[][src]Crate rusoto_guardduty

Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin.

GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.

GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the Amazon GuardDuty User Guide .

If you're using the service, you're probably looking for GuardDutyClient and GuardDuty.

Structs

AcceptInvitationRequest
AcceptInvitationResponse
AccessKeyDetails

Contains information about the access keys.

AccountDetail

Contains information about the account.

Action

Contains information about actions.

AdminAccount

The account within the organization specified as the GuardDuty delegated administrator.

ArchiveFindingsRequest
ArchiveFindingsResponse
AwsApiCallAction

Contains information about the API operation.

City

Contains information about the city associated with the IP address.

Condition

Contains information about the condition.

Country

Contains information about the country where the remote IP address is located.

CreateDetectorRequest
CreateDetectorResponse
CreateFilterRequest
CreateFilterResponse
CreateIPSetRequest
CreateIPSetResponse
CreateMembersRequest
CreateMembersResponse
CreatePublishingDestinationRequest
CreatePublishingDestinationResponse
CreateSampleFindingsRequest
CreateSampleFindingsResponse
CreateThreatIntelSetRequest
CreateThreatIntelSetResponse
DeclineInvitationsRequest
DeclineInvitationsResponse
DeleteDetectorRequest
DeleteDetectorResponse
DeleteFilterRequest
DeleteFilterResponse
DeleteIPSetRequest
DeleteIPSetResponse
DeleteInvitationsRequest
DeleteInvitationsResponse
DeleteMembersRequest
DeleteMembersResponse
DeletePublishingDestinationRequest
DeletePublishingDestinationResponse
DeleteThreatIntelSetRequest
DeleteThreatIntelSetResponse
DescribeOrganizationConfigurationRequest
DescribeOrganizationConfigurationResponse
DescribePublishingDestinationRequest
DescribePublishingDestinationResponse
Destination

Contains information about the publishing destination, including the ID, type, and status.

DestinationProperties

Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.

DisableOrganizationAdminAccountRequest
DisableOrganizationAdminAccountResponse
DisassociateFromMasterAccountRequest
DisassociateFromMasterAccountResponse
DisassociateMembersRequest
DisassociateMembersResponse
DnsRequestAction

Contains information about the DNS_REQUEST action described in this finding.

DomainDetails

Contains information about the domain.

EnableOrganizationAdminAccountRequest
EnableOrganizationAdminAccountResponse
Evidence

Contains information about the reason that the finding was generated.

Finding

Contains information about the finding, which is generated when abnormal or suspicious activity is detected.

FindingCriteria

Contains information about the criteria used for querying findings.

FindingStatistics

Contains information about finding statistics.

GeoLocation

Contains information about the location of the remote IP address.

GetDetectorRequest
GetDetectorResponse
GetFilterRequest
GetFilterResponse
GetFindingsRequest
GetFindingsResponse
GetFindingsStatisticsRequest
GetFindingsStatisticsResponse
GetIPSetRequest
GetIPSetResponse
GetInvitationsCountRequest
GetInvitationsCountResponse
GetMasterAccountRequest
GetMasterAccountResponse
GetMembersRequest
GetMembersResponse
GetThreatIntelSetRequest
GetThreatIntelSetResponse
GuardDutyClient

A client for the Amazon GuardDuty API.

IamInstanceProfile

Contains information about the EC2 instance profile.

InstanceDetails

Contains information about the details of an instance.

Invitation

Contains information about the invitation to become a member account.

InviteMembersRequest
InviteMembersResponse
ListDetectorsRequest
ListDetectorsResponse
ListFiltersRequest
ListFiltersResponse
ListFindingsRequest
ListFindingsResponse
ListIPSetsRequest
ListIPSetsResponse
ListInvitationsRequest
ListInvitationsResponse
ListMembersRequest
ListMembersResponse
ListOrganizationAdminAccountsRequest
ListOrganizationAdminAccountsResponse
ListPublishingDestinationsRequest
ListPublishingDestinationsResponse
ListTagsForResourceRequest
ListTagsForResourceResponse
ListThreatIntelSetsRequest
ListThreatIntelSetsResponse
LocalIpDetails

Contains information about the local IP address of the connection.

LocalPortDetails

Contains information about the port for the local connection.

Master

Contains information about the master account and invitation.

Member

Contains information about the member account.

NetworkConnectionAction

Contains information about the NETWORK_CONNECTION action described in the finding.

NetworkInterface

Contains information about the elastic network interface of the EC2 instance.

Organization

Contains information about the ISP organization of the remote IP address.

PortProbeAction

Contains information about the PORT_PROBE action described in the finding.

PortProbeDetail

Contains information about the port probe details.

PrivateIpAddressDetails

Contains other private IP address information of the EC2 instance.

ProductCode

Contains information about the product code for the EC2 instance.

RemoteIpDetails

Contains information about the remote IP address of the connection.

RemotePortDetails

Contains information about the remote port.

Resource

Contains information about the AWS resource associated with the activity that prompted GuardDuty to generate a finding.

SecurityGroup

Contains information about the security groups associated with the EC2 instance.

Service

Contains additional information about the generated finding.

SortCriteria

Contains information about the criteria used for sorting findings.

StartMonitoringMembersRequest
StartMonitoringMembersResponse
StopMonitoringMembersRequest
StopMonitoringMembersResponse
Tag

Contains information about a tag associated with the EC2 instance.

TagResourceRequest
TagResourceResponse
ThreatIntelligenceDetail

An instance of a threat intelligence detail that constitutes evidence for the finding.

UnarchiveFindingsRequest
UnarchiveFindingsResponse
UnprocessedAccount

Contains information about the accounts that weren't processed.

UntagResourceRequest
UntagResourceResponse
UpdateDetectorRequest
UpdateDetectorResponse
UpdateFilterRequest
UpdateFilterResponse
UpdateFindingsFeedbackRequest
UpdateFindingsFeedbackResponse
UpdateIPSetRequest
UpdateIPSetResponse
UpdateOrganizationConfigurationRequest
UpdateOrganizationConfigurationResponse
UpdatePublishingDestinationRequest
UpdatePublishingDestinationResponse
UpdateThreatIntelSetRequest
UpdateThreatIntelSetResponse

Enums

AcceptInvitationError

Errors returned by AcceptInvitation

ArchiveFindingsError

Errors returned by ArchiveFindings

CreateDetectorError

Errors returned by CreateDetector

CreateFilterError

Errors returned by CreateFilter

CreateIPSetError

Errors returned by CreateIPSet

CreateMembersError

Errors returned by CreateMembers

CreatePublishingDestinationError

Errors returned by CreatePublishingDestination

CreateSampleFindingsError

Errors returned by CreateSampleFindings

CreateThreatIntelSetError

Errors returned by CreateThreatIntelSet

DeclineInvitationsError

Errors returned by DeclineInvitations

DeleteDetectorError

Errors returned by DeleteDetector

DeleteFilterError

Errors returned by DeleteFilter

DeleteIPSetError

Errors returned by DeleteIPSet

DeleteInvitationsError

Errors returned by DeleteInvitations

DeleteMembersError

Errors returned by DeleteMembers

DeletePublishingDestinationError

Errors returned by DeletePublishingDestination

DeleteThreatIntelSetError

Errors returned by DeleteThreatIntelSet

DescribeOrganizationConfigurationError

Errors returned by DescribeOrganizationConfiguration

DescribePublishingDestinationError

Errors returned by DescribePublishingDestination

DisableOrganizationAdminAccountError

Errors returned by DisableOrganizationAdminAccount

DisassociateFromMasterAccountError

Errors returned by DisassociateFromMasterAccount

DisassociateMembersError

Errors returned by DisassociateMembers

EnableOrganizationAdminAccountError

Errors returned by EnableOrganizationAdminAccount

GetDetectorError

Errors returned by GetDetector

GetFilterError

Errors returned by GetFilter

GetFindingsError

Errors returned by GetFindings

GetFindingsStatisticsError

Errors returned by GetFindingsStatistics

GetIPSetError

Errors returned by GetIPSet

GetInvitationsCountError

Errors returned by GetInvitationsCount

GetMasterAccountError

Errors returned by GetMasterAccount

GetMembersError

Errors returned by GetMembers

GetThreatIntelSetError

Errors returned by GetThreatIntelSet

InviteMembersError

Errors returned by InviteMembers

ListDetectorsError

Errors returned by ListDetectors

ListFiltersError

Errors returned by ListFilters

ListFindingsError

Errors returned by ListFindings

ListIPSetsError

Errors returned by ListIPSets

ListInvitationsError

Errors returned by ListInvitations

ListMembersError

Errors returned by ListMembers

ListOrganizationAdminAccountsError

Errors returned by ListOrganizationAdminAccounts

ListPublishingDestinationsError

Errors returned by ListPublishingDestinations

ListTagsForResourceError

Errors returned by ListTagsForResource

ListThreatIntelSetsError

Errors returned by ListThreatIntelSets

StartMonitoringMembersError

Errors returned by StartMonitoringMembers

StopMonitoringMembersError

Errors returned by StopMonitoringMembers

TagResourceError

Errors returned by TagResource

UnarchiveFindingsError

Errors returned by UnarchiveFindings

UntagResourceError

Errors returned by UntagResource

UpdateDetectorError

Errors returned by UpdateDetector

UpdateFilterError

Errors returned by UpdateFilter

UpdateFindingsFeedbackError

Errors returned by UpdateFindingsFeedback

UpdateIPSetError

Errors returned by UpdateIPSet

UpdateOrganizationConfigurationError

Errors returned by UpdateOrganizationConfiguration

UpdatePublishingDestinationError

Errors returned by UpdatePublishingDestination

UpdateThreatIntelSetError

Errors returned by UpdateThreatIntelSet

Traits

GuardDuty

Trait representing the capabilities of the Amazon GuardDuty API. Amazon GuardDuty clients implement this trait.