[−][src]Crate rusoto_guardduty
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin.
GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the Amazon GuardDuty User Guide .
If you're using the service, you're probably looking for GuardDutyClient and GuardDuty.
Structs
AcceptInvitationRequest | |
AcceptInvitationResponse | |
AccessControlList | Contains information on the current access control policies for the bucket. |
AccessKeyDetails | Contains information about the access keys. |
AccountDetail | Contains information about the account. |
AccountLevelPermissions | Contains information about the account level permissions on the S3 bucket. |
Action | Contains information about actions. |
AdminAccount | The account within the organization specified as the GuardDuty delegated administrator. |
ArchiveFindingsRequest | |
ArchiveFindingsResponse | |
AwsApiCallAction | Contains information about the API action. |
BlockPublicAccess | Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information. |
BucketLevelPermissions | Contains information about the bucket level permissions for the S3 bucket. |
BucketPolicy | Contains information on the current bucket policies for the S3 bucket. |
City | Contains information about the city associated with the IP address. |
CloudTrailConfigurationResult | Contains information on the status of CloudTrail as a data source for the detector. |
Condition | Contains information about the condition. |
Country | Contains information about the country where the remote IP address is located. |
CreateDetectorRequest | |
CreateDetectorResponse | |
CreateFilterRequest | |
CreateFilterResponse | |
CreateIPSetRequest | |
CreateIPSetResponse | |
CreateMembersRequest | |
CreateMembersResponse | |
CreatePublishingDestinationRequest | |
CreatePublishingDestinationResponse | |
CreateSampleFindingsRequest | |
CreateSampleFindingsResponse | |
CreateThreatIntelSetRequest | |
CreateThreatIntelSetResponse | |
DNSLogsConfigurationResult | Contains information on the status of DNS logs as a data source. |
DataSourceConfigurations | Contains information about which data sources are enabled. |
DataSourceConfigurationsResult | Contains information on the status of data sources for the detector. |
DeclineInvitationsRequest | |
DeclineInvitationsResponse | |
DefaultServerSideEncryption | Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information. |
DeleteDetectorRequest | |
DeleteDetectorResponse | |
DeleteFilterRequest | |
DeleteFilterResponse | |
DeleteIPSetRequest | |
DeleteIPSetResponse | |
DeleteInvitationsRequest | |
DeleteInvitationsResponse | |
DeleteMembersRequest | |
DeleteMembersResponse | |
DeletePublishingDestinationRequest | |
DeletePublishingDestinationResponse | |
DeleteThreatIntelSetRequest | |
DeleteThreatIntelSetResponse | |
DescribeOrganizationConfigurationRequest | |
DescribeOrganizationConfigurationResponse | |
DescribePublishingDestinationRequest | |
DescribePublishingDestinationResponse | |
Destination | Contains information about the publishing destination, including the ID, type, and status. |
DestinationProperties | Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings. |
DisableOrganizationAdminAccountRequest | |
DisableOrganizationAdminAccountResponse | |
DisassociateFromMasterAccountRequest | |
DisassociateFromMasterAccountResponse | |
DisassociateMembersRequest | |
DisassociateMembersResponse | |
DnsRequestAction | Contains information about the DNS_REQUEST action described in this finding. |
DomainDetails | Contains information about the domain. |
EnableOrganizationAdminAccountRequest | |
EnableOrganizationAdminAccountResponse | |
Evidence | Contains information about the reason that the finding was generated. |
Finding | Contains information about the finding, which is generated when abnormal or suspicious activity is detected. |
FindingCriteria | Contains information about the criteria used for querying findings. |
FindingStatistics | Contains information about finding statistics. |
FlowLogsConfigurationResult | Contains information on the status of VPC flow logs as a data source. |
GeoLocation | Contains information about the location of the remote IP address. |
GetDetectorRequest | |
GetDetectorResponse | |
GetFilterRequest | |
GetFilterResponse | |
GetFindingsRequest | |
GetFindingsResponse | |
GetFindingsStatisticsRequest | |
GetFindingsStatisticsResponse | |
GetIPSetRequest | |
GetIPSetResponse | |
GetInvitationsCountRequest | |
GetInvitationsCountResponse | |
GetMasterAccountRequest | |
GetMasterAccountResponse | |
GetMemberDetectorsRequest | |
GetMemberDetectorsResponse | |
GetMembersRequest | |
GetMembersResponse | |
GetThreatIntelSetRequest | |
GetThreatIntelSetResponse | |
GetUsageStatisticsRequest | |
GetUsageStatisticsResponse | |
GuardDutyClient | A client for the Amazon GuardDuty API. |
IamInstanceProfile | Contains information about the EC2 instance profile. |
InstanceDetails | Contains information about the details of an instance. |
Invitation | Contains information about the invitation to become a member account. |
InviteMembersRequest | |
InviteMembersResponse | |
ListDetectorsRequest | |
ListDetectorsResponse | |
ListFiltersRequest | |
ListFiltersResponse | |
ListFindingsRequest | |
ListFindingsResponse | |
ListIPSetsRequest | |
ListIPSetsResponse | |
ListInvitationsRequest | |
ListInvitationsResponse | |
ListMembersRequest | |
ListMembersResponse | |
ListOrganizationAdminAccountsRequest | |
ListOrganizationAdminAccountsResponse | |
ListPublishingDestinationsRequest | |
ListPublishingDestinationsResponse | |
ListTagsForResourceRequest | |
ListTagsForResourceResponse | |
ListThreatIntelSetsRequest | |
ListThreatIntelSetsResponse | |
LocalIpDetails | Contains information about the local IP address of the connection. |
LocalPortDetails | Contains information about the port for the local connection. |
Master | Contains information about the administrator account and invitation. |
Member | Contains information about the member account. |
MemberDataSourceConfiguration | Contains information on which data sources are enabled for a member account. |
NetworkConnectionAction | Contains information about the NETWORK_CONNECTION action described in the finding. |
NetworkInterface | Contains information about the elastic network interface of the EC2 instance. |
Organization | Contains information about the ISP organization of the remote IP address. |
OrganizationDataSourceConfigurations | An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization. |
OrganizationDataSourceConfigurationsResult | An object that contains information on which data sources are automatically enabled for new members within the organization. |
OrganizationS3LogsConfiguration | Describes whether S3 data event logs will be automatically enabled for new members of the organization. |
OrganizationS3LogsConfigurationResult | The current configuration of S3 data event logs as a data source for the organization. |
Owner | Contains information on the owner of the bucket. |
PermissionConfiguration | Contains information about how permissions are configured for the S3 bucket. |
PortProbeAction | Contains information about the PORT_PROBE action described in the finding. |
PortProbeDetail | Contains information about the port probe details. |
PrivateIpAddressDetails | Contains other private IP address information of the EC2 instance. |
ProductCode | Contains information about the product code for the EC2 instance. |
PublicAccess | Describes the public access policies that apply to the S3 bucket. |
RemoteIpDetails | Contains information about the remote IP address of the connection. |
RemotePortDetails | Contains information about the remote port. |
Resource | Contains information about the AWS resource associated with the activity that prompted GuardDuty to generate a finding. |
S3BucketDetail | Contains information on the S3 bucket. |
S3LogsConfiguration | Describes whether S3 data event logs will be enabled as a data source. |
S3LogsConfigurationResult | Describes whether S3 data event logs will be enabled as a data source. |
SecurityGroup | Contains information about the security groups associated with the EC2 instance. |
Service | Contains additional information about the generated finding. |
SortCriteria | Contains information about the criteria used for sorting findings. |
StartMonitoringMembersRequest | |
StartMonitoringMembersResponse | |
StopMonitoringMembersRequest | |
StopMonitoringMembersResponse | |
Tag | Contains information about a tag associated with the EC2 instance. |
TagResourceRequest | |
TagResourceResponse | |
ThreatIntelligenceDetail | An instance of a threat intelligence detail that constitutes evidence for the finding. |
Total | Contains the total usage with the corresponding currency unit for that value. |
UnarchiveFindingsRequest | |
UnarchiveFindingsResponse | |
UnprocessedAccount | Contains information about the accounts that weren't processed. |
UntagResourceRequest | |
UntagResourceResponse | |
UpdateDetectorRequest | |
UpdateDetectorResponse | |
UpdateFilterRequest | |
UpdateFilterResponse | |
UpdateFindingsFeedbackRequest | |
UpdateFindingsFeedbackResponse | |
UpdateIPSetRequest | |
UpdateIPSetResponse | |
UpdateMemberDetectorsRequest | |
UpdateMemberDetectorsResponse | |
UpdateOrganizationConfigurationRequest | |
UpdateOrganizationConfigurationResponse | |
UpdatePublishingDestinationRequest | |
UpdatePublishingDestinationResponse | |
UpdateThreatIntelSetRequest | |
UpdateThreatIntelSetResponse | |
UsageAccountResult | Contains information on the total of usage based on account IDs. |
UsageCriteria | Contains information about the criteria used to query usage statistics. |
UsageDataSourceResult | Contains information on the result of usage based on data source type. |
UsageResourceResult | Contains information on the sum of usage based on an AWS resource. |
UsageStatistics | Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null. |
Enums
AcceptInvitationError | Errors returned by AcceptInvitation |
ArchiveFindingsError | Errors returned by ArchiveFindings |
CreateDetectorError | Errors returned by CreateDetector |
CreateFilterError | Errors returned by CreateFilter |
CreateIPSetError | Errors returned by CreateIPSet |
CreateMembersError | Errors returned by CreateMembers |
CreatePublishingDestinationError | Errors returned by CreatePublishingDestination |
CreateSampleFindingsError | Errors returned by CreateSampleFindings |
CreateThreatIntelSetError | Errors returned by CreateThreatIntelSet |
DeclineInvitationsError | Errors returned by DeclineInvitations |
DeleteDetectorError | Errors returned by DeleteDetector |
DeleteFilterError | Errors returned by DeleteFilter |
DeleteIPSetError | Errors returned by DeleteIPSet |
DeleteInvitationsError | Errors returned by DeleteInvitations |
DeleteMembersError | Errors returned by DeleteMembers |
DeletePublishingDestinationError | Errors returned by DeletePublishingDestination |
DeleteThreatIntelSetError | Errors returned by DeleteThreatIntelSet |
DescribeOrganizationConfigurationError | Errors returned by DescribeOrganizationConfiguration |
DescribePublishingDestinationError | Errors returned by DescribePublishingDestination |
DisableOrganizationAdminAccountError | Errors returned by DisableOrganizationAdminAccount |
DisassociateFromMasterAccountError | Errors returned by DisassociateFromMasterAccount |
DisassociateMembersError | Errors returned by DisassociateMembers |
EnableOrganizationAdminAccountError | Errors returned by EnableOrganizationAdminAccount |
GetDetectorError | Errors returned by GetDetector |
GetFilterError | Errors returned by GetFilter |
GetFindingsError | Errors returned by GetFindings |
GetFindingsStatisticsError | Errors returned by GetFindingsStatistics |
GetIPSetError | Errors returned by GetIPSet |
GetInvitationsCountError | Errors returned by GetInvitationsCount |
GetMasterAccountError | Errors returned by GetMasterAccount |
GetMemberDetectorsError | Errors returned by GetMemberDetectors |
GetMembersError | Errors returned by GetMembers |
GetThreatIntelSetError | Errors returned by GetThreatIntelSet |
GetUsageStatisticsError | Errors returned by GetUsageStatistics |
InviteMembersError | Errors returned by InviteMembers |
ListDetectorsError | Errors returned by ListDetectors |
ListFiltersError | Errors returned by ListFilters |
ListFindingsError | Errors returned by ListFindings |
ListIPSetsError | Errors returned by ListIPSets |
ListInvitationsError | Errors returned by ListInvitations |
ListMembersError | Errors returned by ListMembers |
ListOrganizationAdminAccountsError | Errors returned by ListOrganizationAdminAccounts |
ListPublishingDestinationsError | Errors returned by ListPublishingDestinations |
ListTagsForResourceError | Errors returned by ListTagsForResource |
ListThreatIntelSetsError | Errors returned by ListThreatIntelSets |
StartMonitoringMembersError | Errors returned by StartMonitoringMembers |
StopMonitoringMembersError | Errors returned by StopMonitoringMembers |
TagResourceError | Errors returned by TagResource |
UnarchiveFindingsError | Errors returned by UnarchiveFindings |
UntagResourceError | Errors returned by UntagResource |
UpdateDetectorError | Errors returned by UpdateDetector |
UpdateFilterError | Errors returned by UpdateFilter |
UpdateFindingsFeedbackError | Errors returned by UpdateFindingsFeedback |
UpdateIPSetError | Errors returned by UpdateIPSet |
UpdateMemberDetectorsError | Errors returned by UpdateMemberDetectors |
UpdateOrganizationConfigurationError | Errors returned by UpdateOrganizationConfiguration |
UpdatePublishingDestinationError | Errors returned by UpdatePublishingDestination |
UpdateThreatIntelSetError | Errors returned by UpdateThreatIntelSet |
Traits
GuardDuty | Trait representing the capabilities of the Amazon GuardDuty API. Amazon GuardDuty clients implement this trait. |