diff --git a/awscli/examples/guardduty/accept-invitation.rst b/awscli/examples/guardduty/accept-invitation.rst index e9d757df61b8..d82af3c153f9 100644 --- a/awscli/examples/guardduty/accept-invitation.rst +++ b/awscli/examples/guardduty/accept-invitation.rst @@ -6,7 +6,7 @@ The following ``accept-invitation`` example shows how to accept an invitation to --detector-id 12abc34d567e8fa901bc2d34eexample \ --master-id 123456789111 \ --invitation-id d6b94fb03a66ff665f7db8764example - + This command produces no output. -For more information, see `Managing GuardDuty Accounts by Invitation `__ in the GuardDuty User Guide. \ No newline at end of file +For more information, see `Managing GuardDuty accounts by invitation `__ in the GuardDuty User Guide. diff --git a/awscli/examples/guardduty/archive-findings.rst b/awscli/examples/guardduty/archive-findings.rst index 96a878efed02..c67b714ddefb 100644 --- a/awscli/examples/guardduty/archive-findings.rst +++ b/awscli/examples/guardduty/archive-findings.rst @@ -1,11 +1,11 @@ **To archive findings in the current region** -This example shows how to archive findings in the current region. :: +This ``archive-findings`` example shows how to archive findings in the current region. :: aws guardduty archive-findings \ --detector-id 12abc34d567e8fa901bc2d34eexample \ --finding-ids d6b94fb03a66ff665f7db8764example 3eb970e0de00c16ec14e6910fexample -This command produces no output. +This command produces no output. -For more information, see `Managing GuardDuty Accounts by Invitation `__ in the *GuardDuty User Guide*. \ No newline at end of file +For more information, see `Creating suppression rules `__ in the *GuardDuty User Guide*. diff --git a/awscli/examples/guardduty/create-filter.rst b/awscli/examples/guardduty/create-filter.rst index f888154ff8ea..d074dccd4a94 100644 --- a/awscli/examples/guardduty/create-filter.rst +++ b/awscli/examples/guardduty/create-filter.rst @@ -1,17 +1,34 @@ -**To create a new filter for the current region** +**Example 1: To create a new filter in the current region** -This example creates a filter that matches all portscan findings for instance created from a specific image.:: +The following ``create-filter`` example creates a filter that matches all Portscan findings for instance created from a specific image. This does not suppress those findings. :: + + aws guardduty create-filter \ + --detector-id b6b992d6d2f48e64bc59180bfexample \ + --name myFilterExample \ + --finding-criteria '{"Criterion": {"type": {"Eq": ["Recon:EC2/Portscan"]},"resource.instanceDetails.imageId": {"Eq": ["ami-0a7a207083example"]}}}' + +Output:: + + { + "Name": "myFilterExample" + } + +For more information, see `Filtering GuardDuty findings `__ in the *GuardDuty User Guide*. + +**Example 2: To create a new filter and suppress findings in the current region** + +The following ``create-filter`` example creates a filter that matches all Portscan findings for instance created from a specific image. This filter archives those findings so that they do not appear in your current findings. :: aws guardduty create-filter \ --detector-id b6b992d6d2f48e64bc59180bfexample \ --action ARCHIVE \ - --name myFilter \ + --name myFilterSecondExample \ --finding-criteria '{"Criterion": {"type": {"Eq": ["Recon:EC2/Portscan"]},"resource.instanceDetails.imageId": {"Eq": ["ami-0a7a207083example"]}}}' Output:: { - "Name": "myFilter" + "Name": "myFilterSecondExample" } -For more information, see `Filtering findings `__ in the *GuardDuty User Guide*. +For more information, see `Filtering GuardDuty findings `__ in the *GuardDuty User Guide*. diff --git a/awscli/examples/guardduty/create-ip-set.rst b/awscli/examples/guardduty/create-ip-set.rst index f2f3b7577bee..580049c4e202 100644 --- a/awscli/examples/guardduty/create-ip-set.rst +++ b/awscli/examples/guardduty/create-ip-set.rst @@ -1,18 +1,18 @@ -**To create a trusted IP set** +**To create and activate a trusted IP set** -The following ``create-ip-set`` example creates and activates a trusted IP set in the current region. :: +The following ``create-ip-set`` example creates and activates a trusted IP set in the current Region. :: aws guardduty create-ip-set \ --detector-id 12abc34d567e8fa901bc2d34eexample \ - --name new-ip-set \ - --format TXT - --location s3://amzn-s3-demo-bucket/customtrustlist.csv + --name new-ip-set-example \ + --format TXT \ + --location s3://amzn-s3-demo-bucket/customtrustlist.csv \ --activate Output:: - + { "IpSetId": "d4b94fc952d6912b8f3060768example" } -For more information, see `Working with Trusted IP Lists and Threat Lists `__ in the GuardDuty User Guide. \ No newline at end of file +For more information, see `Working with Trusted IP Lists and Threat Lists `__ in the *GuardDuty User Guide*. \ No newline at end of file diff --git a/awscli/examples/guardduty/create-publishing-destination.rst b/awscli/examples/guardduty/create-publishing-destination.rst index 2321d5394cfc..5d5e883cfef3 100644 --- a/awscli/examples/guardduty/create-publishing-destination.rst +++ b/awscli/examples/guardduty/create-publishing-destination.rst @@ -1,11 +1,11 @@ **To create a publishing destination to export GuardDuty findings in the current region to.** -This example shows how to create a publishing destination for GuardDuty findings. :: +The following ``create-publishing-destination`` example shows how to set up a publishing destination to export current (not archived) GuardDuty findings to keep track of historical findings data. :: aws guardduty create-publishing-destination \ --detector-id b6b992d6d2f48e64bc59180bfexample \ --destination-type S3 \ - --destination-properties DestinationArn=arn:aws:s3:::yourbucket,KmsKeyArn=arn:aws:kms:us-west-1:111122223333:key/84cee9c5-dea1-401a-ab6d-e1de7example + --destination-properties 'DestinationArn=arn:aws:s3:::amzn-s3-demo-bucket,KmsKeyArn=arn:aws:kms:us-west-1:111122223333:key/84cee9c5-dea1-401a-ab6d-e1de7example' Output:: @@ -13,4 +13,4 @@ Output:: "DestinationId": "46b99823849e1bbc242dfbe3cexample" } -For more information, see `Exporting findings `__ in the *GuardDuty User Guide*. \ No newline at end of file +For more information, see `Exporting generated GuardDuty findings to Amazon S3 buckets `__ in the *GuardDuty User Guide*. \ No newline at end of file diff --git a/awscli/examples/guardduty/create-threat-intel-set.rst b/awscli/examples/guardduty/create-threat-intel-set.rst index 045f812532e6..aecffff3e69f 100644 --- a/awscli/examples/guardduty/create-threat-intel-set.rst +++ b/awscli/examples/guardduty/create-threat-intel-set.rst @@ -1,12 +1,12 @@ -**To create a new threat intel set in the current region.** +**To create and activate a new threat intel set** -This example shows how to upload a threat intel set to GuardDuty and activate it immediately. :: +The following ``create-threat-intel-set`` example creates and activates a threat intel set in the current Region. :: aws guardduty create-threat-intel-set \ --detector-id b6b992d6d2f48e64bc59180bfexample \ - --name myThreatSet \ + --name myThreatSet-example \ --format TXT \ - --location s3://EXAMPLEBUCKET/threatlist.csv \ + --location s3://amzn-s3-demo-bucket/threatlist.csv \ --activate Output:: @@ -15,4 +15,4 @@ Output:: "ThreatIntelSetId": "20b9a4691aeb33506b808878cexample" } -For more information, see `Trusted IP and threat lists `__ in the *GuardDuty User Guide*. +For more information, see `Working with Trusted IP Lists and Threat Lists `__ in the *GuardDuty User Guide*. diff --git a/awscli/examples/guardduty/disassociate-from-master-account.rst b/awscli/examples/guardduty/disassociate-from-master-account.rst index 5e91537cab68..3159006ad7c6 100644 --- a/awscli/examples/guardduty/disassociate-from-master-account.rst +++ b/awscli/examples/guardduty/disassociate-from-master-account.rst @@ -1,10 +1,10 @@ -**To disassociate from your current master account in the current region** +**To disassociate from your current administrator account in the current region** -The following ``disassociate-from-master-account`` example dissassociates your account from the current GuardDuty master account in the current AWS region. :: +The following ``disassociate-from-master-account`` example dissassociates your account from the current GuardDuty administrator account in the current AWS region. :: aws guardduty disassociate-from-master-account \ --detector-id d4b040365221be2b54a6264dcexample This command produces no output. -For more information, see `Understanding the Relationship between GuardDuty Master and Member Accounts `__ in the GuardDuty User Guide. \ No newline at end of file +For more information, see `Understanding the relationship between GuardDuty administrator account and member accounts `__ in the *GuardDuty User Guide*. diff --git a/awscli/examples/guardduty/get-ip-set.rst b/awscli/examples/guardduty/get-ip-set.rst index 1fce0feee905..8a8acc04c596 100644 --- a/awscli/examples/guardduty/get-ip-set.rst +++ b/awscli/examples/guardduty/get-ip-set.rst @@ -1,6 +1,6 @@ **To list get details on a specified trusted IP set** -The following ``get-ip-set`` example shows the status and details of the specififed trusted IP set. :: +The following ``get-ip-set`` example shows the status and details of the specified trusted IP set. :: aws guardduty get-ip-set \ --detector-id 12abc34d567e8fa901bc2d34eexample \ @@ -13,7 +13,7 @@ Output:: "Location": "s3://amzn-s3-demo-bucket.s3-us-west-2.amazonaws.com/customlist.csv", "Tags": {}, "Format": "TXT", - "Name": "test-ip-set" + "Name": "test-ip-set-example" } -For more information, see `Working with Trusted IP Lists and Threat Lists `__ in the GuardDuty User Guide. \ No newline at end of file +For more information, see `Working with Trusted IP Lists and Threat Lists `__ in the *GuardDuty User Guide*. diff --git a/awscli/examples/guardduty/get-master-account.rst b/awscli/examples/guardduty/get-master-account.rst index 50fb80a900fd..11d9e6699408 100644 --- a/awscli/examples/guardduty/get-master-account.rst +++ b/awscli/examples/guardduty/get-master-account.rst @@ -12,8 +12,8 @@ Output:: "InvitationId": "04b94d9704854a73f94e061e8example", "InvitedAt": "2020-06-09T22:23:04.970Z", "RelationshipStatus": "Enabled", - "AccountId": "123456789111" + "AccountId": "111122223333" } } -For more information, see `Understanding the Relationship between GuardDuty Master and Member Accounts `__ in the GuardDuty User Guide. \ No newline at end of file +For more information, see `Understanding the relationship between GuardDuty administrator account and member account `__ in the *GuardDuty User Guide*. \ No newline at end of file diff --git a/awscli/examples/guardduty/list-members.rst b/awscli/examples/guardduty/list-members.rst index b203777b1fd0..435d5a1c2f35 100644 --- a/awscli/examples/guardduty/list-members.rst +++ b/awscli/examples/guardduty/list-members.rst @@ -1,24 +1,51 @@ -**To list all members in the current region** +**Example 1: To list only current members in the current Region** -The following ``list-members`` example lists all member accounts and their details for the current region. :: +The following ``list-members`` example lists and provides details of only current member accounts associated with the GuardDuty administrator account, in the current region. :: aws guardduty list-members \ - --detector-id 12abc34d567e8fa901bc2d34eexample + --detector-id 12abc34d567e8fa901bc2d34eexample \ + --only-associated="true" Output:: - + { "Members": [ { "RelationshipStatus": "Enabled", "InvitedAt": "2020-06-09T22:49:00.910Z", - "MasterId": "123456789111", + "MasterId": "111122223333", "DetectorId": "7ab8b2f61b256c87f793f6a86example", "UpdatedAt": "2020-06-09T23:08:22.512Z", "Email": "your+member@example.com", - "AccountId": "123456789222" + "AccountId": "123456789012" + } + ] + } + +For more information, see `Understanding the relationship between GuardDuty administrator account and member accounts `__ in the *GuardDuty User Guide*. + +**Example 2: To list all the members in the current Region** + +The following ``list-members`` example lists and provides details of all the member accounts, including those who have been disassociated or have not yet accepted the invite from the GuardDuty administrator, in the current region. :: + + aws guardduty list-members \ + --detector-id 12abc34d567e8fa901bc2d34eexample \ + --only-associated="false" + +Output:: + + { + "Members": [ + { + "RelationshipStatus": "Enabled", + "InvitedAt": "2020-06-09T22:49:00.910Z", + "MasterId": "111122223333", + "DetectorId": "7ab8b2f61b256c87f793f6a86example", + "UpdatedAt": "2020-06-09T23:08:22.512Z", + "Email": "your+other+member@example.com", + "AccountId": "555555555555" } ] } -For more information, see `Understanding the Relationship between GuardDuty Master and Member Accounts `__ in the GuardDuty User Guide. \ No newline at end of file +For more information, see `Understanding the relationship between GuardDuty administrator account and member accounts `__ in the *GuardDuty User Guide*. diff --git a/awscli/examples/guardduty/update-ip-set.rst b/awscli/examples/guardduty/update-ip-set.rst index 320705cf359c..fce7c381705f 100644 --- a/awscli/examples/guardduty/update-ip-set.rst +++ b/awscli/examples/guardduty/update-ip-set.rst @@ -9,4 +9,4 @@ The following ``update-ip-set`` example shows how to update the details of a tru This command produces no output. -For more information, see `Working with Trusted IP Lists and Threat Lists `__ in the GuardDuty User Guide. \ No newline at end of file +For more information, see `Working with Trusted IP Lists and Threat Lists `__ in the *GuardDuty User Guide*.