Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin.
GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the Amazon GuardDuty User Guide .
Contains information on the current access control policies for the bucket.
Contains information about the access keys.
Contains information about the account.
Contains information about the account level permissions on the S3 bucket.
Contains information about actions.
The account within the organization specified as the GuardDuty delegated administrator.
Contains information about the API action.
Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.
Contains information about the bucket level permissions for the S3 bucket.
Contains information on the current bucket policies for the S3 bucket.
Contains information about the city associated with the IP address.
Contains information on the status of CloudTrail as a data source for the detector.
Contains information about the condition.
Contains information about the country where the remote IP address is located.
Contains information on the status of DNS logs as a data source.
Contains information about which data sources are enabled.
Contains information on the status of data sources for the detector.
Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.
Contains information about the publishing destination, including the ID, type, and status.
Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.
Contains information about the DNS_REQUEST action described in this finding.
Contains information about the domain.
Contains information about the reason that the finding was generated.
Contains information about the finding, which is generated when abnormal or suspicious activity is detected.
Contains information about the criteria used for querying findings.
Contains information about finding statistics.
Contains information on the status of VPC flow logs as a data source.
Contains information about the location of the remote IP address.
A client for the Amazon GuardDuty API.
Contains information about the EC2 instance profile.
Contains information about the details of an instance.
Contains information about the invitation to become a member account.
Contains information about the local IP address of the connection.
Contains information about the port for the local connection.
Contains information about the administrator account and invitation.
Contains information about the member account.
Contains information on which data sources are enabled for a member account.
Contains information about the NETWORK_CONNECTION action described in the finding.
Contains information about the elastic network interface of the EC2 instance.
Contains information about the ISP organization of the remote IP address.
An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.
An object that contains information on which data sources are automatically enabled for new members within the organization.
Describes whether S3 data event logs will be automatically enabled for new members of the organization.
The current configuration of S3 data event logs as a data source for the organization.
Contains information on the owner of the bucket.
Contains information about how permissions are configured for the S3 bucket.
Contains information about the PORT_PROBE action described in the finding.
Contains information about the port probe details.
Contains other private IP address information of the EC2 instance.
Contains information about the product code for the EC2 instance.
Describes the public access policies that apply to the S3 bucket.
Contains information about the remote IP address of the connection.
Contains information about the remote port.
Contains information about the AWS resource associated with the activity that prompted GuardDuty to generate a finding.
Contains information on the S3 bucket.
Describes whether S3 data event logs will be enabled as a data source.
Describes whether S3 data event logs will be enabled as a data source.
Contains information about the security groups associated with the EC2 instance.
Contains additional information about the generated finding.
Contains information about the criteria used for sorting findings.
Contains information about a tag associated with the EC2 instance.
An instance of a threat intelligence detail that constitutes evidence for the finding.
Contains the total usage with the corresponding currency unit for that value.
Contains information about the accounts that weren't processed.
Contains information on the total of usage based on account IDs.
Contains information about the criteria used to query usage statistics.
Contains information on the result of usage based on data source type.
Contains information on the sum of usage based on an AWS resource.
Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null.
Errors returned by AcceptInvitation
Errors returned by ArchiveFindings
Errors returned by CreateDetector
Errors returned by CreateFilter
Errors returned by CreateIPSet
Errors returned by CreateMembers
Errors returned by CreatePublishingDestination
Errors returned by CreateSampleFindings
Errors returned by CreateThreatIntelSet
Errors returned by DeclineInvitations
Errors returned by DeleteDetector
Errors returned by DeleteFilter
Errors returned by DeleteIPSet
Errors returned by DeleteInvitations
Errors returned by DeleteMembers
Errors returned by DeletePublishingDestination
Errors returned by DeleteThreatIntelSet
Errors returned by DescribeOrganizationConfiguration
Errors returned by DescribePublishingDestination
Errors returned by DisableOrganizationAdminAccount
Errors returned by DisassociateFromMasterAccount
Errors returned by DisassociateMembers
Errors returned by EnableOrganizationAdminAccount
Errors returned by GetDetector
Errors returned by GetFilter
Errors returned by GetFindings
Errors returned by GetFindingsStatistics
Errors returned by GetIPSet
Errors returned by GetInvitationsCount
Errors returned by GetMasterAccount
Errors returned by GetMemberDetectors
Errors returned by GetMembers
Errors returned by GetThreatIntelSet
Errors returned by GetUsageStatistics
Errors returned by InviteMembers
Errors returned by ListDetectors
Errors returned by ListFilters
Errors returned by ListFindings
Errors returned by ListIPSets
Errors returned by ListInvitations
Errors returned by ListMembers
Errors returned by ListOrganizationAdminAccounts
Errors returned by ListPublishingDestinations
Errors returned by ListTagsForResource
Errors returned by ListThreatIntelSets
Errors returned by StartMonitoringMembers
Errors returned by StopMonitoringMembers
Errors returned by TagResource
Errors returned by UnarchiveFindings
Errors returned by UntagResource
Errors returned by UpdateDetector
Errors returned by UpdateFilter
Errors returned by UpdateFindingsFeedback
Errors returned by UpdateIPSet
Errors returned by UpdateMemberDetectors
Errors returned by UpdateOrganizationConfiguration
Errors returned by UpdatePublishingDestination
Errors returned by UpdateThreatIntelSet
Trait representing the capabilities of the Amazon GuardDuty API. Amazon GuardDuty clients implement this trait.