/ cloudformation-templates / node_modules / aws-cdk / node_modules / aws-sdk / clients / guardduty.d.ts
guardduty.d.ts
1 import {Request} from '../lib/request'; 2 import {Response} from '../lib/response'; 3 import {AWSError} from '../lib/error'; 4 import {Service} from '../lib/service'; 5 import {ServiceConfigurationOptions} from '../lib/service'; 6 import {ConfigBase as Config} from '../lib/config-base'; 7 interface Blob {} 8 declare class GuardDuty extends Service { 9 /** 10 * Constructs a service object. This object has one method for each API operation. 11 */ 12 constructor(options?: GuardDuty.Types.ClientConfiguration) 13 config: Config & GuardDuty.Types.ClientConfiguration; 14 /** 15 * Accepts the invitation to be monitored by a GuardDuty administrator account. 16 */ 17 acceptInvitation(params: GuardDuty.Types.AcceptInvitationRequest, callback?: (err: AWSError, data: GuardDuty.Types.AcceptInvitationResponse) => void): Request<GuardDuty.Types.AcceptInvitationResponse, AWSError>; 18 /** 19 * Accepts the invitation to be monitored by a GuardDuty administrator account. 20 */ 21 acceptInvitation(callback?: (err: AWSError, data: GuardDuty.Types.AcceptInvitationResponse) => void): Request<GuardDuty.Types.AcceptInvitationResponse, AWSError>; 22 /** 23 * Archives GuardDuty findings that are specified by the list of finding IDs. Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts. 24 */ 25 archiveFindings(params: GuardDuty.Types.ArchiveFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ArchiveFindingsResponse) => void): Request<GuardDuty.Types.ArchiveFindingsResponse, AWSError>; 26 /** 27 * Archives GuardDuty findings that are specified by the list of finding IDs. Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts. 28 */ 29 archiveFindings(callback?: (err: AWSError, data: GuardDuty.Types.ArchiveFindingsResponse) => void): Request<GuardDuty.Types.ArchiveFindingsResponse, AWSError>; 30 /** 31 * Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default. 32 */ 33 createDetector(params: GuardDuty.Types.CreateDetectorRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateDetectorResponse) => void): Request<GuardDuty.Types.CreateDetectorResponse, AWSError>; 34 /** 35 * Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default. 36 */ 37 createDetector(callback?: (err: AWSError, data: GuardDuty.Types.CreateDetectorResponse) => void): Request<GuardDuty.Types.CreateDetectorResponse, AWSError>; 38 /** 39 * Creates a filter using the specified finding criteria. 40 */ 41 createFilter(params: GuardDuty.Types.CreateFilterRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateFilterResponse) => void): Request<GuardDuty.Types.CreateFilterResponse, AWSError>; 42 /** 43 * Creates a filter using the specified finding criteria. 44 */ 45 createFilter(callback?: (err: AWSError, data: GuardDuty.Types.CreateFilterResponse) => void): Request<GuardDuty.Types.CreateFilterResponse, AWSError>; 46 /** 47 * Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with AWS infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation. 48 */ 49 createIPSet(params: GuardDuty.Types.CreateIPSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateIPSetResponse) => void): Request<GuardDuty.Types.CreateIPSetResponse, AWSError>; 50 /** 51 * Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with AWS infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation. 52 */ 53 createIPSet(callback?: (err: AWSError, data: GuardDuty.Types.CreateIPSetResponse) => void): Request<GuardDuty.Types.CreateIPSetResponse, AWSError>; 54 /** 55 * Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization. When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member. If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using Invite Members . 56 */ 57 createMembers(params: GuardDuty.Types.CreateMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateMembersResponse) => void): Request<GuardDuty.Types.CreateMembersResponse, AWSError>; 58 /** 59 * Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization. When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member. If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using Invite Members . 60 */ 61 createMembers(callback?: (err: AWSError, data: GuardDuty.Types.CreateMembersResponse) => void): Request<GuardDuty.Types.CreateMembersResponse, AWSError>; 62 /** 63 * Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation. 64 */ 65 createPublishingDestination(params: GuardDuty.Types.CreatePublishingDestinationRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreatePublishingDestinationResponse) => void): Request<GuardDuty.Types.CreatePublishingDestinationResponse, AWSError>; 66 /** 67 * Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation. 68 */ 69 createPublishingDestination(callback?: (err: AWSError, data: GuardDuty.Types.CreatePublishingDestinationResponse) => void): Request<GuardDuty.Types.CreatePublishingDestinationResponse, AWSError>; 70 /** 71 * Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types. 72 */ 73 createSampleFindings(params: GuardDuty.Types.CreateSampleFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateSampleFindingsResponse) => void): Request<GuardDuty.Types.CreateSampleFindingsResponse, AWSError>; 74 /** 75 * Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types. 76 */ 77 createSampleFindings(callback?: (err: AWSError, data: GuardDuty.Types.CreateSampleFindingsResponse) => void): Request<GuardDuty.Types.CreateSampleFindingsResponse, AWSError>; 78 /** 79 * Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation. 80 */ 81 createThreatIntelSet(params: GuardDuty.Types.CreateThreatIntelSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateThreatIntelSetResponse) => void): Request<GuardDuty.Types.CreateThreatIntelSetResponse, AWSError>; 82 /** 83 * Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation. 84 */ 85 createThreatIntelSet(callback?: (err: AWSError, data: GuardDuty.Types.CreateThreatIntelSetResponse) => void): Request<GuardDuty.Types.CreateThreatIntelSetResponse, AWSError>; 86 /** 87 * Declines invitations sent to the current member account by AWS accounts specified by their account IDs. 88 */ 89 declineInvitations(params: GuardDuty.Types.DeclineInvitationsRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeclineInvitationsResponse) => void): Request<GuardDuty.Types.DeclineInvitationsResponse, AWSError>; 90 /** 91 * Declines invitations sent to the current member account by AWS accounts specified by their account IDs. 92 */ 93 declineInvitations(callback?: (err: AWSError, data: GuardDuty.Types.DeclineInvitationsResponse) => void): Request<GuardDuty.Types.DeclineInvitationsResponse, AWSError>; 94 /** 95 * Deletes an Amazon GuardDuty detector that is specified by the detector ID. 96 */ 97 deleteDetector(params: GuardDuty.Types.DeleteDetectorRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteDetectorResponse) => void): Request<GuardDuty.Types.DeleteDetectorResponse, AWSError>; 98 /** 99 * Deletes an Amazon GuardDuty detector that is specified by the detector ID. 100 */ 101 deleteDetector(callback?: (err: AWSError, data: GuardDuty.Types.DeleteDetectorResponse) => void): Request<GuardDuty.Types.DeleteDetectorResponse, AWSError>; 102 /** 103 * Deletes the filter specified by the filter name. 104 */ 105 deleteFilter(params: GuardDuty.Types.DeleteFilterRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteFilterResponse) => void): Request<GuardDuty.Types.DeleteFilterResponse, AWSError>; 106 /** 107 * Deletes the filter specified by the filter name. 108 */ 109 deleteFilter(callback?: (err: AWSError, data: GuardDuty.Types.DeleteFilterResponse) => void): Request<GuardDuty.Types.DeleteFilterResponse, AWSError>; 110 /** 111 * Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface. 112 */ 113 deleteIPSet(params: GuardDuty.Types.DeleteIPSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteIPSetResponse) => void): Request<GuardDuty.Types.DeleteIPSetResponse, AWSError>; 114 /** 115 * Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface. 116 */ 117 deleteIPSet(callback?: (err: AWSError, data: GuardDuty.Types.DeleteIPSetResponse) => void): Request<GuardDuty.Types.DeleteIPSetResponse, AWSError>; 118 /** 119 * Deletes invitations sent to the current member account by AWS accounts specified by their account IDs. 120 */ 121 deleteInvitations(params: GuardDuty.Types.DeleteInvitationsRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteInvitationsResponse) => void): Request<GuardDuty.Types.DeleteInvitationsResponse, AWSError>; 122 /** 123 * Deletes invitations sent to the current member account by AWS accounts specified by their account IDs. 124 */ 125 deleteInvitations(callback?: (err: AWSError, data: GuardDuty.Types.DeleteInvitationsResponse) => void): Request<GuardDuty.Types.DeleteInvitationsResponse, AWSError>; 126 /** 127 * Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. 128 */ 129 deleteMembers(params: GuardDuty.Types.DeleteMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteMembersResponse) => void): Request<GuardDuty.Types.DeleteMembersResponse, AWSError>; 130 /** 131 * Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. 132 */ 133 deleteMembers(callback?: (err: AWSError, data: GuardDuty.Types.DeleteMembersResponse) => void): Request<GuardDuty.Types.DeleteMembersResponse, AWSError>; 134 /** 135 * Deletes the publishing definition with the specified destinationId. 136 */ 137 deletePublishingDestination(params: GuardDuty.Types.DeletePublishingDestinationRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeletePublishingDestinationResponse) => void): Request<GuardDuty.Types.DeletePublishingDestinationResponse, AWSError>; 138 /** 139 * Deletes the publishing definition with the specified destinationId. 140 */ 141 deletePublishingDestination(callback?: (err: AWSError, data: GuardDuty.Types.DeletePublishingDestinationResponse) => void): Request<GuardDuty.Types.DeletePublishingDestinationResponse, AWSError>; 142 /** 143 * Deletes the ThreatIntelSet specified by the ThreatIntelSet ID. 144 */ 145 deleteThreatIntelSet(params: GuardDuty.Types.DeleteThreatIntelSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteThreatIntelSetResponse) => void): Request<GuardDuty.Types.DeleteThreatIntelSetResponse, AWSError>; 146 /** 147 * Deletes the ThreatIntelSet specified by the ThreatIntelSet ID. 148 */ 149 deleteThreatIntelSet(callback?: (err: AWSError, data: GuardDuty.Types.DeleteThreatIntelSetResponse) => void): Request<GuardDuty.Types.DeleteThreatIntelSetResponse, AWSError>; 150 /** 151 * Returns information about the account selected as the delegated administrator for GuardDuty. 152 */ 153 describeOrganizationConfiguration(params: GuardDuty.Types.DescribeOrganizationConfigurationRequest, callback?: (err: AWSError, data: GuardDuty.Types.DescribeOrganizationConfigurationResponse) => void): Request<GuardDuty.Types.DescribeOrganizationConfigurationResponse, AWSError>; 154 /** 155 * Returns information about the account selected as the delegated administrator for GuardDuty. 156 */ 157 describeOrganizationConfiguration(callback?: (err: AWSError, data: GuardDuty.Types.DescribeOrganizationConfigurationResponse) => void): Request<GuardDuty.Types.DescribeOrganizationConfigurationResponse, AWSError>; 158 /** 159 * Returns information about the publishing destination specified by the provided destinationId. 160 */ 161 describePublishingDestination(params: GuardDuty.Types.DescribePublishingDestinationRequest, callback?: (err: AWSError, data: GuardDuty.Types.DescribePublishingDestinationResponse) => void): Request<GuardDuty.Types.DescribePublishingDestinationResponse, AWSError>; 162 /** 163 * Returns information about the publishing destination specified by the provided destinationId. 164 */ 165 describePublishingDestination(callback?: (err: AWSError, data: GuardDuty.Types.DescribePublishingDestinationResponse) => void): Request<GuardDuty.Types.DescribePublishingDestinationResponse, AWSError>; 166 /** 167 * Disables an AWS account within the Organization as the GuardDuty delegated administrator. 168 */ 169 disableOrganizationAdminAccount(params: GuardDuty.Types.DisableOrganizationAdminAccountRequest, callback?: (err: AWSError, data: GuardDuty.Types.DisableOrganizationAdminAccountResponse) => void): Request<GuardDuty.Types.DisableOrganizationAdminAccountResponse, AWSError>; 170 /** 171 * Disables an AWS account within the Organization as the GuardDuty delegated administrator. 172 */ 173 disableOrganizationAdminAccount(callback?: (err: AWSError, data: GuardDuty.Types.DisableOrganizationAdminAccountResponse) => void): Request<GuardDuty.Types.DisableOrganizationAdminAccountResponse, AWSError>; 174 /** 175 * Disassociates the current GuardDuty member account from its administrator account. 176 */ 177 disassociateFromMasterAccount(params: GuardDuty.Types.DisassociateFromMasterAccountRequest, callback?: (err: AWSError, data: GuardDuty.Types.DisassociateFromMasterAccountResponse) => void): Request<GuardDuty.Types.DisassociateFromMasterAccountResponse, AWSError>; 178 /** 179 * Disassociates the current GuardDuty member account from its administrator account. 180 */ 181 disassociateFromMasterAccount(callback?: (err: AWSError, data: GuardDuty.Types.DisassociateFromMasterAccountResponse) => void): Request<GuardDuty.Types.DisassociateFromMasterAccountResponse, AWSError>; 182 /** 183 * Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. 184 */ 185 disassociateMembers(params: GuardDuty.Types.DisassociateMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.DisassociateMembersResponse) => void): Request<GuardDuty.Types.DisassociateMembersResponse, AWSError>; 186 /** 187 * Disassociates GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs. 188 */ 189 disassociateMembers(callback?: (err: AWSError, data: GuardDuty.Types.DisassociateMembersResponse) => void): Request<GuardDuty.Types.DisassociateMembersResponse, AWSError>; 190 /** 191 * Enables an AWS account within the organization as the GuardDuty delegated administrator. 192 */ 193 enableOrganizationAdminAccount(params: GuardDuty.Types.EnableOrganizationAdminAccountRequest, callback?: (err: AWSError, data: GuardDuty.Types.EnableOrganizationAdminAccountResponse) => void): Request<GuardDuty.Types.EnableOrganizationAdminAccountResponse, AWSError>; 194 /** 195 * Enables an AWS account within the organization as the GuardDuty delegated administrator. 196 */ 197 enableOrganizationAdminAccount(callback?: (err: AWSError, data: GuardDuty.Types.EnableOrganizationAdminAccountResponse) => void): Request<GuardDuty.Types.EnableOrganizationAdminAccountResponse, AWSError>; 198 /** 199 * Retrieves an Amazon GuardDuty detector specified by the detectorId. 200 */ 201 getDetector(params: GuardDuty.Types.GetDetectorRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetDetectorResponse) => void): Request<GuardDuty.Types.GetDetectorResponse, AWSError>; 202 /** 203 * Retrieves an Amazon GuardDuty detector specified by the detectorId. 204 */ 205 getDetector(callback?: (err: AWSError, data: GuardDuty.Types.GetDetectorResponse) => void): Request<GuardDuty.Types.GetDetectorResponse, AWSError>; 206 /** 207 * Returns the details of the filter specified by the filter name. 208 */ 209 getFilter(params: GuardDuty.Types.GetFilterRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetFilterResponse) => void): Request<GuardDuty.Types.GetFilterResponse, AWSError>; 210 /** 211 * Returns the details of the filter specified by the filter name. 212 */ 213 getFilter(callback?: (err: AWSError, data: GuardDuty.Types.GetFilterResponse) => void): Request<GuardDuty.Types.GetFilterResponse, AWSError>; 214 /** 215 * Describes Amazon GuardDuty findings specified by finding IDs. 216 */ 217 getFindings(params: GuardDuty.Types.GetFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetFindingsResponse) => void): Request<GuardDuty.Types.GetFindingsResponse, AWSError>; 218 /** 219 * Describes Amazon GuardDuty findings specified by finding IDs. 220 */ 221 getFindings(callback?: (err: AWSError, data: GuardDuty.Types.GetFindingsResponse) => void): Request<GuardDuty.Types.GetFindingsResponse, AWSError>; 222 /** 223 * Lists Amazon GuardDuty findings statistics for the specified detector ID. 224 */ 225 getFindingsStatistics(params: GuardDuty.Types.GetFindingsStatisticsRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetFindingsStatisticsResponse) => void): Request<GuardDuty.Types.GetFindingsStatisticsResponse, AWSError>; 226 /** 227 * Lists Amazon GuardDuty findings statistics for the specified detector ID. 228 */ 229 getFindingsStatistics(callback?: (err: AWSError, data: GuardDuty.Types.GetFindingsStatisticsResponse) => void): Request<GuardDuty.Types.GetFindingsStatisticsResponse, AWSError>; 230 /** 231 * Retrieves the IPSet specified by the ipSetId. 232 */ 233 getIPSet(params: GuardDuty.Types.GetIPSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetIPSetResponse) => void): Request<GuardDuty.Types.GetIPSetResponse, AWSError>; 234 /** 235 * Retrieves the IPSet specified by the ipSetId. 236 */ 237 getIPSet(callback?: (err: AWSError, data: GuardDuty.Types.GetIPSetResponse) => void): Request<GuardDuty.Types.GetIPSetResponse, AWSError>; 238 /** 239 * Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation. 240 */ 241 getInvitationsCount(params: GuardDuty.Types.GetInvitationsCountRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetInvitationsCountResponse) => void): Request<GuardDuty.Types.GetInvitationsCountResponse, AWSError>; 242 /** 243 * Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation. 244 */ 245 getInvitationsCount(callback?: (err: AWSError, data: GuardDuty.Types.GetInvitationsCountResponse) => void): Request<GuardDuty.Types.GetInvitationsCountResponse, AWSError>; 246 /** 247 * Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account. 248 */ 249 getMasterAccount(params: GuardDuty.Types.GetMasterAccountRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetMasterAccountResponse) => void): Request<GuardDuty.Types.GetMasterAccountResponse, AWSError>; 250 /** 251 * Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account. 252 */ 253 getMasterAccount(callback?: (err: AWSError, data: GuardDuty.Types.GetMasterAccountResponse) => void): Request<GuardDuty.Types.GetMasterAccountResponse, AWSError>; 254 /** 255 * Describes which data sources are enabled for the member account's detector. 256 */ 257 getMemberDetectors(params: GuardDuty.Types.GetMemberDetectorsRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetMemberDetectorsResponse) => void): Request<GuardDuty.Types.GetMemberDetectorsResponse, AWSError>; 258 /** 259 * Describes which data sources are enabled for the member account's detector. 260 */ 261 getMemberDetectors(callback?: (err: AWSError, data: GuardDuty.Types.GetMemberDetectorsResponse) => void): Request<GuardDuty.Types.GetMemberDetectorsResponse, AWSError>; 262 /** 263 * Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs. 264 */ 265 getMembers(params: GuardDuty.Types.GetMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetMembersResponse) => void): Request<GuardDuty.Types.GetMembersResponse, AWSError>; 266 /** 267 * Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs. 268 */ 269 getMembers(callback?: (err: AWSError, data: GuardDuty.Types.GetMembersResponse) => void): Request<GuardDuty.Types.GetMembersResponse, AWSError>; 270 /** 271 * Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID. 272 */ 273 getThreatIntelSet(params: GuardDuty.Types.GetThreatIntelSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetThreatIntelSetResponse) => void): Request<GuardDuty.Types.GetThreatIntelSetResponse, AWSError>; 274 /** 275 * Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID. 276 */ 277 getThreatIntelSet(callback?: (err: AWSError, data: GuardDuty.Types.GetThreatIntelSetResponse) => void): Request<GuardDuty.Types.GetThreatIntelSetResponse, AWSError>; 278 /** 279 * Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources the cost returned will include only the usage so far under 30 days, this may differ from the cost metrics in the console, which projects usage over 30 days to provide a monthly cost estimate. For more information see Understanding How Usage Costs are Calculated. 280 */ 281 getUsageStatistics(params: GuardDuty.Types.GetUsageStatisticsRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetUsageStatisticsResponse) => void): Request<GuardDuty.Types.GetUsageStatisticsResponse, AWSError>; 282 /** 283 * Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources the cost returned will include only the usage so far under 30 days, this may differ from the cost metrics in the console, which projects usage over 30 days to provide a monthly cost estimate. For more information see Understanding How Usage Costs are Calculated. 284 */ 285 getUsageStatistics(callback?: (err: AWSError, data: GuardDuty.Types.GetUsageStatisticsResponse) => void): Request<GuardDuty.Types.GetUsageStatisticsResponse, AWSError>; 286 /** 287 * Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty, and allow the current AWS account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account. 288 */ 289 inviteMembers(params: GuardDuty.Types.InviteMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.InviteMembersResponse) => void): Request<GuardDuty.Types.InviteMembersResponse, AWSError>; 290 /** 291 * Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty, and allow the current AWS account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account. 292 */ 293 inviteMembers(callback?: (err: AWSError, data: GuardDuty.Types.InviteMembersResponse) => void): Request<GuardDuty.Types.InviteMembersResponse, AWSError>; 294 /** 295 * Lists detectorIds of all the existing Amazon GuardDuty detector resources. 296 */ 297 listDetectors(params: GuardDuty.Types.ListDetectorsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListDetectorsResponse) => void): Request<GuardDuty.Types.ListDetectorsResponse, AWSError>; 298 /** 299 * Lists detectorIds of all the existing Amazon GuardDuty detector resources. 300 */ 301 listDetectors(callback?: (err: AWSError, data: GuardDuty.Types.ListDetectorsResponse) => void): Request<GuardDuty.Types.ListDetectorsResponse, AWSError>; 302 /** 303 * Returns a paginated list of the current filters. 304 */ 305 listFilters(params: GuardDuty.Types.ListFiltersRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListFiltersResponse) => void): Request<GuardDuty.Types.ListFiltersResponse, AWSError>; 306 /** 307 * Returns a paginated list of the current filters. 308 */ 309 listFilters(callback?: (err: AWSError, data: GuardDuty.Types.ListFiltersResponse) => void): Request<GuardDuty.Types.ListFiltersResponse, AWSError>; 310 /** 311 * Lists Amazon GuardDuty findings for the specified detector ID. 312 */ 313 listFindings(params: GuardDuty.Types.ListFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListFindingsResponse) => void): Request<GuardDuty.Types.ListFindingsResponse, AWSError>; 314 /** 315 * Lists Amazon GuardDuty findings for the specified detector ID. 316 */ 317 listFindings(callback?: (err: AWSError, data: GuardDuty.Types.ListFindingsResponse) => void): Request<GuardDuty.Types.ListFindingsResponse, AWSError>; 318 /** 319 * Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account. 320 */ 321 listIPSets(params: GuardDuty.Types.ListIPSetsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListIPSetsResponse) => void): Request<GuardDuty.Types.ListIPSetsResponse, AWSError>; 322 /** 323 * Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account. 324 */ 325 listIPSets(callback?: (err: AWSError, data: GuardDuty.Types.ListIPSetsResponse) => void): Request<GuardDuty.Types.ListIPSetsResponse, AWSError>; 326 /** 327 * Lists all GuardDuty membership invitations that were sent to the current AWS account. 328 */ 329 listInvitations(params: GuardDuty.Types.ListInvitationsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListInvitationsResponse) => void): Request<GuardDuty.Types.ListInvitationsResponse, AWSError>; 330 /** 331 * Lists all GuardDuty membership invitations that were sent to the current AWS account. 332 */ 333 listInvitations(callback?: (err: AWSError, data: GuardDuty.Types.ListInvitationsResponse) => void): Request<GuardDuty.Types.ListInvitationsResponse, AWSError>; 334 /** 335 * Lists details about all member accounts for the current GuardDuty administrator account. 336 */ 337 listMembers(params: GuardDuty.Types.ListMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListMembersResponse) => void): Request<GuardDuty.Types.ListMembersResponse, AWSError>; 338 /** 339 * Lists details about all member accounts for the current GuardDuty administrator account. 340 */ 341 listMembers(callback?: (err: AWSError, data: GuardDuty.Types.ListMembersResponse) => void): Request<GuardDuty.Types.ListMembersResponse, AWSError>; 342 /** 343 * Lists the accounts configured as GuardDuty delegated administrators. 344 */ 345 listOrganizationAdminAccounts(params: GuardDuty.Types.ListOrganizationAdminAccountsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListOrganizationAdminAccountsResponse) => void): Request<GuardDuty.Types.ListOrganizationAdminAccountsResponse, AWSError>; 346 /** 347 * Lists the accounts configured as GuardDuty delegated administrators. 348 */ 349 listOrganizationAdminAccounts(callback?: (err: AWSError, data: GuardDuty.Types.ListOrganizationAdminAccountsResponse) => void): Request<GuardDuty.Types.ListOrganizationAdminAccountsResponse, AWSError>; 350 /** 351 * Returns a list of publishing destinations associated with the specified dectectorId. 352 */ 353 listPublishingDestinations(params: GuardDuty.Types.ListPublishingDestinationsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListPublishingDestinationsResponse) => void): Request<GuardDuty.Types.ListPublishingDestinationsResponse, AWSError>; 354 /** 355 * Returns a list of publishing destinations associated with the specified dectectorId. 356 */ 357 listPublishingDestinations(callback?: (err: AWSError, data: GuardDuty.Types.ListPublishingDestinationsResponse) => void): Request<GuardDuty.Types.ListPublishingDestinationsResponse, AWSError>; 358 /** 359 * Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource. 360 */ 361 listTagsForResource(params: GuardDuty.Types.ListTagsForResourceRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListTagsForResourceResponse) => void): Request<GuardDuty.Types.ListTagsForResourceResponse, AWSError>; 362 /** 363 * Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource. 364 */ 365 listTagsForResource(callback?: (err: AWSError, data: GuardDuty.Types.ListTagsForResourceResponse) => void): Request<GuardDuty.Types.ListTagsForResourceResponse, AWSError>; 366 /** 367 * Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned. 368 */ 369 listThreatIntelSets(params: GuardDuty.Types.ListThreatIntelSetsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListThreatIntelSetsResponse) => void): Request<GuardDuty.Types.ListThreatIntelSetsResponse, AWSError>; 370 /** 371 * Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned. 372 */ 373 listThreatIntelSets(callback?: (err: AWSError, data: GuardDuty.Types.ListThreatIntelSetsResponse) => void): Request<GuardDuty.Types.ListThreatIntelSetsResponse, AWSError>; 374 /** 375 * Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation. 376 */ 377 startMonitoringMembers(params: GuardDuty.Types.StartMonitoringMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.StartMonitoringMembersResponse) => void): Request<GuardDuty.Types.StartMonitoringMembersResponse, AWSError>; 378 /** 379 * Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation. 380 */ 381 startMonitoringMembers(callback?: (err: AWSError, data: GuardDuty.Types.StartMonitoringMembersResponse) => void): Request<GuardDuty.Types.StartMonitoringMembersResponse, AWSError>; 382 /** 383 * Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts. 384 */ 385 stopMonitoringMembers(params: GuardDuty.Types.StopMonitoringMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.StopMonitoringMembersResponse) => void): Request<GuardDuty.Types.StopMonitoringMembersResponse, AWSError>; 386 /** 387 * Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts. 388 */ 389 stopMonitoringMembers(callback?: (err: AWSError, data: GuardDuty.Types.StopMonitoringMembersResponse) => void): Request<GuardDuty.Types.StopMonitoringMembersResponse, AWSError>; 390 /** 391 * Adds tags to a resource. 392 */ 393 tagResource(params: GuardDuty.Types.TagResourceRequest, callback?: (err: AWSError, data: GuardDuty.Types.TagResourceResponse) => void): Request<GuardDuty.Types.TagResourceResponse, AWSError>; 394 /** 395 * Adds tags to a resource. 396 */ 397 tagResource(callback?: (err: AWSError, data: GuardDuty.Types.TagResourceResponse) => void): Request<GuardDuty.Types.TagResourceResponse, AWSError>; 398 /** 399 * Unarchives GuardDuty findings specified by the findingIds. 400 */ 401 unarchiveFindings(params: GuardDuty.Types.UnarchiveFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.UnarchiveFindingsResponse) => void): Request<GuardDuty.Types.UnarchiveFindingsResponse, AWSError>; 402 /** 403 * Unarchives GuardDuty findings specified by the findingIds. 404 */ 405 unarchiveFindings(callback?: (err: AWSError, data: GuardDuty.Types.UnarchiveFindingsResponse) => void): Request<GuardDuty.Types.UnarchiveFindingsResponse, AWSError>; 406 /** 407 * Removes tags from a resource. 408 */ 409 untagResource(params: GuardDuty.Types.UntagResourceRequest, callback?: (err: AWSError, data: GuardDuty.Types.UntagResourceResponse) => void): Request<GuardDuty.Types.UntagResourceResponse, AWSError>; 410 /** 411 * Removes tags from a resource. 412 */ 413 untagResource(callback?: (err: AWSError, data: GuardDuty.Types.UntagResourceResponse) => void): Request<GuardDuty.Types.UntagResourceResponse, AWSError>; 414 /** 415 * Updates the Amazon GuardDuty detector specified by the detectorId. 416 */ 417 updateDetector(params: GuardDuty.Types.UpdateDetectorRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateDetectorResponse) => void): Request<GuardDuty.Types.UpdateDetectorResponse, AWSError>; 418 /** 419 * Updates the Amazon GuardDuty detector specified by the detectorId. 420 */ 421 updateDetector(callback?: (err: AWSError, data: GuardDuty.Types.UpdateDetectorResponse) => void): Request<GuardDuty.Types.UpdateDetectorResponse, AWSError>; 422 /** 423 * Updates the filter specified by the filter name. 424 */ 425 updateFilter(params: GuardDuty.Types.UpdateFilterRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateFilterResponse) => void): Request<GuardDuty.Types.UpdateFilterResponse, AWSError>; 426 /** 427 * Updates the filter specified by the filter name. 428 */ 429 updateFilter(callback?: (err: AWSError, data: GuardDuty.Types.UpdateFilterResponse) => void): Request<GuardDuty.Types.UpdateFilterResponse, AWSError>; 430 /** 431 * Marks the specified GuardDuty findings as useful or not useful. 432 */ 433 updateFindingsFeedback(params: GuardDuty.Types.UpdateFindingsFeedbackRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateFindingsFeedbackResponse) => void): Request<GuardDuty.Types.UpdateFindingsFeedbackResponse, AWSError>; 434 /** 435 * Marks the specified GuardDuty findings as useful or not useful. 436 */ 437 updateFindingsFeedback(callback?: (err: AWSError, data: GuardDuty.Types.UpdateFindingsFeedbackResponse) => void): Request<GuardDuty.Types.UpdateFindingsFeedbackResponse, AWSError>; 438 /** 439 * Updates the IPSet specified by the IPSet ID. 440 */ 441 updateIPSet(params: GuardDuty.Types.UpdateIPSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateIPSetResponse) => void): Request<GuardDuty.Types.UpdateIPSetResponse, AWSError>; 442 /** 443 * Updates the IPSet specified by the IPSet ID. 444 */ 445 updateIPSet(callback?: (err: AWSError, data: GuardDuty.Types.UpdateIPSetResponse) => void): Request<GuardDuty.Types.UpdateIPSetResponse, AWSError>; 446 /** 447 * Contains information on member accounts to be updated. 448 */ 449 updateMemberDetectors(params: GuardDuty.Types.UpdateMemberDetectorsRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateMemberDetectorsResponse) => void): Request<GuardDuty.Types.UpdateMemberDetectorsResponse, AWSError>; 450 /** 451 * Contains information on member accounts to be updated. 452 */ 453 updateMemberDetectors(callback?: (err: AWSError, data: GuardDuty.Types.UpdateMemberDetectorsResponse) => void): Request<GuardDuty.Types.UpdateMemberDetectorsResponse, AWSError>; 454 /** 455 * Updates the delegated administrator account with the values provided. 456 */ 457 updateOrganizationConfiguration(params: GuardDuty.Types.UpdateOrganizationConfigurationRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateOrganizationConfigurationResponse) => void): Request<GuardDuty.Types.UpdateOrganizationConfigurationResponse, AWSError>; 458 /** 459 * Updates the delegated administrator account with the values provided. 460 */ 461 updateOrganizationConfiguration(callback?: (err: AWSError, data: GuardDuty.Types.UpdateOrganizationConfigurationResponse) => void): Request<GuardDuty.Types.UpdateOrganizationConfigurationResponse, AWSError>; 462 /** 463 * Updates information about the publishing destination specified by the destinationId. 464 */ 465 updatePublishingDestination(params: GuardDuty.Types.UpdatePublishingDestinationRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdatePublishingDestinationResponse) => void): Request<GuardDuty.Types.UpdatePublishingDestinationResponse, AWSError>; 466 /** 467 * Updates information about the publishing destination specified by the destinationId. 468 */ 469 updatePublishingDestination(callback?: (err: AWSError, data: GuardDuty.Types.UpdatePublishingDestinationResponse) => void): Request<GuardDuty.Types.UpdatePublishingDestinationResponse, AWSError>; 470 /** 471 * Updates the ThreatIntelSet specified by the ThreatIntelSet ID. 472 */ 473 updateThreatIntelSet(params: GuardDuty.Types.UpdateThreatIntelSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateThreatIntelSetResponse) => void): Request<GuardDuty.Types.UpdateThreatIntelSetResponse, AWSError>; 474 /** 475 * Updates the ThreatIntelSet specified by the ThreatIntelSet ID. 476 */ 477 updateThreatIntelSet(callback?: (err: AWSError, data: GuardDuty.Types.UpdateThreatIntelSetResponse) => void): Request<GuardDuty.Types.UpdateThreatIntelSetResponse, AWSError>; 478 } 479 declare namespace GuardDuty { 480 export interface AcceptInvitationRequest { 481 /** 482 * The unique ID of the detector of the GuardDuty member account. 483 */ 484 DetectorId: DetectorId; 485 /** 486 * The account ID of the GuardDuty administrator account whose invitation you're accepting. 487 */ 488 MasterId: String; 489 /** 490 * The value that is used to validate the administrator account to the member account. 491 */ 492 InvitationId: String; 493 } 494 export interface AcceptInvitationResponse { 495 } 496 export interface AccessControlList { 497 /** 498 * A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL). 499 */ 500 AllowsPublicReadAccess?: Boolean; 501 /** 502 * A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL). 503 */ 504 AllowsPublicWriteAccess?: Boolean; 505 } 506 export interface AccessKeyDetails { 507 /** 508 * The access key ID of the user. 509 */ 510 AccessKeyId?: String; 511 /** 512 * The principal ID of the user. 513 */ 514 PrincipalId?: String; 515 /** 516 * The name of the user. 517 */ 518 UserName?: String; 519 /** 520 * The type of the user. 521 */ 522 UserType?: String; 523 } 524 export interface AccountDetail { 525 /** 526 * The member account ID. 527 */ 528 AccountId: AccountId; 529 /** 530 * The email address of the member account. 531 */ 532 Email: Email; 533 } 534 export type AccountDetails = AccountDetail[]; 535 export type AccountId = string; 536 export type AccountIds = AccountId[]; 537 export interface AccountLevelPermissions { 538 /** 539 * Describes the S3 Block Public Access settings of the bucket's parent account. 540 */ 541 BlockPublicAccess?: BlockPublicAccess; 542 } 543 export interface Action { 544 /** 545 * The GuardDuty finding activity type. 546 */ 547 ActionType?: String; 548 /** 549 * Information about the AWS_API_CALL action described in this finding. 550 */ 551 AwsApiCallAction?: AwsApiCallAction; 552 /** 553 * Information about the DNS_REQUEST action described in this finding. 554 */ 555 DnsRequestAction?: DnsRequestAction; 556 /** 557 * Information about the NETWORK_CONNECTION action described in this finding. 558 */ 559 NetworkConnectionAction?: NetworkConnectionAction; 560 /** 561 * Information about the PORT_PROBE action described in this finding. 562 */ 563 PortProbeAction?: PortProbeAction; 564 } 565 export interface AdminAccount { 566 /** 567 * The AWS account ID for the account. 568 */ 569 AdminAccountId?: String; 570 /** 571 * Indicates whether the account is enabled as the delegated administrator. 572 */ 573 AdminStatus?: AdminStatus; 574 } 575 export type AdminAccounts = AdminAccount[]; 576 export type AdminStatus = "ENABLED"|"DISABLE_IN_PROGRESS"|string; 577 export interface ArchiveFindingsRequest { 578 /** 579 * The ID of the detector that specifies the GuardDuty service whose findings you want to archive. 580 */ 581 DetectorId: DetectorId; 582 /** 583 * The IDs of the findings that you want to archive. 584 */ 585 FindingIds: FindingIds; 586 } 587 export interface ArchiveFindingsResponse { 588 } 589 export interface AwsApiCallAction { 590 /** 591 * The AWS API name. 592 */ 593 Api?: String; 594 /** 595 * The AWS API caller type. 596 */ 597 CallerType?: String; 598 /** 599 * The domain information for the AWS API call. 600 */ 601 DomainDetails?: DomainDetails; 602 /** 603 * The error code of the failed AWS API action. 604 */ 605 ErrorCode?: String; 606 /** 607 * The remote IP information of the connection that initiated the AWS API call. 608 */ 609 RemoteIpDetails?: RemoteIpDetails; 610 /** 611 * The AWS service name whose API was invoked. 612 */ 613 ServiceName?: String; 614 } 615 export interface BlockPublicAccess { 616 /** 617 * Indicates if S3 Block Public Access is set to IgnorePublicAcls. 618 */ 619 IgnorePublicAcls?: Boolean; 620 /** 621 * Indicates if S3 Block Public Access is set to RestrictPublicBuckets. 622 */ 623 RestrictPublicBuckets?: Boolean; 624 /** 625 * Indicates if S3 Block Public Access is set to BlockPublicAcls. 626 */ 627 BlockPublicAcls?: Boolean; 628 /** 629 * Indicates if S3 Block Public Access is set to BlockPublicPolicy. 630 */ 631 BlockPublicPolicy?: Boolean; 632 } 633 export type Boolean = boolean; 634 export interface BucketLevelPermissions { 635 /** 636 * Contains information on how Access Control Policies are applied to the bucket. 637 */ 638 AccessControlList?: AccessControlList; 639 /** 640 * Contains information on the bucket policies for the S3 bucket. 641 */ 642 BucketPolicy?: BucketPolicy; 643 /** 644 * Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket. 645 */ 646 BlockPublicAccess?: BlockPublicAccess; 647 } 648 export interface BucketPolicy { 649 /** 650 * A value that indicates whether public read access for the bucket is enabled through a bucket policy. 651 */ 652 AllowsPublicReadAccess?: Boolean; 653 /** 654 * A value that indicates whether public write access for the bucket is enabled through a bucket policy. 655 */ 656 AllowsPublicWriteAccess?: Boolean; 657 } 658 export interface City { 659 /** 660 * The city name of the remote IP address. 661 */ 662 CityName?: String; 663 } 664 export type ClientToken = string; 665 export interface CloudTrailConfigurationResult { 666 /** 667 * Describes whether CloudTrail is enabled as a data source for the detector. 668 */ 669 Status: DataSourceStatus; 670 } 671 export interface Condition { 672 /** 673 * Represents the equal condition to be applied to a single field when querying for findings. 674 */ 675 Eq?: Eq; 676 /** 677 * Represents the not equal condition to be applied to a single field when querying for findings. 678 */ 679 Neq?: Neq; 680 /** 681 * Represents a greater than condition to be applied to a single field when querying for findings. 682 */ 683 Gt?: Integer; 684 /** 685 * Represents a greater than or equal condition to be applied to a single field when querying for findings. 686 */ 687 Gte?: Integer; 688 /** 689 * Represents a less than condition to be applied to a single field when querying for findings. 690 */ 691 Lt?: Integer; 692 /** 693 * Represents a less than or equal condition to be applied to a single field when querying for findings. 694 */ 695 Lte?: Integer; 696 /** 697 * Represents an equal condition to be applied to a single field when querying for findings. 698 */ 699 Equals?: Equals; 700 /** 701 * Represents a not equal condition to be applied to a single field when querying for findings. 702 */ 703 NotEquals?: NotEquals; 704 /** 705 * Represents a greater than condition to be applied to a single field when querying for findings. 706 */ 707 GreaterThan?: Long; 708 /** 709 * Represents a greater than or equal condition to be applied to a single field when querying for findings. 710 */ 711 GreaterThanOrEqual?: Long; 712 /** 713 * Represents a less than condition to be applied to a single field when querying for findings. 714 */ 715 LessThan?: Long; 716 /** 717 * Represents a less than or equal condition to be applied to a single field when querying for findings. 718 */ 719 LessThanOrEqual?: Long; 720 } 721 export type CountBySeverity = {[key: string]: Integer}; 722 export interface Country { 723 /** 724 * The country code of the remote IP address. 725 */ 726 CountryCode?: String; 727 /** 728 * The country name of the remote IP address. 729 */ 730 CountryName?: String; 731 } 732 export interface CreateDetectorRequest { 733 /** 734 * A Boolean value that specifies whether the detector is to be enabled. 735 */ 736 Enable: Boolean; 737 /** 738 * The idempotency token for the create request. 739 */ 740 ClientToken?: ClientToken; 741 /** 742 * A value that specifies how frequently updated findings are exported. 743 */ 744 FindingPublishingFrequency?: FindingPublishingFrequency; 745 /** 746 * Describes which data sources will be enabled for the detector. 747 */ 748 DataSources?: DataSourceConfigurations; 749 /** 750 * The tags to be added to a new detector resource. 751 */ 752 Tags?: TagMap; 753 } 754 export interface CreateDetectorResponse { 755 /** 756 * The unique ID of the created detector. 757 */ 758 DetectorId?: DetectorId; 759 } 760 export interface CreateFilterRequest { 761 /** 762 * The ID of the detector belonging to the GuardDuty account that you want to create a filter for. 763 */ 764 DetectorId: DetectorId; 765 /** 766 * The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed. 767 */ 768 Name: FilterName; 769 /** 770 * The description of the filter. 771 */ 772 Description?: FilterDescription; 773 /** 774 * Specifies the action that is to be applied to the findings that match the filter. 775 */ 776 Action?: FilterAction; 777 /** 778 * Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. 779 */ 780 Rank?: FilterRank; 781 /** 782 * Represents the criteria to be used in the filter for querying findings. You can only use the following attributes to query findings: accountId region confidence id resource.accessKeyDetails.accessKeyId resource.accessKeyDetails.principalId resource.accessKeyDetails.userName resource.accessKeyDetails.userType resource.instanceDetails.iamInstanceProfile.id resource.instanceDetails.imageId resource.instanceDetails.instanceId resource.instanceDetails.outpostArn resource.instanceDetails.networkInterfaces.ipv6Addresses resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress resource.instanceDetails.networkInterfaces.publicDnsName resource.instanceDetails.networkInterfaces.publicIp resource.instanceDetails.networkInterfaces.securityGroups.groupId resource.instanceDetails.networkInterfaces.securityGroups.groupName resource.instanceDetails.networkInterfaces.subnetId resource.instanceDetails.networkInterfaces.vpcId resource.instanceDetails.tags.key resource.instanceDetails.tags.value resource.resourceType service.action.actionType service.action.awsApiCallAction.api service.action.awsApiCallAction.callerType service.action.awsApiCallAction.errorCode service.action.awsApiCallAction.remoteIpDetails.city.cityName service.action.awsApiCallAction.remoteIpDetails.country.countryName service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 service.action.awsApiCallAction.remoteIpDetails.organization.asn service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg service.action.awsApiCallAction.serviceName service.action.dnsRequestAction.domain service.action.networkConnectionAction.blocked service.action.networkConnectionAction.connectionDirection service.action.networkConnectionAction.localPortDetails.port service.action.networkConnectionAction.protocol service.action.networkConnectionAction.localIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.city.cityName service.action.networkConnectionAction.remoteIpDetails.country.countryName service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.organization.asn service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg service.action.networkConnectionAction.remotePortDetails.port service.additionalInfo.threatListName service.archived When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed. service.resourceRole severity type updatedAt Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds. 783 */ 784 FindingCriteria: FindingCriteria; 785 /** 786 * The idempotency token for the create request. 787 */ 788 ClientToken?: ClientToken; 789 /** 790 * The tags to be added to a new filter resource. 791 */ 792 Tags?: TagMap; 793 } 794 export interface CreateFilterResponse { 795 /** 796 * The name of the successfully created filter. 797 */ 798 Name: FilterName; 799 } 800 export interface CreateIPSetRequest { 801 /** 802 * The unique ID of the detector of the GuardDuty account that you want to create an IPSet for. 803 */ 804 DetectorId: DetectorId; 805 /** 806 * The user-friendly name to identify the IPSet. Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_). 807 */ 808 Name: Name; 809 /** 810 * The format of the file that contains the IPSet. 811 */ 812 Format: IpSetFormat; 813 /** 814 * The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. 815 */ 816 Location: Location; 817 /** 818 * A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet. 819 */ 820 Activate: Boolean; 821 /** 822 * The idempotency token for the create request. 823 */ 824 ClientToken?: ClientToken; 825 /** 826 * The tags to be added to a new IP set resource. 827 */ 828 Tags?: TagMap; 829 } 830 export interface CreateIPSetResponse { 831 /** 832 * The ID of the IPSet resource. 833 */ 834 IpSetId: String; 835 } 836 export interface CreateMembersRequest { 837 /** 838 * The unique ID of the detector of the GuardDuty account that you want to associate member accounts with. 839 */ 840 DetectorId: DetectorId; 841 /** 842 * A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account. 843 */ 844 AccountDetails: AccountDetails; 845 } 846 export interface CreateMembersResponse { 847 /** 848 * A list of objects that include the accountIds of the unprocessed accounts and a result string that explains why each was unprocessed. 849 */ 850 UnprocessedAccounts: UnprocessedAccounts; 851 } 852 export interface CreatePublishingDestinationRequest { 853 /** 854 * The ID of the GuardDuty detector associated with the publishing destination. 855 */ 856 DetectorId: DetectorId; 857 /** 858 * The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported. 859 */ 860 DestinationType: DestinationType; 861 /** 862 * The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption. 863 */ 864 DestinationProperties: DestinationProperties; 865 /** 866 * The idempotency token for the request. 867 */ 868 ClientToken?: ClientToken; 869 } 870 export interface CreatePublishingDestinationResponse { 871 /** 872 * The ID of the publishing destination that is created. 873 */ 874 DestinationId: String; 875 } 876 export interface CreateSampleFindingsRequest { 877 /** 878 * The ID of the detector to create sample findings for. 879 */ 880 DetectorId: DetectorId; 881 /** 882 * The types of sample findings to generate. 883 */ 884 FindingTypes?: FindingTypes; 885 } 886 export interface CreateSampleFindingsResponse { 887 } 888 export interface CreateThreatIntelSetRequest { 889 /** 890 * The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for. 891 */ 892 DetectorId: DetectorId; 893 /** 894 * A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet. 895 */ 896 Name: Name; 897 /** 898 * The format of the file that contains the ThreatIntelSet. 899 */ 900 Format: ThreatIntelSetFormat; 901 /** 902 * The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. 903 */ 904 Location: Location; 905 /** 906 * A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet. 907 */ 908 Activate: Boolean; 909 /** 910 * The idempotency token for the create request. 911 */ 912 ClientToken?: ClientToken; 913 /** 914 * The tags to be added to a new threat list resource. 915 */ 916 Tags?: TagMap; 917 } 918 export interface CreateThreatIntelSetResponse { 919 /** 920 * The ID of the ThreatIntelSet resource. 921 */ 922 ThreatIntelSetId: String; 923 } 924 export type Criterion = {[key: string]: Condition}; 925 export interface DNSLogsConfigurationResult { 926 /** 927 * Denotes whether DNS logs is enabled as a data source. 928 */ 929 Status: DataSourceStatus; 930 } 931 export type DataSource = "FLOW_LOGS"|"CLOUD_TRAIL"|"DNS_LOGS"|"S3_LOGS"|string; 932 export interface DataSourceConfigurations { 933 /** 934 * Describes whether S3 data event logs are enabled as a data source. 935 */ 936 S3Logs?: S3LogsConfiguration; 937 } 938 export interface DataSourceConfigurationsResult { 939 /** 940 * An object that contains information on the status of CloudTrail as a data source. 941 */ 942 CloudTrail: CloudTrailConfigurationResult; 943 /** 944 * An object that contains information on the status of DNS logs as a data source. 945 */ 946 DNSLogs: DNSLogsConfigurationResult; 947 /** 948 * An object that contains information on the status of VPC flow logs as a data source. 949 */ 950 FlowLogs: FlowLogsConfigurationResult; 951 /** 952 * An object that contains information on the status of S3 Data event logs as a data source. 953 */ 954 S3Logs: S3LogsConfigurationResult; 955 } 956 export type DataSourceList = DataSource[]; 957 export type DataSourceStatus = "ENABLED"|"DISABLED"|string; 958 export interface DeclineInvitationsRequest { 959 /** 960 * A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from. 961 */ 962 AccountIds: AccountIds; 963 } 964 export interface DeclineInvitationsResponse { 965 /** 966 * A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed. 967 */ 968 UnprocessedAccounts: UnprocessedAccounts; 969 } 970 export interface DefaultServerSideEncryption { 971 /** 972 * The type of encryption used for objects within the S3 bucket. 973 */ 974 EncryptionType?: String; 975 /** 976 * The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the bucket EncryptionType is aws:kms. 977 */ 978 KmsMasterKeyArn?: String; 979 } 980 export interface DeleteDetectorRequest { 981 /** 982 * The unique ID of the detector that you want to delete. 983 */ 984 DetectorId: DetectorId; 985 } 986 export interface DeleteDetectorResponse { 987 } 988 export interface DeleteFilterRequest { 989 /** 990 * The unique ID of the detector that the filter is associated with. 991 */ 992 DetectorId: DetectorId; 993 /** 994 * The name of the filter that you want to delete. 995 */ 996 FilterName: String; 997 } 998 export interface DeleteFilterResponse { 999 } 1000 export interface DeleteIPSetRequest { 1001 /** 1002 * The unique ID of the detector associated with the IPSet. 1003 */ 1004 DetectorId: DetectorId; 1005 /** 1006 * The unique ID of the IPSet to delete. 1007 */ 1008 IpSetId: String; 1009 } 1010 export interface DeleteIPSetResponse { 1011 } 1012 export interface DeleteInvitationsRequest { 1013 /** 1014 * A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from. 1015 */ 1016 AccountIds: AccountIds; 1017 } 1018 export interface DeleteInvitationsResponse { 1019 /** 1020 * A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed. 1021 */ 1022 UnprocessedAccounts: UnprocessedAccounts; 1023 } 1024 export interface DeleteMembersRequest { 1025 /** 1026 * The unique ID of the detector of the GuardDuty account whose members you want to delete. 1027 */ 1028 DetectorId: DetectorId; 1029 /** 1030 * A list of account IDs of the GuardDuty member accounts that you want to delete. 1031 */ 1032 AccountIds: AccountIds; 1033 } 1034 export interface DeleteMembersResponse { 1035 /** 1036 * The accounts that could not be processed. 1037 */ 1038 UnprocessedAccounts: UnprocessedAccounts; 1039 } 1040 export interface DeletePublishingDestinationRequest { 1041 /** 1042 * The unique ID of the detector associated with the publishing destination to delete. 1043 */ 1044 DetectorId: DetectorId; 1045 /** 1046 * The ID of the publishing destination to delete. 1047 */ 1048 DestinationId: String; 1049 } 1050 export interface DeletePublishingDestinationResponse { 1051 } 1052 export interface DeleteThreatIntelSetRequest { 1053 /** 1054 * The unique ID of the detector that the threatIntelSet is associated with. 1055 */ 1056 DetectorId: DetectorId; 1057 /** 1058 * The unique ID of the threatIntelSet that you want to delete. 1059 */ 1060 ThreatIntelSetId: String; 1061 } 1062 export interface DeleteThreatIntelSetResponse { 1063 } 1064 export interface DescribeOrganizationConfigurationRequest { 1065 /** 1066 * The ID of the detector to retrieve information about the delegated administrator from. 1067 */ 1068 DetectorId: DetectorId; 1069 } 1070 export interface DescribeOrganizationConfigurationResponse { 1071 /** 1072 * Indicates whether GuardDuty is automatically enabled for accounts added to the organization. 1073 */ 1074 AutoEnable: Boolean; 1075 /** 1076 * Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator account for your organization. 1077 */ 1078 MemberAccountLimitReached: Boolean; 1079 /** 1080 * Describes which data sources are enabled automatically for member accounts. 1081 */ 1082 DataSources?: OrganizationDataSourceConfigurationsResult; 1083 } 1084 export interface DescribePublishingDestinationRequest { 1085 /** 1086 * The unique ID of the detector associated with the publishing destination to retrieve. 1087 */ 1088 DetectorId: DetectorId; 1089 /** 1090 * The ID of the publishing destination to retrieve. 1091 */ 1092 DestinationId: String; 1093 } 1094 export interface DescribePublishingDestinationResponse { 1095 /** 1096 * The ID of the publishing destination. 1097 */ 1098 DestinationId: String; 1099 /** 1100 * The type of publishing destination. Currently, only Amazon S3 buckets are supported. 1101 */ 1102 DestinationType: DestinationType; 1103 /** 1104 * The status of the publishing destination. 1105 */ 1106 Status: PublishingStatus; 1107 /** 1108 * The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination. 1109 */ 1110 PublishingFailureStartTimestamp: Long; 1111 /** 1112 * A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination. 1113 */ 1114 DestinationProperties: DestinationProperties; 1115 } 1116 export interface Destination { 1117 /** 1118 * The unique ID of the publishing destination. 1119 */ 1120 DestinationId: String; 1121 /** 1122 * The type of resource used for the publishing destination. Currently, only Amazon S3 buckets are supported. 1123 */ 1124 DestinationType: DestinationType; 1125 /** 1126 * The status of the publishing destination. 1127 */ 1128 Status: PublishingStatus; 1129 } 1130 export interface DestinationProperties { 1131 /** 1132 * The ARN of the resource to publish to. 1133 */ 1134 DestinationArn?: String; 1135 /** 1136 * The ARN of the KMS key to use for encryption. 1137 */ 1138 KmsKeyArn?: String; 1139 } 1140 export type DestinationType = "S3"|string; 1141 export type Destinations = Destination[]; 1142 export type DetectorId = string; 1143 export type DetectorIds = DetectorId[]; 1144 export type DetectorStatus = "ENABLED"|"DISABLED"|string; 1145 export interface DisableOrganizationAdminAccountRequest { 1146 /** 1147 * The AWS Account ID for the organizations account to be disabled as a GuardDuty delegated administrator. 1148 */ 1149 AdminAccountId: String; 1150 } 1151 export interface DisableOrganizationAdminAccountResponse { 1152 } 1153 export interface DisassociateFromMasterAccountRequest { 1154 /** 1155 * The unique ID of the detector of the GuardDuty member account. 1156 */ 1157 DetectorId: DetectorId; 1158 } 1159 export interface DisassociateFromMasterAccountResponse { 1160 } 1161 export interface DisassociateMembersRequest { 1162 /** 1163 * The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account. 1164 */ 1165 DetectorId: DetectorId; 1166 /** 1167 * A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account. 1168 */ 1169 AccountIds: AccountIds; 1170 } 1171 export interface DisassociateMembersResponse { 1172 /** 1173 * A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed. 1174 */ 1175 UnprocessedAccounts: UnprocessedAccounts; 1176 } 1177 export interface DnsRequestAction { 1178 /** 1179 * The domain information for the API request. 1180 */ 1181 Domain?: String; 1182 } 1183 export interface DomainDetails { 1184 /** 1185 * The domain information for the AWS API call. 1186 */ 1187 Domain?: String; 1188 } 1189 export type Double = number; 1190 export type Email = string; 1191 export interface EnableOrganizationAdminAccountRequest { 1192 /** 1193 * The AWS Account ID for the organization account to be enabled as a GuardDuty delegated administrator. 1194 */ 1195 AdminAccountId: String; 1196 } 1197 export interface EnableOrganizationAdminAccountResponse { 1198 } 1199 export type Eq = String[]; 1200 export type Equals = String[]; 1201 export interface Evidence { 1202 /** 1203 * A list of threat intelligence details related to the evidence. 1204 */ 1205 ThreatIntelligenceDetails?: ThreatIntelligenceDetails; 1206 } 1207 export type Feedback = "USEFUL"|"NOT_USEFUL"|string; 1208 export type FilterAction = "NOOP"|"ARCHIVE"|string; 1209 export type FilterDescription = string; 1210 export type FilterName = string; 1211 export type FilterNames = FilterName[]; 1212 export type FilterRank = number; 1213 export interface Finding { 1214 /** 1215 * The ID of the account in which the finding was generated. 1216 */ 1217 AccountId: String; 1218 /** 1219 * The ARN of the finding. 1220 */ 1221 Arn: String; 1222 /** 1223 * The confidence score for the finding. 1224 */ 1225 Confidence?: Double; 1226 /** 1227 * The time and date when the finding was created. 1228 */ 1229 CreatedAt: String; 1230 /** 1231 * The description of the finding. 1232 */ 1233 Description?: String; 1234 /** 1235 * The ID of the finding. 1236 */ 1237 Id: String; 1238 /** 1239 * The partition associated with the finding. 1240 */ 1241 Partition?: String; 1242 /** 1243 * The Region where the finding was generated. 1244 */ 1245 Region: String; 1246 Resource: Resource; 1247 /** 1248 * The version of the schema used for the finding. 1249 */ 1250 SchemaVersion: String; 1251 Service?: Service; 1252 /** 1253 * The severity of the finding. 1254 */ 1255 Severity: Double; 1256 /** 1257 * The title of the finding. 1258 */ 1259 Title?: String; 1260 /** 1261 * The type of finding. 1262 */ 1263 Type: FindingType; 1264 /** 1265 * The time and date when the finding was last updated. 1266 */ 1267 UpdatedAt: String; 1268 } 1269 export interface FindingCriteria { 1270 /** 1271 * Represents a map of finding properties that match specified conditions and values when querying findings. 1272 */ 1273 Criterion?: Criterion; 1274 } 1275 export type FindingId = string; 1276 export type FindingIds = FindingId[]; 1277 export type FindingPublishingFrequency = "FIFTEEN_MINUTES"|"ONE_HOUR"|"SIX_HOURS"|string; 1278 export type FindingStatisticType = "COUNT_BY_SEVERITY"|string; 1279 export type FindingStatisticTypes = FindingStatisticType[]; 1280 export interface FindingStatistics { 1281 /** 1282 * Represents a map of severity to count statistics for a set of findings. 1283 */ 1284 CountBySeverity?: CountBySeverity; 1285 } 1286 export type FindingType = string; 1287 export type FindingTypes = FindingType[]; 1288 export type Findings = Finding[]; 1289 export interface FlowLogsConfigurationResult { 1290 /** 1291 * Denotes whether VPC flow logs is enabled as a data source. 1292 */ 1293 Status: DataSourceStatus; 1294 } 1295 export interface GeoLocation { 1296 /** 1297 * The latitude information of the remote IP address. 1298 */ 1299 Lat?: Double; 1300 /** 1301 * The longitude information of the remote IP address. 1302 */ 1303 Lon?: Double; 1304 } 1305 export interface GetDetectorRequest { 1306 /** 1307 * The unique ID of the detector that you want to get. 1308 */ 1309 DetectorId: DetectorId; 1310 } 1311 export interface GetDetectorResponse { 1312 /** 1313 * The timestamp of when the detector was created. 1314 */ 1315 CreatedAt?: String; 1316 /** 1317 * The publishing frequency of the finding. 1318 */ 1319 FindingPublishingFrequency?: FindingPublishingFrequency; 1320 /** 1321 * The GuardDuty service role. 1322 */ 1323 ServiceRole: String; 1324 /** 1325 * The detector status. 1326 */ 1327 Status: DetectorStatus; 1328 /** 1329 * The last-updated timestamp for the detector. 1330 */ 1331 UpdatedAt?: String; 1332 /** 1333 * Describes which data sources are enabled for the detector. 1334 */ 1335 DataSources?: DataSourceConfigurationsResult; 1336 /** 1337 * The tags of the detector resource. 1338 */ 1339 Tags?: TagMap; 1340 } 1341 export interface GetFilterRequest { 1342 /** 1343 * The unique ID of the detector that the filter is associated with. 1344 */ 1345 DetectorId: DetectorId; 1346 /** 1347 * The name of the filter you want to get. 1348 */ 1349 FilterName: String; 1350 } 1351 export interface GetFilterResponse { 1352 /** 1353 * The name of the filter. 1354 */ 1355 Name: FilterName; 1356 /** 1357 * The description of the filter. 1358 */ 1359 Description?: FilterDescription; 1360 /** 1361 * Specifies the action that is to be applied to the findings that match the filter. 1362 */ 1363 Action: FilterAction; 1364 /** 1365 * Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. 1366 */ 1367 Rank?: FilterRank; 1368 /** 1369 * Represents the criteria to be used in the filter for querying findings. 1370 */ 1371 FindingCriteria: FindingCriteria; 1372 /** 1373 * The tags of the filter resource. 1374 */ 1375 Tags?: TagMap; 1376 } 1377 export interface GetFindingsRequest { 1378 /** 1379 * The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve. 1380 */ 1381 DetectorId: DetectorId; 1382 /** 1383 * The IDs of the findings that you want to retrieve. 1384 */ 1385 FindingIds: FindingIds; 1386 /** 1387 * Represents the criteria used for sorting findings. 1388 */ 1389 SortCriteria?: SortCriteria; 1390 } 1391 export interface GetFindingsResponse { 1392 /** 1393 * A list of findings. 1394 */ 1395 Findings: Findings; 1396 } 1397 export interface GetFindingsStatisticsRequest { 1398 /** 1399 * The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve. 1400 */ 1401 DetectorId: DetectorId; 1402 /** 1403 * The types of finding statistics to retrieve. 1404 */ 1405 FindingStatisticTypes: FindingStatisticTypes; 1406 /** 1407 * Represents the criteria that is used for querying findings. 1408 */ 1409 FindingCriteria?: FindingCriteria; 1410 } 1411 export interface GetFindingsStatisticsResponse { 1412 /** 1413 * The finding statistics object. 1414 */ 1415 FindingStatistics: FindingStatistics; 1416 } 1417 export interface GetIPSetRequest { 1418 /** 1419 * The unique ID of the detector that the IPSet is associated with. 1420 */ 1421 DetectorId: DetectorId; 1422 /** 1423 * The unique ID of the IPSet to retrieve. 1424 */ 1425 IpSetId: String; 1426 } 1427 export interface GetIPSetResponse { 1428 /** 1429 * The user-friendly name for the IPSet. 1430 */ 1431 Name: Name; 1432 /** 1433 * The format of the file that contains the IPSet. 1434 */ 1435 Format: IpSetFormat; 1436 /** 1437 * The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. 1438 */ 1439 Location: Location; 1440 /** 1441 * The status of IPSet file that was uploaded. 1442 */ 1443 Status: IpSetStatus; 1444 /** 1445 * The tags of the IPSet resource. 1446 */ 1447 Tags?: TagMap; 1448 } 1449 export interface GetInvitationsCountRequest { 1450 } 1451 export interface GetInvitationsCountResponse { 1452 /** 1453 * The number of received invitations. 1454 */ 1455 InvitationsCount?: Integer; 1456 } 1457 export interface GetMasterAccountRequest { 1458 /** 1459 * The unique ID of the detector of the GuardDuty member account. 1460 */ 1461 DetectorId: DetectorId; 1462 } 1463 export interface GetMasterAccountResponse { 1464 /** 1465 * The administrator account details. 1466 */ 1467 Master: Master; 1468 } 1469 export interface GetMemberDetectorsRequest { 1470 /** 1471 * The detector ID for the administrator account. 1472 */ 1473 DetectorId: DetectorId; 1474 /** 1475 * The account ID of the member account. 1476 */ 1477 AccountIds: AccountIds; 1478 } 1479 export interface GetMemberDetectorsResponse { 1480 /** 1481 * An object that describes which data sources are enabled for a member account. 1482 */ 1483 MemberDataSourceConfigurations: MemberDataSourceConfigurations; 1484 /** 1485 * A list of member account IDs that were unable to be processed along with an explanation for why they were not processed. 1486 */ 1487 UnprocessedAccounts: UnprocessedAccounts; 1488 } 1489 export interface GetMembersRequest { 1490 /** 1491 * The unique ID of the detector of the GuardDuty account whose members you want to retrieve. 1492 */ 1493 DetectorId: DetectorId; 1494 /** 1495 * A list of account IDs of the GuardDuty member accounts that you want to describe. 1496 */ 1497 AccountIds: AccountIds; 1498 } 1499 export interface GetMembersResponse { 1500 /** 1501 * A list of members. 1502 */ 1503 Members: Members; 1504 /** 1505 * A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed. 1506 */ 1507 UnprocessedAccounts: UnprocessedAccounts; 1508 } 1509 export interface GetThreatIntelSetRequest { 1510 /** 1511 * The unique ID of the detector that the threatIntelSet is associated with. 1512 */ 1513 DetectorId: DetectorId; 1514 /** 1515 * The unique ID of the threatIntelSet that you want to get. 1516 */ 1517 ThreatIntelSetId: String; 1518 } 1519 export interface GetThreatIntelSetResponse { 1520 /** 1521 * A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet. 1522 */ 1523 Name: Name; 1524 /** 1525 * The format of the threatIntelSet. 1526 */ 1527 Format: ThreatIntelSetFormat; 1528 /** 1529 * The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. 1530 */ 1531 Location: Location; 1532 /** 1533 * The status of threatIntelSet file uploaded. 1534 */ 1535 Status: ThreatIntelSetStatus; 1536 /** 1537 * The tags of the threat list resource. 1538 */ 1539 Tags?: TagMap; 1540 } 1541 export interface GetUsageStatisticsRequest { 1542 /** 1543 * The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve. 1544 */ 1545 DetectorId: DetectorId; 1546 /** 1547 * The type of usage statistics to retrieve. 1548 */ 1549 UsageStatisticType: UsageStatisticType; 1550 /** 1551 * Represents the criteria used for querying usage. 1552 */ 1553 UsageCriteria: UsageCriteria; 1554 /** 1555 * The currency unit you would like to view your usage statistics in. Current valid values are USD. 1556 */ 1557 Unit?: String; 1558 /** 1559 * The maximum number of results to return in the response. 1560 */ 1561 MaxResults?: MaxResults; 1562 /** 1563 * A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. 1564 */ 1565 NextToken?: String; 1566 } 1567 export interface GetUsageStatisticsResponse { 1568 /** 1569 * The usage statistics object. If a UsageStatisticType was provided, the objects representing other types will be null. 1570 */ 1571 UsageStatistics?: UsageStatistics; 1572 /** 1573 * The pagination parameter to be used on the next list operation to retrieve more items. 1574 */ 1575 NextToken?: String; 1576 } 1577 export type GuardDutyArn = string; 1578 export interface IamInstanceProfile { 1579 /** 1580 * The profile ARN of the EC2 instance. 1581 */ 1582 Arn?: String; 1583 /** 1584 * The profile ID of the EC2 instance. 1585 */ 1586 Id?: String; 1587 } 1588 export interface InstanceDetails { 1589 /** 1590 * The Availability Zone of the EC2 instance. 1591 */ 1592 AvailabilityZone?: String; 1593 /** 1594 * The profile information of the EC2 instance. 1595 */ 1596 IamInstanceProfile?: IamInstanceProfile; 1597 /** 1598 * The image description of the EC2 instance. 1599 */ 1600 ImageDescription?: String; 1601 /** 1602 * The image ID of the EC2 instance. 1603 */ 1604 ImageId?: String; 1605 /** 1606 * The ID of the EC2 instance. 1607 */ 1608 InstanceId?: String; 1609 /** 1610 * The state of the EC2 instance. 1611 */ 1612 InstanceState?: String; 1613 /** 1614 * The type of the EC2 instance. 1615 */ 1616 InstanceType?: String; 1617 /** 1618 * The Amazon Resource Name (ARN) of the AWS Outpost. Only applicable to AWS Outposts instances. 1619 */ 1620 OutpostArn?: String; 1621 /** 1622 * The launch time of the EC2 instance. 1623 */ 1624 LaunchTime?: String; 1625 /** 1626 * The elastic network interface information of the EC2 instance. 1627 */ 1628 NetworkInterfaces?: NetworkInterfaces; 1629 /** 1630 * The platform of the EC2 instance. 1631 */ 1632 Platform?: String; 1633 /** 1634 * The product code of the EC2 instance. 1635 */ 1636 ProductCodes?: ProductCodes; 1637 /** 1638 * The tags of the EC2 instance. 1639 */ 1640 Tags?: Tags; 1641 } 1642 export type Integer = number; 1643 export interface Invitation { 1644 /** 1645 * The ID of the account that the invitation was sent from. 1646 */ 1647 AccountId?: AccountId; 1648 /** 1649 * The ID of the invitation. This value is used to validate the inviter account to the member account. 1650 */ 1651 InvitationId?: String; 1652 /** 1653 * The status of the relationship between the inviter and invitee accounts. 1654 */ 1655 RelationshipStatus?: String; 1656 /** 1657 * The timestamp when the invitation was sent. 1658 */ 1659 InvitedAt?: String; 1660 } 1661 export type Invitations = Invitation[]; 1662 export interface InviteMembersRequest { 1663 /** 1664 * The unique ID of the detector of the GuardDuty account that you want to invite members with. 1665 */ 1666 DetectorId: DetectorId; 1667 /** 1668 * A list of account IDs of the accounts that you want to invite to GuardDuty as members. 1669 */ 1670 AccountIds: AccountIds; 1671 /** 1672 * A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members. 1673 */ 1674 DisableEmailNotification?: Boolean; 1675 /** 1676 * The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members. 1677 */ 1678 Message?: String; 1679 } 1680 export interface InviteMembersResponse { 1681 /** 1682 * A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed. 1683 */ 1684 UnprocessedAccounts: UnprocessedAccounts; 1685 } 1686 export type IpSetFormat = "TXT"|"STIX"|"OTX_CSV"|"ALIEN_VAULT"|"PROOF_POINT"|"FIRE_EYE"|string; 1687 export type IpSetIds = String[]; 1688 export type IpSetStatus = "INACTIVE"|"ACTIVATING"|"ACTIVE"|"DEACTIVATING"|"ERROR"|"DELETE_PENDING"|"DELETED"|string; 1689 export type Ipv6Addresses = String[]; 1690 export interface ListDetectorsRequest { 1691 /** 1692 * You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50. 1693 */ 1694 MaxResults?: MaxResults; 1695 /** 1696 * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. 1697 */ 1698 NextToken?: String; 1699 } 1700 export interface ListDetectorsResponse { 1701 /** 1702 * A list of detector IDs. 1703 */ 1704 DetectorIds: DetectorIds; 1705 /** 1706 * The pagination parameter to be used on the next list operation to retrieve more items. 1707 */ 1708 NextToken?: String; 1709 } 1710 export interface ListFiltersRequest { 1711 /** 1712 * The unique ID of the detector that the filter is associated with. 1713 */ 1714 DetectorId: DetectorId; 1715 /** 1716 * You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50. 1717 */ 1718 MaxResults?: MaxResults; 1719 /** 1720 * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. 1721 */ 1722 NextToken?: String; 1723 } 1724 export interface ListFiltersResponse { 1725 /** 1726 * A list of filter names. 1727 */ 1728 FilterNames: FilterNames; 1729 /** 1730 * The pagination parameter to be used on the next list operation to retrieve more items. 1731 */ 1732 NextToken?: String; 1733 } 1734 export interface ListFindingsRequest { 1735 /** 1736 * The ID of the detector that specifies the GuardDuty service whose findings you want to list. 1737 */ 1738 DetectorId: DetectorId; 1739 /** 1740 * Represents the criteria used for querying findings. Valid values include: JSON field name accountId region confidence id resource.accessKeyDetails.accessKeyId resource.accessKeyDetails.principalId resource.accessKeyDetails.userName resource.accessKeyDetails.userType resource.instanceDetails.iamInstanceProfile.id resource.instanceDetails.imageId resource.instanceDetails.instanceId resource.instanceDetails.networkInterfaces.ipv6Addresses resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress resource.instanceDetails.networkInterfaces.publicDnsName resource.instanceDetails.networkInterfaces.publicIp resource.instanceDetails.networkInterfaces.securityGroups.groupId resource.instanceDetails.networkInterfaces.securityGroups.groupName resource.instanceDetails.networkInterfaces.subnetId resource.instanceDetails.networkInterfaces.vpcId resource.instanceDetails.tags.key resource.instanceDetails.tags.value resource.resourceType service.action.actionType service.action.awsApiCallAction.api service.action.awsApiCallAction.callerType service.action.awsApiCallAction.remoteIpDetails.city.cityName service.action.awsApiCallAction.remoteIpDetails.country.countryName service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 service.action.awsApiCallAction.remoteIpDetails.organization.asn service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg service.action.awsApiCallAction.serviceName service.action.dnsRequestAction.domain service.action.networkConnectionAction.blocked service.action.networkConnectionAction.connectionDirection service.action.networkConnectionAction.localPortDetails.port service.action.networkConnectionAction.protocol service.action.networkConnectionAction.remoteIpDetails.city.cityName service.action.networkConnectionAction.remoteIpDetails.country.countryName service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 service.action.networkConnectionAction.remoteIpDetails.organization.asn service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg service.action.networkConnectionAction.remotePortDetails.port service.additionalInfo.threatListName service.archived When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed. service.resourceRole severity type updatedAt Type: Timestamp in Unix Epoch millisecond format: 1486685375000 1741 */ 1742 FindingCriteria?: FindingCriteria; 1743 /** 1744 * Represents the criteria used for sorting findings. 1745 */ 1746 SortCriteria?: SortCriteria; 1747 /** 1748 * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. 1749 */ 1750 MaxResults?: MaxResults; 1751 /** 1752 * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. 1753 */ 1754 NextToken?: String; 1755 } 1756 export interface ListFindingsResponse { 1757 /** 1758 * The IDs of the findings that you're listing. 1759 */ 1760 FindingIds: FindingIds; 1761 /** 1762 * The pagination parameter to be used on the next list operation to retrieve more items. 1763 */ 1764 NextToken?: String; 1765 } 1766 export interface ListIPSetsRequest { 1767 /** 1768 * The unique ID of the detector that the IPSet is associated with. 1769 */ 1770 DetectorId: DetectorId; 1771 /** 1772 * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. 1773 */ 1774 MaxResults?: MaxResults; 1775 /** 1776 * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. 1777 */ 1778 NextToken?: String; 1779 } 1780 export interface ListIPSetsResponse { 1781 /** 1782 * The IDs of the IPSet resources. 1783 */ 1784 IpSetIds: IpSetIds; 1785 /** 1786 * The pagination parameter to be used on the next list operation to retrieve more items. 1787 */ 1788 NextToken?: String; 1789 } 1790 export interface ListInvitationsRequest { 1791 /** 1792 * You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50. 1793 */ 1794 MaxResults?: MaxResults; 1795 /** 1796 * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. 1797 */ 1798 NextToken?: String; 1799 } 1800 export interface ListInvitationsResponse { 1801 /** 1802 * A list of invitation descriptions. 1803 */ 1804 Invitations?: Invitations; 1805 /** 1806 * The pagination parameter to be used on the next list operation to retrieve more items. 1807 */ 1808 NextToken?: String; 1809 } 1810 export interface ListMembersRequest { 1811 /** 1812 * The unique ID of the detector the member is associated with. 1813 */ 1814 DetectorId: DetectorId; 1815 /** 1816 * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. 1817 */ 1818 MaxResults?: MaxResults; 1819 /** 1820 * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. 1821 */ 1822 NextToken?: String; 1823 /** 1824 * Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated). 1825 */ 1826 OnlyAssociated?: String; 1827 } 1828 export interface ListMembersResponse { 1829 /** 1830 * A list of members. 1831 */ 1832 Members?: Members; 1833 /** 1834 * The pagination parameter to be used on the next list operation to retrieve more items. 1835 */ 1836 NextToken?: String; 1837 } 1838 export interface ListOrganizationAdminAccountsRequest { 1839 /** 1840 * The maximum number of results to return in the response. 1841 */ 1842 MaxResults?: MaxResults; 1843 /** 1844 * A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. 1845 */ 1846 NextToken?: String; 1847 } 1848 export interface ListOrganizationAdminAccountsResponse { 1849 /** 1850 * A list of accounts configured as GuardDuty delegated administrators. 1851 */ 1852 AdminAccounts?: AdminAccounts; 1853 /** 1854 * The pagination parameter to be used on the next list operation to retrieve more items. 1855 */ 1856 NextToken?: String; 1857 } 1858 export interface ListPublishingDestinationsRequest { 1859 /** 1860 * The ID of the detector to retrieve publishing destinations for. 1861 */ 1862 DetectorId: DetectorId; 1863 /** 1864 * The maximum number of results to return in the response. 1865 */ 1866 MaxResults?: MaxResults; 1867 /** 1868 * A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. 1869 */ 1870 NextToken?: String; 1871 } 1872 export interface ListPublishingDestinationsResponse { 1873 /** 1874 * A Destinations object that includes information about each publishing destination returned. 1875 */ 1876 Destinations: Destinations; 1877 /** 1878 * A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. 1879 */ 1880 NextToken?: String; 1881 } 1882 export interface ListTagsForResourceRequest { 1883 /** 1884 * The Amazon Resource Name (ARN) for the given GuardDuty resource. 1885 */ 1886 ResourceArn: GuardDutyArn; 1887 } 1888 export interface ListTagsForResourceResponse { 1889 /** 1890 * The tags associated with the resource. 1891 */ 1892 Tags?: TagMap; 1893 } 1894 export interface ListThreatIntelSetsRequest { 1895 /** 1896 * The unique ID of the detector that the threatIntelSet is associated with. 1897 */ 1898 DetectorId: DetectorId; 1899 /** 1900 * You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50. 1901 */ 1902 MaxResults?: MaxResults; 1903 /** 1904 * You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. 1905 */ 1906 NextToken?: String; 1907 } 1908 export interface ListThreatIntelSetsResponse { 1909 /** 1910 * The IDs of the ThreatIntelSet resources. 1911 */ 1912 ThreatIntelSetIds: ThreatIntelSetIds; 1913 /** 1914 * The pagination parameter to be used on the next list operation to retrieve more items. 1915 */ 1916 NextToken?: String; 1917 } 1918 export interface LocalIpDetails { 1919 /** 1920 * The IPv4 local address of the connection. 1921 */ 1922 IpAddressV4?: String; 1923 } 1924 export interface LocalPortDetails { 1925 /** 1926 * The port number of the local connection. 1927 */ 1928 Port?: Integer; 1929 /** 1930 * The port name of the local connection. 1931 */ 1932 PortName?: String; 1933 } 1934 export type Location = string; 1935 export type Long = number; 1936 export interface Master { 1937 /** 1938 * The ID of the account used as the administrator account. 1939 */ 1940 AccountId?: AccountId; 1941 /** 1942 * The value used to validate the administrator account to the member account. 1943 */ 1944 InvitationId?: String; 1945 /** 1946 * The status of the relationship between the administrator and member accounts. 1947 */ 1948 RelationshipStatus?: String; 1949 /** 1950 * The timestamp when the invitation was sent. 1951 */ 1952 InvitedAt?: String; 1953 } 1954 export type MaxResults = number; 1955 export interface Member { 1956 /** 1957 * The ID of the member account. 1958 */ 1959 AccountId: AccountId; 1960 /** 1961 * The detector ID of the member account. 1962 */ 1963 DetectorId?: DetectorId; 1964 /** 1965 * The administrator account ID. 1966 */ 1967 MasterId: String; 1968 /** 1969 * The email address of the member account. 1970 */ 1971 Email: Email; 1972 /** 1973 * The status of the relationship between the member and the administrator. 1974 */ 1975 RelationshipStatus: String; 1976 /** 1977 * The timestamp when the invitation was sent. 1978 */ 1979 InvitedAt?: String; 1980 /** 1981 * The last-updated timestamp of the member. 1982 */ 1983 UpdatedAt: String; 1984 } 1985 export interface MemberDataSourceConfiguration { 1986 /** 1987 * The account ID for the member account. 1988 */ 1989 AccountId: AccountId; 1990 /** 1991 * Contains information on the status of data sources for the account. 1992 */ 1993 DataSources: DataSourceConfigurationsResult; 1994 } 1995 export type MemberDataSourceConfigurations = MemberDataSourceConfiguration[]; 1996 export type Members = Member[]; 1997 export type Name = string; 1998 export type Neq = String[]; 1999 export interface NetworkConnectionAction { 2000 /** 2001 * Indicates whether EC2 blocked the network connection to your instance. 2002 */ 2003 Blocked?: Boolean; 2004 /** 2005 * The network connection direction. 2006 */ 2007 ConnectionDirection?: String; 2008 /** 2009 * The local port information of the connection. 2010 */ 2011 LocalPortDetails?: LocalPortDetails; 2012 /** 2013 * The network connection protocol. 2014 */ 2015 Protocol?: String; 2016 /** 2017 * The local IP information of the connection. 2018 */ 2019 LocalIpDetails?: LocalIpDetails; 2020 /** 2021 * The remote IP information of the connection. 2022 */ 2023 RemoteIpDetails?: RemoteIpDetails; 2024 /** 2025 * The remote port information of the connection. 2026 */ 2027 RemotePortDetails?: RemotePortDetails; 2028 } 2029 export interface NetworkInterface { 2030 /** 2031 * A list of IPv6 addresses for the EC2 instance. 2032 */ 2033 Ipv6Addresses?: Ipv6Addresses; 2034 /** 2035 * The ID of the network interface. 2036 */ 2037 NetworkInterfaceId?: String; 2038 /** 2039 * The private DNS name of the EC2 instance. 2040 */ 2041 PrivateDnsName?: String; 2042 /** 2043 * The private IP address of the EC2 instance. 2044 */ 2045 PrivateIpAddress?: String; 2046 /** 2047 * Other private IP address information of the EC2 instance. 2048 */ 2049 PrivateIpAddresses?: PrivateIpAddresses; 2050 /** 2051 * The public DNS name of the EC2 instance. 2052 */ 2053 PublicDnsName?: String; 2054 /** 2055 * The public IP address of the EC2 instance. 2056 */ 2057 PublicIp?: String; 2058 /** 2059 * The security groups associated with the EC2 instance. 2060 */ 2061 SecurityGroups?: SecurityGroups; 2062 /** 2063 * The subnet ID of the EC2 instance. 2064 */ 2065 SubnetId?: String; 2066 /** 2067 * The VPC ID of the EC2 instance. 2068 */ 2069 VpcId?: String; 2070 } 2071 export type NetworkInterfaces = NetworkInterface[]; 2072 export type NotEquals = String[]; 2073 export type OrderBy = "ASC"|"DESC"|string; 2074 export interface Organization { 2075 /** 2076 * The Autonomous System Number (ASN) of the internet provider of the remote IP address. 2077 */ 2078 Asn?: String; 2079 /** 2080 * The organization that registered this ASN. 2081 */ 2082 AsnOrg?: String; 2083 /** 2084 * The ISP information for the internet provider. 2085 */ 2086 Isp?: String; 2087 /** 2088 * The name of the internet provider. 2089 */ 2090 Org?: String; 2091 } 2092 export interface OrganizationDataSourceConfigurations { 2093 /** 2094 * Describes whether S3 data event logs are enabled for new members of the organization. 2095 */ 2096 S3Logs?: OrganizationS3LogsConfiguration; 2097 } 2098 export interface OrganizationDataSourceConfigurationsResult { 2099 /** 2100 * Describes whether S3 data event logs are enabled as a data source. 2101 */ 2102 S3Logs: OrganizationS3LogsConfigurationResult; 2103 } 2104 export interface OrganizationS3LogsConfiguration { 2105 /** 2106 * A value that contains information on whether S3 data event logs will be enabled automatically as a data source for the organization. 2107 */ 2108 AutoEnable: Boolean; 2109 } 2110 export interface OrganizationS3LogsConfigurationResult { 2111 /** 2112 * A value that describes whether S3 data event logs are automatically enabled for new members of the organization. 2113 */ 2114 AutoEnable: Boolean; 2115 } 2116 export interface Owner { 2117 /** 2118 * The canonical user ID of the bucket owner. For information about locating your canonical user ID see Finding Your Account Canonical User ID. 2119 */ 2120 Id?: String; 2121 } 2122 export interface PermissionConfiguration { 2123 /** 2124 * Contains information about the bucket level permissions for the S3 bucket. 2125 */ 2126 BucketLevelPermissions?: BucketLevelPermissions; 2127 /** 2128 * Contains information about the account level permissions on the S3 bucket. 2129 */ 2130 AccountLevelPermissions?: AccountLevelPermissions; 2131 } 2132 export interface PortProbeAction { 2133 /** 2134 * Indicates whether EC2 blocked the port probe to the instance, such as with an ACL. 2135 */ 2136 Blocked?: Boolean; 2137 /** 2138 * A list of objects related to port probe details. 2139 */ 2140 PortProbeDetails?: PortProbeDetails; 2141 } 2142 export interface PortProbeDetail { 2143 /** 2144 * The local port information of the connection. 2145 */ 2146 LocalPortDetails?: LocalPortDetails; 2147 /** 2148 * The local IP information of the connection. 2149 */ 2150 LocalIpDetails?: LocalIpDetails; 2151 /** 2152 * The remote IP information of the connection. 2153 */ 2154 RemoteIpDetails?: RemoteIpDetails; 2155 } 2156 export type PortProbeDetails = PortProbeDetail[]; 2157 export interface PrivateIpAddressDetails { 2158 /** 2159 * The private DNS name of the EC2 instance. 2160 */ 2161 PrivateDnsName?: String; 2162 /** 2163 * The private IP address of the EC2 instance. 2164 */ 2165 PrivateIpAddress?: String; 2166 } 2167 export type PrivateIpAddresses = PrivateIpAddressDetails[]; 2168 export interface ProductCode { 2169 /** 2170 * The product code information. 2171 */ 2172 Code?: String; 2173 /** 2174 * The product code type. 2175 */ 2176 ProductType?: String; 2177 } 2178 export type ProductCodes = ProductCode[]; 2179 export interface PublicAccess { 2180 /** 2181 * Contains information about how permissions are configured for the S3 bucket. 2182 */ 2183 PermissionConfiguration?: PermissionConfiguration; 2184 /** 2185 * Describes the effective permission on this bucket after factoring all attached policies. 2186 */ 2187 EffectivePermission?: String; 2188 } 2189 export type PublishingStatus = "PENDING_VERIFICATION"|"PUBLISHING"|"UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY"|"STOPPED"|string; 2190 export interface RemoteIpDetails { 2191 /** 2192 * The city information of the remote IP address. 2193 */ 2194 City?: City; 2195 /** 2196 * The country code of the remote IP address. 2197 */ 2198 Country?: Country; 2199 /** 2200 * The location information of the remote IP address. 2201 */ 2202 GeoLocation?: GeoLocation; 2203 /** 2204 * The IPv4 remote address of the connection. 2205 */ 2206 IpAddressV4?: String; 2207 /** 2208 * The ISP organization information of the remote IP address. 2209 */ 2210 Organization?: Organization; 2211 } 2212 export interface RemotePortDetails { 2213 /** 2214 * The port number of the remote connection. 2215 */ 2216 Port?: Integer; 2217 /** 2218 * The port name of the remote connection. 2219 */ 2220 PortName?: String; 2221 } 2222 export interface Resource { 2223 /** 2224 * The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding. 2225 */ 2226 AccessKeyDetails?: AccessKeyDetails; 2227 /** 2228 * Contains information on the S3 bucket. 2229 */ 2230 S3BucketDetails?: S3BucketDetails; 2231 /** 2232 * The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding. 2233 */ 2234 InstanceDetails?: InstanceDetails; 2235 /** 2236 * The type of AWS resource. 2237 */ 2238 ResourceType?: String; 2239 } 2240 export type ResourceList = String[]; 2241 export interface S3BucketDetail { 2242 /** 2243 * The Amazon Resource Name (ARN) of the S3 bucket. 2244 */ 2245 Arn?: String; 2246 /** 2247 * The name of the S3 bucket. 2248 */ 2249 Name?: String; 2250 /** 2251 * Describes whether the bucket is a source or destination bucket. 2252 */ 2253 Type?: String; 2254 /** 2255 * The date and time the bucket was created at. 2256 */ 2257 CreatedAt?: Timestamp; 2258 /** 2259 * The owner of the S3 bucket. 2260 */ 2261 Owner?: Owner; 2262 /** 2263 * All tags attached to the S3 bucket 2264 */ 2265 Tags?: Tags; 2266 /** 2267 * Describes the server side encryption method used in the S3 bucket. 2268 */ 2269 DefaultServerSideEncryption?: DefaultServerSideEncryption; 2270 /** 2271 * Describes the public access policies that apply to the S3 bucket. 2272 */ 2273 PublicAccess?: PublicAccess; 2274 } 2275 export type S3BucketDetails = S3BucketDetail[]; 2276 export interface S3LogsConfiguration { 2277 /** 2278 * The status of S3 data event logs as a data source. 2279 */ 2280 Enable: Boolean; 2281 } 2282 export interface S3LogsConfigurationResult { 2283 /** 2284 * A value that describes whether S3 data event logs are automatically enabled for new members of the organization. 2285 */ 2286 Status: DataSourceStatus; 2287 } 2288 export interface SecurityGroup { 2289 /** 2290 * The security group ID of the EC2 instance. 2291 */ 2292 GroupId?: String; 2293 /** 2294 * The security group name of the EC2 instance. 2295 */ 2296 GroupName?: String; 2297 } 2298 export type SecurityGroups = SecurityGroup[]; 2299 export interface Service { 2300 /** 2301 * Information about the activity that is described in a finding. 2302 */ 2303 Action?: Action; 2304 /** 2305 * An evidence object associated with the service. 2306 */ 2307 Evidence?: Evidence; 2308 /** 2309 * Indicates whether this finding is archived. 2310 */ 2311 Archived?: Boolean; 2312 /** 2313 * The total count of the occurrences of this finding type. 2314 */ 2315 Count?: Integer; 2316 /** 2317 * The detector ID for the GuardDuty service. 2318 */ 2319 DetectorId?: DetectorId; 2320 /** 2321 * The first-seen timestamp of the activity that prompted GuardDuty to generate this finding. 2322 */ 2323 EventFirstSeen?: String; 2324 /** 2325 * The last-seen timestamp of the activity that prompted GuardDuty to generate this finding. 2326 */ 2327 EventLastSeen?: String; 2328 /** 2329 * The resource role information for this finding. 2330 */ 2331 ResourceRole?: String; 2332 /** 2333 * The name of the AWS service (GuardDuty) that generated a finding. 2334 */ 2335 ServiceName?: String; 2336 /** 2337 * Feedback that was submitted about the finding. 2338 */ 2339 UserFeedback?: String; 2340 } 2341 export interface SortCriteria { 2342 /** 2343 * Represents the finding attribute (for example, accountId) to sort findings by. 2344 */ 2345 AttributeName?: String; 2346 /** 2347 * The order by which the sorted findings are to be displayed. 2348 */ 2349 OrderBy?: OrderBy; 2350 } 2351 export interface StartMonitoringMembersRequest { 2352 /** 2353 * The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor. 2354 */ 2355 DetectorId: DetectorId; 2356 /** 2357 * A list of account IDs of the GuardDuty member accounts to start monitoring. 2358 */ 2359 AccountIds: AccountIds; 2360 } 2361 export interface StartMonitoringMembersResponse { 2362 /** 2363 * A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed. 2364 */ 2365 UnprocessedAccounts: UnprocessedAccounts; 2366 } 2367 export interface StopMonitoringMembersRequest { 2368 /** 2369 * The unique ID of the detector associated with the GuardDuty administrator account that is monitoring member accounts. 2370 */ 2371 DetectorId: DetectorId; 2372 /** 2373 * A list of account IDs for the member accounts to stop monitoring. 2374 */ 2375 AccountIds: AccountIds; 2376 } 2377 export interface StopMonitoringMembersResponse { 2378 /** 2379 * A list of objects that contain an accountId for each account that could not be processed, and a result string that indicates why the account was not processed. 2380 */ 2381 UnprocessedAccounts: UnprocessedAccounts; 2382 } 2383 export type String = string; 2384 export interface Tag { 2385 /** 2386 * The EC2 instance tag key. 2387 */ 2388 Key?: String; 2389 /** 2390 * The EC2 instance tag value. 2391 */ 2392 Value?: String; 2393 } 2394 export type TagKey = string; 2395 export type TagKeyList = TagKey[]; 2396 export type TagMap = {[key: string]: TagValue}; 2397 export interface TagResourceRequest { 2398 /** 2399 * The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to. 2400 */ 2401 ResourceArn: GuardDutyArn; 2402 /** 2403 * The tags to be added to a resource. 2404 */ 2405 Tags: TagMap; 2406 } 2407 export interface TagResourceResponse { 2408 } 2409 export type TagValue = string; 2410 export type Tags = Tag[]; 2411 export type ThreatIntelSetFormat = "TXT"|"STIX"|"OTX_CSV"|"ALIEN_VAULT"|"PROOF_POINT"|"FIRE_EYE"|string; 2412 export type ThreatIntelSetIds = String[]; 2413 export type ThreatIntelSetStatus = "INACTIVE"|"ACTIVATING"|"ACTIVE"|"DEACTIVATING"|"ERROR"|"DELETE_PENDING"|"DELETED"|string; 2414 export interface ThreatIntelligenceDetail { 2415 /** 2416 * The name of the threat intelligence list that triggered the finding. 2417 */ 2418 ThreatListName?: String; 2419 /** 2420 * A list of names of the threats in the threat intelligence list that triggered the finding. 2421 */ 2422 ThreatNames?: ThreatNames; 2423 } 2424 export type ThreatIntelligenceDetails = ThreatIntelligenceDetail[]; 2425 export type ThreatNames = String[]; 2426 export type Timestamp = Date; 2427 export interface Total { 2428 /** 2429 * The total usage. 2430 */ 2431 Amount?: String; 2432 /** 2433 * The currency unit that the amount is given in. 2434 */ 2435 Unit?: String; 2436 } 2437 export interface UnarchiveFindingsRequest { 2438 /** 2439 * The ID of the detector associated with the findings to unarchive. 2440 */ 2441 DetectorId: DetectorId; 2442 /** 2443 * The IDs of the findings to unarchive. 2444 */ 2445 FindingIds: FindingIds; 2446 } 2447 export interface UnarchiveFindingsResponse { 2448 } 2449 export interface UnprocessedAccount { 2450 /** 2451 * The AWS account ID. 2452 */ 2453 AccountId: AccountId; 2454 /** 2455 * A reason why the account hasn't been processed. 2456 */ 2457 Result: String; 2458 } 2459 export type UnprocessedAccounts = UnprocessedAccount[]; 2460 export interface UntagResourceRequest { 2461 /** 2462 * The Amazon Resource Name (ARN) for the resource to remove tags from. 2463 */ 2464 ResourceArn: GuardDutyArn; 2465 /** 2466 * The tag keys to remove from the resource. 2467 */ 2468 TagKeys: TagKeyList; 2469 } 2470 export interface UntagResourceResponse { 2471 } 2472 export interface UpdateDetectorRequest { 2473 /** 2474 * The unique ID of the detector to update. 2475 */ 2476 DetectorId: DetectorId; 2477 /** 2478 * Specifies whether the detector is enabled or not enabled. 2479 */ 2480 Enable?: Boolean; 2481 /** 2482 * An enum value that specifies how frequently findings are exported, such as to CloudWatch Events. 2483 */ 2484 FindingPublishingFrequency?: FindingPublishingFrequency; 2485 /** 2486 * Describes which data sources will be updated. 2487 */ 2488 DataSources?: DataSourceConfigurations; 2489 } 2490 export interface UpdateDetectorResponse { 2491 } 2492 export interface UpdateFilterRequest { 2493 /** 2494 * The unique ID of the detector that specifies the GuardDuty service where you want to update a filter. 2495 */ 2496 DetectorId: DetectorId; 2497 /** 2498 * The name of the filter. 2499 */ 2500 FilterName: String; 2501 /** 2502 * The description of the filter. 2503 */ 2504 Description?: FilterDescription; 2505 /** 2506 * Specifies the action that is to be applied to the findings that match the filter. 2507 */ 2508 Action?: FilterAction; 2509 /** 2510 * Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. 2511 */ 2512 Rank?: FilterRank; 2513 /** 2514 * Represents the criteria to be used in the filter for querying findings. 2515 */ 2516 FindingCriteria?: FindingCriteria; 2517 } 2518 export interface UpdateFilterResponse { 2519 /** 2520 * The name of the filter. 2521 */ 2522 Name: FilterName; 2523 } 2524 export interface UpdateFindingsFeedbackRequest { 2525 /** 2526 * The ID of the detector associated with the findings to update feedback for. 2527 */ 2528 DetectorId: DetectorId; 2529 /** 2530 * The IDs of the findings that you want to mark as useful or not useful. 2531 */ 2532 FindingIds: FindingIds; 2533 /** 2534 * The feedback for the finding. 2535 */ 2536 Feedback: Feedback; 2537 /** 2538 * Additional feedback about the GuardDuty findings. 2539 */ 2540 Comments?: String; 2541 } 2542 export interface UpdateFindingsFeedbackResponse { 2543 } 2544 export interface UpdateIPSetRequest { 2545 /** 2546 * The detectorID that specifies the GuardDuty service whose IPSet you want to update. 2547 */ 2548 DetectorId: DetectorId; 2549 /** 2550 * The unique ID that specifies the IPSet that you want to update. 2551 */ 2552 IpSetId: String; 2553 /** 2554 * The unique ID that specifies the IPSet that you want to update. 2555 */ 2556 Name?: Name; 2557 /** 2558 * The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. 2559 */ 2560 Location?: Location; 2561 /** 2562 * The updated Boolean value that specifies whether the IPSet is active or not. 2563 */ 2564 Activate?: Boolean; 2565 } 2566 export interface UpdateIPSetResponse { 2567 } 2568 export interface UpdateMemberDetectorsRequest { 2569 /** 2570 * The detector ID of the administrator account. 2571 */ 2572 DetectorId: DetectorId; 2573 /** 2574 * A list of member account IDs to be updated. 2575 */ 2576 AccountIds: AccountIds; 2577 /** 2578 * Describes which data sources will be updated. 2579 */ 2580 DataSources?: DataSourceConfigurations; 2581 } 2582 export interface UpdateMemberDetectorsResponse { 2583 /** 2584 * A list of member account IDs that were unable to be processed along with an explanation for why they were not processed. 2585 */ 2586 UnprocessedAccounts: UnprocessedAccounts; 2587 } 2588 export interface UpdateOrganizationConfigurationRequest { 2589 /** 2590 * The ID of the detector to update the delegated administrator for. 2591 */ 2592 DetectorId: DetectorId; 2593 /** 2594 * Indicates whether to automatically enable member accounts in the organization. 2595 */ 2596 AutoEnable: Boolean; 2597 /** 2598 * Describes which data sources will be updated. 2599 */ 2600 DataSources?: OrganizationDataSourceConfigurations; 2601 } 2602 export interface UpdateOrganizationConfigurationResponse { 2603 } 2604 export interface UpdatePublishingDestinationRequest { 2605 /** 2606 * The ID of the detector associated with the publishing destinations to update. 2607 */ 2608 DetectorId: DetectorId; 2609 /** 2610 * The ID of the publishing destination to update. 2611 */ 2612 DestinationId: String; 2613 /** 2614 * A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination. 2615 */ 2616 DestinationProperties?: DestinationProperties; 2617 } 2618 export interface UpdatePublishingDestinationResponse { 2619 } 2620 export interface UpdateThreatIntelSetRequest { 2621 /** 2622 * The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update. 2623 */ 2624 DetectorId: DetectorId; 2625 /** 2626 * The unique ID that specifies the ThreatIntelSet that you want to update. 2627 */ 2628 ThreatIntelSetId: String; 2629 /** 2630 * The unique ID that specifies the ThreatIntelSet that you want to update. 2631 */ 2632 Name?: Name; 2633 /** 2634 * The updated URI of the file that contains the ThreateIntelSet. 2635 */ 2636 Location?: Location; 2637 /** 2638 * The updated Boolean value that specifies whether the ThreateIntelSet is active or not. 2639 */ 2640 Activate?: Boolean; 2641 } 2642 export interface UpdateThreatIntelSetResponse { 2643 } 2644 export interface UsageAccountResult { 2645 /** 2646 * The Account ID that generated usage. 2647 */ 2648 AccountId?: AccountId; 2649 /** 2650 * Represents the total of usage for the Account ID. 2651 */ 2652 Total?: Total; 2653 } 2654 export type UsageAccountResultList = UsageAccountResult[]; 2655 export interface UsageCriteria { 2656 /** 2657 * The account IDs to aggregate usage statistics from. 2658 */ 2659 AccountIds?: AccountIds; 2660 /** 2661 * The data sources to aggregate usage statistics from. 2662 */ 2663 DataSources: DataSourceList; 2664 /** 2665 * The resources to aggregate usage statistics from. Only accepts exact resource names. 2666 */ 2667 Resources?: ResourceList; 2668 } 2669 export interface UsageDataSourceResult { 2670 /** 2671 * The data source type that generated usage. 2672 */ 2673 DataSource?: DataSource; 2674 /** 2675 * Represents the total of usage for the specified data source. 2676 */ 2677 Total?: Total; 2678 } 2679 export type UsageDataSourceResultList = UsageDataSourceResult[]; 2680 export interface UsageResourceResult { 2681 /** 2682 * The AWS resource that generated usage. 2683 */ 2684 Resource?: String; 2685 /** 2686 * Represents the sum total of usage for the specified resource type. 2687 */ 2688 Total?: Total; 2689 } 2690 export type UsageResourceResultList = UsageResourceResult[]; 2691 export type UsageStatisticType = "SUM_BY_ACCOUNT"|"SUM_BY_DATA_SOURCE"|"SUM_BY_RESOURCE"|"TOP_RESOURCES"|string; 2692 export interface UsageStatistics { 2693 /** 2694 * The usage statistic sum organized by account ID. 2695 */ 2696 SumByAccount?: UsageAccountResultList; 2697 /** 2698 * The usage statistic sum organized by on data source. 2699 */ 2700 SumByDataSource?: UsageDataSourceResultList; 2701 /** 2702 * The usage statistic sum organized by resource. 2703 */ 2704 SumByResource?: UsageResourceResultList; 2705 /** 2706 * Lists the top 50 resources that have generated the most GuardDuty usage, in order from most to least expensive. 2707 */ 2708 TopResources?: UsageResourceResultList; 2709 } 2710 /** 2711 * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version. 2712 */ 2713 export type apiVersion = "2017-11-28"|"latest"|string; 2714 export interface ClientApiVersions { 2715 /** 2716 * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version. 2717 */ 2718 apiVersion?: apiVersion; 2719 } 2720 export type ClientConfiguration = ServiceConfigurationOptions & ClientApiVersions; 2721 /** 2722 * Contains interfaces for use with the GuardDuty client. 2723 */ 2724 export import Types = GuardDuty; 2725 } 2726 export = GuardDuty;