Client library for Amazon GuardDuty
npm install --save @datafire/amazonaws_guarddutylet amazonaws_guardduty = require('@datafire/amazonaws_guardduty').create({
accessKeyId: "",
secretAccessKey: "",
region: ""
});
.then(data => {
console.log(data);
});Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin.
GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the Amazon GuardDuty User Guide .
amazonaws_guardduty.ListOrganizationAdminAccounts({}, context)- input
object- maxResults
integer - nextToken
string - MaxResults
string - NextToken
string
- maxResults
amazonaws_guardduty.DisableOrganizationAdminAccount({
"adminAccountId": ""
}, context)- input
object- adminAccountId required
string: The AWS Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.
- adminAccountId required
amazonaws_guardduty.EnableOrganizationAdminAccount({
"adminAccountId": ""
}, context)- input
object- adminAccountId required
string: The AWS Account ID for the organization account to be enabled as a GuardDuty delegated administrator.
- adminAccountId required
amazonaws_guardduty.ListDetectors({}, context)- input
object- maxResults
integer - nextToken
string - MaxResults
string - NextToken
string
- maxResults
- output ListDetectorsResponse
amazonaws_guardduty.CreateDetector({
"enable": true
}, context)- input
object- tags
object: The tags to be added to a new detector resource. - clientToken
string: The idempotency token for the create request. - dataSources
object: Contains information about which data sources are enabled.- S3Logs
- Enable required
- S3Logs
- enable required
boolean: A Boolean value that specifies whether the detector is to be enabled. - findingPublishingFrequency
string(values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS): A value that specifies how frequently updated findings are exported.
- tags
- output CreateDetectorResponse
amazonaws_guardduty.DeleteDetector({
"detectorId": ""
}, context)- input
object- detectorId required
string
- detectorId required
- output DeleteDetectorResponse
amazonaws_guardduty.GetDetector({
"detectorId": ""
}, context)- input
object- detectorId required
string
- detectorId required
- output GetDetectorResponse
amazonaws_guardduty.UpdateDetector({
"detectorId": ""
}, context)- input
object- detectorId required
string - dataSources
object: Contains information about which data sources are enabled.- S3Logs
- Enable required
- S3Logs
- enable
boolean: Specifies whether the detector is enabled or not enabled. - findingPublishingFrequency
string(values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS): An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.
- detectorId required
- output UpdateDetectorResponse
amazonaws_guardduty.DescribeOrganizationConfiguration({
"detectorId": ""
}, context)- input
object- detectorId required
string
- detectorId required
amazonaws_guardduty.UpdateOrganizationConfiguration({
"detectorId": "",
"autoEnable": true
}, context)- input
object- detectorId required
string - autoEnable required
boolean: Indicates whether to automatically enable member accounts in the organization. - dataSources
object: An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.- S3Logs
- AutoEnable required
- S3Logs
- detectorId required
amazonaws_guardduty.ListFilters({
"detectorId": ""
}, context)- input
object- detectorId required
string - maxResults
integer - nextToken
string - MaxResults
string - NextToken
string
- detectorId required
- output ListFiltersResponse
amazonaws_guardduty.CreateFilter({
"detectorId": "",
"name": "",
"findingCriteria": {}
}, context)- input
object- detectorId required
string - tags
object: The tags to be added to a new filter resource. - action
string(values: NOOP, ARCHIVE): Specifies the action that is to be applied to the findings that match the filter. - clientToken
string: The idempotency token for the create request. - description
string: The description of the filter. - findingCriteria required
object: Contains information about the criteria used for querying findings.- Criterion
- name required
string: The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed. - rank
integer: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- detectorId required
- output CreateFilterResponse
amazonaws_guardduty.DeleteFilter({
"detectorId": "",
"filterName": ""
}, context)- input
object- detectorId required
string - filterName required
string
- detectorId required
- output DeleteFilterResponse
amazonaws_guardduty.GetFilter({
"detectorId": "",
"filterName": ""
}, context)- input
object- detectorId required
string - filterName required
string
- detectorId required
- output GetFilterResponse
amazonaws_guardduty.UpdateFilter({
"detectorId": "",
"filterName": ""
}, context)- input
object- detectorId required
string - filterName required
string - action
string(values: NOOP, ARCHIVE): Specifies the action that is to be applied to the findings that match the filter. - description
string: The description of the filter. - findingCriteria
object: Contains information about the criteria used for querying findings.- Criterion
- rank
integer: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
- detectorId required
- output UpdateFilterResponse
amazonaws_guardduty.ListFindings({
"detectorId": ""
}, context)- input
object- detectorId required
string - MaxResults
string - NextToken
string - findingCriteria
object: Contains information about the criteria used for querying findings.- Criterion
- maxResults
integer: You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. - nextToken
string: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data. - sortCriteria
object: Contains information about the criteria used for sorting findings.- AttributeName
- OrderBy
- detectorId required
- output ListFindingsResponse
amazonaws_guardduty.ArchiveFindings({
"detectorId": "",
"findingIds": []
}, context)- input
object- detectorId required
string - findingIds required
array: The IDs of the findings that you want to archive.- items FindingId
- detectorId required
- output ArchiveFindingsResponse
amazonaws_guardduty.CreateSampleFindings({
"detectorId": ""
}, context)- input
object- detectorId required
string - findingTypes
array: The types of sample findings to generate.- items FindingType
- detectorId required
- output CreateSampleFindingsResponse
amazonaws_guardduty.UpdateFindingsFeedback({
"detectorId": "",
"findingIds": [],
"feedback": ""
}, context)- input
object- detectorId required
string - comments
string: Additional feedback about the GuardDuty findings. - feedback required
string(values: USEFUL, NOT_USEFUL): The feedback for the finding. - findingIds required
array: The IDs of the findings that you want to mark as useful or not useful.- items FindingId
- detectorId required
amazonaws_guardduty.GetFindings({
"detectorId": "",
"findingIds": []
}, context)- input
object- detectorId required
string - findingIds required
array: The IDs of the findings that you want to retrieve.- items FindingId
- sortCriteria
object: Contains information about the criteria used for sorting findings.- AttributeName
- OrderBy
- detectorId required
- output GetFindingsResponse
amazonaws_guardduty.GetFindingsStatistics({
"detectorId": "",
"findingStatisticTypes": []
}, context)- input
object- detectorId required
string - findingCriteria
object: Contains information about the criteria used for querying findings.- Criterion
- findingStatisticTypes required
array: The types of finding statistics to retrieve.- items FindingStatisticType
- detectorId required
amazonaws_guardduty.UnarchiveFindings({
"detectorId": "",
"findingIds": []
}, context)- input
object- detectorId required
string - findingIds required
array: The IDs of the findings to unarchive.- items FindingId
- detectorId required
- output UnarchiveFindingsResponse
amazonaws_guardduty.ListIPSets({
"detectorId": ""
}, context)- input
object- detectorId required
string - maxResults
integer - nextToken
string - MaxResults
string - NextToken
string
- detectorId required
- output ListIPSetsResponse
amazonaws_guardduty.CreateIPSet({
"detectorId": "",
"name": "",
"format": "",
"location": "",
"activate": true
}, context)- input
object- detectorId required
string - tags
object: The tags to be added to a new IP set resource. - activate required
boolean: A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet. - clientToken
string: The idempotency token for the create request. - format required
string(values: TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE): The format of the file that contains the IPSet. - location required
string: The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. - name required
string:The user-friendly name to identify the IPSet.
Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_).
- detectorId required
- output CreateIPSetResponse
amazonaws_guardduty.DeleteIPSet({
"detectorId": "",
"ipSetId": ""
}, context)- input
object- detectorId required
string - ipSetId required
string
- detectorId required
- output DeleteIPSetResponse
amazonaws_guardduty.GetIPSet({
"detectorId": "",
"ipSetId": ""
}, context)- input
object- detectorId required
string - ipSetId required
string
- detectorId required
- output GetIPSetResponse
amazonaws_guardduty.UpdateIPSet({
"detectorId": "",
"ipSetId": ""
}, context)- input
object- detectorId required
string - ipSetId required
string - activate
boolean: The updated Boolean value that specifies whether the IPSet is active or not. - location
string: The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. - name
string: The unique ID that specifies the IPSet that you want to update.
- detectorId required
- output UpdateIPSetResponse
amazonaws_guardduty.GetMasterAccount({
"detectorId": ""
}, context)- input
object- detectorId required
string
- detectorId required
- output GetMasterAccountResponse
amazonaws_guardduty.AcceptInvitation({
"detectorId": "",
"masterId": "",
"invitationId": ""
}, context)- input
object- detectorId required
string - invitationId required
string: The value that is used to validate the administrator account to the member account. - masterId required
string: The account ID of the GuardDuty administrator account whose invitation you're accepting.
- detectorId required
- output AcceptInvitationResponse
amazonaws_guardduty.DisassociateFromMasterAccount({
"detectorId": ""
}, context)- input
object- detectorId required
string
- detectorId required
amazonaws_guardduty.ListMembers({
"detectorId": ""
}, context)- input
object- detectorId required
string - maxResults
integer - nextToken
string - onlyAssociated
string - MaxResults
string - NextToken
string
- detectorId required
- output ListMembersResponse
amazonaws_guardduty.CreateMembers({
"detectorId": "",
"accountDetails": []
}, context)- input
object- detectorId required
string - accountDetails required
array: A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.- items AccountDetail
- detectorId required
- output CreateMembersResponse
amazonaws_guardduty.DeleteMembers({
"detectorId": "",
"accountIds": []
}, context)- input
object- detectorId required
string - accountIds required
array: A list of account IDs of the GuardDuty member accounts that you want to delete.- items AccountId
- detectorId required
- output DeleteMembersResponse
amazonaws_guardduty.GetMemberDetectors({
"detectorId": "",
"accountIds": []
}, context)- input
object- detectorId required
string - accountIds required
array: The account ID of the member account.- items AccountId
- detectorId required
- output GetMemberDetectorsResponse
amazonaws_guardduty.UpdateMemberDetectors({
"detectorId": "",
"accountIds": []
}, context)- input
object- detectorId required
string - accountIds required
array: A list of member account IDs to be updated.- items AccountId
- dataSources
object: Contains information about which data sources are enabled.- S3Logs
- Enable required
- S3Logs
- detectorId required
amazonaws_guardduty.DisassociateMembers({
"detectorId": "",
"accountIds": []
}, context)- input
object- detectorId required
string - accountIds required
array: A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.- items AccountId
- detectorId required
- output DisassociateMembersResponse
amazonaws_guardduty.GetMembers({
"detectorId": "",
"accountIds": []
}, context)- input
object- detectorId required
string - accountIds required
array: A list of account IDs of the GuardDuty member accounts that you want to describe.- items AccountId
- detectorId required
- output GetMembersResponse
amazonaws_guardduty.InviteMembers({
"detectorId": "",
"accountIds": []
}, context)- input
object- detectorId required
string - accountIds required
array: A list of account IDs of the accounts that you want to invite to GuardDuty as members.- items AccountId
- disableEmailNotification
boolean: A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members. - message
string: The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.
- detectorId required
- output InviteMembersResponse
amazonaws_guardduty.StartMonitoringMembers({
"detectorId": "",
"accountIds": []
}, context)- input
object- detectorId required
string - accountIds required
array: A list of account IDs of the GuardDuty member accounts to start monitoring.- items AccountId
- detectorId required
amazonaws_guardduty.StopMonitoringMembers({
"detectorId": "",
"accountIds": []
}, context)- input
object- detectorId required
string - accountIds required
array: A list of account IDs for the member accounts to stop monitoring.- items AccountId
- detectorId required
amazonaws_guardduty.ListPublishingDestinations({
"detectorId": ""
}, context)- input
object- detectorId required
string - maxResults
integer - nextToken
string - MaxResults
string - NextToken
string
- detectorId required
amazonaws_guardduty.CreatePublishingDestination({
"detectorId": "",
"destinationType": "",
"destinationProperties": {}
}, context)- input
object- detectorId required
string - clientToken
string: The idempotency token for the request. - destinationProperties required
object: Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.- DestinationArn
- KmsKeyArn
- destinationType required
string(values: S3): The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.
- detectorId required
amazonaws_guardduty.DeletePublishingDestination({
"detectorId": "",
"destinationId": ""
}, context)- input
object- detectorId required
string - destinationId required
string
- detectorId required
amazonaws_guardduty.DescribePublishingDestination({
"detectorId": "",
"destinationId": ""
}, context)- input
object- detectorId required
string - destinationId required
string
- detectorId required
amazonaws_guardduty.UpdatePublishingDestination({
"detectorId": "",
"destinationId": ""
}, context)- input
object- detectorId required
string - destinationId required
string - destinationProperties
object: Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.- DestinationArn
- KmsKeyArn
- detectorId required
amazonaws_guardduty.ListThreatIntelSets({
"detectorId": ""
}, context)- input
object- detectorId required
string - maxResults
integer - nextToken
string - MaxResults
string - NextToken
string
- detectorId required
- output ListThreatIntelSetsResponse
amazonaws_guardduty.CreateThreatIntelSet({
"detectorId": "",
"name": "",
"format": "",
"location": "",
"activate": true
}, context)- input
object- detectorId required
string - tags
object: The tags to be added to a new threat list resource. - activate required
boolean: A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet. - clientToken
string: The idempotency token for the create request. - format required
string(values: TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE): The format of the file that contains the ThreatIntelSet. - location required
string: The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. - name required
string: A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
- detectorId required
- output CreateThreatIntelSetResponse
amazonaws_guardduty.DeleteThreatIntelSet({
"detectorId": "",
"threatIntelSetId": ""
}, context)- input
object- detectorId required
string - threatIntelSetId required
string
- detectorId required
- output DeleteThreatIntelSetResponse
amazonaws_guardduty.GetThreatIntelSet({
"detectorId": "",
"threatIntelSetId": ""
}, context)- input
object- detectorId required
string - threatIntelSetId required
string
- detectorId required
- output GetThreatIntelSetResponse
amazonaws_guardduty.UpdateThreatIntelSet({
"detectorId": "",
"threatIntelSetId": ""
}, context)- input
object- detectorId required
string - threatIntelSetId required
string - activate
boolean: The updated Boolean value that specifies whether the ThreateIntelSet is active or not. - location
string: The updated URI of the file that contains the ThreateIntelSet. - name
string: The unique ID that specifies the ThreatIntelSet that you want to update.
- detectorId required
- output UpdateThreatIntelSetResponse
amazonaws_guardduty.GetUsageStatistics({
"detectorId": "",
"usageStatisticsType": "",
"usageCriteria": {}
}, context)- input
object- detectorId required
string - MaxResults
string - NextToken
string - maxResults
integer: The maximum number of results to return in the response. - nextToken
string: A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. - unit
string: The currency unit you would like to view your usage statistics in. Current valid values are USD. - usageCriteria required
object: Contains information about the criteria used to query usage statistics.- AccountIds
- items AccountId
- DataSources
- items DataSource
- Resources
- items String
- AccountIds
- usageStatisticsType required
string(values: SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES): The type of usage statistics to retrieve.
- detectorId required
- output GetUsageStatisticsResponse
amazonaws_guardduty.ListInvitations({}, context)- input
object- maxResults
integer - nextToken
string - MaxResults
string - NextToken
string
- maxResults
- output ListInvitationsResponse
amazonaws_guardduty.GetInvitationsCount({}, context)- input
object
- output GetInvitationsCountResponse
amazonaws_guardduty.DeclineInvitations({
"accountIds": []
}, context)- input
object- accountIds required
array: A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.- items AccountId
- accountIds required
- output DeclineInvitationsResponse
amazonaws_guardduty.DeleteInvitations({
"accountIds": []
}, context)- input
object- accountIds required
array: A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.- items AccountId
- accountIds required
- output DeleteInvitationsResponse
amazonaws_guardduty.ListTagsForResource({
"resourceArn": ""
}, context)- input
object- resourceArn required
string
- resourceArn required
- output ListTagsForResourceResponse
amazonaws_guardduty.TagResource({
"resourceArn": "",
"tags": {}
}, context)- input
object- resourceArn required
string - tags required
object: The tags to be added to a resource.
- resourceArn required
Output schema unknown
amazonaws_guardduty.UntagResource({
"resourceArn": "",
"tagKeys": []
}, context)- input
object- resourceArn required
string - tagKeys required
array
- resourceArn required
Output schema unknown
- AcceptInvitationRequest
object- InvitationId required
- MasterId required
- AcceptInvitationResponse
object
- AccessControlList
object: Contains information on the current access control policies for the bucket.- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- AccessKeyDetails
object: Contains information about the access keys.- AccessKeyId
- PrincipalId
- UserName
- UserType
- AccountDetail
object: Contains information about the account.- AccountId required
- Email required
- AccountDetails
array- items AccountDetail
- AccountId
string
- AccountIds
array- items AccountId
- AccountLevelPermissions
object: Contains information about the account level permissions on the S3 bucket.- BlockPublicAccess
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- BlockPublicAccess
- Action
object: Contains information about actions.- ActionType
- AwsApiCallAction
- Api
- CallerType
- DomainDetails
- Domain
- ErrorCode
- RemoteIpDetails
- City
- CityName
- Country
- CountryCode
- CountryName
- GeoLocation
- Lat
- Lon
- IpAddressV4
- Organization
- Asn
- AsnOrg
- Isp
- Org
- City
- ServiceName
- DnsRequestAction
- Domain
- NetworkConnectionAction
- Blocked
- ConnectionDirection
- LocalIpDetails
- IpAddressV4
- LocalPortDetails
- Port
- PortName
- Protocol
- RemoteIpDetails
- City
- CityName
- Country
- CountryCode
- CountryName
- GeoLocation
- Lat
- Lon
- IpAddressV4
- Organization
- Asn
- AsnOrg
- Isp
- Org
- City
- RemotePortDetails
- Port
- PortName
- PortProbeAction
- Blocked
- PortProbeDetails
- items PortProbeDetail
- AdminAccount
object: The account within the organization specified as the GuardDuty delegated administrator.- AdminAccountId
- AdminStatus
- AdminAccounts
array- items AdminAccount
- AdminStatus
string(values: ENABLED, DISABLE_IN_PROGRESS)
- ArchiveFindingsRequest
object- FindingIds required
- items FindingId
- FindingIds required
- ArchiveFindingsResponse
object
- AwsApiCallAction
object: Contains information about the API action.- Api
- CallerType
- DomainDetails
- Domain
- ErrorCode
- RemoteIpDetails
- City
- CityName
- Country
- CountryCode
- CountryName
- GeoLocation
- Lat
- Lon
- IpAddressV4
- Organization
- Asn
- AsnOrg
- Isp
- Org
- City
- ServiceName
- BlockPublicAccess
object: Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- Boolean
boolean
- BucketLevelPermissions
object: Contains information about the bucket level permissions for the S3 bucket.- AccessControlList
- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- BlockPublicAccess
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- BucketPolicy
- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- AccessControlList
- BucketPolicy
object: Contains information on the current bucket policies for the S3 bucket.- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- City
object: Contains information about the city associated with the IP address.- CityName
- ClientToken
string
- CloudTrailConfigurationResult
object: Contains information on the status of CloudTrail as a data source for the detector.- Status required
- Condition
object: Contains information about the condition.
- CountBySeverity
object
- Country
object: Contains information about the country where the remote IP address is located.- CountryCode
- CountryName
- CreateDetectorRequest
object- ClientToken
- DataSources
- S3Logs
- Enable required
- S3Logs
- Enable required
- FindingPublishingFrequency
- Tags
- CreateDetectorResponse
object- DetectorId
- CreateFilterRequest
object- Action
- ClientToken
- Description
- FindingCriteria required
- Criterion
- Name required
- Rank
- Tags
- CreateFilterResponse
object- Name required
- CreateIPSetRequest
object- Activate required
- ClientToken
- Format required
- Location required
- Name required
- Tags
- CreateIPSetResponse
object- IpSetId required
- CreateMembersRequest
object- AccountDetails required
- items AccountDetail
- AccountDetails required
- CreateMembersResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- CreatePublishingDestinationRequest
object- ClientToken
- DestinationProperties required
- DestinationArn
- KmsKeyArn
- DestinationType required
- CreatePublishingDestinationResponse
object- DestinationId required
- CreateSampleFindingsRequest
object- FindingTypes
- items FindingType
- FindingTypes
- CreateSampleFindingsResponse
object
- CreateThreatIntelSetRequest
object- Activate required
- ClientToken
- Format required
- Location required
- Name required
- Tags
- CreateThreatIntelSetResponse
object- ThreatIntelSetId required
- Criterion
object
- DNSLogsConfigurationResult
object: Contains information on the status of DNS logs as a data source.- Status required
- DataSource
string(values: FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS)
- DataSourceConfigurations
object: Contains information about which data sources are enabled.- S3Logs
- Enable required
- S3Logs
- DataSourceConfigurationsResult
object: Contains information on the status of data sources for the detector.- CloudTrail required
- Status required
- DNSLogs required
- Status required
- FlowLogs required
- Status required
- S3Logs required
- Status required
- CloudTrail required
- DataSourceList
array- items DataSource
- DataSourceStatus
string(values: ENABLED, DISABLED)
- DeclineInvitationsRequest
object- AccountIds required
- items AccountId
- AccountIds required
- DeclineInvitationsResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- DefaultServerSideEncryption
object: Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.- EncryptionType
- KmsMasterKeyArn
- DeleteDetectorRequest
object
- DeleteDetectorResponse
object
- DeleteFilterRequest
object
- DeleteFilterResponse
object
- DeleteIPSetRequest
object
- DeleteIPSetResponse
object
- DeleteInvitationsRequest
object- AccountIds required
- items AccountId
- AccountIds required
- DeleteInvitationsResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- DeleteMembersRequest
object- AccountIds required
- items AccountId
- AccountIds required
- DeleteMembersResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- DeletePublishingDestinationRequest
object
- DeletePublishingDestinationResponse
object
- DeleteThreatIntelSetRequest
object
- DeleteThreatIntelSetResponse
object
- DescribeOrganizationConfigurationRequest
object
- DescribeOrganizationConfigurationResponse
object- AutoEnable required
- DataSources
- S3Logs required
- AutoEnable required
- S3Logs required
- MemberAccountLimitReached required
- DescribePublishingDestinationRequest
object
- DescribePublishingDestinationResponse
object- DestinationId required
- DestinationProperties required
- DestinationArn
- KmsKeyArn
- DestinationType required
- PublishingFailureStartTimestamp required
- Status required
- Destination
object: Contains information about the publishing destination, including the ID, type, and status.- DestinationId required
- DestinationType required
- Status required
- DestinationProperties
object: Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.- DestinationArn
- KmsKeyArn
- DestinationType
string(values: S3)
- Destinations
array- items Destination
- DetectorId
string
- DetectorIds
array- items DetectorId
- DetectorStatus
string(values: ENABLED, DISABLED)
- DisableOrganizationAdminAccountRequest
object- AdminAccountId required
- DisableOrganizationAdminAccountResponse
object
- DisassociateFromMasterAccountRequest
object
- DisassociateFromMasterAccountResponse
object
- DisassociateMembersRequest
object- AccountIds required
- items AccountId
- AccountIds required
- DisassociateMembersResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- DnsRequestAction
object: Contains information about the DNS_REQUEST action described in this finding.- Domain
- DomainDetails
object: Contains information about the domain.- Domain
- Double
number
- Email
string
- EnableOrganizationAdminAccountRequest
object- AdminAccountId required
- EnableOrganizationAdminAccountResponse
object
- Eq
array- items String
- Equals
array- items String
- Evidence
object: Contains information about the reason that the finding was generated.- ThreatIntelligenceDetails
- items ThreatIntelligenceDetail
- ThreatIntelligenceDetails
- Feedback
string(values: USEFUL, NOT_USEFUL)
- FilterAction
string(values: NOOP, ARCHIVE)
- FilterDescription
string
- FilterName
string
- FilterNames
array- items FilterName
- FilterRank
integer
- Finding
object: Contains information about the finding, which is generated when abnormal or suspicious activity is detected.- AccountId required
- Arn required
- Confidence
- CreatedAt required
- Description
- Id required
- Partition
- Region required
- Resource required
- AccessKeyDetails
- AccessKeyId
- PrincipalId
- UserName
- UserType
- InstanceDetails
- AvailabilityZone
- IamInstanceProfile
- Arn
- Id
- ImageDescription
- ImageId
- InstanceId
- InstanceState
- InstanceType
- LaunchTime
- NetworkInterfaces
- items NetworkInterface
- OutpostArn
- Platform
- ProductCodes
- items ProductCode
- Tags
- items Tag
- ResourceType
- S3BucketDetails
- items S3BucketDetail
- AccessKeyDetails
- SchemaVersion required
- Service
- Action
- ActionType
- AwsApiCallAction
- Api
- CallerType
- DomainDetails
- Domain
- ErrorCode
- RemoteIpDetails
- City
- Country
- GeoLocation
- IpAddressV4
- Organization
- ServiceName
- DnsRequestAction
- Domain
- NetworkConnectionAction
- Blocked
- ConnectionDirection
- LocalIpDetails
- IpAddressV4
- LocalPortDetails
- Port
- PortName
- Protocol
- RemoteIpDetails
- City
- Country
- GeoLocation
- IpAddressV4
- Organization
- RemotePortDetails
- Port
- PortName
- PortProbeAction
- Blocked
- PortProbeDetails
- items PortProbeDetail
- Archived
- Count
- DetectorId
- EventFirstSeen
- EventLastSeen
- Evidence
- ThreatIntelligenceDetails
- items ThreatIntelligenceDetail
- ThreatIntelligenceDetails
- ResourceRole
- ServiceName
- UserFeedback
- Action
- Severity required
- Title
- Type required
- UpdatedAt required
- FindingCriteria
object: Contains information about the criteria used for querying findings.- Criterion
- FindingId
string
- FindingIds
array- items FindingId
- FindingPublishingFrequency
string(values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS)
- FindingStatisticType
string(values: COUNT_BY_SEVERITY)
- FindingStatisticTypes
array- items FindingStatisticType
- FindingStatistics
object: Contains information about finding statistics.- CountBySeverity
- FindingType
string
- FindingTypes
array- items FindingType
- Findings
array- items Finding
- FlowLogsConfigurationResult
object: Contains information on the status of VPC flow logs as a data source.- Status required
- GeoLocation
object: Contains information about the location of the remote IP address.- Lat
- Lon
- GetDetectorRequest
object
- GetDetectorResponse
object- CreatedAt
- DataSources
- CloudTrail required
- Status required
- DNSLogs required
- Status required
- FlowLogs required
- Status required
- S3Logs required
- Status required
- CloudTrail required
- FindingPublishingFrequency
- ServiceRole required
- Status required
- Tags
- UpdatedAt
- GetFilterRequest
object
- GetFilterResponse
object- Action required
- Description
- FindingCriteria required
- Criterion
- Name required
- Rank
- Tags
- GetFindingsRequest
object- FindingIds required
- items FindingId
- SortCriteria
- AttributeName
- OrderBy
- FindingIds required
- GetFindingsResponse
object- Findings required
- items Finding
- Findings required
- GetFindingsStatisticsRequest
object- FindingCriteria
- Criterion
- FindingStatisticTypes required
- items FindingStatisticType
- FindingCriteria
- GetFindingsStatisticsResponse
object- FindingStatistics required
- CountBySeverity
- FindingStatistics required
- GetIPSetRequest
object
- GetIPSetResponse
object- Format required
- Location required
- Name required
- Status required
- Tags
- GetInvitationsCountRequest
object
- GetInvitationsCountResponse
object- InvitationsCount
- GetMasterAccountRequest
object
- GetMasterAccountResponse
object- Master required
- AccountId
- InvitationId
- InvitedAt
- RelationshipStatus
- Master required
- GetMemberDetectorsRequest
object- AccountIds required
- items AccountId
- AccountIds required
- GetMemberDetectorsResponse
object- MemberDataSourceConfigurations required
- UnprocessedAccounts required
- items UnprocessedAccount
- GetMembersRequest
object- AccountIds required
- items AccountId
- AccountIds required
- GetMembersResponse
object- Members required
- items Member
- UnprocessedAccounts required
- items UnprocessedAccount
- Members required
- GetThreatIntelSetRequest
object
- GetThreatIntelSetResponse
object- Format required
- Location required
- Name required
- Status required
- Tags
- GetUsageStatisticsRequest
object- MaxResults
- NextToken
- Unit
- UsageCriteria required
- AccountIds
- items AccountId
- DataSources required
- items DataSource
- Resources
- items String
- AccountIds
- UsageStatisticType required
- GetUsageStatisticsResponse
object- NextToken
- UsageStatistics
- SumByAccount
- items UsageAccountResult
- SumByDataSource
- items UsageDataSourceResult
- SumByResource
- items UsageResourceResult
- TopResources
- items UsageResourceResult
- SumByAccount
- GuardDutyArn
string
- IamInstanceProfile
object: Contains information about the EC2 instance profile.- Arn
- Id
- InstanceDetails
object: Contains information about the details of an instance.- AvailabilityZone
- IamInstanceProfile
- Arn
- Id
- ImageDescription
- ImageId
- InstanceId
- InstanceState
- InstanceType
- LaunchTime
- NetworkInterfaces
- items NetworkInterface
- OutpostArn
- Platform
- ProductCodes
- items ProductCode
- Tags
- items Tag
- Integer
integer
- Invitation
object: Contains information about the invitation to become a member account.- AccountId
- InvitationId
- InvitedAt
- RelationshipStatus
- Invitations
array- items Invitation
- InviteMembersRequest
object- AccountIds required
- items AccountId
- DisableEmailNotification
- Message
- AccountIds required
- InviteMembersResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- IpSetFormat
string(values: TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE)
- IpSetIds
array- items String
- IpSetStatus
string(values: INACTIVE, ACTIVATING, ACTIVE, DEACTIVATING, ERROR, DELETE_PENDING, DELETED)
- Ipv6Addresses
array- items String
- ListDetectorsRequest
object
- ListDetectorsResponse
object- DetectorIds required
- items DetectorId
- NextToken
- DetectorIds required
- ListFiltersRequest
object
- ListFiltersResponse
object- FilterNames required
- items FilterName
- NextToken
- FilterNames required
- ListFindingsRequest
object- FindingCriteria
- Criterion
- MaxResults
- NextToken
- SortCriteria
- AttributeName
- OrderBy
- FindingCriteria
- ListFindingsResponse
object- FindingIds required
- items FindingId
- NextToken
- FindingIds required
- ListIPSetsRequest
object
- ListIPSetsResponse
object- IpSetIds required
- items String
- NextToken
- IpSetIds required
- ListInvitationsRequest
object
- ListInvitationsResponse
object- Invitations
- items Invitation
- NextToken
- Invitations
- ListMembersRequest
object
- ListMembersResponse
object- Members
- items Member
- NextToken
- Members
- ListOrganizationAdminAccountsRequest
object
- ListOrganizationAdminAccountsResponse
object- AdminAccounts
- items AdminAccount
- NextToken
- AdminAccounts
- ListPublishingDestinationsRequest
object
- ListPublishingDestinationsResponse
object- Destinations required
- items Destination
- NextToken
- Destinations required
- ListTagsForResourceRequest
object
- ListTagsForResourceResponse
object- Tags
- ListThreatIntelSetsRequest
object
- ListThreatIntelSetsResponse
object- NextToken
- ThreatIntelSetIds required
- items String
- LocalIpDetails
object: Contains information about the local IP address of the connection.- IpAddressV4
- LocalPortDetails
object: Contains information about the port for the local connection.- Port
- PortName
- Location
string
- Long
integer
- Master
object: Contains information about the administrator account and invitation.- AccountId
- InvitationId
- InvitedAt
- RelationshipStatus
- MaxResults
integer
- Member
object: Contains information about the member account.- AccountId required
- DetectorId
- Email required
- InvitedAt
- MasterId required
- RelationshipStatus required
- UpdatedAt required
- MemberDataSourceConfiguration
object: Contains information on which data sources are enabled for a member account.- AccountId required
- DataSources required
- CloudTrail required
- Status required
- DNSLogs required
- Status required
- FlowLogs required
- Status required
- S3Logs required
- Status required
- CloudTrail required
- MemberDataSourceConfigurations
array
- Members
array- items Member
- Name
string
- Neq
array- items String
- NetworkConnectionAction
object: Contains information about the NETWORK_CONNECTION action described in the finding.- Blocked
- ConnectionDirection
- LocalIpDetails
- IpAddressV4
- LocalPortDetails
- Port
- PortName
- Protocol
- RemoteIpDetails
- City
- CityName
- Country
- CountryCode
- CountryName
- GeoLocation
- Lat
- Lon
- IpAddressV4
- Organization
- Asn
- AsnOrg
- Isp
- Org
- City
- RemotePortDetails
- Port
- PortName
- NetworkInterface
object: Contains information about the elastic network interface of the EC2 instance.- Ipv6Addresses
- items String
- NetworkInterfaceId
- PrivateDnsName
- PrivateIpAddress
- PrivateIpAddresses
- items PrivateIpAddressDetails
- PublicDnsName
- PublicIp
- SecurityGroups
- items SecurityGroup
- SubnetId
- VpcId
- Ipv6Addresses
- NetworkInterfaces
array- items NetworkInterface
- NotEquals
array- items String
- OrderBy
string(values: ASC, DESC)
- Organization
object: Contains information about the ISP organization of the remote IP address.- Asn
- AsnOrg
- Isp
- Org
- OrganizationDataSourceConfigurations
object: An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.- S3Logs
- AutoEnable required
- S3Logs
- OrganizationDataSourceConfigurationsResult
object: An object that contains information on which data sources are automatically enabled for new members within the organization.- S3Logs required
- AutoEnable required
- S3Logs required
- OrganizationS3LogsConfiguration
object: Describes whether S3 data event logs will be automatically enabled for new members of the organization.- AutoEnable required
- OrganizationS3LogsConfigurationResult
object: The current configuration of S3 data event logs as a data source for the organization.- AutoEnable required
- Owner
object: Contains information on the owner of the bucket.- Id
- PermissionConfiguration
object: Contains information about how permissions are configured for the S3 bucket.- AccountLevelPermissions
- BlockPublicAccess
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- BlockPublicAccess
- BucketLevelPermissions
- AccessControlList
- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- BlockPublicAccess
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- BucketPolicy
- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- AccessControlList
- AccountLevelPermissions
- PortProbeAction
object: Contains information about the PORT_PROBE action described in the finding.- Blocked
- PortProbeDetails
- items PortProbeDetail
- PortProbeDetail
object: Contains information about the port probe details.- LocalIpDetails
- IpAddressV4
- LocalPortDetails
- Port
- PortName
- RemoteIpDetails
- City
- CityName
- Country
- CountryCode
- CountryName
- GeoLocation
- Lat
- Lon
- IpAddressV4
- Organization
- Asn
- AsnOrg
- Isp
- Org
- City
- LocalIpDetails
- PortProbeDetails
array- items PortProbeDetail
- PrivateIpAddressDetails
object: Contains other private IP address information of the EC2 instance.- PrivateDnsName
- PrivateIpAddress
- PrivateIpAddresses
array- items PrivateIpAddressDetails
- ProductCode
object: Contains information about the product code for the EC2 instance.- Code
- ProductType
- ProductCodes
array- items ProductCode
- PublicAccess
object: Describes the public access policies that apply to the S3 bucket.- EffectivePermission
- PermissionConfiguration
- AccountLevelPermissions
- BlockPublicAccess
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- BlockPublicAccess
- BucketLevelPermissions
- AccessControlList
- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- BlockPublicAccess
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- BucketPolicy
- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- AccessControlList
- AccountLevelPermissions
- PublishingStatus
string(values: PENDING_VERIFICATION, PUBLISHING, UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY, STOPPED)
- RemoteIpDetails
object: Contains information about the remote IP address of the connection.- City
- CityName
- Country
- CountryCode
- CountryName
- GeoLocation
- Lat
- Lon
- IpAddressV4
- Organization
- Asn
- AsnOrg
- Isp
- Org
- City
- RemotePortDetails
object: Contains information about the remote port.- Port
- PortName
- Resource
object: Contains information about the AWS resource associated with the activity that prompted GuardDuty to generate a finding.- AccessKeyDetails
- AccessKeyId
- PrincipalId
- UserName
- UserType
- InstanceDetails
- AvailabilityZone
- IamInstanceProfile
- Arn
- Id
- ImageDescription
- ImageId
- InstanceId
- InstanceState
- InstanceType
- LaunchTime
- NetworkInterfaces
- items NetworkInterface
- OutpostArn
- Platform
- ProductCodes
- items ProductCode
- Tags
- items Tag
- ResourceType
- S3BucketDetails
- items S3BucketDetail
- AccessKeyDetails
- ResourceList
array- items String
- S3BucketDetail
object: Contains information on the S3 bucket.- Arn
- CreatedAt
- DefaultServerSideEncryption
- EncryptionType
- KmsMasterKeyArn
- Name
- Owner
- Id
- PublicAccess
- EffectivePermission
- PermissionConfiguration
- AccountLevelPermissions
- BlockPublicAccess
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- BlockPublicAccess
- BucketLevelPermissions
- AccessControlList
- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- BlockPublicAccess
- BlockPublicAcls
- BlockPublicPolicy
- IgnorePublicAcls
- RestrictPublicBuckets
- BucketPolicy
- AllowsPublicReadAccess
- AllowsPublicWriteAccess
- AccessControlList
- AccountLevelPermissions
- Tags
- items Tag
- Type
- S3BucketDetails
array- items S3BucketDetail
- S3LogsConfiguration
object: Describes whether S3 data event logs will be enabled as a data source.- Enable required
- S3LogsConfigurationResult
object: Describes whether S3 data event logs will be enabled as a data source.- Status required
- SecurityGroup
object: Contains information about the security groups associated with the EC2 instance.- GroupId
- GroupName
- SecurityGroups
array- items SecurityGroup
- Service
object: Contains additional information about the generated finding.- Action
- ActionType
- AwsApiCallAction
- Api
- CallerType
- DomainDetails
- Domain
- ErrorCode
- RemoteIpDetails
- City
- CityName
- Country
- CountryCode
- CountryName
- GeoLocation
- Lat
- Lon
- IpAddressV4
- Organization
- Asn
- AsnOrg
- Isp
- Org
- City
- ServiceName
- DnsRequestAction
- Domain
- NetworkConnectionAction
- Blocked
- ConnectionDirection
- LocalIpDetails
- IpAddressV4
- LocalPortDetails
- Port
- PortName
- Protocol
- RemoteIpDetails
- City
- CityName
- Country
- CountryCode
- CountryName
- GeoLocation
- Lat
- Lon
- IpAddressV4
- Organization
- Asn
- AsnOrg
- Isp
- Org
- City
- RemotePortDetails
- Port
- PortName
- PortProbeAction
- Blocked
- PortProbeDetails
- items PortProbeDetail
- Archived
- Count
- DetectorId
- EventFirstSeen
- EventLastSeen
- Evidence
- ThreatIntelligenceDetails
- items ThreatIntelligenceDetail
- ThreatIntelligenceDetails
- ResourceRole
- ServiceName
- UserFeedback
- Action
- SortCriteria
object: Contains information about the criteria used for sorting findings.- AttributeName
- OrderBy
- StartMonitoringMembersRequest
object- AccountIds required
- items AccountId
- AccountIds required
- StartMonitoringMembersResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- StopMonitoringMembersRequest
object- AccountIds required
- items AccountId
- AccountIds required
- StopMonitoringMembersResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- String
string
- Tag
object: Contains information about a tag associated with the EC2 instance.- Key
- Value
- TagKey
string
- TagKeyList
array- items TagKey
- TagMap
object
- TagResourceRequest
object- Tags required
- TagResourceResponse
object
- TagValue
string
- Tags
array- items Tag
- ThreatIntelSetFormat
string(values: TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE)
- ThreatIntelSetIds
array- items String
- ThreatIntelSetStatus
string(values: INACTIVE, ACTIVATING, ACTIVE, DEACTIVATING, ERROR, DELETE_PENDING, DELETED)
- ThreatIntelligenceDetail
object: An instance of a threat intelligence detail that constitutes evidence for the finding.- ThreatListName
- ThreatNames
- items String
- ThreatIntelligenceDetails
array- items ThreatIntelligenceDetail
- ThreatNames
array- items String
- Timestamp
string
- Total
object: Contains the total usage with the corresponding currency unit for that value.- Amount
- Unit
- UnarchiveFindingsRequest
object- FindingIds required
- items FindingId
- FindingIds required
- UnarchiveFindingsResponse
object
- UnprocessedAccount
object: Contains information about the accounts that weren't processed.- AccountId required
- Result required
- UnprocessedAccounts
array- items UnprocessedAccount
- UntagResourceRequest
object
- UntagResourceResponse
object
- UpdateDetectorRequest
object- DataSources
- S3Logs
- Enable required
- S3Logs
- Enable
- FindingPublishingFrequency
- DataSources
- UpdateDetectorResponse
object
- UpdateFilterRequest
object- Action
- Description
- FindingCriteria
- Criterion
- Rank
- UpdateFilterResponse
object- Name required
- UpdateFindingsFeedbackRequest
object- Comments
- Feedback required
- FindingIds required
- items FindingId
- UpdateFindingsFeedbackResponse
object
- UpdateIPSetRequest
object- Activate
- Location
- Name
- UpdateIPSetResponse
object
- UpdateMemberDetectorsRequest
object- AccountIds required
- items AccountId
- DataSources
- S3Logs
- Enable required
- S3Logs
- AccountIds required
- UpdateMemberDetectorsResponse
object- UnprocessedAccounts required
- items UnprocessedAccount
- UnprocessedAccounts required
- UpdateOrganizationConfigurationRequest
object- AutoEnable required
- DataSources
- S3Logs
- AutoEnable required
- S3Logs
- UpdateOrganizationConfigurationResponse
object
- UpdatePublishingDestinationRequest
object- DestinationProperties
- DestinationArn
- KmsKeyArn
- DestinationProperties
- UpdatePublishingDestinationResponse
object
- UpdateThreatIntelSetRequest
object- Activate
- Location
- Name
- UpdateThreatIntelSetResponse
object
- UsageAccountResult
object: Contains information on the total of usage based on account IDs.- AccountId
- Total
- Amount
- Unit
- UsageAccountResultList
array- items UsageAccountResult
- UsageCriteria
object: Contains information about the criteria used to query usage statistics.- AccountIds
- items AccountId
- DataSources required
- items DataSource
- Resources
- items String
- AccountIds
- UsageDataSourceResult
object: Contains information on the result of usage based on data source type.- DataSource
- Total
- Amount
- Unit
- UsageDataSourceResultList
array- items UsageDataSourceResult
- UsageResourceResult
object: Contains information on the sum of usage based on an AWS resource.- Resource
- Total
- Amount
- Unit
- UsageResourceResultList
array- items UsageResourceResult
- UsageStatisticType
string(values: SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES)
- UsageStatistics
object: Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null.- SumByAccount
- items UsageAccountResult
- SumByDataSource
- items UsageDataSourceResult
- SumByResource
- items UsageResourceResult
- TopResources
- items UsageResourceResult
- SumByAccount