diff --git a/clients/client-guardduty/src/commands/GetFindingsCommand.ts b/clients/client-guardduty/src/commands/GetFindingsCommand.ts index 1621a34ca0ac..20ab4b6e5a20 100644 --- a/clients/client-guardduty/src/commands/GetFindingsCommand.ts +++ b/clients/client-guardduty/src/commands/GetFindingsCommand.ts @@ -813,6 +813,177 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * // }, * // }, * // }, + * // Sequence: { // Sequence + * // Uid: "STRING_VALUE", // required + * // Description: "STRING_VALUE", // required + * // Actors: [ // Actors + * // { // Actor + * // Id: "STRING_VALUE", // required + * // User: { // User + * // Name: "STRING_VALUE", // required + * // Uid: "STRING_VALUE", // required + * // Type: "STRING_VALUE", // required + * // CredentialUid: "STRING_VALUE", + * // Account: { // Account + * // Uid: "STRING_VALUE", // required + * // Name: "STRING_VALUE", + * // }, + * // }, + * // Session: { // Session + * // Uid: "STRING_VALUE", + * // MfaStatus: "ENABLED" || "DISABLED", + * // CreatedTime: new Date("TIMESTAMP"), + * // Issuer: "STRING_VALUE", + * // }, + * // }, + * // ], + * // Resources: [ // Resources + * // { // ResourceV2 + * // Uid: "STRING_VALUE", // required + * // Name: "STRING_VALUE", + * // AccountId: "STRING_VALUE", + * // ResourceType: "EC2_INSTANCE" || "EC2_NETWORK_INTERFACE" || "S3_BUCKET" || "S3_OBJECT" || "ACCESS_KEY", // required + * // Region: "STRING_VALUE", + * // Service: "STRING_VALUE", + * // CloudPartition: "STRING_VALUE", + * // Tags: "", + * // Data: { // ResourceData + * // S3Bucket: { // S3Bucket + * // OwnerId: "STRING_VALUE", + * // CreatedAt: new Date("TIMESTAMP"), + * // EncryptionType: "STRING_VALUE", + * // EncryptionKeyArn: "STRING_VALUE", + * // EffectivePermission: "STRING_VALUE", + * // PublicReadAccess: "BLOCKED" || "ALLOWED", + * // PublicWriteAccess: "BLOCKED" || "ALLOWED", + * // AccountPublicAccess: { // PublicAccessConfiguration + * // PublicAclAccess: "BLOCKED" || "ALLOWED", + * // PublicPolicyAccess: "BLOCKED" || "ALLOWED", + * // PublicAclIgnoreBehavior: "IGNORED" || "NOT_IGNORED", + * // PublicBucketRestrictBehavior: "RESTRICTED" || "NOT_RESTRICTED", + * // }, + * // BucketPublicAccess: { + * // PublicAclAccess: "BLOCKED" || "ALLOWED", + * // PublicPolicyAccess: "BLOCKED" || "ALLOWED", + * // PublicAclIgnoreBehavior: "IGNORED" || "NOT_IGNORED", + * // PublicBucketRestrictBehavior: "RESTRICTED" || "NOT_RESTRICTED", + * // }, + * // S3ObjectUids: [ // S3ObjectUids + * // "STRING_VALUE", + * // ], + * // }, + * // Ec2Instance: { // Ec2Instance + * // AvailabilityZone: "STRING_VALUE", + * // ImageDescription: "STRING_VALUE", + * // InstanceState: "STRING_VALUE", + * // IamInstanceProfile: { + * // Arn: "STRING_VALUE", + * // Id: "STRING_VALUE", + * // }, + * // InstanceType: "STRING_VALUE", + * // OutpostArn: "STRING_VALUE", + * // Platform: "STRING_VALUE", + * // ProductCodes: [ + * // { + * // Code: "STRING_VALUE", + * // ProductType: "STRING_VALUE", + * // }, + * // ], + * // Ec2NetworkInterfaceUids: [ // Ec2NetworkInterfaceUids + * // "STRING_VALUE", + * // ], + * // }, + * // AccessKey: { // AccessKey + * // PrincipalId: "STRING_VALUE", + * // UserName: "STRING_VALUE", + * // UserType: "STRING_VALUE", + * // }, + * // Ec2NetworkInterface: { // Ec2NetworkInterface + * // Ipv6Addresses: [ + * // "STRING_VALUE", + * // ], + * // PrivateIpAddresses: [ + * // { + * // PrivateDnsName: "STRING_VALUE", + * // PrivateIpAddress: "STRING_VALUE", + * // }, + * // ], + * // PublicIp: "STRING_VALUE", + * // SecurityGroups: "", + * // SubNetId: "STRING_VALUE", + * // VpcId: "STRING_VALUE", + * // }, + * // S3Object: { // S3Object + * // ETag: "STRING_VALUE", + * // Key: "STRING_VALUE", + * // VersionId: "STRING_VALUE", + * // }, + * // }, + * // }, + * // ], + * // Endpoints: [ // NetworkEndpoints + * // { // NetworkEndpoint + * // Id: "STRING_VALUE", // required + * // Ip: "STRING_VALUE", + * // Domain: "STRING_VALUE", + * // Port: Number("int"), + * // Location: { // NetworkGeoLocation + * // City: "STRING_VALUE", // required + * // Country: "STRING_VALUE", // required + * // Latitude: Number("double"), // required + * // Longitude: Number("double"), // required + * // }, + * // AutonomousSystem: { // AutonomousSystem + * // Name: "STRING_VALUE", // required + * // Number: Number("int"), // required + * // }, + * // Connection: { // NetworkConnection + * // Direction: "INBOUND" || "OUTBOUND", // required + * // }, + * // }, + * // ], + * // Signals: [ // Signals // required + * // { // Signal + * // Uid: "STRING_VALUE", // required + * // Type: "FINDING" || "CLOUD_TRAIL" || "S3_DATA_EVENTS", // required + * // Description: "STRING_VALUE", + * // Name: "STRING_VALUE", // required + * // CreatedAt: new Date("TIMESTAMP"), // required + * // UpdatedAt: new Date("TIMESTAMP"), // required + * // FirstSeenAt: new Date("TIMESTAMP"), // required + * // LastSeenAt: new Date("TIMESTAMP"), // required + * // Severity: Number("double"), + * // Count: Number("int"), // required + * // ResourceUids: [ // ResourceUids + * // "STRING_VALUE", + * // ], + * // ActorIds: [ // ActorIds + * // "STRING_VALUE", + * // ], + * // EndpointIds: [ // EndpointIds + * // "STRING_VALUE", + * // ], + * // SignalIndicators: [ // Indicators + * // { // Indicator + * // Key: "SUSPICIOUS_USER_AGENT" || "SUSPICIOUS_NETWORK" || "MALICIOUS_IP" || "TOR_IP" || "ATTACK_TACTIC" || "HIGH_RISK_API" || "ATTACK_TECHNIQUE" || "UNUSUAL_API_FOR_ACCOUNT" || "UNUSUAL_ASN_FOR_ACCOUNT" || "UNUSUAL_ASN_FOR_USER", // required + * // Values: [ // IndicatorValues + * // "STRING_VALUE", + * // ], + * // Title: "STRING_VALUE", + * // }, + * // ], + * // }, + * // ], + * // SequenceIndicators: [ + * // { + * // Key: "SUSPICIOUS_USER_AGENT" || "SUSPICIOUS_NETWORK" || "MALICIOUS_IP" || "TOR_IP" || "ATTACK_TACTIC" || "HIGH_RISK_API" || "ATTACK_TECHNIQUE" || "UNUSUAL_API_FOR_ACCOUNT" || "UNUSUAL_ASN_FOR_ACCOUNT" || "UNUSUAL_ASN_FOR_USER", // required + * // Values: [ + * // "STRING_VALUE", + * // ], + * // Title: "STRING_VALUE", + * // }, + * // ], + * // }, * // }, * // MalwareScanDetails: { // MalwareScanDetails * // Threats: [ // Threats @@ -833,6 +1004,7 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * // Title: "STRING_VALUE", * // Type: "STRING_VALUE", // required * // UpdatedAt: "STRING_VALUE", // required + * // AssociatedAttackSequenceArn: "STRING_VALUE", * // }, * // ], * // }; diff --git a/clients/client-guardduty/src/commands/GetIPSetCommand.ts b/clients/client-guardduty/src/commands/GetIPSetCommand.ts index eaa5c874b323..ff8439b16d3f 100644 --- a/clients/client-guardduty/src/commands/GetIPSetCommand.ts +++ b/clients/client-guardduty/src/commands/GetIPSetCommand.ts @@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { GuardDutyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../GuardDutyClient"; -import { GetIPSetRequest, GetIPSetResponse } from "../models/models_0"; +import { GetIPSetRequest, GetIPSetResponse } from "../models/models_1"; import { de_GetIPSetCommand, se_GetIPSetCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-guardduty/src/commands/GetMalwareProtectionPlanCommand.ts b/clients/client-guardduty/src/commands/GetMalwareProtectionPlanCommand.ts index db3730b05dc0..4df5db0238a8 100644 --- a/clients/client-guardduty/src/commands/GetMalwareProtectionPlanCommand.ts +++ b/clients/client-guardduty/src/commands/GetMalwareProtectionPlanCommand.ts @@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { GuardDutyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../GuardDutyClient"; -import { GetMalwareProtectionPlanRequest, GetMalwareProtectionPlanResponse } from "../models/models_0"; +import { GetMalwareProtectionPlanRequest, GetMalwareProtectionPlanResponse } from "../models/models_1"; import { de_GetMalwareProtectionPlanCommand, se_GetMalwareProtectionPlanCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-guardduty/src/commands/GetMalwareScanSettingsCommand.ts b/clients/client-guardduty/src/commands/GetMalwareScanSettingsCommand.ts index 33c0c4e9c4b8..df7659109558 100644 --- a/clients/client-guardduty/src/commands/GetMalwareScanSettingsCommand.ts +++ b/clients/client-guardduty/src/commands/GetMalwareScanSettingsCommand.ts @@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { GuardDutyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../GuardDutyClient"; -import { GetMalwareScanSettingsRequest, GetMalwareScanSettingsResponse } from "../models/models_0"; +import { GetMalwareScanSettingsRequest, GetMalwareScanSettingsResponse } from "../models/models_1"; import { de_GetMalwareScanSettingsCommand, se_GetMalwareScanSettingsCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-guardduty/src/commands/GetMasterAccountCommand.ts b/clients/client-guardduty/src/commands/GetMasterAccountCommand.ts index 8cadfa59425f..ccee51acadc9 100644 --- a/clients/client-guardduty/src/commands/GetMasterAccountCommand.ts +++ b/clients/client-guardduty/src/commands/GetMasterAccountCommand.ts @@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { GuardDutyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../GuardDutyClient"; -import { GetMasterAccountRequest, GetMasterAccountResponse } from "../models/models_0"; +import { GetMasterAccountRequest, GetMasterAccountResponse } from "../models/models_1"; import { de_GetMasterAccountCommand, se_GetMasterAccountCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts b/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts index 6c07bc837d81..7aed214c94d6 100644 --- a/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts +++ b/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts @@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { GuardDutyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../GuardDutyClient"; -import { GetMemberDetectorsRequest, GetMemberDetectorsResponse } from "../models/models_0"; +import { GetMemberDetectorsRequest, GetMemberDetectorsResponse } from "../models/models_1"; import { de_GetMemberDetectorsCommand, se_GetMemberDetectorsCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-guardduty/src/commands/GetMembersCommand.ts b/clients/client-guardduty/src/commands/GetMembersCommand.ts index f5ac4d3a8adb..efae44f0267a 100644 --- a/clients/client-guardduty/src/commands/GetMembersCommand.ts +++ b/clients/client-guardduty/src/commands/GetMembersCommand.ts @@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { GuardDutyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../GuardDutyClient"; -import { GetMembersRequest, GetMembersResponse, GetMembersResponseFilterSensitiveLog } from "../models/models_0"; +import { GetMembersRequest, GetMembersResponse, GetMembersResponseFilterSensitiveLog } from "../models/models_1"; import { de_GetMembersCommand, se_GetMembersCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-guardduty/src/models/models_0.ts b/clients/client-guardduty/src/models/models_0.ts index d3e237fc6d7c..c79554723473 100644 --- a/clients/client-guardduty/src/models/models_0.ts +++ b/clients/client-guardduty/src/models/models_0.ts @@ -184,6 +184,30 @@ export class AccessDeniedException extends __BaseException { } } +/** + *

Contains information about the access keys.

+ * @public + */ +export interface AccessKey { + /** + *

Principal ID of the user.

+ * @public + */ + PrincipalId?: string | undefined; + + /** + *

Name of the user.

+ * @public + */ + UserName?: string | undefined; + + /** + *

Type of the user.

+ * @public + */ + UserType?: string | undefined; +} + /** *

Contains information about the access keys.

* @public @@ -214,6 +238,24 @@ export interface AccessKeyDetails { UserType?: string | undefined; } +/** + *

Contains information about the account.

+ * @public + */ +export interface Account { + /** + *

ID of the member's Amazon Web Services account

+ * @public + */ + Uid: string | undefined; + + /** + *

Name of the member's Amazon Web Services account.

+ * @public + */ + Name?: string | undefined; +} + /** *

Contains information about the account.

* @public @@ -1131,6 +1173,113 @@ export interface Action { KubernetesRoleDetails?: KubernetesRoleDetails | undefined; } +/** + * @public + * @enum + */ +export const MfaStatus = { + DISABLED: "DISABLED", + ENABLED: "ENABLED", +} as const; + +/** + * @public + */ +export type MfaStatus = (typeof MfaStatus)[keyof typeof MfaStatus]; + +/** + *

Contains information about the authenticated session.

+ * @public + */ +export interface Session { + /** + *

The unique identifier of the session.

+ * @public + */ + Uid?: string | undefined; + + /** + *

Indicates whether or not multi-factor authencation (MFA) was used during authentication.

+ *

In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.

+ * @public + */ + MfaStatus?: MfaStatus | undefined; + + /** + *

The timestamp for when the session was created.

+ *

In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.attributes.creationDate.

+ * @public + */ + CreatedTime?: Date | undefined; + + /** + *

Identifier of the session issuer.

+ *

In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.sessionIssuer.arn.

+ * @public + */ + Issuer?: string | undefined; +} + +/** + *

Contains information about the user involved in the attack sequence.

+ * @public + */ +export interface User { + /** + *

The name of the user.

+ * @public + */ + Name: string | undefined; + + /** + *

The unique identifier of the user.

+ * @public + */ + Uid: string | undefined; + + /** + *

The type of the user.

+ * @public + */ + Type: string | undefined; + + /** + *

The credentials of the user ID.

+ * @public + */ + CredentialUid?: string | undefined; + + /** + *

Contains information about the Amazon Web Services account.

+ * @public + */ + Account?: Account | undefined; +} + +/** + *

Information about the actors involved in an attack sequence.

+ * @public + */ +export interface Actor { + /** + *

ID of the threat actor.

+ * @public + */ + Id: string | undefined; + + /** + *

Contains information about the user credentials used by the threat actor.

+ * @public + */ + User?: User | undefined; + + /** + *

Contains information about the user session where the activity initiated.

+ * @public + */ + Session?: Session | undefined; +} + /** *

Information about the installed EKS add-on (GuardDuty security agent).

* @public @@ -1361,6 +1510,25 @@ export const AutoEnableMembers = { */ export type AutoEnableMembers = (typeof AutoEnableMembers)[keyof typeof AutoEnableMembers]; +/** + *

Contains information about the Autonomous System (AS) associated with the network + * endpoints involved in an attack sequence.

+ * @public + */ +export interface AutonomousSystem { + /** + *

Name associated with the Autonomous System (AS).

+ * @public + */ + Name: string | undefined; + + /** + *

The unique number that identifies the Autonomous System (AS).

+ * @public + */ + Number: number | undefined; +} + /** *

Contains information on the current bucket policies for the S3 bucket.

* @public @@ -4565,458 +4733,511 @@ export interface Destination { } /** - *

Contains information about the detected behavior.

* @public + * @enum */ -export interface Detection { +export const NetworkDirection = { + INBOUND: "INBOUND", + OUTBOUND: "OUTBOUND", +} as const; + +/** + * @public + */ +export type NetworkDirection = (typeof NetworkDirection)[keyof typeof NetworkDirection]; + +/** + *

Contains information about the network connection.

+ * @public + */ +export interface NetworkConnection { /** - *

The details about the anomalous activity that caused GuardDuty to - * generate the finding.

+ *

The direction in which the network traffic is flowing.

* @public */ - Anomaly?: Anomaly | undefined; + Direction: NetworkDirection | undefined; } /** - *

Information about the additional configuration.

+ *

Contains information about network endpoint location.

* @public */ -export interface DetectorAdditionalConfigurationResult { +export interface NetworkGeoLocation { /** - *

Name of the additional configuration.

+ *

The name of the city.

* @public */ - Name?: FeatureAdditionalConfiguration | undefined; + City: string | undefined; /** - *

Status of the additional configuration.

+ *

The name of the country.

* @public */ - Status?: FeatureStatus | undefined; + Country: string | undefined; /** - *

The timestamp at which the additional configuration was last updated. This is in UTC - * format.

+ *

The latitude information of the endpoint location.

* @public */ - UpdatedAt?: Date | undefined; -} - -/** - * @public - * @enum - */ -export const DetectorFeatureResult = { - CLOUD_TRAIL: "CLOUD_TRAIL", - DNS_LOGS: "DNS_LOGS", - EBS_MALWARE_PROTECTION: "EBS_MALWARE_PROTECTION", - EKS_AUDIT_LOGS: "EKS_AUDIT_LOGS", - EKS_RUNTIME_MONITORING: "EKS_RUNTIME_MONITORING", - FLOW_LOGS: "FLOW_LOGS", - LAMBDA_NETWORK_LOGS: "LAMBDA_NETWORK_LOGS", - RDS_LOGIN_EVENTS: "RDS_LOGIN_EVENTS", - RUNTIME_MONITORING: "RUNTIME_MONITORING", - S3_DATA_EVENTS: "S3_DATA_EVENTS", -} as const; + Latitude: number | undefined; -/** - * @public - */ -export type DetectorFeatureResult = (typeof DetectorFeatureResult)[keyof typeof DetectorFeatureResult]; + /** + *

The longitude information of the endpoint location.

+ * @public + */ + Longitude: number | undefined; +} /** - *

Contains information about a GuardDuty feature.

- *

Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) - * and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. - * You can add only one of these two features because Runtime Monitoring already includes the - * threat detection for Amazon EKS resources. For more information, see - * Runtime Monitoring.

+ *

Contains information about network endpoints that were observed in the attack sequence.

* @public */ -export interface DetectorFeatureConfigurationResult { +export interface NetworkEndpoint { /** - *

Indicates the name of the feature that can be enabled for the detector.

+ *

The ID of the network endpoint.

* @public */ - Name?: DetectorFeatureResult | undefined; + Id: string | undefined; /** - *

Indicates the status of the feature that is enabled for the detector.

+ *

The IP address associated with the network endpoint.

* @public */ - Status?: FeatureStatus | undefined; + Ip?: string | undefined; /** - *

The timestamp at which the feature object was updated.

+ *

The domain information for the network endpoint.

* @public */ - UpdatedAt?: Date | undefined; + Domain?: string | undefined; /** - *

Additional configuration for a resource.

+ *

The port number associated with the network endpoint.

* @public */ - AdditionalConfiguration?: DetectorAdditionalConfigurationResult[] | undefined; -} + Port?: number | undefined; -/** - * @public - * @enum - */ -export const DetectorStatus = { - DISABLED: "DISABLED", - ENABLED: "ENABLED", -} as const; + /** + *

Information about the location of the network endpoint.

+ * @public + */ + Location?: NetworkGeoLocation | undefined; -/** - * @public - */ -export type DetectorStatus = (typeof DetectorStatus)[keyof typeof DetectorStatus]; + /** + *

The Autonomous System (AS) of the network endpoint.

+ * @public + */ + AutonomousSystem?: AutonomousSystem | undefined; -/** - * @public - */ -export interface DisableOrganizationAdminAccountRequest { /** - *

The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated - * administrator.

+ *

Information about the network connection.

* @public */ - AdminAccountId: string | undefined; + Connection?: NetworkConnection | undefined; } /** + *

Contains information about the EC2 instance profile.

* @public */ -export interface DisableOrganizationAdminAccountResponse {} +export interface IamInstanceProfile { + /** + *

The profile ARN of the EC2 instance.

+ * @public + */ + Arn?: string | undefined; -/** - * @public - */ -export interface DisassociateFromAdministratorAccountRequest { /** - *

The unique ID of the detector of the GuardDuty member account.

+ *

The profile ID of the EC2 instance.

* @public */ - DetectorId: string | undefined; + Id?: string | undefined; } /** + *

Contains information about the product code for the EC2 instance.

* @public */ -export interface DisassociateFromAdministratorAccountResponse {} +export interface ProductCode { + /** + *

The product code information.

+ * @public + */ + Code?: string | undefined; -/** - * @public - */ -export interface DisassociateFromMasterAccountRequest { /** - *

The unique ID of the detector of the GuardDuty member account.

+ *

The product code type.

* @public */ - DetectorId: string | undefined; + ProductType?: string | undefined; } /** + *

Details about the potentially impacted Amazon EC2 instance resource.

* @public */ -export interface DisassociateFromMasterAccountResponse {} +export interface Ec2Instance { + /** + *

The availability zone of the Amazon EC2 instance. For more information, see + * Availability zones + * in the Amazon EC2 User Guide.

+ * @public + */ + AvailabilityZone?: string | undefined; -/** - * @public - */ -export interface DisassociateMembersRequest { /** - *

The unique ID of the detector of the GuardDuty account whose members you want to - * disassociate from the administrator account.

+ *

The image description of the Amazon EC2 instance.

* @public */ - DetectorId: string | undefined; + ImageDescription?: string | undefined; /** - *

A list of account IDs of the GuardDuty member accounts that you want to disassociate from - * the administrator account.

+ *

The state of the Amazon EC2 instance. For more information, see + * Amazon EC2 instance state changes + * in the Amazon EC2 User Guide.

* @public */ - AccountIds: string[] | undefined; -} + InstanceState?: string | undefined; -/** - * @public - */ -export interface DisassociateMembersResponse { /** - *

A list of objects that contain the unprocessed account and a result string that explains - * why it was unprocessed.

+ *

Contains information about the EC2 instance profile.

* @public */ - UnprocessedAccounts: UnprocessedAccount[] | undefined; -} - -/** - * @public - * @enum - */ -export const EbsSnapshotPreservation = { - NO_RETENTION: "NO_RETENTION", - RETENTION_WITH_FINDING: "RETENTION_WITH_FINDING", -} as const; - -/** - * @public - */ -export type EbsSnapshotPreservation = (typeof EbsSnapshotPreservation)[keyof typeof EbsSnapshotPreservation]; + IamInstanceProfile?: IamInstanceProfile | undefined; -/** - *

Contains list of scanned and skipped EBS volumes with details.

- * @public - */ -export interface EbsVolumeDetails { /** - *

List of EBS volumes that were scanned.

+ *

Type of the Amazon EC2 instance.

* @public */ - ScannedVolumeDetails?: VolumeDetail[] | undefined; + InstanceType?: string | undefined; /** - *

List of EBS volumes that were skipped from the malware scan.

+ *

The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. This shows applicable Amazon Web Services Outposts instances.

* @public */ - SkippedVolumeDetails?: VolumeDetail[] | undefined; -} + OutpostArn?: string | undefined; -/** - *

Contains details of the highest severity threat detected during scan and number of - * infected files.

- * @public - */ -export interface HighestSeverityThreatDetails { /** - *

Severity level of the highest severity threat detected.

+ *

The platform of the Amazon EC2 instance.

* @public */ - Severity?: string | undefined; + Platform?: string | undefined; /** - *

Threat name of the highest severity threat detected as part of the malware scan.

+ *

The product code of the Amazon EC2 instance.

* @public */ - ThreatName?: string | undefined; + ProductCodes?: ProductCode[] | undefined; /** - *

Total number of infected files with the highest severity threat detected.

+ *

The ID of the network interface.

* @public */ - Count?: number | undefined; + Ec2NetworkInterfaceUids?: string[] | undefined; } /** - *

Total number of scanned files.

+ *

Contains other private IP address information of the EC2 instance.

* @public */ -export interface ScannedItemCount { +export interface PrivateIpAddressDetails { /** - *

Total GB of files scanned for malware.

+ *

The private DNS name of the EC2 instance.

* @public */ - TotalGb?: number | undefined; + PrivateDnsName?: string | undefined; /** - *

Number of files scanned.

+ *

The private IP address of the EC2 instance.

* @public */ - Files?: number | undefined; + PrivateIpAddress?: string | undefined; +} + +/** + *

Contains information about the security groups associated with the EC2 instance.

+ * @public + */ +export interface SecurityGroup { + /** + *

The security group ID of the EC2 instance.

+ * @public + */ + GroupId?: string | undefined; /** - *

Total number of scanned volumes.

+ *

The security group name of the EC2 instance.

* @public */ - Volumes?: number | undefined; + GroupName?: string | undefined; } /** - *

Contains details of infected file including name, file path and hash.

+ *

Contains information about the elastic network interface of the Amazon EC2 instance.

* @public */ -export interface ScanFilePath { +export interface Ec2NetworkInterface { /** - *

The file path of the infected file.

+ *

A list of IPv6 addresses for the Amazon EC2 instance.

* @public */ - FilePath?: string | undefined; + Ipv6Addresses?: string[] | undefined; /** - *

EBS volume ARN details of the infected file.

+ *

Other private IP address information of the Amazon EC2 instance.

* @public */ - VolumeArn?: string | undefined; + PrivateIpAddresses?: PrivateIpAddressDetails[] | undefined; /** - *

The hash value of the infected file.

+ *

The public IP address of the Amazon EC2 instance.

* @public */ - Hash?: string | undefined; + PublicIp?: string | undefined; /** - *

File name of the infected file.

+ *

The security groups associated with the Amazon EC2 instance.

* @public */ - FileName?: string | undefined; + SecurityGroups?: SecurityGroup[] | undefined; + + /** + *

The subnet ID of the Amazon EC2 instance.

+ * @public + */ + SubNetId?: string | undefined; + + /** + *

The VPC ID of the Amazon EC2 instance.

+ * @public + */ + VpcId?: string | undefined; } /** - *

Contains files infected with the given threat providing details of malware name and - * severity.

* @public + * @enum */ -export interface ScanThreatName { +export const PublicAccessStatus = { + ALLOWED: "ALLOWED", + BLOCKED: "BLOCKED", +} as const; + +/** + * @public + */ +export type PublicAccessStatus = (typeof PublicAccessStatus)[keyof typeof PublicAccessStatus]; + +/** + * @public + * @enum + */ +export const PublicAclIgnoreBehavior = { + IGNORED: "IGNORED", + NOT_IGNORED: "NOT_IGNORED", +} as const; + +/** + * @public + */ +export type PublicAclIgnoreBehavior = (typeof PublicAclIgnoreBehavior)[keyof typeof PublicAclIgnoreBehavior]; + +/** + * @public + * @enum + */ +export const PublicBucketRestrictBehavior = { + NOT_RESTRICTED: "NOT_RESTRICTED", + RESTRICTED: "RESTRICTED", +} as const; + +/** + * @public + */ +export type PublicBucketRestrictBehavior = + (typeof PublicBucketRestrictBehavior)[keyof typeof PublicBucketRestrictBehavior]; + +/** + *

Describes public access policies that apply to the Amazon S3 bucket.

+ *

For information about each of the following settings, see + * Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.

+ * @public + */ +export interface PublicAccessConfiguration { /** - *

The name of the identified threat.

+ *

Indicates whether or not there is a setting that allows public access to the Amazon S3 buckets through access + * control lists (ACLs).

* @public */ - Name?: string | undefined; + PublicAclAccess?: PublicAccessStatus | undefined; /** - *

Severity of threat identified as part of the malware scan.

+ *

Indicates whether or not there is a setting that allows public access to the Amazon S3 bucket policy.

* @public */ - Severity?: string | undefined; + PublicPolicyAccess?: PublicAccessStatus | undefined; /** - *

Total number of files infected with given threat.

+ *

Indicates whether or not there is a setting that ignores all public access control lists (ACLs) + * on the Amazon S3 bucket and the objects that it contains.

* @public */ - ItemCount?: number | undefined; + PublicAclIgnoreBehavior?: PublicAclIgnoreBehavior | undefined; /** - *

List of infected files in EBS volume with details.

+ *

Indicates whether or not there is a setting that restricts access to the bucket with specified policies.

* @public */ - FilePaths?: ScanFilePath[] | undefined; + PublicBucketRestrictBehavior?: PublicBucketRestrictBehavior | undefined; } /** - *

Contains details about identified threats organized by threat name.

+ *

Contains information about the Amazon S3 bucket policies and encryption.

* @public */ -export interface ThreatDetectedByName { +export interface S3Bucket { /** - *

Total number of infected files identified.

+ *

The owner ID of the associated S3Amazon S3bucket.

* @public */ - ItemCount?: number | undefined; + OwnerId?: string | undefined; /** - *

Total number of unique threats by name identified, as part of the malware scan.

+ *

The timestamp at which the Amazon S3 bucket was created.

* @public */ - UniqueThreatNameCount?: number | undefined; + CreatedAt?: Date | undefined; /** - *

Flag to determine if the finding contains every single infected file-path and/or every - * threat.

+ *

The type of encryption used for the Amazon S3 buckets and its objects. For more information, + * see Protecting data with server-side encryption + * in the Amazon S3 User Guide.

* @public */ - Shortened?: boolean | undefined; + EncryptionType?: string | undefined; /** - *

List of identified threats with details, organized by threat name.

+ *

The Amazon Resource Name (ARN) of the encryption key that is used to encrypt the Amazon S3 bucket and its objects.

* @public */ - ThreatNames?: ScanThreatName[] | undefined; -} + EncryptionKeyArn?: string | undefined; -/** - *

Contains total number of infected files.

- * @public - */ -export interface ThreatsDetectedItemCount { /** - *

Total number of infected files.

+ *

Describes the effective permissions on this S3 bucket, after factoring all the attached policies.

* @public */ - Files?: number | undefined; -} + EffectivePermission?: string | undefined; -/** - *

Contains a complete view providing malware scan result details.

- * @public - */ -export interface ScanDetections { /** - *

Total number of scanned files.

+ *

Indicates whether or not the public read access is allowed for an Amazon S3 bucket.

* @public */ - ScannedItemCount?: ScannedItemCount | undefined; + PublicReadAccess?: PublicAccessStatus | undefined; /** - *

Total number of infected files.

+ *

Indicates whether or not the public write access is allowed for an Amazon S3 bucket.

* @public */ - ThreatsDetectedItemCount?: ThreatsDetectedItemCount | undefined; + PublicWriteAccess?: PublicAccessStatus | undefined; /** - *

Details of the highest severity threat detected during malware scan and number of infected - * files.

+ *

Contains information about the public access policies that apply to the Amazon S3 bucket at the account level.

* @public */ - HighestSeverityThreatDetails?: HighestSeverityThreatDetails | undefined; + AccountPublicAccess?: PublicAccessConfiguration | undefined; /** - *

Contains details about identified threats organized by threat name.

+ *

Contains information about public access policies that apply to the Amazon S3 bucket.

* @public */ - ThreatDetectedByName?: ThreatDetectedByName | undefined; + BucketPublicAccess?: PublicAccessConfiguration | undefined; + + /** + *

Represents a list of Amazon S3 object identifiers.

+ * @public + */ + S3ObjectUids?: string[] | undefined; } /** - *

Contains details from the malware scan that created a finding.

+ *

Contains information about the Amazon S3 object.

* @public */ -export interface EbsVolumeScanDetails { +export interface S3Object { /** - *

Unique Id of the malware scan that generated the finding.

+ *

The entity tag is a hash of the Amazon S3 object. The ETag reflects changes only to the + * contents of an object, and not its metadata.

* @public */ - ScanId?: string | undefined; + ETag?: string | undefined; /** - *

Returns the start date and time of the malware scan.

+ *

The key of the Amazon S3 object.

* @public */ - ScanStartedAt?: Date | undefined; + Key?: string | undefined; /** - *

Returns the completion date and time of the malware scan.

+ *

The version Id of the Amazon S3 object.

* @public */ - ScanCompletedAt?: Date | undefined; + VersionId?: string | undefined; +} +/** + *

Contains information about the Amazon Web Services resource that is associated with the activity that prompted + * GuardDuty to generate a finding.

+ * @public + */ +export interface ResourceData { /** - *

GuardDuty finding ID that triggered a malware scan.

+ *

Contains information about the Amazon S3 bucket.

* @public */ - TriggerFindingId?: string | undefined; + S3Bucket?: S3Bucket | undefined; /** - *

Contains list of threat intelligence sources used to detect threats.

+ *

Contains information about the Amazon EC2 instance.

* @public */ - Sources?: string[] | undefined; + Ec2Instance?: Ec2Instance | undefined; /** - *

Contains a complete view providing malware scan result details.

+ *

Contains information about the IAM access key details of a user that involved in the GuardDuty finding.

* @public */ - ScanDetections?: ScanDetections | undefined; + AccessKey?: AccessKey | undefined; /** - *

Specifies the scan type that invoked the malware scan.

+ *

Contains information about the elastic network interface of the Amazon EC2 instance.

* @public */ - ScanType?: ScanType | undefined; + Ec2NetworkInterface?: Ec2NetworkInterface | undefined; + + /** + *

Contains information about the Amazon S3 object.

+ * @public + */ + S3Object?: S3Object | undefined; } +/** + * @public + * @enum + */ +export const FindingResourceType = { + ACCESS_KEY: "ACCESS_KEY", + EC2_INSTANCE: "EC2_INSTANCE", + EC2_NETWORK_INTERFACE: "EC2_NETWORK_INTERFACE", + S3_BUCKET: "S3_BUCKET", + S3_OBJECT: "S3_OBJECT", +} as const; + +/** + * @public + */ +export type FindingResourceType = (typeof FindingResourceType)[keyof typeof FindingResourceType]; + /** *

Contains information about a tag key-value pair.

* @public @@ -5036,2556 +5257,2608 @@ export interface Tag { } /** - *

Represents a pre-existing file or directory on the host machine that the volume maps - * to.

+ *

Contains information about the Amazon Web Services resource that is associated with the GuardDuty finding.

* @public */ -export interface HostPath { +export interface ResourceV2 { /** - *

Path of the file or directory on the host that the volume maps to.

+ *

The unique identifier of the resource.

* @public */ - Path?: string | undefined; -} + Uid: string | undefined; -/** - *

Volume used by the Kubernetes workload.

- * @public - */ -export interface Volume { /** - *

Volume name.

+ *

The name of the resource.

* @public */ Name?: string | undefined; /** - *

Represents a pre-existing file or directory on the host machine that the volume maps - * to.

+ *

The Amazon Web Services account ID to which the resource belongs.

* @public */ - HostPath?: HostPath | undefined; -} + AccountId?: string | undefined; -/** - *

Contains information about the task in an ECS cluster.

- * @public - */ -export interface EcsTaskDetails { /** - *

The Amazon Resource Name (ARN) of the task.

+ *

The type of the Amazon Web Services resource.

* @public */ - Arn?: string | undefined; + ResourceType: FindingResourceType | undefined; /** - *

The ARN of the task definition that creates the task.

+ *

The Amazon Web Services Region where the resource belongs.

* @public */ - DefinitionArn?: string | undefined; + Region?: string | undefined; /** - *

The version counter for the task.

+ *

The Amazon Web Services service of the resource.

* @public */ - Version?: string | undefined; + Service?: string | undefined; /** - *

The Unix timestamp for the time when the task was created.

+ *

The cloud partition within the Amazon Web Services Region to which the resource belongs.

* @public */ - TaskCreatedAt?: Date | undefined; + CloudPartition?: string | undefined; /** - *

The Unix timestamp for the time when the task started.

+ *

Contains information about the tags associated with the resource.

* @public */ - StartedAt?: Date | undefined; + Tags?: Tag[] | undefined; /** - *

Contains the tag specified when a task is started.

+ *

Contains information about the Amazon Web Services resource associated with the activity that prompted + * GuardDuty to generate a finding.

* @public */ - StartedBy?: string | undefined; + Data?: ResourceData | undefined; +} - /** - *

The tags of the ECS Task.

- * @public - */ - Tags?: Tag[] | undefined; +/** + * @public + * @enum + */ +export const IndicatorType = { + ATTACK_TACTIC: "ATTACK_TACTIC", + ATTACK_TECHNIQUE: "ATTACK_TECHNIQUE", + HIGH_RISK_API: "HIGH_RISK_API", + MALICIOUS_IP: "MALICIOUS_IP", + SUSPICIOUS_NETWORK: "SUSPICIOUS_NETWORK", + SUSPICIOUS_USER_AGENT: "SUSPICIOUS_USER_AGENT", + TOR_IP: "TOR_IP", + UNUSUAL_API_FOR_ACCOUNT: "UNUSUAL_API_FOR_ACCOUNT", + UNUSUAL_ASN_FOR_ACCOUNT: "UNUSUAL_ASN_FOR_ACCOUNT", + UNUSUAL_ASN_FOR_USER: "UNUSUAL_ASN_FOR_USER", +} as const; - /** - *

The list of data volume definitions for the task.

- * @public - */ - Volumes?: Volume[] | undefined; +/** + * @public + */ +export type IndicatorType = (typeof IndicatorType)[keyof typeof IndicatorType]; +/** + *

Contains information about the indicators that include a set of + * signals observed in an attack sequence.

+ * @public + */ +export interface Indicator { /** - *

The containers that's associated with the task.

+ *

Specific indicator keys observed in the attack sequence.

* @public */ - Containers?: Container[] | undefined; + Key: IndicatorType | undefined; /** - *

The name of the task group that's associated with the task.

+ *

Values associated with each indicator key. For example, if the indicator key is + * SUSPICIOUS_NETWORK, then the value will be the name of the network. If + * the indicator key is ATTACK_TACTIC, then the value will be one of the MITRE tactics.

+ *

For more information about the + * values associated with the key, see GuardDuty Extended Threat Detection in the + * GuardDuty User Guide. + *

* @public */ - Group?: string | undefined; + Values?: string[] | undefined; /** - *

A capacity on which the task is running. For example, Fargate and EC2.

+ *

Title describing the indicator.

* @public */ - LaunchType?: string | undefined; + Title?: string | undefined; } /** - *

Contains information about the details of the ECS Cluster.

* @public + * @enum */ -export interface EcsClusterDetails { +export const SignalType = { + CLOUD_TRAIL: "CLOUD_TRAIL", + FINDING: "FINDING", + S3_DATA_EVENTS: "S3_DATA_EVENTS", +} as const; + +/** + * @public + */ +export type SignalType = (typeof SignalType)[keyof typeof SignalType]; + +/** + *

Contains information about the signals involved in the attack sequence.

+ * @public + */ +export interface Signal { /** - *

The name of the ECS Cluster.

+ *

The unique identifier of the signal.

* @public */ - Name?: string | undefined; + Uid: string | undefined; /** - *

The Amazon Resource Name (ARN) that identifies the cluster.

+ *

The type of the signal used to identify an attack sequence.

+ *

Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For + * more information, see + * Foundational data sources in the + * GuardDuty User Guide.

+ *

A signal type can be one of the valid values listed in this API. Here are the related descriptions:

+ * * @public */ - Arn?: string | undefined; + Type: SignalType | undefined; /** - *

The status of the ECS cluster.

+ *

The description of the signal.

* @public */ - Status?: string | undefined; + Description?: string | undefined; /** - *

The number of services that are running on the cluster in an ACTIVE state.

+ *

The name of the signal. For example, when signal type is FINDING, + * the signal name is the name of the finding.

* @public */ - ActiveServicesCount?: number | undefined; + Name: string | undefined; /** - *

The number of container instances registered into the cluster.

+ *

The timestamp when the first finding or activity related to this signal was observed.

* @public */ - RegisteredContainerInstancesCount?: number | undefined; + CreatedAt: Date | undefined; /** - *

The number of tasks in the cluster that are in the RUNNING state.

+ *

The timestamp when this signal was last observed.

* @public */ - RunningTasksCount?: number | undefined; + UpdatedAt: Date | undefined; /** - *

The tags of the ECS Cluster.

+ *

The timestamp when the first finding or activity related to this signal was observed.

* @public */ - Tags?: Tag[] | undefined; + FirstSeenAt: Date | undefined; /** - *

Contains information about the details of the ECS Task.

+ *

The timestamp when the last finding or activity related to this signal was observed.

* @public */ - TaskDetails?: EcsTaskDetails | undefined; -} + LastSeenAt: Date | undefined; -/** - *

Details about the EKS cluster involved in a Kubernetes finding.

- * @public - */ -export interface EksClusterDetails { /** - *

EKS cluster name.

+ *

The severity associated with the signal. For more information about severity, see + * Findings severity levels + * in the GuardDuty User Guide.

* @public */ - Name?: string | undefined; + Severity?: number | undefined; /** - *

EKS cluster ARN.

+ *

The number of times this signal was observed.

* @public */ - Arn?: string | undefined; + Count: number | undefined; /** - *

The VPC ID to which the EKS cluster is attached.

+ *

Information about the unique identifiers of the resources involved in the signal.

* @public */ - VpcId?: string | undefined; + ResourceUids?: string[] | undefined; /** - *

The EKS cluster status.

+ *

Information about the IDs of the threat actors involved in the signal.

* @public */ - Status?: string | undefined; + ActorIds?: string[] | undefined; /** - *

The EKS cluster tags.

+ *

Information about the endpoint IDs associated with this signal.

* @public */ - Tags?: Tag[] | undefined; + EndpointIds?: string[] | undefined; /** - *

The timestamp when the EKS cluster was created.

+ *

Contains information about the indicators associated with the signals.

* @public */ - CreatedAt?: Date | undefined; + SignalIndicators?: Indicator[] | undefined; } /** + *

Contains information about the GuardDuty attack sequence finding.

* @public */ -export interface EnableOrganizationAdminAccountRequest { +export interface Sequence { /** - *

The Amazon Web Services account ID for the organization account to be enabled as a GuardDuty delegated - * administrator.

+ *

Unique identifier of the attack sequence.

* @public */ - AdminAccountId: string | undefined; -} - -/** - * @public - */ -export interface EnableOrganizationAdminAccountResponse {} + Uid: string | undefined; -/** - *

An instance of a threat intelligence detail that constitutes evidence for the - * finding.

- * @public - */ -export interface ThreatIntelligenceDetail { /** - *

The name of the threat intelligence list that triggered the finding.

+ *

Description of the attack sequence.

* @public */ - ThreatListName?: string | undefined; + Description: string | undefined; /** - *

A list of names of the threats in the threat intelligence list that triggered the - * finding.

+ *

Contains information about the actors involved in the attack sequence.

* @public */ - ThreatNames?: string[] | undefined; + Actors?: Actor[] | undefined; /** - *

SHA256 of the file that generated the finding.

+ *

Contains information about the resources involved in the attack sequence.

* @public */ - ThreatFileSha256?: string | undefined; -} + Resources?: ResourceV2[] | undefined; -/** - *

Contains information about the reason that the finding was generated.

- * @public - */ -export interface Evidence { /** - *

A list of threat intelligence details related to the evidence.

+ *

Contains information about the network endpoints that were used in the attack sequence.

* @public */ - ThreatIntelligenceDetails?: ThreatIntelligenceDetail[] | undefined; -} - -/** - * @public - * @enum - */ -export const Feedback = { - NOT_USEFUL: "NOT_USEFUL", - USEFUL: "USEFUL", -} as const; - -/** - * @public - */ -export type Feedback = (typeof Feedback)[keyof typeof Feedback]; + Endpoints?: NetworkEndpoint[] | undefined; -/** - *

Contains information about the EC2 instance profile.

- * @public - */ -export interface IamInstanceProfile { /** - *

The profile ARN of the EC2 instance.

+ *

Contains information about the signals involved in the attack sequence.

* @public */ - Arn?: string | undefined; + Signals: Signal[] | undefined; /** - *

The profile ID of the EC2 instance.

+ *

Contains information about the indicators observed in the attack sequence.

* @public */ - Id?: string | undefined; + SequenceIndicators?: Indicator[] | undefined; } /** - *

Contains other private IP address information of the EC2 instance.

+ *

Contains information about the detected behavior.

* @public */ -export interface PrivateIpAddressDetails { +export interface Detection { /** - *

The private DNS name of the EC2 instance.

+ *

The details about the anomalous activity that caused GuardDuty to + * generate the finding.

* @public */ - PrivateDnsName?: string | undefined; + Anomaly?: Anomaly | undefined; /** - *

The private IP address of the EC2 instance.

+ *

The details about the attack sequence.

* @public */ - PrivateIpAddress?: string | undefined; + Sequence?: Sequence | undefined; } /** - *

Contains information about the security groups associated with the EC2 instance.

+ *

Information about the additional configuration.

* @public */ -export interface SecurityGroup { +export interface DetectorAdditionalConfigurationResult { /** - *

The security group ID of the EC2 instance.

+ *

Name of the additional configuration.

* @public */ - GroupId?: string | undefined; + Name?: FeatureAdditionalConfiguration | undefined; /** - *

The security group name of the EC2 instance.

+ *

Status of the additional configuration.

* @public */ - GroupName?: string | undefined; -} + Status?: FeatureStatus | undefined; -/** - *

Contains information about the elastic network interface of the EC2 instance.

- * @public - */ -export interface NetworkInterface { /** - *

A list of IPv6 addresses for the EC2 instance.

+ *

The timestamp at which the additional configuration was last updated. This is in UTC + * format.

* @public */ - Ipv6Addresses?: string[] | undefined; + UpdatedAt?: Date | undefined; +} - /** - *

The ID of the network interface.

- * @public - */ - NetworkInterfaceId?: string | undefined; +/** + * @public + * @enum + */ +export const DetectorFeatureResult = { + CLOUD_TRAIL: "CLOUD_TRAIL", + DNS_LOGS: "DNS_LOGS", + EBS_MALWARE_PROTECTION: "EBS_MALWARE_PROTECTION", + EKS_AUDIT_LOGS: "EKS_AUDIT_LOGS", + EKS_RUNTIME_MONITORING: "EKS_RUNTIME_MONITORING", + FLOW_LOGS: "FLOW_LOGS", + LAMBDA_NETWORK_LOGS: "LAMBDA_NETWORK_LOGS", + RDS_LOGIN_EVENTS: "RDS_LOGIN_EVENTS", + RUNTIME_MONITORING: "RUNTIME_MONITORING", + S3_DATA_EVENTS: "S3_DATA_EVENTS", +} as const; - /** - *

The private DNS name of the EC2 instance.

- * @public - */ - PrivateDnsName?: string | undefined; +/** + * @public + */ +export type DetectorFeatureResult = (typeof DetectorFeatureResult)[keyof typeof DetectorFeatureResult]; +/** + *

Contains information about a GuardDuty feature.

+ *

Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) + * and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. + * You can add only one of these two features because Runtime Monitoring already includes the + * threat detection for Amazon EKS resources. For more information, see + * Runtime Monitoring.

+ * @public + */ +export interface DetectorFeatureConfigurationResult { /** - *

The private IP address of the EC2 instance.

+ *

Indicates the name of the feature that can be enabled for the detector.

* @public */ - PrivateIpAddress?: string | undefined; + Name?: DetectorFeatureResult | undefined; /** - *

Other private IP address information of the EC2 instance.

+ *

Indicates the status of the feature that is enabled for the detector.

* @public */ - PrivateIpAddresses?: PrivateIpAddressDetails[] | undefined; + Status?: FeatureStatus | undefined; /** - *

The public DNS name of the EC2 instance.

+ *

The timestamp at which the feature object was updated.

* @public */ - PublicDnsName?: string | undefined; + UpdatedAt?: Date | undefined; /** - *

The public IP address of the EC2 instance.

+ *

Additional configuration for a resource.

* @public */ - PublicIp?: string | undefined; + AdditionalConfiguration?: DetectorAdditionalConfigurationResult[] | undefined; +} - /** - *

The security groups associated with the EC2 instance.

- * @public - */ - SecurityGroups?: SecurityGroup[] | undefined; +/** + * @public + * @enum + */ +export const DetectorStatus = { + DISABLED: "DISABLED", + ENABLED: "ENABLED", +} as const; - /** - *

The subnet ID of the EC2 instance.

- * @public - */ - SubnetId?: string | undefined; +/** + * @public + */ +export type DetectorStatus = (typeof DetectorStatus)[keyof typeof DetectorStatus]; +/** + * @public + */ +export interface DisableOrganizationAdminAccountRequest { /** - *

The VPC ID of the EC2 instance.

+ *

The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated + * administrator.

* @public */ - VpcId?: string | undefined; + AdminAccountId: string | undefined; } /** - *

Contains information about the product code for the EC2 instance.

* @public */ -export interface ProductCode { +export interface DisableOrganizationAdminAccountResponse {} + +/** + * @public + */ +export interface DisassociateFromAdministratorAccountRequest { /** - *

The product code information.

+ *

The unique ID of the detector of the GuardDuty member account.

* @public */ - Code?: string | undefined; + DetectorId: string | undefined; +} +/** + * @public + */ +export interface DisassociateFromAdministratorAccountResponse {} + +/** + * @public + */ +export interface DisassociateFromMasterAccountRequest { /** - *

The product code type.

+ *

The unique ID of the detector of the GuardDuty member account.

* @public */ - ProductType?: string | undefined; + DetectorId: string | undefined; } /** - *

Contains information about the details of an instance.

* @public */ -export interface InstanceDetails { +export interface DisassociateFromMasterAccountResponse {} + +/** + * @public + */ +export interface DisassociateMembersRequest { /** - *

The Availability Zone of the EC2 instance.

+ *

The unique ID of the detector of the GuardDuty account whose members you want to + * disassociate from the administrator account.

* @public */ - AvailabilityZone?: string | undefined; + DetectorId: string | undefined; /** - *

The profile information of the EC2 instance.

+ *

A list of account IDs of the GuardDuty member accounts that you want to disassociate from + * the administrator account.

* @public */ - IamInstanceProfile?: IamInstanceProfile | undefined; + AccountIds: string[] | undefined; +} +/** + * @public + */ +export interface DisassociateMembersResponse { /** - *

The image description of the EC2 instance.

+ *

A list of objects that contain the unprocessed account and a result string that explains + * why it was unprocessed.

* @public */ - ImageDescription?: string | undefined; + UnprocessedAccounts: UnprocessedAccount[] | undefined; +} + +/** + * @public + * @enum + */ +export const EbsSnapshotPreservation = { + NO_RETENTION: "NO_RETENTION", + RETENTION_WITH_FINDING: "RETENTION_WITH_FINDING", +} as const; + +/** + * @public + */ +export type EbsSnapshotPreservation = (typeof EbsSnapshotPreservation)[keyof typeof EbsSnapshotPreservation]; +/** + *

Contains list of scanned and skipped EBS volumes with details.

+ * @public + */ +export interface EbsVolumeDetails { /** - *

The image ID of the EC2 instance.

+ *

List of EBS volumes that were scanned.

* @public */ - ImageId?: string | undefined; + ScannedVolumeDetails?: VolumeDetail[] | undefined; /** - *

The ID of the EC2 instance.

+ *

List of EBS volumes that were skipped from the malware scan.

* @public */ - InstanceId?: string | undefined; + SkippedVolumeDetails?: VolumeDetail[] | undefined; +} +/** + *

Contains details of the highest severity threat detected during scan and number of + * infected files.

+ * @public + */ +export interface HighestSeverityThreatDetails { /** - *

The state of the EC2 instance.

+ *

Severity level of the highest severity threat detected.

* @public */ - InstanceState?: string | undefined; + Severity?: string | undefined; /** - *

The type of the EC2 instance.

+ *

Threat name of the highest severity threat detected as part of the malware scan.

* @public */ - InstanceType?: string | undefined; + ThreatName?: string | undefined; /** - *

The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only applicable to Amazon Web Services Outposts - * instances.

+ *

Total number of infected files with the highest severity threat detected.

* @public */ - OutpostArn?: string | undefined; + Count?: number | undefined; +} +/** + *

Total number of scanned files.

+ * @public + */ +export interface ScannedItemCount { /** - *

The launch time of the EC2 instance.

+ *

Total GB of files scanned for malware.

* @public */ - LaunchTime?: string | undefined; + TotalGb?: number | undefined; /** - *

The elastic network interface information of the EC2 instance.

+ *

Number of files scanned.

* @public */ - NetworkInterfaces?: NetworkInterface[] | undefined; + Files?: number | undefined; /** - *

The platform of the EC2 instance.

+ *

Total number of scanned volumes.

* @public */ - Platform?: string | undefined; + Volumes?: number | undefined; +} +/** + *

Contains details of infected file including name, file path and hash.

+ * @public + */ +export interface ScanFilePath { /** - *

The product code of the EC2 instance.

+ *

The file path of the infected file.

* @public */ - ProductCodes?: ProductCode[] | undefined; + FilePath?: string | undefined; /** - *

The tags of the EC2 instance.

+ *

EBS volume ARN details of the infected file.

* @public */ - Tags?: Tag[] | undefined; -} + VolumeArn?: string | undefined; -/** - *

Contains information about the impersonated user.

- * @public - */ -export interface ImpersonatedUser { /** - *

Information about the username that was being impersonated.

+ *

The hash value of the infected file.

* @public */ - Username?: string | undefined; + Hash?: string | undefined; /** - *

The group to which the user name belongs.

+ *

File name of the infected file.

* @public */ - Groups?: string[] | undefined; + FileName?: string | undefined; } /** - *

Details about the Kubernetes user involved in a Kubernetes finding.

+ *

Contains files infected with the given threat providing details of malware name and + * severity.

* @public */ -export interface KubernetesUserDetails { - /** - *

The username of the user who called the Kubernetes API.

- * @public - */ - Username?: string | undefined; - +export interface ScanThreatName { /** - *

The user ID of the user who called the Kubernetes API.

+ *

The name of the identified threat.

* @public */ - Uid?: string | undefined; + Name?: string | undefined; /** - *

The groups that include the user who called the Kubernetes API.

+ *

Severity of threat identified as part of the malware scan.

* @public */ - Groups?: string[] | undefined; + Severity?: string | undefined; /** - *

Entity that assumes the IAM role - * when Kubernetes RBAC permissions are assigned to that role.

+ *

Total number of files infected with given threat.

* @public */ - SessionName?: string[] | undefined; + ItemCount?: number | undefined; /** - *

Information about the impersonated user.

+ *

List of infected files in EBS volume with details.

* @public */ - ImpersonatedUser?: ImpersonatedUser | undefined; + FilePaths?: ScanFilePath[] | undefined; } /** - *

Details about the Kubernetes workload involved in a Kubernetes finding.

+ *

Contains details about identified threats organized by threat name.

* @public */ -export interface KubernetesWorkloadDetails { +export interface ThreatDetectedByName { /** - *

Kubernetes workload name.

+ *

Total number of infected files identified.

* @public */ - Name?: string | undefined; + ItemCount?: number | undefined; /** - *

Kubernetes workload type (e.g. Pod, Deployment, etc.).

+ *

Total number of unique threats by name identified, as part of the malware scan.

* @public */ - Type?: string | undefined; + UniqueThreatNameCount?: number | undefined; /** - *

Kubernetes workload ID.

+ *

Flag to determine if the finding contains every single infected file-path and/or every + * threat.

* @public */ - Uid?: string | undefined; + Shortened?: boolean | undefined; /** - *

Kubernetes namespace that the workload is part of.

+ *

List of identified threats with details, organized by threat name.

* @public */ - Namespace?: string | undefined; + ThreatNames?: ScanThreatName[] | undefined; +} +/** + *

Contains total number of infected files.

+ * @public + */ +export interface ThreatsDetectedItemCount { /** - *

Whether the hostNetwork flag is enabled for the pods included in the workload.

+ *

Total number of infected files.

* @public */ - HostNetwork?: boolean | undefined; + Files?: number | undefined; +} +/** + *

Contains a complete view providing malware scan result details.

+ * @public + */ +export interface ScanDetections { /** - *

Containers running as part of the Kubernetes workload.

+ *

Total number of scanned files.

* @public */ - Containers?: Container[] | undefined; + ScannedItemCount?: ScannedItemCount | undefined; /** - *

Volumes used by the Kubernetes workload.

+ *

Total number of infected files.

* @public */ - Volumes?: Volume[] | undefined; + ThreatsDetectedItemCount?: ThreatsDetectedItemCount | undefined; /** - *

The service account name that is associated with a Kubernetes workload.

+ *

Details of the highest severity threat detected during malware scan and number of infected + * files.

* @public */ - ServiceAccountName?: string | undefined; + HighestSeverityThreatDetails?: HighestSeverityThreatDetails | undefined; /** - *

Whether the host IPC flag is enabled for the pods in the workload.

+ *

Contains details about identified threats organized by threat name.

* @public */ - HostIPC?: boolean | undefined; - - /** - *

Whether the host PID flag is enabled for the pods in the workload.

- * @public - */ - HostPID?: boolean | undefined; + ThreatDetectedByName?: ThreatDetectedByName | undefined; } /** - *

Details about Kubernetes resources such as a Kubernetes user or workload resource involved - * in a Kubernetes finding.

+ *

Contains details from the malware scan that created a finding.

* @public */ -export interface KubernetesDetails { +export interface EbsVolumeScanDetails { /** - *

Details about the Kubernetes user involved in a Kubernetes finding.

+ *

Unique Id of the malware scan that generated the finding.

* @public */ - KubernetesUserDetails?: KubernetesUserDetails | undefined; + ScanId?: string | undefined; /** - *

Details about the Kubernetes workload involved in a Kubernetes finding.

+ *

Returns the start date and time of the malware scan.

* @public */ - KubernetesWorkloadDetails?: KubernetesWorkloadDetails | undefined; -} + ScanStartedAt?: Date | undefined; -/** - *

Amazon Virtual Private Cloud configuration details associated with your Lambda function.

- * @public - */ -export interface VpcConfig { /** - *

The identifiers of the subnets that are associated with your Lambda function.

+ *

Returns the completion date and time of the malware scan.

* @public */ - SubnetIds?: string[] | undefined; + ScanCompletedAt?: Date | undefined; /** - *

The identifier of the Amazon Virtual Private Cloud.

+ *

GuardDuty finding ID that triggered a malware scan.

* @public */ - VpcId?: string | undefined; + TriggerFindingId?: string | undefined; /** - *

The identifier of the security group attached to the Lambda function.

+ *

Contains list of threat intelligence sources used to detect threats.

* @public */ - SecurityGroups?: SecurityGroup[] | undefined; -} + Sources?: string[] | undefined; -/** - *

Information about the Lambda function involved in the finding.

- * @public - */ -export interface LambdaDetails { /** - *

Amazon Resource Name (ARN) of the Lambda function.

+ *

Contains a complete view providing malware scan result details.

* @public */ - FunctionArn?: string | undefined; + ScanDetections?: ScanDetections | undefined; /** - *

Name of the Lambda function.

+ *

Specifies the scan type that invoked the malware scan.

* @public */ - FunctionName?: string | undefined; + ScanType?: ScanType | undefined; +} +/** + *

Represents a pre-existing file or directory on the host machine that the volume maps + * to.

+ * @public + */ +export interface HostPath { /** - *

Description of the Lambda function.

+ *

Path of the file or directory on the host that the volume maps to.

* @public */ - Description?: string | undefined; + Path?: string | undefined; +} +/** + *

Volume used by the Kubernetes workload.

+ * @public + */ +export interface Volume { /** - *

The timestamp when the Lambda function was last modified. This field is in the UTC date string - * format (2023-03-22T19:37:20.168Z).

+ *

Volume name.

* @public */ - LastModifiedAt?: Date | undefined; + Name?: string | undefined; /** - *

The revision ID of the Lambda function version.

+ *

Represents a pre-existing file or directory on the host machine that the volume maps + * to.

* @public */ - RevisionId?: string | undefined; + HostPath?: HostPath | undefined; +} +/** + *

Contains information about the task in an ECS cluster.

+ * @public + */ +export interface EcsTaskDetails { /** - *

The version of the Lambda function.

+ *

The Amazon Resource Name (ARN) of the task.

* @public */ - FunctionVersion?: string | undefined; + Arn?: string | undefined; /** - *

The execution role of the Lambda function.

+ *

The ARN of the task definition that creates the task.

* @public */ - Role?: string | undefined; + DefinitionArn?: string | undefined; /** - *

Amazon Virtual Private Cloud configuration details associated with your Lambda function.

+ *

The version counter for the task.

* @public */ - VpcConfig?: VpcConfig | undefined; + Version?: string | undefined; /** - *

A list of tags attached to this resource, listed in the format of - * key:value pair.

+ *

The Unix timestamp for the time when the task was created.

* @public */ - Tags?: Tag[] | undefined; -} + TaskCreatedAt?: Date | undefined; -/** - *

Contains information about the resource type RDSDBInstance involved in a - * GuardDuty finding.

- * @public - */ -export interface RdsDbInstanceDetails { /** - *

The identifier associated to the database instance that was involved in the - * finding.

+ *

The Unix timestamp for the time when the task started.

* @public */ - DbInstanceIdentifier?: string | undefined; + StartedAt?: Date | undefined; /** - *

The database engine of the database instance involved in the finding.

+ *

Contains the tag specified when a task is started.

* @public */ - Engine?: string | undefined; + StartedBy?: string | undefined; /** - *

The version of the database engine that was involved in the finding.

+ *

The tags of the ECS Task.

* @public */ - EngineVersion?: string | undefined; + Tags?: Tag[] | undefined; /** - *

The identifier of the database cluster that contains the database instance ID involved in - * the finding.

+ *

The list of data volume definitions for the task.

* @public */ - DbClusterIdentifier?: string | undefined; + Volumes?: Volume[] | undefined; /** - *

The Amazon Resource Name (ARN) that identifies the database instance involved in the - * finding.

+ *

The containers that's associated with the task.

* @public */ - DbInstanceArn?: string | undefined; + Containers?: Container[] | undefined; /** - *

Information about the tag key-value pairs.

+ *

The name of the task group that's associated with the task.

* @public */ - Tags?: Tag[] | undefined; + Group?: string | undefined; + + /** + *

A capacity on which the task is running. For example, Fargate and EC2.

+ * @public + */ + LaunchType?: string | undefined; } /** - *

Contains information about the user and authentication details for a database instance - * involved in the finding.

+ *

Contains information about the details of the ECS Cluster.

* @public */ -export interface RdsDbUserDetails { +export interface EcsClusterDetails { /** - *

The user name used in the anomalous login attempt.

+ *

The name of the ECS Cluster.

* @public */ - User?: string | undefined; + Name?: string | undefined; /** - *

The application name used in the anomalous login attempt.

+ *

The Amazon Resource Name (ARN) that identifies the cluster.

* @public */ - Application?: string | undefined; + Arn?: string | undefined; /** - *

The name of the database instance involved in the anomalous login attempt.

+ *

The status of the ECS cluster.

* @public */ - Database?: string | undefined; + Status?: string | undefined; /** - *

The version of the Secure Socket Layer (SSL) used for the network.

+ *

The number of services that are running on the cluster in an ACTIVE state.

* @public */ - Ssl?: string | undefined; + ActiveServicesCount?: number | undefined; /** - *

The authentication method used by the user involved in the finding.

+ *

The number of container instances registered into the cluster.

* @public */ - AuthMethod?: string | undefined; -} + RegisteredContainerInstancesCount?: number | undefined; -/** - *

Contains information about the resource type RDSLimitlessDB that is involved in a GuardDuty - * finding.

- * @public - */ -export interface RdsLimitlessDbDetails { /** - *

The name associated with the Limitless DB shard group.

+ *

The number of tasks in the cluster that are in the RUNNING state.

* @public */ - DbShardGroupIdentifier?: string | undefined; + RunningTasksCount?: number | undefined; /** - *

The resource identifier of the DB shard group within the Limitless Database.

+ *

The tags of the ECS Cluster.

* @public */ - DbShardGroupResourceId?: string | undefined; + Tags?: Tag[] | undefined; /** - *

The Amazon Resource Name (ARN) that identifies the DB shard group.

+ *

Contains information about the details of the ECS Task.

* @public */ - DbShardGroupArn?: string | undefined; + TaskDetails?: EcsTaskDetails | undefined; +} + +/** + *

Details about the EKS cluster involved in a Kubernetes finding.

+ * @public + */ +export interface EksClusterDetails { + /** + *

EKS cluster name.

+ * @public + */ + Name?: string | undefined; /** - *

The database engine of the database instance involved in the finding.

+ *

EKS cluster ARN.

* @public */ - Engine?: string | undefined; + Arn?: string | undefined; /** - *

The version of the database engine.

+ *

The VPC ID to which the EKS cluster is attached.

* @public */ - EngineVersion?: string | undefined; + VpcId?: string | undefined; /** - *

The name of the database cluster that is a part of the Limitless Database.

+ *

The EKS cluster status.

* @public */ - DbClusterIdentifier?: string | undefined; + Status?: string | undefined; /** - *

Information about the tag-key value pair.

+ *

The EKS cluster tags.

* @public */ Tags?: Tag[] | undefined; + + /** + *

The timestamp when the EKS cluster was created.

+ * @public + */ + CreatedAt?: Date | undefined; } /** - *

Contains information on the owner of the bucket.

* @public */ -export interface Owner { +export interface EnableOrganizationAdminAccountRequest { /** - *

The canonical user ID of the bucket owner. For information about locating your canonical - * user ID see Finding Your Account - * Canonical User ID. - *

+ *

The Amazon Web Services account ID for the organization account to be enabled as a GuardDuty delegated + * administrator.

* @public */ - Id?: string | undefined; + AdminAccountId: string | undefined; } /** - *

Contains information about how permissions are configured for the S3 bucket.

* @public */ -export interface PermissionConfiguration { +export interface EnableOrganizationAdminAccountResponse {} + +/** + *

An instance of a threat intelligence detail that constitutes evidence for the + * finding.

+ * @public + */ +export interface ThreatIntelligenceDetail { /** - *

Contains information about the bucket level permissions for the S3 bucket.

+ *

The name of the threat intelligence list that triggered the finding.

* @public */ - BucketLevelPermissions?: BucketLevelPermissions | undefined; + ThreatListName?: string | undefined; /** - *

Contains information about the account level permissions on the S3 bucket.

+ *

A list of names of the threats in the threat intelligence list that triggered the + * finding.

* @public */ - AccountLevelPermissions?: AccountLevelPermissions | undefined; + ThreatNames?: string[] | undefined; + + /** + *

SHA256 of the file that generated the finding.

+ * @public + */ + ThreatFileSha256?: string | undefined; } /** - *

Describes the public access policies that apply to the S3 bucket.

+ *

Contains information about the reason that the finding was generated.

* @public */ -export interface PublicAccess { - /** - *

Contains information about how permissions are configured for the S3 bucket.

- * @public - */ - PermissionConfiguration?: PermissionConfiguration | undefined; - +export interface Evidence { /** - *

Describes the effective permission on this bucket after factoring all attached - * policies.

+ *

A list of threat intelligence details related to the evidence.

* @public */ - EffectivePermission?: string | undefined; + ThreatIntelligenceDetails?: ThreatIntelligenceDetail[] | undefined; } /** - *

Information about the S3 object that was scanned

* @public + * @enum */ -export interface S3ObjectDetail { - /** - *

Amazon Resource Name (ARN) of the S3 object.

- * @public - */ - ObjectArn?: string | undefined; - - /** - *

Key of the S3 object.

- * @public - */ - Key?: string | undefined; - - /** - *

The entity tag is a hash of the S3 object. The ETag reflects changes only to the contents of - * an object, and not its metadata.

- * @public - */ - ETag?: string | undefined; +export const Feedback = { + NOT_USEFUL: "NOT_USEFUL", + USEFUL: "USEFUL", +} as const; - /** - *

Hash of the threat detected in this finding.

- * @public - */ - Hash?: string | undefined; +/** + * @public + */ +export type Feedback = (typeof Feedback)[keyof typeof Feedback]; +/** + *

Contains information about the elastic network interface of the EC2 instance.

+ * @public + */ +export interface NetworkInterface { /** - *

Version ID of the object.

+ *

A list of IPv6 addresses for the EC2 instance.

* @public */ - VersionId?: string | undefined; -} + Ipv6Addresses?: string[] | undefined; -/** - *

Contains information on the S3 bucket.

- * @public - */ -export interface S3BucketDetail { /** - *

The Amazon Resource Name (ARN) of the S3 bucket.

+ *

The ID of the network interface.

* @public */ - Arn?: string | undefined; + NetworkInterfaceId?: string | undefined; /** - *

The name of the S3 bucket.

+ *

The private DNS name of the EC2 instance.

* @public */ - Name?: string | undefined; + PrivateDnsName?: string | undefined; /** - *

Describes whether the bucket is a source or destination bucket.

+ *

The private IP address of the EC2 instance.

* @public */ - Type?: string | undefined; + PrivateIpAddress?: string | undefined; /** - *

The date and time the bucket was created at.

+ *

Other private IP address information of the EC2 instance.

* @public */ - CreatedAt?: Date | undefined; + PrivateIpAddresses?: PrivateIpAddressDetails[] | undefined; /** - *

The owner of the S3 bucket.

+ *

The public DNS name of the EC2 instance.

* @public */ - Owner?: Owner | undefined; + PublicDnsName?: string | undefined; /** - *

All tags attached to the S3 bucket

+ *

The public IP address of the EC2 instance.

* @public */ - Tags?: Tag[] | undefined; + PublicIp?: string | undefined; /** - *

Describes the server side encryption method used in the S3 bucket.

+ *

The security groups associated with the EC2 instance.

* @public */ - DefaultServerSideEncryption?: DefaultServerSideEncryption | undefined; + SecurityGroups?: SecurityGroup[] | undefined; /** - *

Describes the public access policies that apply to the S3 bucket.

+ *

The subnet ID of the EC2 instance.

* @public */ - PublicAccess?: PublicAccess | undefined; + SubnetId?: string | undefined; /** - *

Information about the S3 object that was scanned.

+ *

The VPC ID of the EC2 instance.

* @public */ - S3ObjectDetails?: S3ObjectDetail[] | undefined; + VpcId?: string | undefined; } /** - *

Contains information about the Amazon Web Services resource associated with the activity that prompted - * GuardDuty to generate a finding.

+ *

Contains information about the details of an instance.

* @public */ -export interface Resource { +export interface InstanceDetails { /** - *

The IAM access key details (user information) of a user that engaged in the activity that - * prompted GuardDuty to generate a finding.

+ *

The Availability Zone of the EC2 instance.

* @public */ - AccessKeyDetails?: AccessKeyDetails | undefined; + AvailabilityZone?: string | undefined; /** - *

Contains information on the S3 bucket.

+ *

The profile information of the EC2 instance.

* @public */ - S3BucketDetails?: S3BucketDetail[] | undefined; + IamInstanceProfile?: IamInstanceProfile | undefined; /** - *

The information about the EC2 instance associated with the activity that prompted - * GuardDuty to generate a finding.

+ *

The image description of the EC2 instance.

* @public */ - InstanceDetails?: InstanceDetails | undefined; + ImageDescription?: string | undefined; /** - *

Details about the EKS cluster involved in a Kubernetes finding.

+ *

The image ID of the EC2 instance.

* @public */ - EksClusterDetails?: EksClusterDetails | undefined; + ImageId?: string | undefined; /** - *

Details about the Kubernetes user and workload involved in a Kubernetes finding.

+ *

The ID of the EC2 instance.

* @public */ - KubernetesDetails?: KubernetesDetails | undefined; + InstanceId?: string | undefined; /** - *

The type of Amazon Web Services resource.

+ *

The state of the EC2 instance.

* @public */ - ResourceType?: string | undefined; + InstanceState?: string | undefined; /** - *

Contains list of scanned and skipped EBS volumes with details.

+ *

The type of the EC2 instance.

* @public */ - EbsVolumeDetails?: EbsVolumeDetails | undefined; + InstanceType?: string | undefined; /** - *

Contains information about the details of the ECS Cluster.

+ *

The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only applicable to Amazon Web Services Outposts + * instances.

* @public */ - EcsClusterDetails?: EcsClusterDetails | undefined; + OutpostArn?: string | undefined; /** - *

Details of a container.

+ *

The launch time of the EC2 instance.

* @public */ - ContainerDetails?: Container | undefined; + LaunchTime?: string | undefined; /** - *

Contains information about the database instance to which an anomalous login attempt was - * made.

+ *

The elastic network interface information of the EC2 instance.

* @public */ - RdsDbInstanceDetails?: RdsDbInstanceDetails | undefined; + NetworkInterfaces?: NetworkInterface[] | undefined; /** - *

Contains information about the RDS Limitless database that was involved in a GuardDuty finding.

+ *

The platform of the EC2 instance.

* @public */ - RdsLimitlessDbDetails?: RdsLimitlessDbDetails | undefined; + Platform?: string | undefined; /** - *

Contains information about the user details through which anomalous login attempt was - * made.

+ *

The product code of the EC2 instance.

* @public */ - RdsDbUserDetails?: RdsDbUserDetails | undefined; + ProductCodes?: ProductCode[] | undefined; /** - *

Contains information about the Lambda function that was involved in a finding.

+ *

The tags of the EC2 instance.

* @public */ - LambdaDetails?: LambdaDetails | undefined; + Tags?: Tag[] | undefined; } /** - *

Additional information about the generated finding.

+ *

Contains information about the impersonated user.

* @public */ -export interface ServiceAdditionalInfo { +export interface ImpersonatedUser { /** - *

This field specifies the value of the additional information.

+ *

Information about the username that was being impersonated.

* @public */ - Value?: string | undefined; + Username?: string | undefined; /** - *

Describes the type of the additional information.

+ *

The group to which the user name belongs.

* @public */ - Type?: string | undefined; + Groups?: string[] | undefined; } /** - *

Information about the nested item path and hash of the protected - * resource.

+ *

Details about the Kubernetes user involved in a Kubernetes finding.

* @public */ -export interface ItemPath { +export interface KubernetesUserDetails { /** - *

The nested item path where the infected file was found.

+ *

The username of the user who called the Kubernetes API.

* @public */ - NestedItemPath?: string | undefined; + Username?: string | undefined; /** - *

The hash value of the infected resource.

+ *

The user ID of the user who called the Kubernetes API.

* @public */ - Hash?: string | undefined; -} + Uid?: string | undefined; -/** - *

Information about the detected threats associated with the - * generated finding.

- * @public - */ -export interface Threat { /** - *

Name of the detected threat that caused GuardDuty to generate this finding.

+ *

The groups that include the user who called the Kubernetes API.

* @public */ - Name?: string | undefined; + Groups?: string[] | undefined; /** - *

Source of the threat that generated this finding.

+ *

Entity that assumes the IAM role + * when Kubernetes RBAC permissions are assigned to that role.

* @public */ - Source?: string | undefined; + SessionName?: string[] | undefined; /** - *

Information about the nested item path and - * hash of the protected resource.

+ *

Information about the impersonated user.

* @public */ - ItemPaths?: ItemPath[] | undefined; + ImpersonatedUser?: ImpersonatedUser | undefined; } /** - *

Information about the malware scan that generated a GuardDuty finding.

+ *

Details about the Kubernetes workload involved in a Kubernetes finding.

* @public */ -export interface MalwareScanDetails { +export interface KubernetesWorkloadDetails { /** - *

Information about the detected threats associated with the - * generated GuardDuty finding.

+ *

Kubernetes workload name.

* @public */ - Threats?: Threat[] | undefined; -} + Name?: string | undefined; -/** - *

Information about the runtime process details.

- * @public - */ -export interface LineageObject { /** - *

The time when the process started. This is in UTC format.

+ *

Kubernetes workload type (e.g. Pod, Deployment, etc.).

* @public */ - StartTime?: Date | undefined; + Type?: string | undefined; /** - *

The process ID of the child process.

+ *

Kubernetes workload ID.

* @public */ - NamespacePid?: number | undefined; + Uid?: string | undefined; /** - *

The user ID of the user that executed the process.

+ *

Kubernetes namespace that the workload is part of.

* @public */ - UserId?: number | undefined; + Namespace?: string | undefined; /** - *

The name of the process.

+ *

Whether the hostNetwork flag is enabled for the pods included in the workload.

* @public */ - Name?: string | undefined; + HostNetwork?: boolean | undefined; /** - *

The ID of the process.

+ *

Containers running as part of the Kubernetes workload.

* @public */ - Pid?: number | undefined; + Containers?: Container[] | undefined; /** - *

The unique ID assigned to the process by GuardDuty.

+ *

Volumes used by the Kubernetes workload.

* @public */ - Uuid?: string | undefined; + Volumes?: Volume[] | undefined; /** - *

The absolute path of the process executable file.

+ *

The service account name that is associated with a Kubernetes workload.

* @public */ - ExecutablePath?: string | undefined; + ServiceAccountName?: string | undefined; /** - *

The effective user ID that was used to execute the process.

+ *

Whether the host IPC flag is enabled for the pods in the workload.

* @public */ - Euid?: number | undefined; + HostIPC?: boolean | undefined; /** - *

The unique ID of the parent process. This ID is assigned to the parent process by - * GuardDuty.

+ *

Whether the host PID flag is enabled for the pods in the workload.

* @public */ - ParentUuid?: string | undefined; + HostPID?: boolean | undefined; } /** - *

Information about the observed process.

+ *

Details about Kubernetes resources such as a Kubernetes user or workload resource involved + * in a Kubernetes finding.

* @public */ -export interface ProcessDetails { - /** - *

The name of the process.

- * @public - */ - Name?: string | undefined; - - /** - *

The absolute path of the process executable file.

- * @public - */ - ExecutablePath?: string | undefined; - - /** - *

The SHA256 hash of the process executable.

- * @public - */ - ExecutableSha256?: string | undefined; - +export interface KubernetesDetails { /** - *

The ID of the child process.

+ *

Details about the Kubernetes user involved in a Kubernetes finding.

* @public */ - NamespacePid?: number | undefined; + KubernetesUserDetails?: KubernetesUserDetails | undefined; /** - *

The present working directory of the process.

+ *

Details about the Kubernetes workload involved in a Kubernetes finding.

* @public */ - Pwd?: string | undefined; + KubernetesWorkloadDetails?: KubernetesWorkloadDetails | undefined; +} +/** + *

Amazon Virtual Private Cloud configuration details associated with your Lambda function.

+ * @public + */ +export interface VpcConfig { /** - *

The ID of the process.

+ *

The identifiers of the subnets that are associated with your Lambda function.

* @public */ - Pid?: number | undefined; + SubnetIds?: string[] | undefined; /** - *

The time when the process started. This is in UTC format.

+ *

The identifier of the Amazon Virtual Private Cloud.

* @public */ - StartTime?: Date | undefined; + VpcId?: string | undefined; /** - *

The unique ID assigned to the process by GuardDuty.

+ *

The identifier of the security group attached to the Lambda function.

* @public */ - Uuid?: string | undefined; + SecurityGroups?: SecurityGroup[] | undefined; +} +/** + *

Information about the Lambda function involved in the finding.

+ * @public + */ +export interface LambdaDetails { /** - *

The unique ID of the parent process. This ID is assigned to the parent process by - * GuardDuty.

+ *

Amazon Resource Name (ARN) of the Lambda function.

* @public */ - ParentUuid?: string | undefined; + FunctionArn?: string | undefined; /** - *

The user that executed the process.

+ *

Name of the Lambda function.

* @public */ - User?: string | undefined; + FunctionName?: string | undefined; /** - *

The unique ID of the user that executed the process.

+ *

Description of the Lambda function.

* @public */ - UserId?: number | undefined; + Description?: string | undefined; /** - *

The effective user ID of the user that executed the process.

+ *

The timestamp when the Lambda function was last modified. This field is in the UTC date string + * format (2023-03-22T19:37:20.168Z).

* @public */ - Euid?: number | undefined; + LastModifiedAt?: Date | undefined; /** - *

Information about the process's lineage.

+ *

The revision ID of the Lambda function version.

* @public */ - Lineage?: LineageObject[] | undefined; -} + RevisionId?: string | undefined; -/** - *

Additional information about the suspicious activity.

- * @public - */ -export interface RuntimeContext { /** - *

Information about the process that modified the current process. This is available for - * multiple finding types.

+ *

The version of the Lambda function.

* @public */ - ModifyingProcess?: ProcessDetails | undefined; + FunctionVersion?: string | undefined; /** - *

The timestamp at which the process modified the current process. The timestamp is in UTC date string - * format.

+ *

The execution role of the Lambda function.

* @public */ - ModifiedAt?: Date | undefined; + Role?: string | undefined; /** - *

The path to the script that was executed.

+ *

Amazon Virtual Private Cloud configuration details associated with your Lambda function.

* @public */ - ScriptPath?: string | undefined; + VpcConfig?: VpcConfig | undefined; /** - *

The path to the new library that was loaded.

+ *

A list of tags attached to this resource, listed in the format of + * key:value pair.

* @public */ - LibraryPath?: string | undefined; + Tags?: Tag[] | undefined; +} +/** + *

Contains information about the resource type RDSDBInstance involved in a + * GuardDuty finding.

+ * @public + */ +export interface RdsDbInstanceDetails { /** - *

The value of the LD_PRELOAD environment variable.

+ *

The identifier associated to the database instance that was involved in the + * finding.

* @public */ - LdPreloadValue?: string | undefined; + DbInstanceIdentifier?: string | undefined; /** - *

The path to the docket socket that was accessed.

+ *

The database engine of the database instance involved in the finding.

* @public */ - SocketPath?: string | undefined; + Engine?: string | undefined; /** - *

The path to the leveraged runc implementation.

+ *

The version of the database engine that was involved in the finding.

* @public */ - RuncBinaryPath?: string | undefined; + EngineVersion?: string | undefined; /** - *

The path in the container that modified the release agent file.

+ *

The identifier of the database cluster that contains the database instance ID involved in + * the finding.

* @public */ - ReleaseAgentPath?: string | undefined; + DbClusterIdentifier?: string | undefined; /** - *

The path on the host that is mounted by the container.

+ *

The Amazon Resource Name (ARN) that identifies the database instance involved in the + * finding.

* @public */ - MountSource?: string | undefined; + DbInstanceArn?: string | undefined; /** - *

The path in the container that is mapped to the host directory.

+ *

Information about the tag key-value pairs.

* @public */ - MountTarget?: string | undefined; + Tags?: Tag[] | undefined; +} +/** + *

Contains information about the user and authentication details for a database instance + * involved in the finding.

+ * @public + */ +export interface RdsDbUserDetails { /** - *

Represents the type of mounted fileSystem.

+ *

The user name used in the anomalous login attempt.

* @public */ - FileSystemType?: string | undefined; + User?: string | undefined; /** - *

Represents options that control the behavior of a runtime operation or action. For - * example, a filesystem mount operation may contain a read-only flag.

+ *

The application name used in the anomalous login attempt.

* @public */ - Flags?: string[] | undefined; + Application?: string | undefined; /** - *

The name of the module loaded into the kernel.

+ *

The name of the database instance involved in the anomalous login attempt.

* @public */ - ModuleName?: string | undefined; + Database?: string | undefined; /** - *

The path to the module loaded into the kernel.

+ *

The version of the Secure Socket Layer (SSL) used for the network.

* @public */ - ModuleFilePath?: string | undefined; + Ssl?: string | undefined; /** - *

The SHA256 hash of the module.

+ *

The authentication method used by the user involved in the finding.

* @public */ - ModuleSha256?: string | undefined; + AuthMethod?: string | undefined; +} +/** + *

Contains information about the resource type RDSLimitlessDB that is involved in a GuardDuty + * finding.

+ * @public + */ +export interface RdsLimitlessDbDetails { /** - *

The path to the modified shell history file.

+ *

The name associated with the Limitless DB shard group.

* @public */ - ShellHistoryFilePath?: string | undefined; + DbShardGroupIdentifier?: string | undefined; /** - *

Information about the process that had its memory overwritten by the current process.

+ *

The resource identifier of the DB shard group within the Limitless Database.

* @public */ - TargetProcess?: ProcessDetails | undefined; + DbShardGroupResourceId?: string | undefined; /** - *

Represents the communication protocol associated with the address. For example, the address - * family AF_INET is used for IP version of 4 protocol.

+ *

The Amazon Resource Name (ARN) that identifies the DB shard group.

* @public */ - AddressFamily?: string | undefined; + DbShardGroupArn?: string | undefined; /** - *

Specifies a particular protocol within the address family. Usually there is a single - * protocol in address families. For example, the address family AF_INET only has - * the IP protocol.

+ *

The database engine of the database instance involved in the finding.

* @public */ - IanaProtocolNumber?: number | undefined; + Engine?: string | undefined; /** - *

Specifies the Region of a process's address space such as stack and heap.

+ *

The version of the database engine.

* @public */ - MemoryRegions?: string[] | undefined; + EngineVersion?: string | undefined; /** - *

Name of the potentially suspicious tool.

+ *

The name of the database cluster that is a part of the Limitless Database.

* @public */ - ToolName?: string | undefined; + DbClusterIdentifier?: string | undefined; /** - *

Category that the tool belongs to. Some of the examples - * are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.

+ *

Information about the tag key-value pair.

* @public */ - ToolCategory?: string | undefined; + Tags?: Tag[] | undefined; +} +/** + *

Contains information on the owner of the bucket.

+ * @public + */ +export interface Owner { /** - *

Name of the security service that has been potentially disabled.

+ *

The canonical user ID of the bucket owner. For information about locating your canonical + * user ID see Finding Your Account + * Canonical User ID. + *

* @public */ - ServiceName?: string | undefined; + Id?: string | undefined; +} +/** + *

Contains information about how permissions are configured for the S3 bucket.

+ * @public + */ +export interface PermissionConfiguration { /** - *

Example of the command line involved in the suspicious activity.

+ *

Contains information about the bucket level permissions for the S3 bucket.

* @public */ - CommandLineExample?: string | undefined; + BucketLevelPermissions?: BucketLevelPermissions | undefined; /** - *

The suspicious file path for which the threat intelligence details were found.

+ *

Contains information about the account level permissions on the S3 bucket.

* @public */ - ThreatFilePath?: string | undefined; + AccountLevelPermissions?: AccountLevelPermissions | undefined; } /** - *

Information about the process and any required context values for a specific - * finding.

+ *

Describes the public access policies that apply to the S3 bucket.

* @public */ -export interface RuntimeDetails { +export interface PublicAccess { /** - *

Information about the observed process.

+ *

Contains information about how permissions are configured for the S3 bucket.

* @public */ - Process?: ProcessDetails | undefined; + PermissionConfiguration?: PermissionConfiguration | undefined; /** - *

Additional information about the suspicious activity.

+ *

Describes the effective permission on this bucket after factoring all attached + * policies.

* @public */ - Context?: RuntimeContext | undefined; + EffectivePermission?: string | undefined; } /** - *

Contains additional information about the generated finding.

+ *

Information about the S3 object that was scanned

* @public */ -export interface Service { +export interface S3ObjectDetail { /** - *

Information about the activity that is described in a finding.

+ *

Amazon Resource Name (ARN) of the S3 object.

* @public */ - Action?: Action | undefined; + ObjectArn?: string | undefined; /** - *

An evidence object associated with the service.

+ *

Key of the S3 object.

* @public */ - Evidence?: Evidence | undefined; + Key?: string | undefined; /** - *

Indicates whether this finding is archived.

+ *

The entity tag is a hash of the S3 object. The ETag reflects changes only to the contents of + * an object, and not its metadata.

* @public */ - Archived?: boolean | undefined; + ETag?: string | undefined; /** - *

The total count of the occurrences of this finding type.

+ *

Hash of the threat detected in this finding.

* @public */ - Count?: number | undefined; + Hash?: string | undefined; /** - *

The detector ID for the GuardDuty service.

+ *

Version ID of the object.

* @public */ - DetectorId?: string | undefined; + VersionId?: string | undefined; +} +/** + *

Contains information on the S3 bucket.

+ * @public + */ +export interface S3BucketDetail { /** - *

The first-seen timestamp of the activity that prompted GuardDuty to generate this - * finding.

+ *

The Amazon Resource Name (ARN) of the S3 bucket.

* @public */ - EventFirstSeen?: string | undefined; + Arn?: string | undefined; /** - *

The last-seen timestamp of the activity that prompted GuardDuty to generate this - * finding.

+ *

The name of the S3 bucket.

* @public */ - EventLastSeen?: string | undefined; + Name?: string | undefined; /** - *

The resource role information for this finding.

+ *

Describes whether the bucket is a source or destination bucket.

* @public */ - ResourceRole?: string | undefined; + Type?: string | undefined; /** - *

The name of the Amazon Web Services service (GuardDuty) that generated a finding.

+ *

The date and time the bucket was created at.

* @public */ - ServiceName?: string | undefined; + CreatedAt?: Date | undefined; /** - *

Feedback that was submitted about the finding.

+ *

The owner of the S3 bucket.

* @public */ - UserFeedback?: string | undefined; + Owner?: Owner | undefined; /** - *

Contains additional information about the generated finding.

+ *

All tags attached to the S3 bucket

* @public */ - AdditionalInfo?: ServiceAdditionalInfo | undefined; + Tags?: Tag[] | undefined; /** - *

The name of the feature that generated a finding.

+ *

Describes the server side encryption method used in the S3 bucket.

* @public */ - FeatureName?: string | undefined; + DefaultServerSideEncryption?: DefaultServerSideEncryption | undefined; /** - *

Returns details from the malware scan that created a finding.

+ *

Describes the public access policies that apply to the S3 bucket.

* @public */ - EbsVolumeScanDetails?: EbsVolumeScanDetails | undefined; + PublicAccess?: PublicAccess | undefined; /** - *

Information about the process and any required context values for a specific - * finding

+ *

Information about the S3 object that was scanned.

* @public */ - RuntimeDetails?: RuntimeDetails | undefined; + S3ObjectDetails?: S3ObjectDetail[] | undefined; +} +/** + *

Contains information about the Amazon Web Services resource associated with the activity that prompted + * GuardDuty to generate a finding.

+ * @public + */ +export interface Resource { /** - *

Contains information about the detected unusual behavior.

+ *

The IAM access key details (user information) of a user that engaged in the activity that + * prompted GuardDuty to generate a finding.

* @public */ - Detection?: Detection | undefined; + AccessKeyDetails?: AccessKeyDetails | undefined; /** - *

Returns details from the malware scan that generated a GuardDuty finding.

+ *

Contains information on the S3 bucket.

* @public */ - MalwareScanDetails?: MalwareScanDetails | undefined; -} + S3BucketDetails?: S3BucketDetail[] | undefined; -/** - *

Contains information about the finding that is generated when abnormal or suspicious - * activity is detected.

- * @public - */ -export interface Finding { /** - *

The ID of the account in which the finding was generated.

+ *

The information about the EC2 instance associated with the activity that prompted + * GuardDuty to generate a finding.

* @public */ - AccountId: string | undefined; + InstanceDetails?: InstanceDetails | undefined; /** - *

The ARN of the finding.

+ *

Details about the EKS cluster involved in a Kubernetes finding.

* @public */ - Arn: string | undefined; + EksClusterDetails?: EksClusterDetails | undefined; /** - *

The confidence score for the finding.

+ *

Details about the Kubernetes user and workload involved in a Kubernetes finding.

* @public */ - Confidence?: number | undefined; + KubernetesDetails?: KubernetesDetails | undefined; /** - *

The time and date when the finding was created.

+ *

The type of Amazon Web Services resource.

* @public */ - CreatedAt: string | undefined; + ResourceType?: string | undefined; /** - *

The description of the finding.

+ *

Contains list of scanned and skipped EBS volumes with details.

* @public */ - Description?: string | undefined; + EbsVolumeDetails?: EbsVolumeDetails | undefined; /** - *

The ID of the finding.

+ *

Contains information about the details of the ECS Cluster.

* @public */ - Id: string | undefined; + EcsClusterDetails?: EcsClusterDetails | undefined; /** - *

The partition associated with the finding.

+ *

Details of a container.

* @public */ - Partition?: string | undefined; + ContainerDetails?: Container | undefined; /** - *

The Region where the finding was generated.

+ *

Contains information about the database instance to which an anomalous login attempt was + * made.

* @public */ - Region: string | undefined; + RdsDbInstanceDetails?: RdsDbInstanceDetails | undefined; /** - *

Contains information about the Amazon Web Services resource associated with the activity that prompted - * GuardDuty to generate a finding.

+ *

Contains information about the RDS Limitless database that was involved in a GuardDuty finding.

* @public */ - Resource: Resource | undefined; + RdsLimitlessDbDetails?: RdsLimitlessDbDetails | undefined; /** - *

The version of the schema used for the finding.

+ *

Contains information about the user details through which anomalous login attempt was + * made.

* @public */ - SchemaVersion: string | undefined; + RdsDbUserDetails?: RdsDbUserDetails | undefined; /** - *

Contains additional information about the generated finding.

+ *

Contains information about the Lambda function that was involved in a finding.

* @public */ - Service?: Service | undefined; + LambdaDetails?: LambdaDetails | undefined; +} +/** + *

Additional information about the generated finding.

+ * @public + */ +export interface ServiceAdditionalInfo { /** - *

The severity of the finding.

+ *

This field specifies the value of the additional information.

* @public */ - Severity: number | undefined; + Value?: string | undefined; /** - *

The title of the finding.

+ *

Describes the type of the additional information.

* @public */ - Title?: string | undefined; + Type?: string | undefined; +} +/** + *

Information about the nested item path and hash of the protected + * resource.

+ * @public + */ +export interface ItemPath { /** - *

The type of finding.

+ *

The nested item path where the infected file was found.

* @public */ - Type: string | undefined; + NestedItemPath?: string | undefined; /** - *

The time and date when the finding was last updated.

+ *

The hash value of the infected resource.

* @public */ - UpdatedAt: string | undefined; + Hash?: string | undefined; } /** - *

Information about each finding type associated with the - * groupedByFindingType statistics.

+ *

Information about the detected threats associated with the + * generated finding.

* @public */ -export interface FindingTypeStatistics { +export interface Threat { /** - *

Name of the finding type.

+ *

Name of the detected threat that caused GuardDuty to generate this finding.

* @public */ - FindingType?: string | undefined; + Name?: string | undefined; /** - *

The timestamp at which this finding type was last generated in your environment.

+ *

Source of the threat that generated this finding.

* @public */ - LastGeneratedAt?: Date | undefined; + Source?: string | undefined; /** - *

The total number of findings associated with generated for each distinct finding type.

+ *

Information about the nested item path and + * hash of the protected resource.

* @public */ - TotalFindings?: number | undefined; + ItemPaths?: ItemPath[] | undefined; } /** - *

Information about each resource type associated with the - * groupedByResource statistics.

+ *

Information about the malware scan that generated a GuardDuty finding.

* @public */ -export interface ResourceStatistics { +export interface MalwareScanDetails { /** - *

The ID of the Amazon Web Services account.

+ *

Information about the detected threats associated with the + * generated GuardDuty finding.

* @public */ - AccountId?: string | undefined; + Threats?: Threat[] | undefined; +} +/** + *

Information about the runtime process details.

+ * @public + */ +export interface LineageObject { /** - *

The timestamp at which the statistics for this resource was last generated.

+ *

The time when the process started. This is in UTC format.

* @public */ - LastGeneratedAt?: Date | undefined; + StartTime?: Date | undefined; /** - *

ID associated with each resource. The following list provides the mapping of the resource type - * and resource ID.

- *

- * Mapping of resource and resource ID - *

- * + *

The process ID of the child process.

* @public */ - ResourceId?: string | undefined; + NamespacePid?: number | undefined; /** - *

The type of resource.

+ *

The user ID of the user that executed the process.

* @public */ - ResourceType?: string | undefined; + UserId?: number | undefined; /** - *

The total number of findings associated with this resource.

+ *

The name of the process.

* @public */ - TotalFindings?: number | undefined; -} + Name?: string | undefined; -/** - *

Information about severity level for each finding type.

- * @public - */ -export interface SeverityStatistics { /** - *

The timestamp at which a finding type for a specific severity was last generated.

+ *

The ID of the process.

* @public */ - LastGeneratedAt?: Date | undefined; + Pid?: number | undefined; /** - *

The severity level associated with each finding type.

+ *

The unique ID assigned to the process by GuardDuty.

* @public */ - Severity?: number | undefined; + Uuid?: string | undefined; /** - *

The total number of findings associated with this severity.

+ *

The absolute path of the process executable file.

* @public */ - TotalFindings?: number | undefined; + ExecutablePath?: string | undefined; + + /** + *

The effective user ID that was used to execute the process.

+ * @public + */ + Euid?: number | undefined; + + /** + *

The unique ID of the parent process. This ID is assigned to the parent process by + * GuardDuty.

+ * @public + */ + ParentUuid?: string | undefined; } /** - *

Contains information about finding statistics.

+ *

Information about the observed process.

* @public */ -export interface FindingStatistics { +export interface ProcessDetails { /** - * @deprecated - * - *

Represents a list of map of severity to count statistics for a set of findings.

+ *

The name of the process.

* @public */ - CountBySeverity?: Record | undefined; + Name?: string | undefined; /** - *

Represents a list of map of accounts with a findings count associated with each account.

+ *

The absolute path of the process executable file.

* @public */ - GroupedByAccount?: AccountStatistics[] | undefined; + ExecutablePath?: string | undefined; /** - *

Represents a list of map of dates with a count of total findings generated on each date per severity level.

+ *

The SHA256 hash of the process executable.

* @public */ - GroupedByDate?: DateStatistics[] | undefined; + ExecutableSha256?: string | undefined; /** - *

Represents a list of map of finding types with a count of total findings generated for each type.

- *

Based on the orderBy - * parameter, this request returns either the most occurring finding types or the least occurring finding types. If the - * orderBy parameter is ASC, this will represent the least occurring finding types in - * your account; otherwise, this will represent the most occurring finding types. The default - * value of orderBy is DESC.

+ *

The ID of the child process.

* @public */ - GroupedByFindingType?: FindingTypeStatistics[] | undefined; + NamespacePid?: number | undefined; /** - *

Represents a list of map of top resources with a count of total findings.

+ *

The present working directory of the process.

* @public */ - GroupedByResource?: ResourceStatistics[] | undefined; + Pwd?: string | undefined; /** - *

Represents a list of map of total findings for each severity level.

+ *

The ID of the process.

* @public */ - GroupedBySeverity?: SeverityStatistics[] | undefined; -} - -/** - * @public - * @enum - */ -export const FindingStatisticType = { - COUNT_BY_SEVERITY: "COUNT_BY_SEVERITY", -} as const; - -/** - * @public - */ -export type FindingStatisticType = (typeof FindingStatisticType)[keyof typeof FindingStatisticType]; + Pid?: number | undefined; -/** - * @public - */ -export interface GetAdministratorAccountRequest { /** - *

The unique ID of the detector of the GuardDuty member account.

+ *

The time when the process started. This is in UTC format.

* @public */ - DetectorId: string | undefined; -} + StartTime?: Date | undefined; -/** - * @public - */ -export interface GetAdministratorAccountResponse { /** - *

The administrator account details.

+ *

The unique ID assigned to the process by GuardDuty.

* @public */ - Administrator: Administrator | undefined; -} + Uuid?: string | undefined; -/** - * @public - */ -export interface GetCoverageStatisticsRequest { /** - *

The unique ID of the GuardDuty detector.

- *

To find the detectorId in the current Region, see the - * Settings page in the GuardDuty console, or run the ListDetectors API.

+ *

The unique ID of the parent process. This ID is assigned to the parent process by + * GuardDuty.

* @public */ - DetectorId: string | undefined; + ParentUuid?: string | undefined; /** - *

Represents the criteria used to filter the coverage statistics.

+ *

The user that executed the process.

* @public */ - FilterCriteria?: CoverageFilterCriteria | undefined; + User?: string | undefined; /** - *

Represents the statistics type used to aggregate the coverage details.

+ *

The unique ID of the user that executed the process.

* @public */ - StatisticsType: CoverageStatisticsType[] | undefined; -} + UserId?: number | undefined; -/** - * @public - */ -export interface GetCoverageStatisticsResponse { /** - *

Represents the count aggregated by the statusCode and - * resourceType.

+ *

The effective user ID of the user that executed the process.

* @public */ - CoverageStatistics?: CoverageStatistics | undefined; -} + Euid?: number | undefined; -/** - * @public - */ -export interface GetDetectorRequest { /** - *

The unique ID of the detector that you want to get.

- *

To find the detectorId in the current Region, see the - * Settings page in the GuardDuty console, or run the ListDetectors API.

+ *

Information about the process's lineage.

* @public */ - DetectorId: string | undefined; + Lineage?: LineageObject[] | undefined; } /** + *

Additional information about the suspicious activity.

* @public */ -export interface GetDetectorResponse { +export interface RuntimeContext { /** - *

The timestamp of when the detector was created.

+ *

Information about the process that modified the current process. This is available for + * multiple finding types.

* @public */ - CreatedAt?: string | undefined; + ModifyingProcess?: ProcessDetails | undefined; /** - *

The publishing frequency of the finding.

+ *

The timestamp at which the process modified the current process. The timestamp is in UTC date string + * format.

* @public */ - FindingPublishingFrequency?: FindingPublishingFrequency | undefined; + ModifiedAt?: Date | undefined; /** - *

The GuardDuty service role.

+ *

The path to the script that was executed.

* @public */ - ServiceRole: string | undefined; + ScriptPath?: string | undefined; /** - *

The detector status.

+ *

The path to the new library that was loaded.

* @public */ - Status: DetectorStatus | undefined; + LibraryPath?: string | undefined; /** - *

The last-updated timestamp for the detector.

+ *

The value of the LD_PRELOAD environment variable.

* @public */ - UpdatedAt?: string | undefined; + LdPreloadValue?: string | undefined; /** - * @deprecated - * - *

Describes which data sources are enabled for the detector.

+ *

The path to the docket socket that was accessed.

* @public */ - DataSources?: DataSourceConfigurationsResult | undefined; + SocketPath?: string | undefined; /** - *

The tags of the detector resource.

+ *

The path to the leveraged runc implementation.

* @public */ - Tags?: Record | undefined; + RuncBinaryPath?: string | undefined; /** - *

Describes the features that have been enabled for the detector.

+ *

The path in the container that modified the release agent file.

* @public */ - Features?: DetectorFeatureConfigurationResult[] | undefined; -} + ReleaseAgentPath?: string | undefined; -/** - * @public - */ -export interface GetFilterRequest { /** - *

The unique ID of the detector that is associated with this filter.

- *

To find the detectorId in the current Region, see the - * Settings page in the GuardDuty console, or run the ListDetectors API.

+ *

The path on the host that is mounted by the container.

* @public */ - DetectorId: string | undefined; + MountSource?: string | undefined; /** - *

The name of the filter you want to get.

+ *

The path in the container that is mapped to the host directory.

* @public */ - FilterName: string | undefined; -} + MountTarget?: string | undefined; -/** - * @public - */ -export interface GetFilterResponse { /** - *

The name of the filter.

+ *

Represents the type of mounted fileSystem.

* @public */ - Name: string | undefined; + FileSystemType?: string | undefined; /** - *

The description of the filter.

+ *

Represents options that control the behavior of a runtime operation or action. For + * example, a filesystem mount operation may contain a read-only flag.

* @public */ - Description?: string | undefined; + Flags?: string[] | undefined; /** - *

Specifies the action that is to be applied to the findings that match the filter.

+ *

The name of the module loaded into the kernel.

* @public */ - Action: FilterAction | undefined; + ModuleName?: string | undefined; /** - *

Specifies the position of the filter in the list of current filters. Also specifies the - * order in which this filter is applied to the findings.

+ *

The path to the module loaded into the kernel.

* @public */ - Rank?: number | undefined; + ModuleFilePath?: string | undefined; /** - *

Represents the criteria to be used in the filter for querying findings.

+ *

The SHA256 hash of the module.

* @public */ - FindingCriteria: FindingCriteria | undefined; + ModuleSha256?: string | undefined; /** - *

The tags of the filter resource.

+ *

The path to the modified shell history file.

* @public */ - Tags?: Record | undefined; -} + ShellHistoryFilePath?: string | undefined; -/** - * @public - */ -export interface GetFindingsRequest { /** - *

The ID of the detector that specifies the GuardDuty service whose findings you want to - * retrieve.

- *

To find the detectorId in the current Region, see the - * Settings page in the GuardDuty console, or run the ListDetectors API.

+ *

Information about the process that had its memory overwritten by the current process.

* @public */ - DetectorId: string | undefined; + TargetProcess?: ProcessDetails | undefined; /** - *

The IDs of the findings that you want to retrieve.

+ *

Represents the communication protocol associated with the address. For example, the address + * family AF_INET is used for IP version of 4 protocol.

* @public */ - FindingIds: string[] | undefined; + AddressFamily?: string | undefined; /** - *

Represents the criteria used for sorting findings.

+ *

Specifies a particular protocol within the address family. Usually there is a single + * protocol in address families. For example, the address family AF_INET only has + * the IP protocol.

* @public */ - SortCriteria?: SortCriteria | undefined; -} + IanaProtocolNumber?: number | undefined; -/** - * @public - */ -export interface GetFindingsResponse { /** - *

A list of findings.

+ *

Specifies the Region of a process's address space such as stack and heap.

* @public */ - Findings: Finding[] | undefined; -} + MemoryRegions?: string[] | undefined; -/** - * @public - * @enum - */ -export const GroupByType = { - ACCOUNT: "ACCOUNT", - DATE: "DATE", - FINDING_TYPE: "FINDING_TYPE", - RESOURCE: "RESOURCE", - SEVERITY: "SEVERITY", -} as const; - -/** - * @public - */ -export type GroupByType = (typeof GroupByType)[keyof typeof GroupByType]; + /** + *

Name of the potentially suspicious tool.

+ * @public + */ + ToolName?: string | undefined; -/** - * @public - */ -export interface GetFindingsStatisticsRequest { /** - *

The ID of the detector whose findings statistics you - * want to retrieve.

- *

To find the detectorId in the current Region, see the - * Settings page in the GuardDuty console, or run the ListDetectors API.

+ *

Category that the tool belongs to. Some of the examples + * are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.

* @public */ - DetectorId: string | undefined; + ToolCategory?: string | undefined; /** - * @deprecated - * - *

The types of finding statistics to retrieve.

+ *

Name of the security service that has been potentially disabled.

* @public */ - FindingStatisticTypes?: FindingStatisticType[] | undefined; + ServiceName?: string | undefined; /** - *

Represents the criteria that is used for querying findings.

+ *

Example of the command line involved in the suspicious activity.

* @public */ - FindingCriteria?: FindingCriteria | undefined; + CommandLineExample?: string | undefined; /** - *

Displays the findings statistics grouped by one of the listed valid values.

+ *

The suspicious file path for which the threat intelligence details were found.

* @public */ - GroupBy?: GroupByType | undefined; + ThreatFilePath?: string | undefined; +} +/** + *

Information about the process and any required context values for a specific + * finding.

+ * @public + */ +export interface RuntimeDetails { /** - *

Displays the sorted findings in the requested order. The default - * value of orderBy is DESC.

- *

You can use this parameter only with the groupBy parameter.

+ *

Information about the observed process.

* @public */ - OrderBy?: OrderBy | undefined; + Process?: ProcessDetails | undefined; /** - *

The maximum number of results to be returned in the response. The default value is 25.

- *

You can use this parameter only with the groupBy parameter.

+ *

Additional information about the suspicious activity.

* @public */ - MaxResults?: number | undefined; + Context?: RuntimeContext | undefined; } /** + *

Contains additional information about the generated finding.

* @public */ -export interface GetFindingsStatisticsResponse { +export interface Service { /** - *

The finding statistics object.

+ *

Information about the activity that is described in a finding.

* @public */ - FindingStatistics: FindingStatistics | undefined; + Action?: Action | undefined; /** - *

The pagination parameter to be used on the next list operation to retrieve more items.

- *

This parameter is currently not supported.

+ *

An evidence object associated with the service.

* @public */ - NextToken?: string | undefined; -} + Evidence?: Evidence | undefined; -/** - * @public - */ -export interface GetInvitationsCountRequest {} + /** + *

Indicates whether this finding is archived.

+ * @public + */ + Archived?: boolean | undefined; -/** - * @public - */ -export interface GetInvitationsCountResponse { /** - *

The number of received invitations.

+ *

The total count of the occurrences of this finding type.

* @public */ - InvitationsCount?: number | undefined; -} + Count?: number | undefined; -/** - * @public - */ -export interface GetIPSetRequest { /** - *

The unique ID of the detector that is associated with the IPSet.

- *

To find the detectorId in the current Region, see the - * Settings page in the GuardDuty console, or run the ListDetectors API.

+ *

The detector ID for the GuardDuty service.

* @public */ - DetectorId: string | undefined; + DetectorId?: string | undefined; /** - *

The unique ID of the IPSet to retrieve.

+ *

The first-seen timestamp of the activity that prompted GuardDuty to generate this + * finding.

* @public */ - IpSetId: string | undefined; -} + EventFirstSeen?: string | undefined; -/** - * @public - * @enum - */ -export const IpSetStatus = { - ACTIVATING: "ACTIVATING", - ACTIVE: "ACTIVE", - DEACTIVATING: "DEACTIVATING", - DELETED: "DELETED", - DELETE_PENDING: "DELETE_PENDING", - ERROR: "ERROR", - INACTIVE: "INACTIVE", -} as const; + /** + *

The last-seen timestamp of the activity that prompted GuardDuty to generate this + * finding.

+ * @public + */ + EventLastSeen?: string | undefined; -/** - * @public - */ -export type IpSetStatus = (typeof IpSetStatus)[keyof typeof IpSetStatus]; + /** + *

The resource role information for this finding.

+ * @public + */ + ResourceRole?: string | undefined; -/** - * @public - */ -export interface GetIPSetResponse { /** - *

The user-friendly name for the IPSet.

+ *

The name of the Amazon Web Services service (GuardDuty) that generated a finding.

* @public */ - Name: string | undefined; + ServiceName?: string | undefined; /** - *

The format of the file that contains the IPSet.

+ *

Feedback that was submitted about the finding.

* @public */ - Format: IpSetFormat | undefined; + UserFeedback?: string | undefined; /** - *

The URI of the file that contains the IPSet.

+ *

Contains additional information about the generated finding.

* @public */ - Location: string | undefined; + AdditionalInfo?: ServiceAdditionalInfo | undefined; /** - *

The status of IPSet file that was uploaded.

+ *

The name of the feature that generated a finding.

* @public */ - Status: IpSetStatus | undefined; + FeatureName?: string | undefined; /** - *

The tags of the IPSet resource.

+ *

Returns details from the malware scan that created a finding.

* @public */ - Tags?: Record | undefined; -} + EbsVolumeScanDetails?: EbsVolumeScanDetails | undefined; -/** - * @public - */ -export interface GetMalwareProtectionPlanRequest { /** - *

A unique identifier associated with Malware Protection plan resource.

+ *

Information about the process and any required context values for a specific + * finding

* @public */ - MalwareProtectionPlanId: string | undefined; + RuntimeDetails?: RuntimeDetails | undefined; + + /** + *

Contains information about the detected unusual behavior.

+ * @public + */ + Detection?: Detection | undefined; + + /** + *

Returns details from the malware scan that generated a GuardDuty finding.

+ * @public + */ + MalwareScanDetails?: MalwareScanDetails | undefined; } /** + *

Contains information about the finding that is generated when abnormal or suspicious + * activity is detected.

* @public - * @enum */ -export const MalwareProtectionPlanStatus = { - ACTIVE: "ACTIVE", - ERROR: "ERROR", - WARNING: "WARNING", -} as const; +export interface Finding { + /** + *

The ID of the account in which the finding was generated.

+ * @public + */ + AccountId: string | undefined; -/** - * @public - */ -export type MalwareProtectionPlanStatus = - (typeof MalwareProtectionPlanStatus)[keyof typeof MalwareProtectionPlanStatus]; + /** + *

The ARN of the finding.

+ * @public + */ + Arn: string | undefined; -/** - *

Information about the issue code and message associated to the status of - * your Malware Protection plan.

- * @public - */ -export interface MalwareProtectionPlanStatusReason { /** - *

Issue code.

+ *

The confidence score for the finding.

* @public */ - Code?: string | undefined; + Confidence?: number | undefined; /** - *

Issue message that specifies the reason. For information - * about potential troubleshooting steps, see - * Troubleshooting Malware Protection for S3 status issues in the - * GuardDuty User Guide.

+ *

The time and date when the finding was created.

* @public */ - Message?: string | undefined; -} + CreatedAt: string | undefined; -/** - * @public - */ -export interface GetMalwareProtectionPlanResponse { /** - *

Amazon Resource Name (ARN) of the protected resource.

+ *

The description of the finding.

* @public */ - Arn?: string | undefined; + Description?: string | undefined; /** - *

Amazon Resource Name (ARN) of the IAM role that includes the permissions to scan and - * add tags to the associated protected resource.

+ *

The ID of the finding.

* @public */ - Role?: string | undefined; + Id: string | undefined; /** - *

Information about the protected resource that is associated with the created - * Malware Protection plan. Presently, S3Bucket is the only supported - * protected resource.

+ *

The partition associated with the finding.

* @public */ - ProtectedResource?: CreateProtectedResource | undefined; + Partition?: string | undefined; /** - *

Information about whether the tags will be added to the S3 object after scanning.

+ *

The Region where the finding was generated.

* @public */ - Actions?: MalwareProtectionPlanActions | undefined; + Region: string | undefined; /** - *

The timestamp when the Malware Protection plan resource was created.

+ *

Contains information about the Amazon Web Services resource associated with the activity that prompted + * GuardDuty to generate a finding.

* @public */ - CreatedAt?: Date | undefined; + Resource: Resource | undefined; + + /** + *

The version of the schema used for the finding.

+ * @public + */ + SchemaVersion: string | undefined; /** - *

Malware Protection plan status.

+ *

Contains additional information about the generated finding.

* @public */ - Status?: MalwareProtectionPlanStatus | undefined; + Service?: Service | undefined; /** - *

Information about the issue code and message associated to the status of - * your Malware Protection plan.

+ *

The severity of the finding.

* @public */ - StatusReasons?: MalwareProtectionPlanStatusReason[] | undefined; + Severity: number | undefined; /** - *

Tags added to the Malware Protection plan resource.

+ *

The title of the finding.

* @public */ - Tags?: Record | undefined; + Title?: string | undefined; + + /** + *

The type of finding.

+ * @public + */ + Type: string | undefined; + + /** + *

The time and date when the finding was last updated.

+ * @public + */ + UpdatedAt: string | undefined; + + /** + *

Amazon Resource Name (ARN) associated with the attack sequence finding.

+ * @public + */ + AssociatedAttackSequenceArn?: string | undefined; } /** + *

Information about each finding type associated with the + * groupedByFindingType statistics.

* @public */ -export interface GetMalwareScanSettingsRequest { +export interface FindingTypeStatistics { /** - *

The unique ID of the detector that is associated with this scan.

- *

To find the detectorId in the current Region, see the - * Settings page in the GuardDuty console, or run the ListDetectors API.

+ *

Name of the finding type.

* @public */ - DetectorId: string | undefined; + FindingType?: string | undefined; + + /** + *

The timestamp at which this finding type was last generated in your environment.

+ * @public + */ + LastGeneratedAt?: Date | undefined; + + /** + *

The total number of findings associated with generated for each distinct finding type.

+ * @public + */ + TotalFindings?: number | undefined; } /** + *

Information about each resource type associated with the + * groupedByResource statistics.

* @public - * @enum */ -export const ScanCriterionKey = { - EC2_INSTANCE_TAG: "EC2_INSTANCE_TAG", -} as const; +export interface ResourceStatistics { + /** + *

The ID of the Amazon Web Services account.

+ * @public + */ + AccountId?: string | undefined; -/** - * @public - */ -export type ScanCriterionKey = (typeof ScanCriterionKey)[keyof typeof ScanCriterionKey]; + /** + *

The timestamp at which the statistics for this resource was last generated.

+ * @public + */ + LastGeneratedAt?: Date | undefined; -/** - *

Represents the key:value pair to be matched against given resource property.

- * @public - */ -export interface ScanConditionPair { /** - *

Represents the key in the map condition.

+ *

ID associated with each resource. The following list provides the mapping of the resource type + * and resource ID.

+ *

+ * Mapping of resource and resource ID + *

+ *
    + *
  • + *

    AccessKey - resource.accessKeyDetails.accessKeyId + *

    + *
    • + *
  • + *

    Container - resource.containerDetails.id + *

    + *
    • + *
  • + *

    ECSCluster - resource.ecsClusterDetails.name + *

    + *
    • + *
  • + *

    EKSCluster - resource.eksClusterDetails.name + *

    + *
    • + *
  • + *

    Instance - resource.instanceDetails.instanceId + *

    + *
    • + *
  • + *

    KubernetesCluster - resource.kubernetesDetails.kubernetesWorkloadDetails.name + *

    + *
    • + *
  • + *

    Lambda - resource.lambdaDetails.functionName + *

    + *
    • + *
  • + *

    RDSDBInstance - resource.rdsDbInstanceDetails.dbInstanceIdentifier + *

    + *
    • + *
  • + *

    S3Bucket - resource.s3BucketDetails.name + *

    + *
    • + *
  • + *

    S3Object - resource.s3BucketDetails.name + *

    + *
    • + *
* @public */ - Key: string | undefined; + ResourceId?: string | undefined; /** - *

Represents optional value in the map - * condition. If not specified, only the key will be - * matched.

+ *

The type of resource.

* @public */ - Value?: string | undefined; -} + ResourceType?: string | undefined; -/** - *

Contains information about the condition.

- * @public - */ -export interface ScanCondition { /** - *

Represents an mapEqual - * condition to be applied - * to a single field when triggering for malware scan.

+ *

The total number of findings associated with this resource.

* @public */ - MapEquals: ScanConditionPair[] | undefined; + TotalFindings?: number | undefined; } /** - *

Contains information about criteria used to filter resources before triggering malware - * scan.

+ *

Information about severity level for each finding type.

* @public */ -export interface ScanResourceCriteria { +export interface SeverityStatistics { /** - *

Represents condition that when matched will allow a malware scan for a certain - * resource.

+ *

The timestamp at which a finding type for a specific severity was last generated.

+ * @public + */ + LastGeneratedAt?: Date | undefined; + + /** + *

The severity level associated with each finding type.

* @public */ - Include?: Partial> | undefined; + Severity?: number | undefined; /** - *

Represents condition that when matched will prevent a malware scan for a certain - * resource.

+ *

The total number of findings associated with this severity.

* @public */ - Exclude?: Partial> | undefined; + TotalFindings?: number | undefined; } /** + *

Contains information about finding statistics.

* @public */ -export interface GetMalwareScanSettingsResponse { +export interface FindingStatistics { /** - *

Represents the criteria to be used in the filter for scanning resources.

+ * @deprecated + * + *

Represents a list of map of severity to count statistics for a set of findings.

* @public */ - ScanResourceCriteria?: ScanResourceCriteria | undefined; + CountBySeverity?: Record | undefined; /** - *

An enum value representing possible snapshot preservation settings.

+ *

Represents a list of map of accounts with a findings count associated with each account.

* @public */ - EbsSnapshotPreservation?: EbsSnapshotPreservation | undefined; -} + GroupedByAccount?: AccountStatistics[] | undefined; -/** - * @public - */ -export interface GetMasterAccountRequest { /** - *

The unique ID of the detector of the GuardDuty member account.

- *

To find the detectorId in the current Region, see the - * Settings page in the GuardDuty console, or run the ListDetectors API.

+ *

Represents a list of map of dates with a count of total findings generated on each date per severity level.

* @public */ - DetectorId: string | undefined; -} + GroupedByDate?: DateStatistics[] | undefined; -/** - *

Contains information about the administrator account and invitation.

- * @public - */ -export interface Master { /** - *

The ID of the account used as the administrator account.

+ *

Represents a list of map of finding types with a count of total findings generated for each type.

+ *

Based on the orderBy + * parameter, this request returns either the most occurring finding types or the least occurring finding types. If the + * orderBy parameter is ASC, this will represent the least occurring finding types in + * your account; otherwise, this will represent the most occurring finding types. The default + * value of orderBy is DESC.

* @public */ - AccountId?: string | undefined; + GroupedByFindingType?: FindingTypeStatistics[] | undefined; /** - *

The value used to validate the administrator account to the member account.

+ *

Represents a list of map of top resources with a count of total findings.

* @public */ - InvitationId?: string | undefined; + GroupedByResource?: ResourceStatistics[] | undefined; /** - *

The status of the relationship between the administrator and member accounts.

+ *

Represents a list of map of total findings for each severity level.

* @public */ - RelationshipStatus?: string | undefined; + GroupedBySeverity?: SeverityStatistics[] | undefined; +} + +/** + * @public + * @enum + */ +export const FindingStatisticType = { + COUNT_BY_SEVERITY: "COUNT_BY_SEVERITY", +} as const; + +/** + * @public + */ +export type FindingStatisticType = (typeof FindingStatisticType)[keyof typeof FindingStatisticType]; +/** + * @public + */ +export interface GetAdministratorAccountRequest { /** - *

The timestamp when the invitation was sent.

+ *

The unique ID of the detector of the GuardDuty member account.

* @public */ - InvitedAt?: string | undefined; + DetectorId: string | undefined; } /** * @public */ -export interface GetMasterAccountResponse { +export interface GetAdministratorAccountResponse { /** *

The administrator account details.

* @public */ - Master: Master | undefined; + Administrator: Administrator | undefined; } /** * @public */ -export interface GetMemberDetectorsRequest { +export interface GetCoverageStatisticsRequest { /** - *

The detector ID for the administrator account.

+ *

The unique ID of the GuardDuty detector.

*

To find the detectorId in the current Region, see the * Settings page in the GuardDuty console, or run the ListDetectors API.

* @public @@ -7593,121 +7866,104 @@ export interface GetMemberDetectorsRequest { DetectorId: string | undefined; /** - *

A list of member account IDs.

+ *

Represents the criteria used to filter the coverage statistics.

* @public */ - AccountIds: string[] | undefined; -} + FilterCriteria?: CoverageFilterCriteria | undefined; -/** - *

Information about the additional configuration for the member account.

- * @public - */ -export interface MemberAdditionalConfigurationResult { /** - *

Indicates the name of the additional configuration that is set for the member - * account.

+ *

Represents the statistics type used to aggregate the coverage details.

* @public */ - Name?: OrgFeatureAdditionalConfiguration | undefined; + StatisticsType: CoverageStatisticsType[] | undefined; +} +/** + * @public + */ +export interface GetCoverageStatisticsResponse { /** - *

Indicates the status of the additional configuration that is set for the member - * account.

+ *

Represents the count aggregated by the statusCode and + * resourceType.

* @public */ - Status?: FeatureStatus | undefined; + CoverageStatistics?: CoverageStatistics | undefined; +} +/** + * @public + */ +export interface GetDetectorRequest { /** - *

The timestamp at which the additional configuration was set for the member account. This - * is in UTC format.

+ *

The unique ID of the detector that you want to get.

+ *

To find the detectorId in the current Region, see the + * Settings page in the GuardDuty console, or run the ListDetectors API.

* @public */ - UpdatedAt?: Date | undefined; + DetectorId: string | undefined; } /** - *

Contains information about the features for the member account.

* @public */ -export interface MemberFeaturesConfigurationResult { +export interface GetDetectorResponse { /** - *

Indicates the name of the feature that is enabled for the detector.

+ *

The timestamp of when the detector was created.

* @public */ - Name?: OrgFeature | undefined; + CreatedAt?: string | undefined; /** - *

Indicates the status of the feature that is enabled for the detector.

+ *

The publishing frequency of the finding.

* @public */ - Status?: FeatureStatus | undefined; + FindingPublishingFrequency?: FindingPublishingFrequency | undefined; /** - *

The timestamp at which the feature object was updated.

+ *

The GuardDuty service role.

* @public */ - UpdatedAt?: Date | undefined; + ServiceRole: string | undefined; /** - *

Indicates the additional configuration of the feature that is configured for the member - * account.

+ *

The detector status.

* @public */ - AdditionalConfiguration?: MemberAdditionalConfigurationResult[] | undefined; -} + Status: DetectorStatus | undefined; -/** - *

Contains information on which data sources are enabled for a member account.

- * @public - */ -export interface MemberDataSourceConfiguration { /** - *

The account ID for the member account.

+ *

The last-updated timestamp for the detector.

* @public */ - AccountId: string | undefined; + UpdatedAt?: string | undefined; /** * @deprecated * - *

Contains information on the status of data sources for the account.

+ *

Describes which data sources are enabled for the detector.

* @public */ DataSources?: DataSourceConfigurationsResult | undefined; /** - *

Contains information about the status of the features for the member account.

- * @public - */ - Features?: MemberFeaturesConfigurationResult[] | undefined; -} - -/** - * @public - */ -export interface GetMemberDetectorsResponse { - /** - *

An object that describes which data sources are enabled for a member account.

+ *

The tags of the detector resource.

* @public */ - MemberDataSourceConfigurations: MemberDataSourceConfiguration[] | undefined; + Tags?: Record | undefined; /** - *

A list of member account IDs that were unable to be processed along with an explanation - * for why they were not processed.

+ *

Describes the features that have been enabled for the detector.

* @public */ - UnprocessedAccounts: UnprocessedAccount[] | undefined; + Features?: DetectorFeatureConfigurationResult[] | undefined; } /** * @public */ -export interface GetMembersRequest { +export interface GetFilterRequest { /** - *

The unique ID of the detector of the GuardDuty account whose members you want to - * retrieve.

+ *

The unique ID of the detector that is associated with this filter.

*

To find the detectorId in the current Region, see the * Settings page in the GuardDuty console, or run the ListDetectors API.

* @public @@ -7715,173 +7971,189 @@ export interface GetMembersRequest { DetectorId: string | undefined; /** - *

A list of account IDs of the GuardDuty member accounts that you want to describe.

+ *

The name of the filter you want to get.

* @public */ - AccountIds: string[] | undefined; + FilterName: string | undefined; } /** - *

Contains information about the member account.

* @public */ -export interface Member { +export interface GetFilterResponse { /** - *

The ID of the member account.

+ *

The name of the filter.

* @public */ - AccountId: string | undefined; + Name: string | undefined; /** - *

The detector ID of the member account.

+ *

The description of the filter.

* @public */ - DetectorId?: string | undefined; + Description?: string | undefined; /** - *

The administrator account ID.

+ *

Specifies the action that is to be applied to the findings that match the filter.

* @public */ - MasterId: string | undefined; + Action: FilterAction | undefined; /** - *

The email address of the member account.

+ *

Specifies the position of the filter in the list of current filters. Also specifies the + * order in which this filter is applied to the findings.

* @public */ - Email: string | undefined; + Rank?: number | undefined; /** - *

The status of the relationship between the member and the administrator.

+ *

Represents the criteria to be used in the filter for querying findings.

* @public */ - RelationshipStatus: string | undefined; + FindingCriteria: FindingCriteria | undefined; /** - *

The timestamp when the invitation was sent.

+ *

The tags of the filter resource.

* @public */ - InvitedAt?: string | undefined; + Tags?: Record | undefined; +} +/** + * @public + */ +export interface GetFindingsRequest { /** - *

The last-updated timestamp of the member.

+ *

The ID of the detector that specifies the GuardDuty service whose findings you want to + * retrieve.

+ *

To find the detectorId in the current Region, see the + * Settings page in the GuardDuty console, or run the ListDetectors API.

* @public */ - UpdatedAt: string | undefined; + DetectorId: string | undefined; /** - *

The administrator account ID.

+ *

The IDs of the findings that you want to retrieve.

* @public */ - AdministratorId?: string | undefined; -} + FindingIds: string[] | undefined; -/** - * @public - */ -export interface GetMembersResponse { /** - *

A list of members.

+ *

Represents the criteria used for sorting findings.

* @public */ - Members: Member[] | undefined; + SortCriteria?: SortCriteria | undefined; +} +/** + * @public + */ +export interface GetFindingsResponse { /** - *

A list of objects that contain the unprocessed account and a result string that explains - * why it was unprocessed.

+ *

A list of findings.

* @public */ - UnprocessedAccounts: UnprocessedAccount[] | undefined; + Findings: Finding[] | undefined; } /** - *

Information about the coverage - * statistic for the additional - * configuration of the feature.

* @public + * @enum */ -export interface OrganizationFeatureStatisticsAdditionalConfiguration { - /** - *

Name of the additional configuration within a feature.

- * @public - */ - Name?: OrgFeatureAdditionalConfiguration | undefined; +export const GroupByType = { + ACCOUNT: "ACCOUNT", + DATE: "DATE", + FINDING_TYPE: "FINDING_TYPE", + RESOURCE: "RESOURCE", + SEVERITY: "SEVERITY", +} as const; - /** - *

Total number of accounts that have enabled the additional - * configuration.

- * @public - */ - EnabledAccountsCount?: number | undefined; -} +/** + * @public + */ +export type GroupByType = (typeof GroupByType)[keyof typeof GroupByType]; /** - *

Information about the number of accounts - * that have enabled a specific feature.

* @public */ -export interface OrganizationFeatureStatistics { +export interface GetFindingsStatisticsRequest { + /** + *

The ID of the detector whose findings statistics you + * want to retrieve.

+ *

To find the detectorId in the current Region, see the + * Settings page in the GuardDuty console, or run the ListDetectors API.

+ * @public + */ + DetectorId: string | undefined; + /** - *

Name of the feature.

+ * @deprecated + * + *

The types of finding statistics to retrieve.

* @public */ - Name?: OrgFeature | undefined; + FindingStatisticTypes?: FindingStatisticType[] | undefined; /** - *

Total number of accounts that have enabled a specific - * feature.

+ *

Represents the criteria that is used for querying findings.

* @public */ - EnabledAccountsCount?: number | undefined; + FindingCriteria?: FindingCriteria | undefined; /** - *

Name of the additional configuration.

+ *

Displays the findings statistics grouped by one of the listed valid values.

* @public */ - AdditionalConfiguration?: OrganizationFeatureStatisticsAdditionalConfiguration[] | undefined; -} + GroupBy?: GroupByType | undefined; -/** - *

Information about the coverage statistics of the - * features for the entire - * Amazon Web Services organization.

- *

When you create a new Amazon Web Services organization, it might - * take up to 24 hours to - * generate the statistics summary for this organization.

- * @public - */ -export interface OrganizationStatistics { /** - *

Total number of accounts in your Amazon Web Services organization.

+ *

Displays the sorted findings in the requested order. The default + * value of orderBy is DESC.

+ *

You can use this parameter only with the groupBy parameter.

* @public */ - TotalAccountsCount?: number | undefined; + OrderBy?: OrderBy | undefined; /** - *

Total number of accounts in your Amazon Web Services organization - * that are associated with GuardDuty.

+ *

The maximum number of results to be returned in the response. The default value is 25.

+ *

You can use this parameter only with the groupBy parameter.

* @public */ - MemberAccountsCount?: number | undefined; + MaxResults?: number | undefined; +} +/** + * @public + */ +export interface GetFindingsStatisticsResponse { /** - *

Total number of active accounts in your Amazon Web Services - * organization that are associated with GuardDuty.

+ *

The finding statistics object.

* @public */ - ActiveAccountsCount?: number | undefined; + FindingStatistics: FindingStatistics | undefined; /** - *

Total number of accounts that have enabled GuardDuty.

+ *

The pagination parameter to be used on the next list operation to retrieve more items.

+ *

This parameter is currently not supported.

* @public */ - EnabledAccountsCount?: number | undefined; + NextToken?: string | undefined; +} + +/** + * @public + */ +export interface GetInvitationsCountRequest {} +/** + * @public + */ +export interface GetInvitationsCountResponse { /** - *

Retrieves the coverage - * statistics for each feature.

+ *

The number of received invitations.

* @public */ - CountByFeature?: OrganizationFeatureStatistics[] | undefined; + InvitationsCount?: number | undefined; } /** @@ -7998,6 +8270,47 @@ export const PrivateIpAddressDetailsFilterSensitiveLog = (obj: PrivateIpAddressD ...(obj.PrivateIpAddress && { PrivateIpAddress: SENSITIVE_STRING }), }); +/** + * @internal + */ +export const Ec2NetworkInterfaceFilterSensitiveLog = (obj: Ec2NetworkInterface): any => ({ + ...obj, + ...(obj.PrivateIpAddresses && { + PrivateIpAddresses: obj.PrivateIpAddresses.map((item) => PrivateIpAddressDetailsFilterSensitiveLog(item)), + }), +}); + +/** + * @internal + */ +export const ResourceDataFilterSensitiveLog = (obj: ResourceData): any => ({ + ...obj, + ...(obj.Ec2NetworkInterface && { + Ec2NetworkInterface: Ec2NetworkInterfaceFilterSensitiveLog(obj.Ec2NetworkInterface), + }), +}); + +/** + * @internal + */ +export const ResourceV2FilterSensitiveLog = (obj: ResourceV2): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const SequenceFilterSensitiveLog = (obj: Sequence): any => ({ + ...obj, +}); + +/** + * @internal + */ +export const DetectionFilterSensitiveLog = (obj: Detection): any => ({ + ...obj, +}); + /** * @internal */ @@ -8050,19 +8363,3 @@ export const GetFindingsResponseFilterSensitiveLog = (obj: GetFindingsResponse): ...obj, ...(obj.Findings && { Findings: obj.Findings.map((item) => FindingFilterSensitiveLog(item)) }), }); - -/** - * @internal - */ -export const MemberFilterSensitiveLog = (obj: Member): any => ({ - ...obj, - ...(obj.Email && { Email: SENSITIVE_STRING }), -}); - -/** - * @internal - */ -export const GetMembersResponseFilterSensitiveLog = (obj: GetMembersResponse): any => ({ - ...obj, - ...(obj.Members && { Members: obj.Members.map((item) => MemberFilterSensitiveLog(item)) }), -}); diff --git a/clients/client-guardduty/src/models/models_1.ts b/clients/client-guardduty/src/models/models_1.ts index e6a424b2e4e6..062b173f6cf0 100644 --- a/clients/client-guardduty/src/models/models_1.ts +++ b/clients/client-guardduty/src/models/models_1.ts @@ -1,4 +1,6 @@ // smithy-typescript generated code +import { SENSITIVE_STRING } from "@smithy/smithy-client"; + import { AccountFreeTrialInfo, AdminAccount, @@ -6,8 +8,10 @@ import { CoverageFilterCriteria, CoverageResource, CoverageSortCriteria, + CreateProtectedResource, DataSource, DataSourceConfigurations, + DataSourceConfigurationsResult, Destination, DestinationProperties, DetectorFeatureConfiguration, @@ -17,19 +21,651 @@ import { FilterAction, FindingCriteria, FindingPublishingFrequency, + IpSetFormat, MalwareProtectionPlanActions, - Member, - MemberFilterSensitiveLog, - OrganizationStatistics, OrgFeature, OrgFeatureAdditionalConfiguration, OrgFeatureStatus, - ScanResourceCriteria, SortCriteria, ThreatIntelSetFormat, UnprocessedAccount, } from "./models_0"; +/** + * @public + */ +export interface GetIPSetRequest { + /** + *

The unique ID of the detector that is associated with the IPSet.

+ *

To find the detectorId in the current Region, see the + * Settings page in the GuardDuty console, or run the ListDetectors API.

+ * @public + */ + DetectorId: string | undefined; + + /** + *

The unique ID of the IPSet to retrieve.

+ * @public + */ + IpSetId: string | undefined; +} + +/** + * @public + * @enum + */ +export const IpSetStatus = { + ACTIVATING: "ACTIVATING", + ACTIVE: "ACTIVE", + DEACTIVATING: "DEACTIVATING", + DELETED: "DELETED", + DELETE_PENDING: "DELETE_PENDING", + ERROR: "ERROR", + INACTIVE: "INACTIVE", +} as const; + +/** + * @public + */ +export type IpSetStatus = (typeof IpSetStatus)[keyof typeof IpSetStatus]; + +/** + * @public + */ +export interface GetIPSetResponse { + /** + *

The user-friendly name for the IPSet.

+ * @public + */ + Name: string | undefined; + + /** + *

The format of the file that contains the IPSet.

+ * @public + */ + Format: IpSetFormat | undefined; + + /** + *

The URI of the file that contains the IPSet.

+ * @public + */ + Location: string | undefined; + + /** + *

The status of IPSet file that was uploaded.

+ * @public + */ + Status: IpSetStatus | undefined; + + /** + *

The tags of the IPSet resource.

+ * @public + */ + Tags?: Record | undefined; +} + +/** + * @public + */ +export interface GetMalwareProtectionPlanRequest { + /** + *

A unique identifier associated with Malware Protection plan resource.

+ * @public + */ + MalwareProtectionPlanId: string | undefined; +} + +/** + * @public + * @enum + */ +export const MalwareProtectionPlanStatus = { + ACTIVE: "ACTIVE", + ERROR: "ERROR", + WARNING: "WARNING", +} as const; + +/** + * @public + */ +export type MalwareProtectionPlanStatus = + (typeof MalwareProtectionPlanStatus)[keyof typeof MalwareProtectionPlanStatus]; + +/** + *

Information about the issue code and message associated to the status of + * your Malware Protection plan.

+ * @public + */ +export interface MalwareProtectionPlanStatusReason { + /** + *

Issue code.

+ * @public + */ + Code?: string | undefined; + + /** + *

Issue message that specifies the reason. For information + * about potential troubleshooting steps, see + * Troubleshooting Malware Protection for S3 status issues in the + * GuardDuty User Guide.

+ * @public + */ + Message?: string | undefined; +} + +/** + * @public + */ +export interface GetMalwareProtectionPlanResponse { + /** + *

Amazon Resource Name (ARN) of the protected resource.

+ * @public + */ + Arn?: string | undefined; + + /** + *

Amazon Resource Name (ARN) of the IAM role that includes the permissions to scan and + * add tags to the associated protected resource.

+ * @public + */ + Role?: string | undefined; + + /** + *

Information about the protected resource that is associated with the created + * Malware Protection plan. Presently, S3Bucket is the only supported + * protected resource.

+ * @public + */ + ProtectedResource?: CreateProtectedResource | undefined; + + /** + *

Information about whether the tags will be added to the S3 object after scanning.

+ * @public + */ + Actions?: MalwareProtectionPlanActions | undefined; + + /** + *

The timestamp when the Malware Protection plan resource was created.

+ * @public + */ + CreatedAt?: Date | undefined; + + /** + *

Malware Protection plan status.

+ * @public + */ + Status?: MalwareProtectionPlanStatus | undefined; + + /** + *

Information about the issue code and message associated to the status of + * your Malware Protection plan.

+ * @public + */ + StatusReasons?: MalwareProtectionPlanStatusReason[] | undefined; + + /** + *

Tags added to the Malware Protection plan resource.

+ * @public + */ + Tags?: Record | undefined; +} + +/** + * @public + */ +export interface GetMalwareScanSettingsRequest { + /** + *

The unique ID of the detector that is associated with this scan.

+ *

To find the detectorId in the current Region, see the + * Settings page in the GuardDuty console, or run the ListDetectors API.

+ * @public + */ + DetectorId: string | undefined; +} + +/** + * @public + * @enum + */ +export const ScanCriterionKey = { + EC2_INSTANCE_TAG: "EC2_INSTANCE_TAG", +} as const; + +/** + * @public + */ +export type ScanCriterionKey = (typeof ScanCriterionKey)[keyof typeof ScanCriterionKey]; + +/** + *

Represents the key:value pair to be matched against given resource property.

+ * @public + */ +export interface ScanConditionPair { + /** + *

Represents the key in the map condition.

+ * @public + */ + Key: string | undefined; + + /** + *

Represents optional value in the map + * condition. If not specified, only the key will be + * matched.

+ * @public + */ + Value?: string | undefined; +} + +/** + *

Contains information about the condition.

+ * @public + */ +export interface ScanCondition { + /** + *

Represents an mapEqual + * condition to be applied + * to a single field when triggering for malware scan.

+ * @public + */ + MapEquals: ScanConditionPair[] | undefined; +} + +/** + *

Contains information about criteria used to filter resources before triggering malware + * scan.

+ * @public + */ +export interface ScanResourceCriteria { + /** + *

Represents condition that when matched will allow a malware scan for a certain + * resource.

+ * @public + */ + Include?: Partial> | undefined; + + /** + *

Represents condition that when matched will prevent a malware scan for a certain + * resource.

+ * @public + */ + Exclude?: Partial> | undefined; +} + +/** + * @public + */ +export interface GetMalwareScanSettingsResponse { + /** + *

Represents the criteria to be used in the filter for scanning resources.

+ * @public + */ + ScanResourceCriteria?: ScanResourceCriteria | undefined; + + /** + *

An enum value representing possible snapshot preservation settings.

+ * @public + */ + EbsSnapshotPreservation?: EbsSnapshotPreservation | undefined; +} + +/** + * @public + */ +export interface GetMasterAccountRequest { + /** + *

The unique ID of the detector of the GuardDuty member account.

+ *

To find the detectorId in the current Region, see the + * Settings page in the GuardDuty console, or run the ListDetectors API.

+ * @public + */ + DetectorId: string | undefined; +} + +/** + *

Contains information about the administrator account and invitation.

+ * @public + */ +export interface Master { + /** + *

The ID of the account used as the administrator account.

+ * @public + */ + AccountId?: string | undefined; + + /** + *

The value used to validate the administrator account to the member account.

+ * @public + */ + InvitationId?: string | undefined; + + /** + *

The status of the relationship between the administrator and member accounts.

+ * @public + */ + RelationshipStatus?: string | undefined; + + /** + *

The timestamp when the invitation was sent.

+ * @public + */ + InvitedAt?: string | undefined; +} + +/** + * @public + */ +export interface GetMasterAccountResponse { + /** + *

The administrator account details.

+ * @public + */ + Master: Master | undefined; +} + +/** + * @public + */ +export interface GetMemberDetectorsRequest { + /** + *

The detector ID for the administrator account.

+ *

To find the detectorId in the current Region, see the + * Settings page in the GuardDuty console, or run the ListDetectors API.

+ * @public + */ + DetectorId: string | undefined; + + /** + *

A list of member account IDs.

+ * @public + */ + AccountIds: string[] | undefined; +} + +/** + *

Information about the additional configuration for the member account.

+ * @public + */ +export interface MemberAdditionalConfigurationResult { + /** + *

Indicates the name of the additional configuration that is set for the member + * account.

+ * @public + */ + Name?: OrgFeatureAdditionalConfiguration | undefined; + + /** + *

Indicates the status of the additional configuration that is set for the member + * account.

+ * @public + */ + Status?: FeatureStatus | undefined; + + /** + *

The timestamp at which the additional configuration was set for the member account. This + * is in UTC format.

+ * @public + */ + UpdatedAt?: Date | undefined; +} + +/** + *

Contains information about the features for the member account.

+ * @public + */ +export interface MemberFeaturesConfigurationResult { + /** + *

Indicates the name of the feature that is enabled for the detector.

+ * @public + */ + Name?: OrgFeature | undefined; + + /** + *

Indicates the status of the feature that is enabled for the detector.

+ * @public + */ + Status?: FeatureStatus | undefined; + + /** + *

The timestamp at which the feature object was updated.

+ * @public + */ + UpdatedAt?: Date | undefined; + + /** + *

Indicates the additional configuration of the feature that is configured for the member + * account.

+ * @public + */ + AdditionalConfiguration?: MemberAdditionalConfigurationResult[] | undefined; +} + +/** + *

Contains information on which data sources are enabled for a member account.

+ * @public + */ +export interface MemberDataSourceConfiguration { + /** + *

The account ID for the member account.

+ * @public + */ + AccountId: string | undefined; + + /** + * @deprecated + * + *

Contains information on the status of data sources for the account.

+ * @public + */ + DataSources?: DataSourceConfigurationsResult | undefined; + + /** + *

Contains information about the status of the features for the member account.

+ * @public + */ + Features?: MemberFeaturesConfigurationResult[] | undefined; +} + +/** + * @public + */ +export interface GetMemberDetectorsResponse { + /** + *

An object that describes which data sources are enabled for a member account.

+ * @public + */ + MemberDataSourceConfigurations: MemberDataSourceConfiguration[] | undefined; + + /** + *

A list of member account IDs that were unable to be processed along with an explanation + * for why they were not processed.

+ * @public + */ + UnprocessedAccounts: UnprocessedAccount[] | undefined; +} + +/** + * @public + */ +export interface GetMembersRequest { + /** + *

The unique ID of the detector of the GuardDuty account whose members you want to + * retrieve.

+ *

To find the detectorId in the current Region, see the + * Settings page in the GuardDuty console, or run the ListDetectors API.

+ * @public + */ + DetectorId: string | undefined; + + /** + *

A list of account IDs of the GuardDuty member accounts that you want to describe.

+ * @public + */ + AccountIds: string[] | undefined; +} + +/** + *

Contains information about the member account.

+ * @public + */ +export interface Member { + /** + *

The ID of the member account.

+ * @public + */ + AccountId: string | undefined; + + /** + *

The detector ID of the member account.

+ * @public + */ + DetectorId?: string | undefined; + + /** + *

The administrator account ID.

+ * @public + */ + MasterId: string | undefined; + + /** + *

The email address of the member account.

+ * @public + */ + Email: string | undefined; + + /** + *

The status of the relationship between the member and the administrator.

+ * @public + */ + RelationshipStatus: string | undefined; + + /** + *

The timestamp when the invitation was sent.

+ * @public + */ + InvitedAt?: string | undefined; + + /** + *

The last-updated timestamp of the member.

+ * @public + */ + UpdatedAt: string | undefined; + + /** + *

The administrator account ID.

+ * @public + */ + AdministratorId?: string | undefined; +} + +/** + * @public + */ +export interface GetMembersResponse { + /** + *

A list of members.

+ * @public + */ + Members: Member[] | undefined; + + /** + *

A list of objects that contain the unprocessed account and a result string that explains + * why it was unprocessed.

+ * @public + */ + UnprocessedAccounts: UnprocessedAccount[] | undefined; +} + +/** + *

Information about the coverage + * statistic for the additional + * configuration of the feature.

+ * @public + */ +export interface OrganizationFeatureStatisticsAdditionalConfiguration { + /** + *

Name of the additional configuration within a feature.

+ * @public + */ + Name?: OrgFeatureAdditionalConfiguration | undefined; + + /** + *

Total number of accounts that have enabled the additional + * configuration.

+ * @public + */ + EnabledAccountsCount?: number | undefined; +} + +/** + *

Information about the number of accounts + * that have enabled a specific feature.

+ * @public + */ +export interface OrganizationFeatureStatistics { + /** + *

Name of the feature.

+ * @public + */ + Name?: OrgFeature | undefined; + + /** + *

Total number of accounts that have enabled a specific + * feature.

+ * @public + */ + EnabledAccountsCount?: number | undefined; + + /** + *

Name of the additional configuration.

+ * @public + */ + AdditionalConfiguration?: OrganizationFeatureStatisticsAdditionalConfiguration[] | undefined; +} + +/** + *

Information about the coverage statistics of the + * features for the entire + * Amazon Web Services organization.

+ *

When you create a new Amazon Web Services organization, it might + * take up to 24 hours to + * generate the statistics summary for this organization.

+ * @public + */ +export interface OrganizationStatistics { + /** + *

Total number of accounts in your Amazon Web Services organization.

+ * @public + */ + TotalAccountsCount?: number | undefined; + + /** + *

Total number of accounts in your Amazon Web Services organization + * that are associated with GuardDuty.

+ * @public + */ + MemberAccountsCount?: number | undefined; + + /** + *

Total number of active accounts in your Amazon Web Services + * organization that are associated with GuardDuty.

+ * @public + */ + ActiveAccountsCount?: number | undefined; + + /** + *

Total number of accounts that have enabled GuardDuty.

+ * @public + */ + EnabledAccountsCount?: number | undefined; + + /** + *

Retrieves the coverage + * statistics for each feature.

+ * @public + */ + CountByFeature?: OrganizationFeatureStatistics[] | undefined; +} + /** *

Information about GuardDuty coverage statistics for members * in your Amazon Web Services organization.

@@ -2152,6 +2788,22 @@ export interface UpdateThreatIntelSetRequest { */ export interface UpdateThreatIntelSetResponse {} +/** + * @internal + */ +export const MemberFilterSensitiveLog = (obj: Member): any => ({ + ...obj, + ...(obj.Email && { Email: SENSITIVE_STRING }), +}); + +/** + * @internal + */ +export const GetMembersResponseFilterSensitiveLog = (obj: GetMembersResponse): any => ({ + ...obj, + ...(obj.Members && { Members: obj.Members.map((item) => MemberFilterSensitiveLog(item)) }), +}); + /** * @internal */ diff --git a/clients/client-guardduty/src/protocols/Aws_restJson1.ts b/clients/client-guardduty/src/protocols/Aws_restJson1.ts index 1974162e3c56..694202785d66 100644 --- a/clients/client-guardduty/src/protocols/Aws_restJson1.ts +++ b/clients/client-guardduty/src/protocols/Aws_restJson1.ts @@ -220,12 +220,15 @@ import { GuardDutyServiceException as __BaseException } from "../models/GuardDut import { AccessControlList, AccessDeniedException, + AccessKey, AccessKeyDetails, + Account, AccountDetail, AccountFreeTrialInfo, AccountLevelPermissions, AccountStatistics, Action, + Actor, AddonDetails, AdminAccount, Administrator, @@ -233,6 +236,7 @@ import { Anomaly, AnomalyObject, AnomalyUnusual, + AutonomousSystem, AwsApiCallAction, BadRequestException, BlockPublicAccess, @@ -278,6 +282,8 @@ import { EbsVolumeDetails, EbsVolumeScanDetails, EbsVolumesResult, + Ec2Instance, + Ec2NetworkInterface, EcsClusterDetails, EcsTaskDetails, EksClusterDetails, @@ -298,6 +304,7 @@ import { HostPath, IamInstanceProfile, ImpersonatedUser, + Indicator, InstanceDetails, InternalServerErrorException, ItemPath, @@ -322,15 +329,12 @@ import { MalwareProtectionConfigurationResult, MalwareProtectionDataSourceFreeTrial, MalwareProtectionPlanActions, - MalwareProtectionPlanStatusReason, MalwareProtectionPlanTaggingAction, MalwareScanDetails, - Master, - Member, - MemberAdditionalConfigurationResult, - MemberDataSourceConfiguration, - MemberFeaturesConfigurationResult, + NetworkConnection, NetworkConnectionAction, + NetworkEndpoint, + NetworkGeoLocation, NetworkInterface, Observations, Organization, @@ -338,14 +342,11 @@ import { OrganizationDataSourceConfigurationsResult, OrganizationEbsVolumesResult, OrganizationFeatureConfigurationResult, - OrganizationFeatureStatistics, - OrganizationFeatureStatisticsAdditionalConfiguration, OrganizationKubernetesAuditLogsConfigurationResult, OrganizationKubernetesConfigurationResult, OrganizationMalwareProtectionConfigurationResult, OrganizationS3LogsConfigurationResult, OrganizationScanEc2InstanceWithFindingsResult, - OrganizationStatistics, Owner, PermissionConfiguration, PortProbeAction, @@ -354,6 +355,7 @@ import { ProcessDetails, ProductCode, PublicAccess, + PublicAccessConfiguration, RdsDbInstanceDetails, RdsDbUserDetails, RdsLimitlessDbDetails, @@ -362,32 +364,35 @@ import { RemoteIpDetails, RemotePortDetails, Resource, + ResourceData, ResourceDetails, ResourceNotFoundException, ResourceStatistics, + ResourceV2, RuntimeContext, RuntimeDetails, + S3Bucket, S3BucketDetail, S3LogsConfiguration, S3LogsConfigurationResult, + S3Object, S3ObjectDetail, Scan, - ScanCondition, - ScanConditionPair, - ScanCriterionKey, ScanDetections, ScanEc2InstanceWithFindings, ScanEc2InstanceWithFindingsResult, ScanFilePath, ScannedItemCount, - ScanResourceCriteria, ScanResultDetails, ScanThreatName, SecurityContext, SecurityGroup, + Sequence, Service, ServiceAdditionalInfo, + Session, SeverityStatistics, + Signal, SortCriteria, Tag, Threat, @@ -397,6 +402,7 @@ import { TriggerDetails, UnprocessedAccount, UnprocessedDataSourcesResult, + User, Volume, VolumeDetail, VolumeMount, @@ -404,19 +410,32 @@ import { } from "../models/models_0"; import { Invitation, + MalwareProtectionPlanStatusReason, MalwareProtectionPlanSummary, + Master, + Member, MemberAdditionalConfiguration, + MemberAdditionalConfigurationResult, + MemberDataSourceConfiguration, MemberFeaturesConfiguration, + MemberFeaturesConfigurationResult, OrganizationAdditionalConfiguration, OrganizationDataSourceConfigurations, OrganizationDetails, OrganizationEbsVolumes, OrganizationFeatureConfiguration, + OrganizationFeatureStatistics, + OrganizationFeatureStatisticsAdditionalConfiguration, OrganizationKubernetesAuditLogsConfiguration, OrganizationKubernetesConfiguration, OrganizationMalwareProtectionConfiguration, OrganizationS3LogsConfiguration, OrganizationScanEc2InstanceWithFindings, + OrganizationStatistics, + ScanCondition, + ScanConditionPair, + ScanCriterionKey, + ScanResourceCriteria, Total, UpdateProtectedResource, UpdateS3BucketResource, @@ -4288,6 +4307,17 @@ const de_AccessControlList = (output: any, context: __SerdeContext): AccessContr }) as any; }; +/** + * deserializeAws_restJson1AccessKey + */ +const de_AccessKey = (output: any, context: __SerdeContext): AccessKey => { + return take(output, { + PrincipalId: [, __expectString, `principalId`], + UserName: [, __expectString, `userName`], + UserType: [, __expectString, `userType`], + }) as any; +}; + /** * deserializeAws_restJson1AccessKeyDetails */ @@ -4300,6 +4330,16 @@ const de_AccessKeyDetails = (output: any, context: __SerdeContext): AccessKeyDet }) as any; }; +/** + * deserializeAws_restJson1Account + */ +const de_Account = (output: any, context: __SerdeContext): Account => { + return take(output, { + Name: [, __expectString, `account`], + Uid: [, __expectString, `uid`], + }) as any; +}; + /** * deserializeAws_restJson1AccountFreeTrialInfo */ @@ -4369,6 +4409,31 @@ const de_Action = (output: any, context: __SerdeContext): Action => { }) as any; }; +/** + * deserializeAws_restJson1Actor + */ +const de_Actor = (output: any, context: __SerdeContext): Actor => { + return take(output, { + Id: [, __expectString, `id`], + Session: [, (_: any) => de_Session(_, context), `session`], + User: [, (_: any) => de_User(_, context), `user`], + }) as any; +}; + +// de_ActorIds omitted. + +/** + * deserializeAws_restJson1Actors + */ +const de_Actors = (output: any, context: __SerdeContext): Actor[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_Actor(entry, context); + }); + return retVal; +}; + /** * deserializeAws_restJson1AddonDetails */ @@ -4508,6 +4573,16 @@ const de_AnomalyUnusualBehaviorFeature = (output: any, context: __SerdeContext): }, {} as Record); }; +/** + * deserializeAws_restJson1AutonomousSystem + */ +const de_AutonomousSystem = (output: any, context: __SerdeContext): AutonomousSystem => { + return take(output, { + Name: [, __expectString, `name`], + Number: [, __expectInt32, `number`], + }) as any; +}; + /** * deserializeAws_restJson1AwsApiCallAction */ @@ -4881,6 +4956,7 @@ const de_Destinations = (output: any, context: __SerdeContext): Destination[] => const de_Detection = (output: any, context: __SerdeContext): Detection => { return take(output, { Anomaly: [, (_: any) => de_Anomaly(_, context), `anomaly`], + Sequence: [, (_: any) => de_Sequence(_, context), `sequence`], }) as any; }; @@ -5014,6 +5090,39 @@ const de_EbsVolumesResult = (output: any, context: __SerdeContext): EbsVolumesRe }) as any; }; +/** + * deserializeAws_restJson1Ec2Instance + */ +const de_Ec2Instance = (output: any, context: __SerdeContext): Ec2Instance => { + return take(output, { + AvailabilityZone: [, __expectString, `availabilityZone`], + Ec2NetworkInterfaceUids: [, _json, `ec2NetworkInterfaceUids`], + IamInstanceProfile: (_: any) => de_IamInstanceProfile(_, context), + ImageDescription: [, __expectString, `imageDescription`], + InstanceState: [, __expectString, `instanceState`], + InstanceType: [, __expectString, `instanceType`], + OutpostArn: [, __expectString, `outpostArn`], + Platform: [, __expectString, `platform`], + ProductCodes: [, (_: any) => de_ProductCodes(_, context), `productCodes`], + }) as any; +}; + +/** + * deserializeAws_restJson1Ec2NetworkInterface + */ +const de_Ec2NetworkInterface = (output: any, context: __SerdeContext): Ec2NetworkInterface => { + return take(output, { + Ipv6Addresses: [, _json, `ipv6Addresses`], + PrivateIpAddresses: [, (_: any) => de_PrivateIpAddresses(_, context), `privateIpAddresses`], + PublicIp: [, __expectString, `publicIp`], + SecurityGroups: [, (_: any) => de_SecurityGroups(_, context), `securityGroups`], + SubNetId: [, __expectString, `subNetId`], + VpcId: [, __expectString, `vpcId`], + }) as any; +}; + +// de_Ec2NetworkInterfaceUids omitted. + /** * deserializeAws_restJson1EcsClusterDetails */ @@ -5063,6 +5172,8 @@ const de_EksClusterDetails = (output: any, context: __SerdeContext): EksClusterD }) as any; }; +// de_EndpointIds omitted. + // de_Eq omitted. // de_Equals omitted. @@ -5107,6 +5218,7 @@ const de_Finding = (output: any, context: __SerdeContext): Finding => { return take(output, { AccountId: [, __expectString, `accountId`], Arn: [, __expectString, `arn`], + AssociatedAttackSequenceArn: [, __expectString, `associatedAttackSequenceArn`], Confidence: [, __limitedParseDouble, `confidence`], CreatedAt: [, __expectString, `createdAt`], Description: [, __expectString, `description`], @@ -5322,6 +5434,31 @@ const de_ImpersonatedUser = (output: any, context: __SerdeContext): Impersonated }) as any; }; +/** + * deserializeAws_restJson1Indicator + */ +const de_Indicator = (output: any, context: __SerdeContext): Indicator => { + return take(output, { + Key: [, __expectString, `key`], + Title: [, __expectString, `title`], + Values: [, _json, `values`], + }) as any; +}; + +/** + * deserializeAws_restJson1Indicators + */ +const de_Indicators = (output: any, context: __SerdeContext): Indicator[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_Indicator(entry, context); + }); + return retVal; +}; + +// de_IndicatorValues omitted. + /** * deserializeAws_restJson1InstanceDetails */ @@ -5866,6 +6003,15 @@ const de_Members = (output: any, context: __SerdeContext): Member[] => { // de_Neq omitted. +/** + * deserializeAws_restJson1NetworkConnection + */ +const de_NetworkConnection = (output: any, context: __SerdeContext): NetworkConnection => { + return take(output, { + Direction: [, __expectString, `direction`], + }) as any; +}; + /** * deserializeAws_restJson1NetworkConnectionAction */ @@ -5882,6 +6028,45 @@ const de_NetworkConnectionAction = (output: any, context: __SerdeContext): Netwo }) as any; }; +/** + * deserializeAws_restJson1NetworkEndpoint + */ +const de_NetworkEndpoint = (output: any, context: __SerdeContext): NetworkEndpoint => { + return take(output, { + AutonomousSystem: [, (_: any) => de_AutonomousSystem(_, context), `autonomousSystem`], + Connection: [, (_: any) => de_NetworkConnection(_, context), `connection`], + Domain: [, __expectString, `domain`], + Id: [, __expectString, `id`], + Ip: [, __expectString, `ip`], + Location: [, (_: any) => de_NetworkGeoLocation(_, context), `location`], + Port: [, __expectInt32, `port`], + }) as any; +}; + +/** + * deserializeAws_restJson1NetworkEndpoints + */ +const de_NetworkEndpoints = (output: any, context: __SerdeContext): NetworkEndpoint[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_NetworkEndpoint(entry, context); + }); + return retVal; +}; + +/** + * deserializeAws_restJson1NetworkGeoLocation + */ +const de_NetworkGeoLocation = (output: any, context: __SerdeContext): NetworkGeoLocation => { + return take(output, { + City: [, __expectString, `city`], + Country: [, __expectString, `country`], + Latitude: [, __limitedParseDouble, `lat`], + Longitude: [, __limitedParseDouble, `lon`], + }) as any; +}; + /** * deserializeAws_restJson1NetworkInterface */ @@ -6297,6 +6482,18 @@ const de_PublicAccess = (output: any, context: __SerdeContext): PublicAccess => }) as any; }; +/** + * deserializeAws_restJson1PublicAccessConfiguration + */ +const de_PublicAccessConfiguration = (output: any, context: __SerdeContext): PublicAccessConfiguration => { + return take(output, { + PublicAclAccess: [, __expectString, `publicAclAccess`], + PublicAclIgnoreBehavior: [, __expectString, `publicAclIgnoreBehavior`], + PublicBucketRestrictBehavior: [, __expectString, `publicBucketRestrictBehavior`], + PublicPolicyAccess: [, __expectString, `publicPolicyAccess`], + }) as any; +}; + /** * deserializeAws_restJson1RdsDbInstanceDetails */ @@ -6404,6 +6601,19 @@ const de_Resource = (output: any, context: __SerdeContext): Resource => { }) as any; }; +/** + * deserializeAws_restJson1ResourceData + */ +const de_ResourceData = (output: any, context: __SerdeContext): ResourceData => { + return take(output, { + AccessKey: [, (_: any) => de_AccessKey(_, context), `accessKey`], + Ec2Instance: [, (_: any) => de_Ec2Instance(_, context), `ec2Instance`], + Ec2NetworkInterface: [, (_: any) => de_Ec2NetworkInterface(_, context), `ec2NetworkInterface`], + S3Bucket: [, (_: any) => de_S3Bucket(_, context), `s3Bucket`], + S3Object: [, (_: any) => de_S3Object(_, context), `s3Object`], + }) as any; +}; + /** * deserializeAws_restJson1ResourceDetails */ @@ -6413,6 +6623,18 @@ const de_ResourceDetails = (output: any, context: __SerdeContext): ResourceDetai }) as any; }; +/** + * deserializeAws_restJson1Resources + */ +const de_Resources = (output: any, context: __SerdeContext): ResourceV2[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_ResourceV2(entry, context); + }); + return retVal; +}; + /** * deserializeAws_restJson1ResourceStatistics */ @@ -6426,6 +6648,25 @@ const de_ResourceStatistics = (output: any, context: __SerdeContext): ResourceSt }) as any; }; +// de_ResourceUids omitted. + +/** + * deserializeAws_restJson1ResourceV2 + */ +const de_ResourceV2 = (output: any, context: __SerdeContext): ResourceV2 => { + return take(output, { + AccountId: [, __expectString, `accountId`], + CloudPartition: [, __expectString, `cloudPartition`], + Data: [, (_: any) => de_ResourceData(_, context), `data`], + Name: [, __expectString, `name`], + Region: [, __expectString, `region`], + ResourceType: [, __expectString, `resourceType`], + Service: [, __expectString, `service`], + Tags: [, (_: any) => de_Tags(_, context), `tags`], + Uid: [, __expectString, `uid`], + }) as any; +}; + /** * deserializeAws_restJson1RuntimeContext */ @@ -6469,6 +6710,24 @@ const de_RuntimeDetails = (output: any, context: __SerdeContext): RuntimeDetails }) as any; }; +/** + * deserializeAws_restJson1S3Bucket + */ +const de_S3Bucket = (output: any, context: __SerdeContext): S3Bucket => { + return take(output, { + AccountPublicAccess: [, (_: any) => de_PublicAccessConfiguration(_, context), `accountPublicAccess`], + BucketPublicAccess: [, (_: any) => de_PublicAccessConfiguration(_, context), `bucketPublicAccess`], + CreatedAt: [, (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), `createdAt`], + EffectivePermission: [, __expectString, `effectivePermission`], + EncryptionKeyArn: [, __expectString, `encryptionKeyArn`], + EncryptionType: [, __expectString, `encryptionType`], + OwnerId: [, __expectString, `ownerId`], + PublicReadAccess: [, __expectString, `publicReadAccess`], + PublicWriteAccess: [, __expectString, `publicWriteAccess`], + S3ObjectUids: [, _json, `s3ObjectUids`], + }) as any; +}; + /** * deserializeAws_restJson1S3BucketDetail */ @@ -6511,6 +6770,17 @@ const de_S3LogsConfigurationResult = (output: any, context: __SerdeContext): S3L }) as any; }; +/** + * deserializeAws_restJson1S3Object + */ +const de_S3Object = (output: any, context: __SerdeContext): S3Object => { + return take(output, { + ETag: [, __expectString, `eTag`], + Key: [, __expectString, `key`], + VersionId: [, __expectString, `versionId`], + }) as any; +}; + /** * deserializeAws_restJson1S3ObjectDetail */ @@ -6536,6 +6806,8 @@ const de_S3ObjectDetails = (output: any, context: __SerdeContext): S3ObjectDetai return retVal; }; +// de_S3ObjectUids omitted. + /** * deserializeAws_restJson1Scan */ @@ -6732,6 +7004,21 @@ const de_SecurityGroups = (output: any, context: __SerdeContext): SecurityGroup[ return retVal; }; +/** + * deserializeAws_restJson1Sequence + */ +const de_Sequence = (output: any, context: __SerdeContext): Sequence => { + return take(output, { + Actors: [, (_: any) => de_Actors(_, context), `actors`], + Description: [, __expectString, `description`], + Endpoints: [, (_: any) => de_NetworkEndpoints(_, context), `endpoints`], + Resources: [, (_: any) => de_Resources(_, context), `resources`], + SequenceIndicators: [, (_: any) => de_Indicators(_, context), `sequenceIndicators`], + Signals: [, (_: any) => de_Signals(_, context), `signals`], + Uid: [, __expectString, `uid`], + }) as any; +}; + /** * deserializeAws_restJson1Service */ @@ -6766,6 +7053,18 @@ const de_ServiceAdditionalInfo = (output: any, context: __SerdeContext): Service }) as any; }; +/** + * deserializeAws_restJson1Session + */ +const de_Session = (output: any, context: __SerdeContext): Session => { + return take(output, { + CreatedTime: [, (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), `createdTime`], + Issuer: [, __expectString, `issuer`], + MfaStatus: [, __expectString, `mfaStatus`], + Uid: [, __expectString, `uid`], + }) as any; +}; + // de_SessionNameList omitted. /** @@ -6779,6 +7078,40 @@ const de_SeverityStatistics = (output: any, context: __SerdeContext): SeveritySt }) as any; }; +/** + * deserializeAws_restJson1Signal + */ +const de_Signal = (output: any, context: __SerdeContext): Signal => { + return take(output, { + ActorIds: [, _json, `actorIds`], + Count: [, __expectInt32, `count`], + CreatedAt: [, (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), `createdAt`], + Description: [, __expectString, `description`], + EndpointIds: [, _json, `endpointIds`], + FirstSeenAt: [, (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), `firstSeenAt`], + LastSeenAt: [, (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), `lastSeenAt`], + Name: [, __expectString, `name`], + ResourceUids: [, _json, `resourceUids`], + Severity: [, __limitedParseDouble, `severity`], + SignalIndicators: [, (_: any) => de_Indicators(_, context), `signalIndicators`], + Type: [, __expectString, `type`], + Uid: [, __expectString, `uid`], + UpdatedAt: [, (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), `updatedAt`], + }) as any; +}; + +/** + * deserializeAws_restJson1Signals + */ +const de_Signals = (output: any, context: __SerdeContext): Signal[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_Signal(entry, context); + }); + return retVal; +}; + // de_SourceIps omitted. // de_Sources omitted. @@ -7077,6 +7410,19 @@ const de_UsageTopAccountsResultList = (output: any, context: __SerdeContext): Us return retVal; }; +/** + * deserializeAws_restJson1User + */ +const de_User = (output: any, context: __SerdeContext): User => { + return take(output, { + Account: [, (_: any) => de_Account(_, context), `account`], + CredentialUid: [, __expectString, `credentialUid`], + Name: [, __expectString, `name`], + Type: [, __expectString, `type`], + Uid: [, __expectString, `uid`], + }) as any; +}; + /** * deserializeAws_restJson1Volume */ diff --git a/codegen/sdk-codegen/aws-models/guardduty.json b/codegen/sdk-codegen/aws-models/guardduty.json index 492484215fe8..cd9572b10c3d 100644 --- a/codegen/sdk-codegen/aws-models/guardduty.json +++ b/codegen/sdk-codegen/aws-models/guardduty.json @@ -218,6 +218,35 @@ "smithy.api#httpError": 403 } }, + "com.amazonaws.guardduty#AccessKey": { + "type": "structure", + "members": { + "PrincipalId": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

Principal ID of the user.

", + "smithy.api#jsonName": "principalId" + } + }, + "UserName": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

Name of the user.

", + "smithy.api#jsonName": "userName" + } + }, + "UserType": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

Type of the user.

", + "smithy.api#jsonName": "userType" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the access keys.

" + } + }, "com.amazonaws.guardduty#AccessKeyDetails": { "type": "structure", "members": { @@ -254,6 +283,30 @@ "smithy.api#documentation": "

Contains information about the access keys.

" } }, + "com.amazonaws.guardduty#Account": { + "type": "structure", + "members": { + "Uid": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

ID of the member's Amazon Web Services account

", + "smithy.api#jsonName": "uid", + "smithy.api#required": {} + } + }, + "Name": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

Name of the member's Amazon Web Services account.

", + "smithy.api#jsonName": "account" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the account.

" + } + }, "com.amazonaws.guardduty#AccountDetail": { "type": "structure", "members": { @@ -473,6 +526,61 @@ "smithy.api#documentation": "

Contains information about actions.

" } }, + "com.amazonaws.guardduty#Actor": { + "type": "structure", + "members": { + "Id": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

ID of the threat actor.

", + "smithy.api#jsonName": "id", + "smithy.api#required": {} + } + }, + "User": { + "target": "com.amazonaws.guardduty#User", + "traits": { + "smithy.api#documentation": "

Contains information about the user credentials used by the threat actor.

", + "smithy.api#jsonName": "user" + } + }, + "Session": { + "target": "com.amazonaws.guardduty#Session", + "traits": { + "smithy.api#documentation": "

Contains information about the user session where the activity initiated.

", + "smithy.api#jsonName": "session" + } + } + }, + "traits": { + "smithy.api#documentation": "

Information about the actors involved in an attack sequence.

" + } + }, + "com.amazonaws.guardduty#ActorIds": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#String" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400 + } + } + }, + "com.amazonaws.guardduty#Actors": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#Actor" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400 + } + } + }, "com.amazonaws.guardduty#AddonDetails": { "type": "structure", "members": { @@ -792,6 +900,32 @@ } } }, + "com.amazonaws.guardduty#AutonomousSystem": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

Name associated with the Autonomous System (AS).

", + "smithy.api#jsonName": "name", + "smithy.api#required": {} + } + }, + "Number": { + "target": "com.amazonaws.guardduty#Integer", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The unique number that identifies the Autonomous System (AS).

", + "smithy.api#jsonName": "number", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the Autonomous System (AS) associated with the network \n endpoints involved in an attack sequence.

" + } + }, "com.amazonaws.guardduty#AwsApiCallAction": { "type": "structure", "members": { @@ -3840,6 +3974,13 @@ "smithy.api#documentation": "

The details about the anomalous activity that caused GuardDuty to \n generate the finding.

", "smithy.api#jsonName": "anomaly" } + }, + "Sequence": { + "target": "com.amazonaws.guardduty#Sequence", + "traits": { + "smithy.api#documentation": "

The details about the attack sequence.

", + "smithy.api#jsonName": "sequence" + } } }, "traits": { @@ -4538,6 +4679,129 @@ "smithy.api#documentation": "

Describes the configuration of scanning EBS volumes as a data source.

" } }, + "com.amazonaws.guardduty#Ec2Instance": { + "type": "structure", + "members": { + "AvailabilityZone": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The availability zone of the Amazon EC2 instance. For more information, see\n Availability zones\n in the Amazon EC2 User Guide.

", + "smithy.api#jsonName": "availabilityZone" + } + }, + "ImageDescription": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The image description of the Amazon EC2 instance.

", + "smithy.api#jsonName": "imageDescription" + } + }, + "InstanceState": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The state of the Amazon EC2 instance. For more information, see\n Amazon EC2 instance state changes\n in the Amazon EC2 User Guide.

", + "smithy.api#jsonName": "instanceState" + } + }, + "IamInstanceProfile": { + "target": "com.amazonaws.guardduty#IamInstanceProfile" + }, + "InstanceType": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

Type of the Amazon EC2 instance.

", + "smithy.api#jsonName": "instanceType" + } + }, + "OutpostArn": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. This shows applicable Amazon Web Services Outposts instances.

", + "smithy.api#jsonName": "outpostArn" + } + }, + "Platform": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The platform of the Amazon EC2 instance.

", + "smithy.api#jsonName": "platform" + } + }, + "ProductCodes": { + "target": "com.amazonaws.guardduty#ProductCodes", + "traits": { + "smithy.api#documentation": "

The product code of the Amazon EC2 instance.

", + "smithy.api#jsonName": "productCodes" + } + }, + "Ec2NetworkInterfaceUids": { + "target": "com.amazonaws.guardduty#Ec2NetworkInterfaceUids", + "traits": { + "smithy.api#documentation": "

The ID of the network interface.

", + "smithy.api#jsonName": "ec2NetworkInterfaceUids" + } + } + }, + "traits": { + "smithy.api#documentation": "

Details about the potentially impacted Amazon EC2 instance resource.

" + } + }, + "com.amazonaws.guardduty#Ec2NetworkInterface": { + "type": "structure", + "members": { + "Ipv6Addresses": { + "target": "com.amazonaws.guardduty#Ipv6Addresses", + "traits": { + "smithy.api#documentation": "

A list of IPv6 addresses for the Amazon EC2 instance.

", + "smithy.api#jsonName": "ipv6Addresses" + } + }, + "PrivateIpAddresses": { + "target": "com.amazonaws.guardduty#PrivateIpAddresses", + "traits": { + "smithy.api#documentation": "

Other private IP address information of the Amazon EC2 instance.

", + "smithy.api#jsonName": "privateIpAddresses" + } + }, + "PublicIp": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The public IP address of the Amazon EC2 instance.

", + "smithy.api#jsonName": "publicIp" + } + }, + "SecurityGroups": { + "target": "com.amazonaws.guardduty#SecurityGroups", + "traits": { + "smithy.api#documentation": "

The security groups associated with the Amazon EC2 instance.

", + "smithy.api#jsonName": "securityGroups" + } + }, + "SubNetId": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The subnet ID of the Amazon EC2 instance.

", + "smithy.api#jsonName": "subNetId" + } + }, + "VpcId": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The VPC ID of the Amazon EC2 instance.

", + "smithy.api#jsonName": "vpcId" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the elastic network interface of the Amazon EC2 instance.

" + } + }, + "com.amazonaws.guardduty#Ec2NetworkInterfaceUids": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#String" + } + }, "com.amazonaws.guardduty#EcsClusterDetails": { "type": "structure", "members": { @@ -4796,6 +5060,18 @@ "smithy.api#output": {} } }, + "com.amazonaws.guardduty#EndpointIds": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#String" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400 + } + } + }, "com.amazonaws.guardduty#Eq": { "type": "list", "member": { @@ -5173,6 +5449,13 @@ "smithy.api#jsonName": "updatedAt", "smithy.api#required": {} } + }, + "AssociatedAttackSequenceArn": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

Amazon Resource Name (ARN) associated with the attack sequence finding.

", + "smithy.api#jsonName": "associatedAttackSequenceArn" + } } }, "traits": { @@ -5238,6 +5521,41 @@ } } }, + "com.amazonaws.guardduty#FindingResourceType": { + "type": "enum", + "members": { + "EC2_INSTANCE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "EC2_INSTANCE" + } + }, + "EC2_NETWORK_INTERFACE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "EC2_NETWORK_INTERFACE" + } + }, + "S3_BUCKET": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "S3_BUCKET" + } + }, + "S3_OBJECT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "S3_OBJECT" + } + }, + "ACCESS_KEY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ACCESS_KEY" + } + } + } + }, "com.amazonaws.guardduty#FindingStatisticType": { "type": "enum", "members": { @@ -8331,19 +8649,157 @@ "smithy.api#documentation": "

Contains information about the impersonated user.

" } }, - "com.amazonaws.guardduty#InstanceArn": { - "type": "string", - "traits": { - "smithy.api#pattern": "^arn:(aws|aws-cn|aws-us-gov):[a-z]+:[a-z]+(-[0-9]+|-[a-z]+)+:([0-9]{12}):[a-z\\-]+\\/[a-zA-Z0-9]*$" - } - }, - "com.amazonaws.guardduty#InstanceDetails": { + "com.amazonaws.guardduty#Indicator": { "type": "structure", "members": { - "AvailabilityZone": { - "target": "com.amazonaws.guardduty#String", + "Key": { + "target": "com.amazonaws.guardduty#IndicatorType", "traits": { - "smithy.api#documentation": "

The Availability Zone of the EC2 instance.

", + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

Specific indicator keys observed in the attack sequence.

", + "smithy.api#jsonName": "key", + "smithy.api#required": {} + } + }, + "Values": { + "target": "com.amazonaws.guardduty#IndicatorValues", + "traits": { + "smithy.api#documentation": "

Values associated with each indicator key. For example, if the indicator key is\n SUSPICIOUS_NETWORK, then the value will be the name of the network. If\n the indicator key is ATTACK_TACTIC, then the value will be one of the MITRE tactics.

\n

For more information about the\n values associated with the key, see GuardDuty Extended Threat Detection in the\n GuardDuty User Guide.\n

", + "smithy.api#jsonName": "values" + } + }, + "Title": { + "target": "com.amazonaws.guardduty#IndicatorTitle", + "traits": { + "smithy.api#documentation": "

Title describing the indicator.

", + "smithy.api#jsonName": "title" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the indicators that include a set of \n signals observed in an attack sequence.

" + } + }, + "com.amazonaws.guardduty#IndicatorTitle": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 256 + } + } + }, + "com.amazonaws.guardduty#IndicatorType": { + "type": "enum", + "members": { + "SUSPICIOUS_USER_AGENT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SUSPICIOUS_USER_AGENT" + } + }, + "SUSPICIOUS_NETWORK": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SUSPICIOUS_NETWORK" + } + }, + "MALICIOUS_IP": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "MALICIOUS_IP" + } + }, + "TOR_IP": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "TOR_IP" + } + }, + "ATTACK_TACTIC": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ATTACK_TACTIC" + } + }, + "HIGH_RISK_API": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "HIGH_RISK_API" + } + }, + "ATTACK_TECHNIQUE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ATTACK_TECHNIQUE" + } + }, + "UNUSUAL_API_FOR_ACCOUNT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "UNUSUAL_API_FOR_ACCOUNT" + } + }, + "UNUSUAL_ASN_FOR_ACCOUNT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "UNUSUAL_ASN_FOR_ACCOUNT" + } + }, + "UNUSUAL_ASN_FOR_USER": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "UNUSUAL_ASN_FOR_USER" + } + } + } + }, + "com.amazonaws.guardduty#IndicatorValueString": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 256 + } + } + }, + "com.amazonaws.guardduty#IndicatorValues": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#IndicatorValueString" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 400 + } + } + }, + "com.amazonaws.guardduty#Indicators": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#Indicator" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400 + } + } + }, + "com.amazonaws.guardduty#InstanceArn": { + "type": "string", + "traits": { + "smithy.api#pattern": "^arn:(aws|aws-cn|aws-us-gov):[a-z]+:[a-z]+(-[0-9]+|-[a-z]+)+:([0-9]{12}):[a-z\\-]+\\/[a-zA-Z0-9]*$" + } + }, + "com.amazonaws.guardduty#InstanceDetails": { + "type": "structure", + "members": { + "AvailabilityZone": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The Availability Zone of the EC2 instance.

", "smithy.api#jsonName": "availabilityZone" } }, @@ -10996,6 +11452,23 @@ "target": "com.amazonaws.guardduty#String" } }, + "com.amazonaws.guardduty#MfaStatus": { + "type": "enum", + "members": { + "ENABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENABLED" + } + }, + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + } + } + }, "com.amazonaws.guardduty#Name": { "type": "string", "traits": { @@ -11011,6 +11484,23 @@ "target": "com.amazonaws.guardduty#String" } }, + "com.amazonaws.guardduty#NetworkConnection": { + "type": "structure", + "members": { + "Direction": { + "target": "com.amazonaws.guardduty#NetworkDirection", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The direction in which the network traffic is flowing.

", + "smithy.api#jsonName": "direction", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the network connection.

" + } + }, "com.amazonaws.guardduty#NetworkConnectionAction": { "type": "structure", "members": { @@ -11075,6 +11565,138 @@ "smithy.api#documentation": "

Contains information about the NETWORK_CONNECTION action described in the finding.

" } }, + "com.amazonaws.guardduty#NetworkDirection": { + "type": "enum", + "members": { + "INBOUND": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "INBOUND" + } + }, + "OUTBOUND": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "OUTBOUND" + } + } + } + }, + "com.amazonaws.guardduty#NetworkEndpoint": { + "type": "structure", + "members": { + "Id": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The ID of the network endpoint.

", + "smithy.api#jsonName": "id", + "smithy.api#required": {} + } + }, + "Ip": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The IP address associated with the network endpoint.

", + "smithy.api#jsonName": "ip" + } + }, + "Domain": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The domain information for the network endpoint.

", + "smithy.api#jsonName": "domain" + } + }, + "Port": { + "target": "com.amazonaws.guardduty#Integer", + "traits": { + "smithy.api#documentation": "

The port number associated with the network endpoint.

", + "smithy.api#jsonName": "port" + } + }, + "Location": { + "target": "com.amazonaws.guardduty#NetworkGeoLocation", + "traits": { + "smithy.api#documentation": "

Information about the location of the network endpoint.

", + "smithy.api#jsonName": "location" + } + }, + "AutonomousSystem": { + "target": "com.amazonaws.guardduty#AutonomousSystem", + "traits": { + "smithy.api#documentation": "

The Autonomous System (AS) of the network endpoint.

", + "smithy.api#jsonName": "autonomousSystem" + } + }, + "Connection": { + "target": "com.amazonaws.guardduty#NetworkConnection", + "traits": { + "smithy.api#documentation": "

Information about the network connection.

", + "smithy.api#jsonName": "connection" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about network endpoints that were observed in the attack sequence.

" + } + }, + "com.amazonaws.guardduty#NetworkEndpoints": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#NetworkEndpoint" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400 + } + } + }, + "com.amazonaws.guardduty#NetworkGeoLocation": { + "type": "structure", + "members": { + "City": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The name of the city.

", + "smithy.api#jsonName": "city", + "smithy.api#required": {} + } + }, + "Country": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The name of the country.

", + "smithy.api#jsonName": "country", + "smithy.api#required": {} + } + }, + "Latitude": { + "target": "com.amazonaws.guardduty#Double", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The latitude information of the endpoint location.

", + "smithy.api#jsonName": "lat", + "smithy.api#required": {} + } + }, + "Longitude": { + "target": "com.amazonaws.guardduty#Double", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The longitude information of the endpoint location.

", + "smithy.api#jsonName": "lon", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about network endpoint location.

" + } + }, "com.amazonaws.guardduty#NetworkInterface": { "type": "structure", "members": { @@ -12166,49 +12788,136 @@ "smithy.api#documentation": "

Describes the public access policies that apply to the S3 bucket.

" } }, - "com.amazonaws.guardduty#PublishingStatus": { - "type": "enum", + "com.amazonaws.guardduty#PublicAccessConfiguration": { + "type": "structure", "members": { - "PENDING_VERIFICATION": { - "target": "smithy.api#Unit", + "PublicAclAccess": { + "target": "com.amazonaws.guardduty#PublicAccessStatus", "traits": { - "smithy.api#enumValue": "PENDING_VERIFICATION" + "smithy.api#documentation": "

Indicates whether or not there is a setting that allows public access to the Amazon S3 buckets through access\n control lists (ACLs).

", + "smithy.api#jsonName": "publicAclAccess" } }, - "PUBLISHING": { - "target": "smithy.api#Unit", + "PublicPolicyAccess": { + "target": "com.amazonaws.guardduty#PublicAccessStatus", "traits": { - "smithy.api#enumValue": "PUBLISHING" + "smithy.api#documentation": "

Indicates whether or not there is a setting that allows public access to the Amazon S3 bucket policy.

", + "smithy.api#jsonName": "publicPolicyAccess" } }, - "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY": { - "target": "smithy.api#Unit", + "PublicAclIgnoreBehavior": { + "target": "com.amazonaws.guardduty#PublicAclIgnoreBehavior", "traits": { - "smithy.api#enumValue": "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY" + "smithy.api#documentation": "

Indicates whether or not there is a setting that ignores all public access control lists (ACLs)\n on the Amazon S3 bucket and the objects that it contains.

", + "smithy.api#jsonName": "publicAclIgnoreBehavior" } }, - "STOPPED": { - "target": "smithy.api#Unit", + "PublicBucketRestrictBehavior": { + "target": "com.amazonaws.guardduty#PublicBucketRestrictBehavior", "traits": { - "smithy.api#enumValue": "STOPPED" + "smithy.api#documentation": "

Indicates whether or not there is a setting that restricts access to the bucket with specified policies.

", + "smithy.api#jsonName": "publicBucketRestrictBehavior" } } }, "traits": { - "smithy.api#length": { - "min": 1, - "max": 300 - } + "smithy.api#documentation": "

Describes public access policies that apply to the Amazon S3 bucket.

\n

For information about each of the following settings, see\n Blocking public access to your Amazon S3 storage in the Amazon S3 User Guide.

" } }, - "com.amazonaws.guardduty#RdsDbInstanceDetails": { - "type": "structure", + "com.amazonaws.guardduty#PublicAccessStatus": { + "type": "enum", "members": { - "DbInstanceIdentifier": { - "target": "com.amazonaws.guardduty#String", + "BLOCKED": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#documentation": "

The identifier associated to the database instance that was involved in the\n finding.

", - "smithy.api#jsonName": "dbInstanceIdentifier" + "smithy.api#enumValue": "BLOCKED" + } + }, + "ALLOWED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ALLOWED" + } + } + } + }, + "com.amazonaws.guardduty#PublicAclIgnoreBehavior": { + "type": "enum", + "members": { + "IGNORED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "IGNORED" + } + }, + "NOT_IGNORED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "NOT_IGNORED" + } + } + } + }, + "com.amazonaws.guardduty#PublicBucketRestrictBehavior": { + "type": "enum", + "members": { + "RESTRICTED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "RESTRICTED" + } + }, + "NOT_RESTRICTED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "NOT_RESTRICTED" + } + } + } + }, + "com.amazonaws.guardduty#PublishingStatus": { + "type": "enum", + "members": { + "PENDING_VERIFICATION": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "PENDING_VERIFICATION" + } + }, + "PUBLISHING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "PUBLISHING" + } + }, + "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY" + } + }, + "STOPPED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "STOPPED" + } + } + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 300 + } + } + }, + "com.amazonaws.guardduty#RdsDbInstanceDetails": { + "type": "structure", + "members": { + "DbInstanceIdentifier": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The identifier associated to the database instance that was involved in the\n finding.

", + "smithy.api#jsonName": "dbInstanceIdentifier" } }, "Engine": { @@ -12342,7 +13051,7 @@ "Tags": { "target": "com.amazonaws.guardduty#Tags", "traits": { - "smithy.api#documentation": "

Information about the tag-key value pair.

", + "smithy.api#documentation": "

Information about the tag key-value pair.

", "smithy.api#jsonName": "tags" } } @@ -12569,6 +13278,49 @@ "smithy.api#pattern": "^arn:[A-Za-z-]+:[A-Za-z0-9]+:[A-Za-z0-9-]+:\\d+:(([A-Za-z0-9-]+)[:\\/])?[A-Za-z0-9-]*$" } }, + "com.amazonaws.guardduty#ResourceData": { + "type": "structure", + "members": { + "S3Bucket": { + "target": "com.amazonaws.guardduty#S3Bucket", + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon S3 bucket.

", + "smithy.api#jsonName": "s3Bucket" + } + }, + "Ec2Instance": { + "target": "com.amazonaws.guardduty#Ec2Instance", + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon EC2 instance.

", + "smithy.api#jsonName": "ec2Instance" + } + }, + "AccessKey": { + "target": "com.amazonaws.guardduty#AccessKey", + "traits": { + "smithy.api#documentation": "

Contains information about the IAM access key details of a user that involved in the GuardDuty finding.

", + "smithy.api#jsonName": "accessKey" + } + }, + "Ec2NetworkInterface": { + "target": "com.amazonaws.guardduty#Ec2NetworkInterface", + "traits": { + "smithy.api#documentation": "

Contains information about the elastic network interface of the Amazon EC2 instance.

", + "smithy.api#jsonName": "ec2NetworkInterface" + } + }, + "S3Object": { + "target": "com.amazonaws.guardduty#S3Object", + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon S3 object.

", + "smithy.api#jsonName": "s3Object" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon Web Services resource that is associated with the activity that prompted\n GuardDuty to generate a finding.

" + } + }, "com.amazonaws.guardduty#ResourceDetails": { "type": "structure", "members": { @@ -12680,6 +13432,105 @@ } } }, + "com.amazonaws.guardduty#ResourceUids": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#String" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400 + } + } + }, + "com.amazonaws.guardduty#ResourceV2": { + "type": "structure", + "members": { + "Uid": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The unique identifier of the resource.

", + "smithy.api#jsonName": "uid", + "smithy.api#required": {} + } + }, + "Name": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The name of the resource.

", + "smithy.api#jsonName": "name" + } + }, + "AccountId": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The Amazon Web Services account ID to which the resource belongs.

", + "smithy.api#jsonName": "accountId" + } + }, + "ResourceType": { + "target": "com.amazonaws.guardduty#FindingResourceType", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The type of the Amazon Web Services resource.

", + "smithy.api#jsonName": "resourceType", + "smithy.api#required": {} + } + }, + "Region": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The Amazon Web Services Region where the resource belongs.

", + "smithy.api#jsonName": "region" + } + }, + "Service": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The Amazon Web Services service of the resource.

", + "smithy.api#jsonName": "service" + } + }, + "CloudPartition": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The cloud partition within the Amazon Web Services Region to which the resource belongs.

", + "smithy.api#jsonName": "cloudPartition" + } + }, + "Tags": { + "target": "com.amazonaws.guardduty#Tags", + "traits": { + "smithy.api#documentation": "

Contains information about the tags associated with the resource.

", + "smithy.api#jsonName": "tags" + } + }, + "Data": { + "target": "com.amazonaws.guardduty#ResourceData", + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon Web Services resource associated with the activity that prompted\n GuardDuty to generate a finding.

", + "smithy.api#jsonName": "data" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon Web Services resource that is associated with the GuardDuty finding.

" + } + }, + "com.amazonaws.guardduty#Resources": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#ResourceV2" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 400 + } + } + }, "com.amazonaws.guardduty#RuntimeContext": { "type": "structure", "members": { @@ -12885,6 +13736,84 @@ "smithy.api#documentation": "

Information about the process and any required context values for a specific\n finding.

" } }, + "com.amazonaws.guardduty#S3Bucket": { + "type": "structure", + "members": { + "OwnerId": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The owner ID of the associated S3Amazon S3bucket.

", + "smithy.api#jsonName": "ownerId" + } + }, + "CreatedAt": { + "target": "com.amazonaws.guardduty#Timestamp", + "traits": { + "smithy.api#documentation": "

The timestamp at which the Amazon S3 bucket was created.

", + "smithy.api#jsonName": "createdAt" + } + }, + "EncryptionType": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The type of encryption used for the Amazon S3 buckets and its objects. For more information,\n see Protecting data with server-side encryption\n in the Amazon S3 User Guide.

", + "smithy.api#jsonName": "encryptionType" + } + }, + "EncryptionKeyArn": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the encryption key that is used to encrypt the Amazon S3 bucket and its objects.

", + "smithy.api#jsonName": "encryptionKeyArn" + } + }, + "EffectivePermission": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

Describes the effective permissions on this S3 bucket, after factoring all the attached policies.

", + "smithy.api#jsonName": "effectivePermission" + } + }, + "PublicReadAccess": { + "target": "com.amazonaws.guardduty#PublicAccessStatus", + "traits": { + "smithy.api#documentation": "

Indicates whether or not the public read access is allowed for an Amazon S3 bucket.

", + "smithy.api#jsonName": "publicReadAccess" + } + }, + "PublicWriteAccess": { + "target": "com.amazonaws.guardduty#PublicAccessStatus", + "traits": { + "smithy.api#documentation": "

Indicates whether or not the public write access is allowed for an Amazon S3 bucket.

", + "smithy.api#jsonName": "publicWriteAccess" + } + }, + "AccountPublicAccess": { + "target": "com.amazonaws.guardduty#PublicAccessConfiguration", + "traits": { + "smithy.api#documentation": "

Contains information about the public access policies that apply to the Amazon S3 bucket at the account level.

", + "smithy.api#jsonName": "accountPublicAccess" + } + }, + "BucketPublicAccess": { + "target": "com.amazonaws.guardduty#PublicAccessConfiguration", + "traits": { + "smithy.api#documentation": "

Contains information about public access policies that apply to the Amazon S3 bucket.

", + "smithy.api#jsonName": "bucketPublicAccess" + } + }, + "S3ObjectUids": { + "target": "com.amazonaws.guardduty#S3ObjectUids", + "traits": { + "smithy.api#documentation": "

Represents a list of Amazon S3 object identifiers.

", + "smithy.api#jsonName": "s3ObjectUids" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon S3 bucket policies and encryption.

" + } + }, "com.amazonaws.guardduty#S3BucketDetail": { "type": "structure", "members": { @@ -12996,6 +13925,35 @@ "smithy.api#documentation": "

Describes whether S3 data event logs will be enabled as a data source.

" } }, + "com.amazonaws.guardduty#S3Object": { + "type": "structure", + "members": { + "ETag": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The entity tag is a hash of the Amazon S3 object. The ETag reflects changes only to the\n contents of an object, and not its metadata.

", + "smithy.api#jsonName": "eTag" + } + }, + "Key": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The key of the Amazon S3 object.

", + "smithy.api#jsonName": "key" + } + }, + "VersionId": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The version Id of the Amazon S3 object.

", + "smithy.api#jsonName": "versionId" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon S3 object.

" + } + }, "com.amazonaws.guardduty#S3ObjectDetail": { "type": "structure", "members": { @@ -13045,6 +14003,12 @@ "target": "com.amazonaws.guardduty#S3ObjectDetail" } }, + "com.amazonaws.guardduty#S3ObjectUids": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#String" + } + }, "com.amazonaws.guardduty#Scan": { "type": "structure", "members": { @@ -13560,6 +14524,78 @@ "smithy.api#sensitive": {} } }, + "com.amazonaws.guardduty#Sequence": { + "type": "structure", + "members": { + "Uid": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

Unique identifier of the attack sequence.

", + "smithy.api#jsonName": "uid", + "smithy.api#required": {} + } + }, + "Description": { + "target": "com.amazonaws.guardduty#SequenceDescription", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

Description of the attack sequence.

", + "smithy.api#jsonName": "description", + "smithy.api#required": {} + } + }, + "Actors": { + "target": "com.amazonaws.guardduty#Actors", + "traits": { + "smithy.api#documentation": "

Contains information about the actors involved in the attack sequence.

", + "smithy.api#jsonName": "actors" + } + }, + "Resources": { + "target": "com.amazonaws.guardduty#Resources", + "traits": { + "smithy.api#documentation": "

Contains information about the resources involved in the attack sequence.

", + "smithy.api#jsonName": "resources" + } + }, + "Endpoints": { + "target": "com.amazonaws.guardduty#NetworkEndpoints", + "traits": { + "smithy.api#documentation": "

Contains information about the network endpoints that were used in the attack sequence.

", + "smithy.api#jsonName": "endpoints" + } + }, + "Signals": { + "target": "com.amazonaws.guardduty#Signals", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

Contains information about the signals involved in the attack sequence.

", + "smithy.api#jsonName": "signals", + "smithy.api#required": {} + } + }, + "SequenceIndicators": { + "target": "com.amazonaws.guardduty#Indicators", + "traits": { + "smithy.api#documentation": "

Contains information about the indicators observed in the attack sequence.

", + "smithy.api#jsonName": "sequenceIndicators" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the GuardDuty attack sequence finding.

" + } + }, + "com.amazonaws.guardduty#SequenceDescription": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 4096 + } + } + }, "com.amazonaws.guardduty#Service": { "type": "structure", "members": { @@ -13702,6 +14738,42 @@ "smithy.api#documentation": "

Additional information about the generated finding.

" } }, + "com.amazonaws.guardduty#Session": { + "type": "structure", + "members": { + "Uid": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The unique identifier of the session.

", + "smithy.api#jsonName": "uid" + } + }, + "MfaStatus": { + "target": "com.amazonaws.guardduty#MfaStatus", + "traits": { + "smithy.api#documentation": "

Indicates whether or not multi-factor authencation (MFA) was used during authentication.

\n

In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.

", + "smithy.api#jsonName": "mfaStatus" + } + }, + "CreatedTime": { + "target": "com.amazonaws.guardduty#Timestamp", + "traits": { + "smithy.api#documentation": "

The timestamp for when the session was created.

\n

In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.attributes.creationDate.

", + "smithy.api#jsonName": "createdTime" + } + }, + "Issuer": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

Identifier of the session issuer.

\n

In Amazon Web Services CloudTrail, you can find this value as userIdentity.sessionContext.sessionIssuer.arn.

", + "smithy.api#jsonName": "issuer" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the authenticated session.

" + } + }, "com.amazonaws.guardduty#SessionNameList": { "type": "list", "member": { @@ -13737,6 +14809,172 @@ "smithy.api#documentation": "

Information about severity level for each finding type.

" } }, + "com.amazonaws.guardduty#Signal": { + "type": "structure", + "members": { + "Uid": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The unique identifier of the signal.

", + "smithy.api#jsonName": "uid", + "smithy.api#required": {} + } + }, + "Type": { + "target": "com.amazonaws.guardduty#SignalType", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The type of the signal used to identify an attack sequence.

\n

Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For\n more information, see \n Foundational data sources in the\n GuardDuty User Guide.

\n

A signal type can be one of the valid values listed in this API. Here are the related descriptions:

\n
    \n
  • \n

    \n FINDING - Individually generated GuardDuty finding.

    \n
    • \n
  • \n

    \n CLOUD_TRAIL - Activity observed from CloudTrail logs

    \n
    • \n
  • \n

    \n S3_DATA_EVENTS - Activity observed from CloudTrail data events for S3. Activities associated\n with this type will show up only when\n you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and\n steps to enable it, see S3 Protection in the\n GuardDuty User Guide.

    \n
    • \n
", + "smithy.api#jsonName": "type", + "smithy.api#required": {} + } + }, + "Description": { + "target": "com.amazonaws.guardduty#SignalDescription", + "traits": { + "smithy.api#documentation": "

The description of the signal.

", + "smithy.api#jsonName": "description" + } + }, + "Name": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The name of the signal. For example, when signal type is FINDING, \n the signal name is the name of the finding.

", + "smithy.api#jsonName": "name", + "smithy.api#required": {} + } + }, + "CreatedAt": { + "target": "com.amazonaws.guardduty#Timestamp", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The timestamp when the first finding or activity related to this signal was observed.

", + "smithy.api#jsonName": "createdAt", + "smithy.api#required": {} + } + }, + "UpdatedAt": { + "target": "com.amazonaws.guardduty#Timestamp", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The timestamp when this signal was last observed.

", + "smithy.api#jsonName": "updatedAt", + "smithy.api#required": {} + } + }, + "FirstSeenAt": { + "target": "com.amazonaws.guardduty#Timestamp", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The timestamp when the first finding or activity related to this signal was observed.

", + "smithy.api#jsonName": "firstSeenAt", + "smithy.api#required": {} + } + }, + "LastSeenAt": { + "target": "com.amazonaws.guardduty#Timestamp", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The timestamp when the last finding or activity related to this signal was observed.

", + "smithy.api#jsonName": "lastSeenAt", + "smithy.api#required": {} + } + }, + "Severity": { + "target": "com.amazonaws.guardduty#Double", + "traits": { + "smithy.api#documentation": "

The severity associated with the signal. For more information about severity, see \n Findings severity levels\n in the GuardDuty User Guide.

", + "smithy.api#jsonName": "severity" + } + }, + "Count": { + "target": "com.amazonaws.guardduty#Integer", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The number of times this signal was observed.

", + "smithy.api#jsonName": "count", + "smithy.api#required": {} + } + }, + "ResourceUids": { + "target": "com.amazonaws.guardduty#ResourceUids", + "traits": { + "smithy.api#documentation": "

Information about the unique identifiers of the resources involved in the signal.

", + "smithy.api#jsonName": "resourceUids" + } + }, + "ActorIds": { + "target": "com.amazonaws.guardduty#ActorIds", + "traits": { + "smithy.api#documentation": "

Information about the IDs of the threat actors involved in the signal.

", + "smithy.api#jsonName": "actorIds" + } + }, + "EndpointIds": { + "target": "com.amazonaws.guardduty#EndpointIds", + "traits": { + "smithy.api#documentation": "

Information about the endpoint IDs associated with this signal.

", + "smithy.api#jsonName": "endpointIds" + } + }, + "SignalIndicators": { + "target": "com.amazonaws.guardduty#Indicators", + "traits": { + "smithy.api#documentation": "

Contains information about the indicators associated with the signals.

", + "smithy.api#jsonName": "signalIndicators" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the signals involved in the attack sequence.

" + } + }, + "com.amazonaws.guardduty#SignalDescription": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 2000 + } + } + }, + "com.amazonaws.guardduty#SignalType": { + "type": "enum", + "members": { + "FINDING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "FINDING" + } + }, + "CLOUD_TRAIL": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CLOUD_TRAIL" + } + }, + "S3_DATA_EVENTS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "S3_DATA_EVENTS" + } + } + } + }, + "com.amazonaws.guardduty#Signals": { + "type": "list", + "member": { + "target": "com.amazonaws.guardduty#Signal" + }, + "traits": { + "smithy.api#length": { + "min": 2, + "max": 100 + } + } + }, "com.amazonaws.guardduty#SortCriteria": { "type": "structure", "members": { @@ -15757,6 +16995,55 @@ "target": "com.amazonaws.guardduty#UsageTopAccountsResult" } }, + "com.amazonaws.guardduty#User": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The name of the user.

", + "smithy.api#jsonName": "name", + "smithy.api#required": {} + } + }, + "Uid": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The unique identifier of the user.

", + "smithy.api#jsonName": "uid", + "smithy.api#required": {} + } + }, + "Type": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "

The type of the user.

", + "smithy.api#jsonName": "type", + "smithy.api#required": {} + } + }, + "CredentialUid": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "

The credentials of the user ID.

", + "smithy.api#jsonName": "credentialUid" + } + }, + "Account": { + "target": "com.amazonaws.guardduty#Account", + "traits": { + "smithy.api#documentation": "

Contains information about the Amazon Web Services account.

", + "smithy.api#jsonName": "account" + } + } + }, + "traits": { + "smithy.api#documentation": "

Contains information about the user involved in the attack sequence.

" + } + }, "com.amazonaws.guardduty#Volume": { "type": "structure", "members": {