Guardduty
This page documents function available when using the Guardduty module, created with @service Guardduty.
Index
Main.Guardduty.accept_invitationMain.Guardduty.archive_findingsMain.Guardduty.create_detectorMain.Guardduty.create_filterMain.Guardduty.create_ipsetMain.Guardduty.create_membersMain.Guardduty.create_publishing_destinationMain.Guardduty.create_sample_findingsMain.Guardduty.create_threat_intel_setMain.Guardduty.decline_invitationsMain.Guardduty.delete_detectorMain.Guardduty.delete_filterMain.Guardduty.delete_invitationsMain.Guardduty.delete_ipsetMain.Guardduty.delete_membersMain.Guardduty.delete_publishing_destinationMain.Guardduty.delete_threat_intel_setMain.Guardduty.describe_organization_configurationMain.Guardduty.describe_publishing_destinationMain.Guardduty.disable_organization_admin_accountMain.Guardduty.disassociate_from_master_accountMain.Guardduty.disassociate_membersMain.Guardduty.enable_organization_admin_accountMain.Guardduty.get_detectorMain.Guardduty.get_filterMain.Guardduty.get_findingsMain.Guardduty.get_findings_statisticsMain.Guardduty.get_invitations_countMain.Guardduty.get_ipsetMain.Guardduty.get_master_accountMain.Guardduty.get_member_detectorsMain.Guardduty.get_membersMain.Guardduty.get_threat_intel_setMain.Guardduty.get_usage_statisticsMain.Guardduty.invite_membersMain.Guardduty.list_detectorsMain.Guardduty.list_filtersMain.Guardduty.list_findingsMain.Guardduty.list_invitationsMain.Guardduty.list_ipsetsMain.Guardduty.list_membersMain.Guardduty.list_organization_admin_accountsMain.Guardduty.list_publishing_destinationsMain.Guardduty.list_tags_for_resourceMain.Guardduty.list_threat_intel_setsMain.Guardduty.start_monitoring_membersMain.Guardduty.stop_monitoring_membersMain.Guardduty.tag_resourceMain.Guardduty.unarchive_findingsMain.Guardduty.untag_resourceMain.Guardduty.update_detectorMain.Guardduty.update_filterMain.Guardduty.update_findings_feedbackMain.Guardduty.update_ipsetMain.Guardduty.update_member_detectorsMain.Guardduty.update_organization_configurationMain.Guardduty.update_publishing_destinationMain.Guardduty.update_threat_intel_set
Documentation
Main.Guardduty.accept_invitation — Methodaccept_invitation(detector_id, invitation_id, master_id)
accept_invitation(detector_id, invitation_id, master_id, params::Dict{String,<:Any})Accepts the invitation to be monitored by a GuardDuty administrator account.
Arguments
detector_id: The unique ID of the detector of the GuardDuty member account.invitation_id: The value that is used to validate the administrator account to the member account.master_id: The account ID of the GuardDuty administrator account whose invitation you're accepting.
Main.Guardduty.archive_findings — Methodarchive_findings(detector_id, finding_ids)
archive_findings(detector_id, finding_ids, params::Dict{String,<:Any})Archives GuardDuty findings that are specified by the list of finding IDs. Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.
Arguments
detector_id: The ID of the detector that specifies the GuardDuty service whose findings you want to archive.finding_ids: The IDs of the findings that you want to archive.
Main.Guardduty.create_detector — Methodcreate_detector(enable)
create_detector(enable, params::Dict{String,<:Any})Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
Arguments
enable: A Boolean value that specifies whether the detector is to be enabled.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"clientToken": The idempotency token for the create request."dataSources": Describes which data sources will be enabled for the detector."findingPublishingFrequency": A value that specifies how frequently updated findings are exported."tags": The tags to be added to a new detector resource.
Main.Guardduty.create_filter — Methodcreate_filter(detector_id, finding_criteria, name)
create_filter(detector_id, finding_criteria, name, params::Dict{String,<:Any})Creates a filter using the specified finding criteria.
Arguments
detector_id: The ID of the detector belonging to the GuardDuty account that you want to create a filter for.finding_criteria: Represents the criteria to be used in the filter for querying findings. You can only use the following attributes to query findings: accountId region confidence id resource.accessKeyDetails.accessKeyId resource.accessKeyDetails.principalId resource.accessKeyDetails.userName resource.accessKeyDetails.userType resource.instanceDetails.iamInstanceProfile.id resource.instanceDetails.imageId resource.instanceDetails.instanceId resource.instanceDetails.outpostArn resource.instanceDetails.networkInterfaces.ipv6Addresses resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress resource.instanceDetails.networkInterfaces.publicDnsName resource.instanceDetails.networkInterfaces.publicIp resource.instanceDetails.networkInterfaces.securityGroups.groupId resource.instanceDetails.networkInterfaces.securityGroups.groupName resource.instanceDetails.networkInterfaces.subnetId resource.instanceDetails.networkInterfaces.vpcId resource.instanceDetails.tags.key resource.instanceDetails.tags.value resource.resourceType service.action.actionType service.action.awsApiCallAction.api service.action.awsApiCallAction.callerType service.action.awsApiCallAction.errorCode service.action.awsApiCallAction.remoteIpDetails.city.cityName service.action.awsApiCallAction.remoteIpDetails.country.countryName service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 service.action.awsApiCallAction.remoteIpDetails.organization.asn service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg service.action.awsApiCallAction.serviceName service.action.dnsRequestAction.domain service.action.networkConnectionAction.blocked service.action.networkConnectionAction.connectionDirection service.action.networkConnectionAction.localPortDetails.port service.action.networkConnectionAction.protocol service.action.networkConnectionAction.localIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.city.cityName service.action.networkConnectionAction.remoteIpDetails.country.countryName service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.organization.asn service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg service.action.networkConnectionAction.remotePortDetails.port service.additionalInfo.threatListName service.archived When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed. service.resourceRole severity type updatedAt Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.name: The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"action": Specifies the action that is to be applied to the findings that match the filter."clientToken": The idempotency token for the create request."description": The description of the filter."rank": Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings."tags": The tags to be added to a new filter resource.
Main.Guardduty.create_ipset — Methodcreate_ipset(activate, detector_id, format, location, name)
create_ipset(activate, detector_id, format, location, name, params::Dict{String,<:Any})Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with AWS infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.
Arguments
activate: A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.detector_id: The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.format: The format of the file that contains the IPSet.location: The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.name: The user-friendly name to identify the IPSet. Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_).
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"clientToken": The idempotency token for the create request."tags": The tags to be added to a new IP set resource.
Main.Guardduty.create_members — Methodcreate_members(account_details, detector_id)
create_members(account_details, detector_id, params::Dict{String,<:Any})Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization. When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member. If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using Invite Members .
Arguments
account_details: A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.detector_id: The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.
Main.Guardduty.create_publishing_destination — Methodcreate_publishing_destination(destination_properties, destination_type, detector_id)
create_publishing_destination(destination_properties, destination_type, detector_id, params::Dict{String,<:Any})Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.
Arguments
destination_properties: The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.destination_type: The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.detector_id: The ID of the GuardDuty detector associated with the publishing destination.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"clientToken": The idempotency token for the request.
Main.Guardduty.create_sample_findings — Methodcreate_sample_findings(detector_id)
create_sample_findings(detector_id, params::Dict{String,<:Any})Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.
Arguments
detector_id: The ID of the detector to create sample findings for.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"findingTypes": The types of sample findings to generate.
Main.Guardduty.create_threat_intel_set — Methodcreate_threat_intel_set(activate, detector_id, format, location, name)
create_threat_intel_set(activate, detector_id, format, location, name, params::Dict{String,<:Any})Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.
Arguments
activate: A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.detector_id: The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.format: The format of the file that contains the ThreatIntelSet.location: The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.name: A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"clientToken": The idempotency token for the create request."tags": The tags to be added to a new threat list resource.
Main.Guardduty.decline_invitations — Methoddecline_invitations(account_ids)
decline_invitations(account_ids, params::Dict{String,<:Any})Declines invitations sent to the current member account by AWS accounts specified by their account IDs.
Arguments
account_ids: A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.
Main.Guardduty.delete_detector — Methoddelete_detector(detector_id)
delete_detector(detector_id, params::Dict{String,<:Any})Deletes an Amazon GuardDuty detector that is specified by the detector ID.
Arguments
detector_id: The unique ID of the detector that you want to delete.
Main.Guardduty.delete_filter — Methoddelete_filter(detector_id, filter_name)
delete_filter(detector_id, filter_name, params::Dict{String,<:Any})Deletes the filter specified by the filter name.
Arguments
detector_id: The unique ID of the detector that the filter is associated with.filter_name: The name of the filter that you want to delete.
Main.Guardduty.delete_invitations — Methoddelete_invitations(account_ids)
delete_invitations(account_ids, params::Dict{String,<:Any})Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
Arguments
account_ids: A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.
Main.Guardduty.delete_ipset — Methoddelete_ipset(detector_id, ip_set_id)
delete_ipset(detector_id, ip_set_id, params::Dict{String,<:Any})Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.
Arguments
detector_id: The unique ID of the detector associated with the IPSet.ip_set_id: The unique ID of the IPSet to delete.
Main.Guardduty.delete_members — Methoddelete_members(account_ids, detector_id)
delete_members(account_ids, detector_id, params::Dict{String,<:Any})Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
Arguments
account_ids: A list of account IDs of the GuardDuty member accounts that you want to delete.detector_id: The unique ID of the detector of the GuardDuty account whose members you want to delete.
Main.Guardduty.delete_publishing_destination — Methoddelete_publishing_destination(destination_id, detector_id)
delete_publishing_destination(destination_id, detector_id, params::Dict{String,<:Any})Deletes the publishing definition with the specified destinationId.
Arguments
destination_id: The ID of the publishing destination to delete.detector_id: The unique ID of the detector associated with the publishing destination to delete.
Main.Guardduty.delete_threat_intel_set — Methoddelete_threat_intel_set(detector_id, threat_intel_set_id)
delete_threat_intel_set(detector_id, threat_intel_set_id, params::Dict{String,<:Any})Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.
Arguments
detector_id: The unique ID of the detector that the threatIntelSet is associated with.threat_intel_set_id: The unique ID of the threatIntelSet that you want to delete.
Main.Guardduty.describe_organization_configuration — Methoddescribe_organization_configuration(detector_id)
describe_organization_configuration(detector_id, params::Dict{String,<:Any})Returns information about the account selected as the delegated administrator for GuardDuty.
Arguments
detector_id: The ID of the detector to retrieve information about the delegated administrator from.
Main.Guardduty.describe_publishing_destination — Methoddescribe_publishing_destination(destination_id, detector_id)
describe_publishing_destination(destination_id, detector_id, params::Dict{String,<:Any})Returns information about the publishing destination specified by the provided destinationId.
Arguments
destination_id: The ID of the publishing destination to retrieve.detector_id: The unique ID of the detector associated with the publishing destination to retrieve.
Main.Guardduty.disable_organization_admin_account — Methoddisable_organization_admin_account(admin_account_id)
disable_organization_admin_account(admin_account_id, params::Dict{String,<:Any})Disables an AWS account within the Organization as the GuardDuty delegated administrator.
Arguments
admin_account_id: The AWS Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.
Main.Guardduty.disassociate_from_master_account — Methoddisassociate_from_master_account(detector_id)
disassociate_from_master_account(detector_id, params::Dict{String,<:Any})Disassociates the current GuardDuty member account from its administrator account.
Arguments
detector_id: The unique ID of the detector of the GuardDuty member account.
Main.Guardduty.disassociate_members — Methoddisassociate_members(account_ids, detector_id)
disassociate_members(account_ids, detector_id, params::Dict{String,<:Any})Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
Arguments
account_ids: A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.detector_id: The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.
Main.Guardduty.enable_organization_admin_account — Methodenable_organization_admin_account(admin_account_id)
enable_organization_admin_account(admin_account_id, params::Dict{String,<:Any})Enables an AWS account within the organization as the GuardDuty delegated administrator.
Arguments
admin_account_id: The AWS Account ID for the organization account to be enabled as a GuardDuty delegated administrator.
Main.Guardduty.get_detector — Methodget_detector(detector_id)
get_detector(detector_id, params::Dict{String,<:Any})Retrieves an Amazon GuardDuty detector specified by the detectorId.
Arguments
detector_id: The unique ID of the detector that you want to get.
Main.Guardduty.get_filter — Methodget_filter(detector_id, filter_name)
get_filter(detector_id, filter_name, params::Dict{String,<:Any})Returns the details of the filter specified by the filter name.
Arguments
detector_id: The unique ID of the detector that the filter is associated with.filter_name: The name of the filter you want to get.
Main.Guardduty.get_findings — Methodget_findings(detector_id, finding_ids)
get_findings(detector_id, finding_ids, params::Dict{String,<:Any})Describes Amazon GuardDuty findings specified by finding IDs.
Arguments
detector_id: The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.finding_ids: The IDs of the findings that you want to retrieve.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"sortCriteria": Represents the criteria used for sorting findings.
Main.Guardduty.get_findings_statistics — Methodget_findings_statistics(detector_id, finding_statistic_types)
get_findings_statistics(detector_id, finding_statistic_types, params::Dict{String,<:Any})Lists Amazon GuardDuty findings statistics for the specified detector ID.
Arguments
detector_id: The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.finding_statistic_types: The types of finding statistics to retrieve.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"findingCriteria": Represents the criteria that is used for querying findings.
Main.Guardduty.get_invitations_count — Methodget_invitations_count()
get_invitations_count(params::Dict{String,<:Any})Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
Main.Guardduty.get_ipset — Methodget_ipset(detector_id, ip_set_id)
get_ipset(detector_id, ip_set_id, params::Dict{String,<:Any})Retrieves the IPSet specified by the ipSetId.
Arguments
detector_id: The unique ID of the detector that the IPSet is associated with.ip_set_id: The unique ID of the IPSet to retrieve.
Main.Guardduty.get_master_account — Methodget_master_account(detector_id)
get_master_account(detector_id, params::Dict{String,<:Any})Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
Arguments
detector_id: The unique ID of the detector of the GuardDuty member account.
Main.Guardduty.get_member_detectors — Methodget_member_detectors(account_ids, detector_id)
get_member_detectors(account_ids, detector_id, params::Dict{String,<:Any})Describes which data sources are enabled for the member account's detector.
Arguments
account_ids: The account ID of the member account.detector_id: The detector ID for the administrator account.
Main.Guardduty.get_members — Methodget_members(account_ids, detector_id)
get_members(account_ids, detector_id, params::Dict{String,<:Any})Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.
Arguments
account_ids: A list of account IDs of the GuardDuty member accounts that you want to describe.detector_id: The unique ID of the detector of the GuardDuty account whose members you want to retrieve.
Main.Guardduty.get_threat_intel_set — Methodget_threat_intel_set(detector_id, threat_intel_set_id)
get_threat_intel_set(detector_id, threat_intel_set_id, params::Dict{String,<:Any})Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
Arguments
detector_id: The unique ID of the detector that the threatIntelSet is associated with.threat_intel_set_id: The unique ID of the threatIntelSet that you want to get.
Main.Guardduty.get_usage_statistics — Methodget_usage_statistics(detector_id, usage_criteria, usage_statistics_type)
get_usage_statistics(detector_id, usage_criteria, usage_statistics_type, params::Dict{String,<:Any})Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources the cost returned will include only the usage so far under 30 days, this may differ from the cost metrics in the console, which projects usage over 30 days to provide a monthly cost estimate. For more information see Understanding How Usage Costs are Calculated.
Arguments
detector_id: The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.usage_criteria: Represents the criteria used for querying usage.usage_statistics_type: The type of usage statistics to retrieve.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": The maximum number of results to return in the response."nextToken": A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page."unit": The currency unit you would like to view your usage statistics in. Current valid values are USD.
Main.Guardduty.invite_members — Methodinvite_members(account_ids, detector_id)
invite_members(account_ids, detector_id, params::Dict{String,<:Any})Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty, and allow the current AWS account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.
Arguments
account_ids: A list of account IDs of the accounts that you want to invite to GuardDuty as members.detector_id: The unique ID of the detector of the GuardDuty account that you want to invite members with.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"disableEmailNotification": A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members."message": The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
Main.Guardduty.list_detectors — Methodlist_detectors()
list_detectors(params::Dict{String,<:Any})Lists detectorIds of all the existing Amazon GuardDuty detector resources.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50."nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.list_filters — Methodlist_filters(detector_id)
list_filters(detector_id, params::Dict{String,<:Any})Returns a paginated list of the current filters.
Arguments
detector_id: The unique ID of the detector that the filter is associated with.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50."nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.list_findings — Methodlist_findings(detector_id)
list_findings(detector_id, params::Dict{String,<:Any})Lists Amazon GuardDuty findings for the specified detector ID.
Arguments
detector_id: The ID of the detector that specifies the GuardDuty service whose findings you want to list.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"findingCriteria": Represents the criteria used for querying findings. Valid values include: JSON field name accountId region confidence id resource.accessKeyDetails.accessKeyId resource.accessKeyDetails.principalId resource.accessKeyDetails.userName resource.accessKeyDetails.userType resource.instanceDetails.iamInstanceProfile.id resource.instanceDetails.imageId resource.instanceDetails.instanceId resource.instanceDetails.networkInterfaces.ipv6Addresses resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress resource.instanceDetails.networkInterfaces.publicDnsName resource.instanceDetails.networkInterfaces.publicIp resource.instanceDetails.networkInterfaces.securityGroups.groupId resource.instanceDetails.networkInterfaces.securityGroups.groupName resource.instanceDetails.networkInterfaces.subnetId resource.instanceDetails.networkInterfaces.vpcId resource.instanceDetails.tags.key resource.instanceDetails.tags.value resource.resourceType service.action.actionType service.action.awsApiCallAction.api service.action.awsApiCallAction.callerType service.action.awsApiCallAction.remoteIpDetails.city.cityName service.action.awsApiCallAction.remoteIpDetails.country.countryName service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 service.action.awsApiCallAction.remoteIpDetails.organization.asn service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg service.action.awsApiCallAction.serviceName service.action.dnsRequestAction.domain service.action.networkConnectionAction.blocked service.action.networkConnectionAction.connectionDirection service.action.networkConnectionAction.localPortDetails.port service.action.networkConnectionAction.protocol service.action.networkConnectionAction.remoteIpDetails.city.cityName service.action.networkConnectionAction.remoteIpDetails.country.countryName service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.organization.asn service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg service.action.networkConnectionAction.remotePortDetails.port service.additionalInfo.threatListName service.archived When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed. service.resourceRole severity type updatedAt Type: Timestamp in Unix Epoch millisecond format: 1486685375000"maxResults": You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50."nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data."sortCriteria": Represents the criteria used for sorting findings.
Main.Guardduty.list_invitations — Methodlist_invitations()
list_invitations(params::Dict{String,<:Any})Lists all GuardDuty membership invitations that were sent to the current AWS account.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50."nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.list_ipsets — Methodlist_ipsets(detector_id)
list_ipsets(detector_id, params::Dict{String,<:Any})Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.
Arguments
detector_id: The unique ID of the detector that the IPSet is associated with.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50."nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.list_members — Methodlist_members(detector_id)
list_members(detector_id, params::Dict{String,<:Any})Lists details about all member accounts for the current GuardDuty administrator account.
Arguments
detector_id: The unique ID of the detector the member is associated with.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50."nextToken": You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data."onlyAssociated": Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated).
Main.Guardduty.list_organization_admin_accounts — Methodlist_organization_admin_accounts()
list_organization_admin_accounts(params::Dict{String,<:Any})Lists the accounts configured as GuardDuty delegated administrators.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": The maximum number of results to return in the response."nextToken": A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Main.Guardduty.list_publishing_destinations — Methodlist_publishing_destinations(detector_id)
list_publishing_destinations(detector_id, params::Dict{String,<:Any})Returns a list of publishing destinations associated with the specified dectectorId.
Arguments
detector_id: The ID of the detector to retrieve publishing destinations for.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": The maximum number of results to return in the response."nextToken": A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Main.Guardduty.list_tags_for_resource — Methodlist_tags_for_resource(resource_arn)
list_tags_for_resource(resource_arn, params::Dict{String,<:Any})Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.
Arguments
resource_arn: The Amazon Resource Name (ARN) for the given GuardDuty resource.
Main.Guardduty.list_threat_intel_sets — Methodlist_threat_intel_sets(detector_id)
list_threat_intel_sets(detector_id, params::Dict{String,<:Any})Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.
Arguments
detector_id: The unique ID of the detector that the threatIntelSet is associated with.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"maxResults": You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50."nextToken": You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Main.Guardduty.start_monitoring_members — Methodstart_monitoring_members(account_ids, detector_id)
start_monitoring_members(account_ids, detector_id, params::Dict{String,<:Any})Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.
Arguments
account_ids: A list of account IDs of the GuardDuty member accounts to start monitoring.detector_id: The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor.
Main.Guardduty.stop_monitoring_members — Methodstop_monitoring_members(account_ids, detector_id)
stop_monitoring_members(account_ids, detector_id, params::Dict{String,<:Any})Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts.
Arguments
account_ids: A list of account IDs for the member accounts to stop monitoring.detector_id: The unique ID of the detector associated with the GuardDuty administrator account that is monitoring member accounts.
Main.Guardduty.tag_resource — Methodtag_resource(resource_arn, tags)
tag_resource(resource_arn, tags, params::Dict{String,<:Any})Adds tags to a resource.
Arguments
resource_arn: The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.tags: The tags to be added to a resource.
Main.Guardduty.unarchive_findings — Methodunarchive_findings(detector_id, finding_ids)
unarchive_findings(detector_id, finding_ids, params::Dict{String,<:Any})Unarchives GuardDuty findings specified by the findingIds.
Arguments
detector_id: The ID of the detector associated with the findings to unarchive.finding_ids: The IDs of the findings to unarchive.
Main.Guardduty.untag_resource — Methoduntag_resource(resource_arn, tag_keys)
untag_resource(resource_arn, tag_keys, params::Dict{String,<:Any})Removes tags from a resource.
Arguments
resource_arn: The Amazon Resource Name (ARN) for the resource to remove tags from.tag_keys: The tag keys to remove from the resource.
Main.Guardduty.update_detector — Methodupdate_detector(detector_id)
update_detector(detector_id, params::Dict{String,<:Any})Updates the Amazon GuardDuty detector specified by the detectorId.
Arguments
detector_id: The unique ID of the detector to update.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"dataSources": Describes which data sources will be updated."enable": Specifies whether the detector is enabled or not enabled."findingPublishingFrequency": An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.
Main.Guardduty.update_filter — Methodupdate_filter(detector_id, filter_name)
update_filter(detector_id, filter_name, params::Dict{String,<:Any})Updates the filter specified by the filter name.
Arguments
detector_id: The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.filter_name: The name of the filter.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"action": Specifies the action that is to be applied to the findings that match the filter."description": The description of the filter."findingCriteria": Represents the criteria to be used in the filter for querying findings."rank": Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
Main.Guardduty.update_findings_feedback — Methodupdate_findings_feedback(detector_id, feedback, finding_ids)
update_findings_feedback(detector_id, feedback, finding_ids, params::Dict{String,<:Any})Marks the specified GuardDuty findings as useful or not useful.
Arguments
detector_id: The ID of the detector associated with the findings to update feedback for.feedback: The feedback for the finding.finding_ids: The IDs of the findings that you want to mark as useful or not useful.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"comments": Additional feedback about the GuardDuty findings.
Main.Guardduty.update_ipset — Methodupdate_ipset(detector_id, ip_set_id)
update_ipset(detector_id, ip_set_id, params::Dict{String,<:Any})Updates the IPSet specified by the IPSet ID.
Arguments
detector_id: The detectorID that specifies the GuardDuty service whose IPSet you want to update.ip_set_id: The unique ID that specifies the IPSet that you want to update.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"activate": The updated Boolean value that specifies whether the IPSet is active or not."location": The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key."name": The unique ID that specifies the IPSet that you want to update.
Main.Guardduty.update_member_detectors — Methodupdate_member_detectors(account_ids, detector_id)
update_member_detectors(account_ids, detector_id, params::Dict{String,<:Any})Contains information on member accounts to be updated.
Arguments
account_ids: A list of member account IDs to be updated.detector_id: The detector ID of the administrator account.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"dataSources": Describes which data sources will be updated.
Main.Guardduty.update_organization_configuration — Methodupdate_organization_configuration(auto_enable, detector_id)
update_organization_configuration(auto_enable, detector_id, params::Dict{String,<:Any})Updates the delegated administrator account with the values provided.
Arguments
auto_enable: Indicates whether to automatically enable member accounts in the organization.detector_id: The ID of the detector to update the delegated administrator for.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"dataSources": Describes which data sources will be updated.
Main.Guardduty.update_publishing_destination — Methodupdate_publishing_destination(destination_id, detector_id)
update_publishing_destination(destination_id, detector_id, params::Dict{String,<:Any})Updates information about the publishing destination specified by the destinationId.
Arguments
destination_id: The ID of the publishing destination to update.detector_id: The ID of the detector associated with the publishing destinations to update.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"destinationProperties": A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.
Main.Guardduty.update_threat_intel_set — Methodupdate_threat_intel_set(detector_id, threat_intel_set_id)
update_threat_intel_set(detector_id, threat_intel_set_id, params::Dict{String,<:Any})Updates the ThreatIntelSet specified by the ThreatIntelSet ID.
Arguments
detector_id: The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.threat_intel_set_id: The unique ID that specifies the ThreatIntelSet that you want to update.
Optional Parameters
Optional parameters can be passed as a params::Dict{String,<:Any}. Valid keys are:
"activate": The updated Boolean value that specifies whether the ThreateIntelSet is active or not."location": The updated URI of the file that contains the ThreateIntelSet."name": The unique ID that specifies the ThreatIntelSet that you want to update.