the finding was generated.
|
| FilterCondition |
Contains information about the condition.
|
| FilterCriteria |
Represents the criteria to be used in the filter for describing scan entries.
|
| FilterCriterion |
Represents a condition that when matched will be added to the response of the operation.
|
| Finding |
Contains information about the finding, which is generated when abnormal or suspicious activity is detected.
|
| FindingCriteria |
Contains information about the criteria used for querying findings.
|
| FindingStatistics |
Contains information about finding statistics.
|
| FlowLogsConfigurationResult |
Contains information on the status of VPC flow logs as a data source.
|
| GeoLocation |
Contains information about the location of the remote IP address.
|
| GetAdministratorAccountRequest | |
| GetAdministratorAccountResult | |
| GetDetectorRequest | |
| GetDetectorResult | |
| GetFilterRequest | |
| GetFilterResult | |
| GetFindingsRequest | |
| GetFindingsResult | |
| GetFindingsStatisticsRequest | |
| GetFindingsStatisticsResult | |
| GetInvitationsCountRequest | |
| GetInvitationsCountResult | |
| GetIPSetRequest | |
| GetIPSetResult | |
| GetMalwareScanSettingsRequest | |
| GetMalwareScanSettingsResult | |
| GetMasterAccountRequest | |
| GetMasterAccountResult | Deprecated |
| GetMemberDetectorsRequest | |
| GetMemberDetectorsResult | |
| GetMembersRequest | |
| GetMembersResult | |
| GetRemainingFreeTrialDaysRequest | |
| GetRemainingFreeTrialDaysResult | |
| GetThreatIntelSetRequest | |
| GetThreatIntelSetResult | |
| GetUsageStatisticsRequest | |
| GetUsageStatisticsResult | |
| HighestSeverityThreatDetails |
Contains details of the highest severity threat detected during scan and number of infected files.
|
| HostPath |
Represents a pre-existing file or directory on the host machine that the volume maps to.
|
| IamInstanceProfile |
Contains information about the EC2 instance profile.
|
| InstanceDetails |
Contains information about the details of an instance.
|
| Invitation |
Contains information about the invitation to become a member account.
|
| InviteMembersRequest | |
| InviteMembersResult | |
| KubernetesApiCallAction |
Information about the Kubernetes API call action described in this finding.
|
| KubernetesAuditLogsConfiguration |
Describes whether Kubernetes audit logs are enabled as a data source.
|
| KubernetesAuditLogsConfigurationResult |
Describes whether Kubernetes audit logs are enabled as a data source.
|
| KubernetesConfiguration |
Describes whether any Kubernetes data sources are enabled.
|
| KubernetesConfigurationResult |
Describes whether any Kubernetes logs will be enabled as a data source.
|
| KubernetesDataSourceFreeTrial |
Provides details about the Kubernetes resources when it is enabled as a data source.
|
| KubernetesDetails |
Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.
|
| KubernetesUserDetails |
Details about the Kubernetes user involved in a Kubernetes finding.
|
| KubernetesWorkloadDetails |
Details about the Kubernetes workload involved in a Kubernetes finding.
|
| ListDetectorsRequest | |
| ListDetectorsResult | |
| ListFiltersRequest | |
| ListFiltersResult | |
| ListFindingsRequest | |
| ListFindingsResult | |
| ListInvitationsRequest | |
| ListInvitationsResult | |
| ListIPSetsRequest | |
| ListIPSetsResult | |
| ListMembersRequest | |
| ListMembersResult | |
| ListOrganizationAdminAccountsRequest | |
| ListOrganizationAdminAccountsResult | |
| ListPublishingDestinationsRequest | |
| ListPublishingDestinationsResult | |
| ListTagsForResourceRequest | |
| ListTagsForResourceResult | |
| ListThreatIntelSetsRequest | |
| ListThreatIntelSetsResult | |
| LocalIpDetails |
Contains information about the local IP address of the connection.
|
| LocalPortDetails |
Contains information about the port for the local connection.
|
| MalwareProtectionConfiguration |
Describes whether Malware Protection will be enabled as a data source.
|
| MalwareProtectionConfigurationResult |
An object that contains information on the status of all Malware Protection data sources.
|
| MalwareProtectionDataSourceFreeTrial |
Provides details about Malware Protection when it is enabled as a data source.
|
| Master |
Contains information about the administrator account and invitation.
|
| Member |
Contains information about the member account.
|
| MemberDataSourceConfiguration |
Contains information on which data sources are enabled for a member account.
|
| NetworkConnectionAction |
Contains information about the NETWORK_CONNECTION action described in the finding.
|
| NetworkInterface |
Contains information about the elastic network interface of the EC2 instance.
|
| Organization |
Contains information about the ISP organization of the remote IP address.
|
| OrganizationDataSourceConfigurations |
An object that contains information on which data sources will be configured to be automatically enabled for new
members within the organization.
|
| OrganizationDataSourceConfigurationsResult |
An object that contains information on which data sources are automatically enabled for new members within the
organization.
|
| OrganizationEbsVolumes |
Organization-wide EBS volumes scan configuration.
|
| OrganizationEbsVolumesResult |
An object that contains information on the status of whether EBS volumes scanning will be enabled as a data source
for an organization.
|
| OrganizationKubernetesAuditLogsConfiguration |
Organization-wide Kubernetes audit logs configuration.
|
| OrganizationKubernetesAuditLogsConfigurationResult |
The current configuration of Kubernetes audit logs as a data source for the organization.
|
| OrganizationKubernetesConfiguration |
Organization-wide Kubernetes data sources configurations.
|
| OrganizationKubernetesConfigurationResult |
The current configuration of all Kubernetes data sources for the organization.
|
| OrganizationMalwareProtectionConfiguration |
Organization-wide Malware Protection configurations.
|
| OrganizationMalwareProtectionConfigurationResult |
An object that contains information on the status of all Malware Protection data source for an organization.
|
| OrganizationS3LogsConfiguration |
Describes whether S3 data event logs will be automatically enabled for new members of the organization.
|
| OrganizationS3LogsConfigurationResult |
The current configuration of S3 data event logs as a data source for the organization.
|
| OrganizationScanEc2InstanceWithFindings |
Organization-wide EC2 instances with findings scan configuration.
|
| OrganizationScanEc2InstanceWithFindingsResult |
An object that contains information on the status of scanning EC2 instances with findings for an organization.
|
| Owner |
Contains information on the owner of the bucket.
|
| PermissionConfiguration |
Contains information about how permissions are configured for the S3 bucket.
|
| PortProbeAction |
Contains information about the PORT_PROBE action described in the finding.
|
| PortProbeDetail |
Contains information about the port probe details.
|
| PrivateIpAddressDetails |
Contains other private IP address information of the EC2 instance.
|
| ProductCode |
Contains information about the product code for the EC2 instance.
|
| PublicAccess |
Describes the public access policies that apply to the S3 bucket.
|
| RemoteAccountDetails |
Contains details about the remote Amazon Web Services account that made the API call.
|
| RemoteIpDetails |
Contains information about the remote IP address of the connection.
|
| RemotePortDetails |
Contains information about the remote port.
|
| Resource |
Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to
generate a finding.
|
| ResourceDetails |
Represents the resources that were scanned in the scan entry.
|
| S3BucketDetail |
Contains information on the S3 bucket.
|
| S3LogsConfiguration |
Describes whether S3 data event logs will be enabled as a data source.
|
| S3LogsConfigurationResult |
Describes whether S3 data event logs will be enabled as a data source.
|
| Scan |
Contains information about a malware scan.
|
| ScanCondition |
Contains information about the condition.
|
| ScanConditionPair |
Represents key, value pair to be matched against given resource property.
|
| ScanDetections |
Contains a complete view providing malware scan result details.
|
| ScanEc2InstanceWithFindings |
Describes whether Malware Protection for EC2 instances with findings will be enabled as a data source.
|
| ScanEc2InstanceWithFindingsResult |
An object that contains information on the status of whether Malware Protection for EC2 instances with findings will
be enabled as a data source.
|
| ScanFilePath |
Contains details of infected file including name, file path and hash.
|
| ScannedItemCount |
Total number of scanned files.
|
| ScanResourceCriteria |
Contains information about criteria used to filter resources before triggering malware scan.
|
| ScanResultDetails |
Represents the result of the scan.
|
| ScanThreatName |
Contains files infected with the given threat providing details of malware name and severity.
|
| SecurityContext |
Container security context.
|
| SecurityGroup |
Contains information about the security groups associated with the EC2 instance.
|
| Service |
Contains additional information about the generated finding.
|
| ServiceAdditionalInfo |
Additional information about the generated finding.
|
| SortCriteria |
Contains information about the criteria used for sorting findings.
|
| StartMonitoringMembersRequest | |
| StartMonitoringMembersResult | |
| StopMonitoringMembersRequest | |
| StopMonitoringMembersResult | |
| Tag |
Contains information about a tag associated with the EC2 instance.
|
| TagResourceRequest | |
| TagResourceResult | |
| ThreatDetectedByName |
Contains details about identified threats organized by threat name.
|
| ThreatIntelligenceDetail |
An instance of a threat intelligence detail that constitutes evidence for the finding.
|
| ThreatsDetectedItemCount |
Contains total number of infected files.
|
| Total |
Contains the total usage with the corresponding currency unit for that value.
|
| TriggerDetails |
Represents the reason the scan was triggered.
|
| UnarchiveFindingsRequest | |
| UnarchiveFindingsResult | |
| UnprocessedAccount |
Contains information about the accounts that weren't processed.
|
| UnprocessedDataSourcesResult |
Specifies the names of the data sources that couldn't be enabled.
|
| UntagResourceRequest | |
| UntagResourceResult | |
| UpdateDetectorRequest | |
| UpdateDetectorResult | |
| UpdateFilterRequest | |
| UpdateFilterResult | |
| UpdateFindingsFeedbackRequest | |
| UpdateFindingsFeedbackResult | |
| UpdateIPSetRequest | |
| UpdateIPSetResult | |
| UpdateMalwareScanSettingsRequest | |
| UpdateMalwareScanSettingsResult | |
| UpdateMemberDetectorsRequest | |
| UpdateMemberDetectorsResult | |
| UpdateOrganizationConfigurationRequest | |
| UpdateOrganizationConfigurationResult | |
| UpdatePublishingDestinationRequest | |
| UpdatePublishingDestinationResult | |
| UpdateThreatIntelSetRequest | |
| UpdateThreatIntelSetResult | |
| UsageAccountResult |
Contains information on the total of usage based on account IDs.
|
| UsageCriteria |
Contains information about the criteria used to query usage statistics.
|
| UsageDataSourceResult |
Contains information on the result of usage based on data source type.
|
| UsageResourceResult |
Contains information on the sum of usage based on an Amazon Web Services resource.
|
| UsageStatistics |
Contains the result of GuardDuty usage.
|
| Volume |
Volume used by the Kubernetes workload.
|
| VolumeDetail |
Contains EBS volume details.
|
| VolumeMount |
Container volume mount.
|
| Enum | Description |
|---|---|
| AdminStatus | |
| CriterionKey | |
| DataSource | |
| DataSourceStatus | |
| DestinationType | |
| DetectorStatus | |
| EbsSnapshotPreservation | |
| Feedback | |
| FilterAction | |
| FindingPublishingFrequency | |
| FindingStatisticType | |
| IpSetFormat | |
| IpSetStatus | |
| OrderBy | |
| PublishingStatus | |
| ScanCriterionKey |
An enum value representing possible resource properties to match with given scan condition.
|
| ScanResult | |
| ScanStatus | |
| ThreatIntelSetFormat | |
| ThreatIntelSetStatus | |
| UsageStatisticType |
| Exception | Description |
|---|---|
| AmazonGuardDutyException |
Base exception for all service exceptions thrown by Amazon GuardDuty
|
| BadRequestException |
A bad request exception object.
|
| InternalServerErrorException |
An internal server error exception object.
|