Expand description
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin.
GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the Amazon GuardDuty User Guide .
If you’re using the service, you’re probably looking for GuardDutyClient and GuardDuty.
Structs§
- Accept
Invitation Request - Accept
Invitation Response - Access
Control List Contains information on the current access control policies for the bucket.
- Access
KeyDetails Contains information about the access keys.
- Account
Detail Contains information about the account.
- Account
Level Permissions Contains information about the account level permissions on the S3 bucket.
- Action
Contains information about actions.
- Admin
Account The account within the organization specified as the GuardDuty delegated administrator.
- Archive
Findings Request - Archive
Findings Response - AwsApi
Call Action Contains information about the API action.
- Block
Public Access Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.
- Bucket
Level Permissions Contains information about the bucket level permissions for the S3 bucket.
- Bucket
Policy Contains information on the current bucket policies for the S3 bucket.
- City
Contains information about the city associated with the IP address.
- Cloud
Trail Configuration Result Contains information on the status of CloudTrail as a data source for the detector.
- Condition
Contains information about the condition.
- Country
Contains information about the country where the remote IP address is located.
- Create
Detector Request - Create
Detector Response - Create
Filter Request - Create
Filter Response - CreateIP
SetRequest - CreateIP
SetResponse - Create
Members Request - Create
Members Response - Create
Publishing Destination Request - Create
Publishing Destination Response - Create
Sample Findings Request - Create
Sample Findings Response - Create
Threat Intel SetRequest - Create
Threat Intel SetResponse - DNSLogs
Configuration Result Contains information on the status of DNS logs as a data source.
- Data
Source Configurations Contains information about which data sources are enabled.
- Data
Source Configurations Result Contains information on the status of data sources for the detector.
- Decline
Invitations Request - Decline
Invitations Response - Default
Server Side Encryption Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.
- Delete
Detector Request - Delete
Detector Response - Delete
Filter Request - Delete
Filter Response - DeleteIP
SetRequest - DeleteIP
SetResponse - Delete
Invitations Request - Delete
Invitations Response - Delete
Members Request - Delete
Members Response - Delete
Publishing Destination Request - Delete
Publishing Destination Response - Delete
Threat Intel SetRequest - Delete
Threat Intel SetResponse - Describe
Organization Configuration Request - Describe
Organization Configuration Response - Describe
Publishing Destination Request - Describe
Publishing Destination Response - Destination
Contains information about the publishing destination, including the ID, type, and status.
- Destination
Properties Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.
- Disable
Organization Admin Account Request - Disable
Organization Admin Account Response - Disassociate
From Master Account Request - Disassociate
From Master Account Response - Disassociate
Members Request - Disassociate
Members Response - DnsRequest
Action Contains information about the DNS_REQUEST action described in this finding.
- Domain
Details Contains information about the domain.
- Enable
Organization Admin Account Request - Enable
Organization Admin Account Response - Evidence
Contains information about the reason that the finding was generated.
- Finding
Contains information about the finding, which is generated when abnormal or suspicious activity is detected.
- Finding
Criteria Contains information about the criteria used for querying findings.
- Finding
Statistics Contains information about finding statistics.
- Flow
Logs Configuration Result Contains information on the status of VPC flow logs as a data source.
- GeoLocation
Contains information about the location of the remote IP address.
- GetDetector
Request - GetDetector
Response - GetFilter
Request - GetFilter
Response - GetFindings
Request - GetFindings
Response - GetFindings
Statistics Request - GetFindings
Statistics Response - GetIP
SetRequest - GetIP
SetResponse - GetInvitations
Count Request - GetInvitations
Count Response - GetMaster
Account Request - GetMaster
Account Response - GetMember
Detectors Request - GetMember
Detectors Response - GetMembers
Request - GetMembers
Response - GetThreat
Intel SetRequest - GetThreat
Intel SetResponse - GetUsage
Statistics Request - GetUsage
Statistics Response - Guard
Duty Client - A client for the Amazon GuardDuty API.
- IamInstance
Profile Contains information about the EC2 instance profile.
- Instance
Details Contains information about the details of an instance.
- Invitation
Contains information about the invitation to become a member account.
- Invite
Members Request - Invite
Members Response - List
Detectors Request - List
Detectors Response - List
Filters Request - List
Filters Response - List
Findings Request - List
Findings Response - ListIP
Sets Request - ListIP
Sets Response - List
Invitations Request - List
Invitations Response - List
Members Request - List
Members Response - List
Organization Admin Accounts Request - List
Organization Admin Accounts Response - List
Publishing Destinations Request - List
Publishing Destinations Response - List
Tags ForResource Request - List
Tags ForResource Response - List
Threat Intel Sets Request - List
Threat Intel Sets Response - Local
IpDetails Contains information about the local IP address of the connection.
- Local
Port Details Contains information about the port for the local connection.
- Master
Contains information about the administrator account and invitation.
- Member
Contains information about the member account.
- Member
Data Source Configuration Contains information on which data sources are enabled for a member account.
- Network
Connection Action Contains information about the NETWORK_CONNECTION action described in the finding.
- Network
Interface Contains information about the elastic network interface of the EC2 instance.
- Organization
Contains information about the ISP organization of the remote IP address.
- Organization
Data Source Configurations An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.
- Organization
Data Source Configurations Result An object that contains information on which data sources are automatically enabled for new members within the organization.
- Organization
S3Logs Configuration Describes whether S3 data event logs will be automatically enabled for new members of the organization.
- Organization
S3Logs Configuration Result The current configuration of S3 data event logs as a data source for the organization.
- Owner
Contains information on the owner of the bucket.
- Permission
Configuration Contains information about how permissions are configured for the S3 bucket.
- Port
Probe Action Contains information about the PORT_PROBE action described in the finding.
- Port
Probe Detail Contains information about the port probe details.
- Private
IpAddress Details Contains other private IP address information of the EC2 instance.
- Product
Code Contains information about the product code for the EC2 instance.
- Public
Access Describes the public access policies that apply to the S3 bucket.
- Remote
IpDetails Contains information about the remote IP address of the connection.
- Remote
Port Details Contains information about the remote port.
- Resource
Contains information about the AWS resource associated with the activity that prompted GuardDuty to generate a finding.
- S3Bucket
Detail Contains information on the S3 bucket.
- S3Logs
Configuration Describes whether S3 data event logs will be enabled as a data source.
- S3Logs
Configuration Result Describes whether S3 data event logs will be enabled as a data source.
- Security
Group Contains information about the security groups associated with the EC2 instance.
- Service
Contains additional information about the generated finding.
- Sort
Criteria Contains information about the criteria used for sorting findings.
- Start
Monitoring Members Request - Start
Monitoring Members Response - Stop
Monitoring Members Request - Stop
Monitoring Members Response - Tag
Contains information about a tag associated with the EC2 instance.
- TagResource
Request - TagResource
Response - Threat
Intelligence Detail An instance of a threat intelligence detail that constitutes evidence for the finding.
- Total
Contains the total usage with the corresponding currency unit for that value.
- Unarchive
Findings Request - Unarchive
Findings Response - Unprocessed
Account Contains information about the accounts that weren't processed.
- Untag
Resource Request - Untag
Resource Response - Update
Detector Request - Update
Detector Response - Update
Filter Request - Update
Filter Response - Update
Findings Feedback Request - Update
Findings Feedback Response - UpdateIP
SetRequest - UpdateIP
SetResponse - Update
Member Detectors Request - Update
Member Detectors Response - Update
Organization Configuration Request - Update
Organization Configuration Response - Update
Publishing Destination Request - Update
Publishing Destination Response - Update
Threat Intel SetRequest - Update
Threat Intel SetResponse - Usage
Account Result Contains information on the total of usage based on account IDs.
- Usage
Criteria Contains information about the criteria used to query usage statistics.
- Usage
Data Source Result Contains information on the result of usage based on data source type.
- Usage
Resource Result Contains information on the sum of usage based on an AWS resource.
- Usage
Statistics Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null.
Enums§
- Accept
Invitation Error - Errors returned by AcceptInvitation
- Archive
Findings Error - Errors returned by ArchiveFindings
- Create
Detector Error - Errors returned by CreateDetector
- Create
Filter Error - Errors returned by CreateFilter
- CreateIP
SetError - Errors returned by CreateIPSet
- Create
Members Error - Errors returned by CreateMembers
- Create
Publishing Destination Error - Errors returned by CreatePublishingDestination
- Create
Sample Findings Error - Errors returned by CreateSampleFindings
- Create
Threat Intel SetError - Errors returned by CreateThreatIntelSet
- Decline
Invitations Error - Errors returned by DeclineInvitations
- Delete
Detector Error - Errors returned by DeleteDetector
- Delete
Filter Error - Errors returned by DeleteFilter
- DeleteIP
SetError - Errors returned by DeleteIPSet
- Delete
Invitations Error - Errors returned by DeleteInvitations
- Delete
Members Error - Errors returned by DeleteMembers
- Delete
Publishing Destination Error - Errors returned by DeletePublishingDestination
- Delete
Threat Intel SetError - Errors returned by DeleteThreatIntelSet
- Describe
Organization Configuration Error - Errors returned by DescribeOrganizationConfiguration
- Describe
Publishing Destination Error - Errors returned by DescribePublishingDestination
- Disable
Organization Admin Account Error - Errors returned by DisableOrganizationAdminAccount
- Disassociate
From Master Account Error - Errors returned by DisassociateFromMasterAccount
- Disassociate
Members Error - Errors returned by DisassociateMembers
- Enable
Organization Admin Account Error - Errors returned by EnableOrganizationAdminAccount
- GetDetector
Error - Errors returned by GetDetector
- GetFilter
Error - Errors returned by GetFilter
- GetFindings
Error - Errors returned by GetFindings
- GetFindings
Statistics Error - Errors returned by GetFindingsStatistics
- GetIP
SetError - Errors returned by GetIPSet
- GetInvitations
Count Error - Errors returned by GetInvitationsCount
- GetMaster
Account Error - Errors returned by GetMasterAccount
- GetMember
Detectors Error - Errors returned by GetMemberDetectors
- GetMembers
Error - Errors returned by GetMembers
- GetThreat
Intel SetError - Errors returned by GetThreatIntelSet
- GetUsage
Statistics Error - Errors returned by GetUsageStatistics
- Invite
Members Error - Errors returned by InviteMembers
- List
Detectors Error - Errors returned by ListDetectors
- List
Filters Error - Errors returned by ListFilters
- List
Findings Error - Errors returned by ListFindings
- ListIP
Sets Error - Errors returned by ListIPSets
- List
Invitations Error - Errors returned by ListInvitations
- List
Members Error - Errors returned by ListMembers
- List
Organization Admin Accounts Error - Errors returned by ListOrganizationAdminAccounts
- List
Publishing Destinations Error - Errors returned by ListPublishingDestinations
- List
Tags ForResource Error - Errors returned by ListTagsForResource
- List
Threat Intel Sets Error - Errors returned by ListThreatIntelSets
- Start
Monitoring Members Error - Errors returned by StartMonitoringMembers
- Stop
Monitoring Members Error - Errors returned by StopMonitoringMembers
- TagResource
Error - Errors returned by TagResource
- Unarchive
Findings Error - Errors returned by UnarchiveFindings
- Untag
Resource Error - Errors returned by UntagResource
- Update
Detector Error - Errors returned by UpdateDetector
- Update
Filter Error - Errors returned by UpdateFilter
- Update
Findings Feedback Error - Errors returned by UpdateFindingsFeedback
- UpdateIP
SetError - Errors returned by UpdateIPSet
- Update
Member Detectors Error - Errors returned by UpdateMemberDetectors
- Update
Organization Configuration Error - Errors returned by UpdateOrganizationConfiguration
- Update
Publishing Destination Error - Errors returned by UpdatePublishingDestination
- Update
Threat Intel SetError - Errors returned by UpdateThreatIntelSet
Traits§
- Guard
Duty - Trait representing the capabilities of the Amazon GuardDuty API. Amazon GuardDuty clients implement this trait.