Skip to content

Commit

Permalink
feat(client-guardduty): Add EC2 support for GuardDuty Runtime Monitor…
Browse files Browse the repository at this point in the history 
…ing auto management.
  • Loading branch information
awstools committed Mar 28, 2024
1 parent 790018d commit 11a2340
Show file tree
Hide file tree
Showing 15 changed files with 143 additions and 33 deletions.
2 changes: 1 addition & 1 deletion clients/client-guardduty/src/commands/CreateDetectorCommand.ts
View file
Expand Up @@ -84,7 +84,7 @@ export interface CreateDetectorCommandOutput extends CreateDetectorResponse, __M
* Status: "ENABLED" || "DISABLED",
* AdditionalConfiguration: [ // DetectorAdditionalConfigurations
* { // DetectorAdditionalConfiguration
* Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
* Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
* Status: "ENABLED" || "DISABLED",
* },
* ],
Expand Down
8 changes: 4 additions & 4 deletions clients/client-guardduty/src/commands/CreateMembersCommand.ts
View file
Expand Up @@ -43,14 +43,14 @@ export interface CreateMembersCommandOutput extends CreateMembersResponse, __Met
* accounts in this request, irrespective of the accounts being new or existing members. For
* more information about the existing auto-enable settings for your organization, see
* <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DescribeOrganizationConfiguration.html">DescribeOrganizationConfiguration</a>.</p>
* <p>If you are adding accounts by invitation, before using <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a>, use
* <code>CreateMembers</code> after GuardDuty has been enabled in potential member accounts.</p>
* <p>If you disassociate a member from a GuardDuty
* delegated administrator, the member account details
* <p>If you disassociate a member account that was added by invitation, the member account details
* obtained from this API, including the associated email addresses, will be retained.
* This is done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
* remove the details associated with a member account, the delegated administrator must invoke the
* <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
* <p>When the member accounts added through Organizations are later disassociated, you (administrator)
* can't invite them by calling the InviteMembers API. You can create an association with these
* member accounts again only by calling the CreateMembers API.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
Expand Down
2 changes: 1 addition & 1 deletion clients/client-guardduty/src/commands/DescribeOrganizationConfigurationCommand.ts
View file
Expand Up @@ -79,7 +79,7 @@ export interface DescribeOrganizationConfigurationCommandOutput
* // AutoEnable: "NEW" || "NONE" || "ALL",
* // AdditionalConfiguration: [ // OrganizationAdditionalConfigurationResults
* // { // OrganizationAdditionalConfigurationResult
* // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
* // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
* // AutoEnable: "NEW" || "NONE" || "ALL",
* // },
* // ],
Expand Down
8 changes: 8 additions & 0 deletions clients/client-guardduty/src/commands/DisassociateMembersCommand.ts
View file
Expand Up @@ -38,6 +38,14 @@ export interface DisassociateMembersCommandOutput extends DisassociateMembersRes
* <p>With <code>autoEnableOrganizationMembers</code> configuration for your organization set to
* <code>ALL</code>, you'll receive an error if you attempt to disassociate a member account
* before removing them from your organization.</p>
* <p>If you disassociate a member account that was added by invitation, the member account details
* obtained from this API, including the associated email addresses, will be retained.
* This is done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
* remove the details associated with a member account, the delegated administrator must invoke the
* <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
* <p>When the member accounts added through Organizations are later disassociated, you (administrator)
* can't invite them by calling the InviteMembers API. You can create an association with these
* member accounts again only by calling the CreateMembers API.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
Expand Down
2 changes: 1 addition & 1 deletion clients/client-guardduty/src/commands/GetDetectorCommand.ts
View file
Expand Up @@ -86,7 +86,7 @@ export interface GetDetectorCommandOutput extends GetDetectorResponse, __Metadat
* // UpdatedAt: new Date("TIMESTAMP"),
* // AdditionalConfiguration: [ // DetectorAdditionalConfigurationResults
* // { // DetectorAdditionalConfigurationResult
* // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
* // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
* // Status: "ENABLED" || "DISABLED",
* // UpdatedAt: new Date("TIMESTAMP"),
* // },
Expand Down
6 changes: 6 additions & 0 deletions clients/client-guardduty/src/commands/GetFindingsCommand.ts
View file
Expand Up @@ -578,6 +578,7 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat
* // ThreatNames: [ // ThreatNames
* // "STRING_VALUE",
* // ],
* // ThreatFileSha256: "STRING_VALUE",
* // },
* // ],
* // },
Expand Down Expand Up @@ -744,6 +745,11 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat
* // MemoryRegions: [ // MemoryRegionsList
* // "STRING_VALUE",
* // ],
* // ToolName: "STRING_VALUE",
* // ToolCategory: "STRING_VALUE",
* // ServiceName: "STRING_VALUE",
* // CommandLineExample: "STRING_VALUE",
* // ThreatFilePath: "STRING_VALUE",
* // },
* // },
* // Detection: { // Detection
Expand Down
2 changes: 1 addition & 1 deletion clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts
View file
Expand Up @@ -84,7 +84,7 @@ export interface GetMemberDetectorsCommandOutput extends GetMemberDetectorsRespo
* // UpdatedAt: new Date("TIMESTAMP"),
* // AdditionalConfiguration: [ // MemberAdditionalConfigurationResults
* // { // MemberAdditionalConfigurationResult
* // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
* // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
* // Status: "ENABLED" || "DISABLED",
* // UpdatedAt: new Date("TIMESTAMP"),
* // },
Expand Down
2 changes: 1 addition & 1 deletion clients/client-guardduty/src/commands/GetOrganizationStatisticsCommand.ts
View file
Expand Up @@ -54,7 +54,7 @@ export interface GetOrganizationStatisticsCommandOutput extends GetOrganizationS
* // EnabledAccountsCount: Number("int"),
* // AdditionalConfiguration: [ // OrganizationFeatureStatisticsAdditionalConfigurations
* // { // OrganizationFeatureStatisticsAdditionalConfiguration
* // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
* // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
* // EnabledAccountsCount: Number("int"),
* // },
* // ],
Expand Down
8 changes: 8 additions & 0 deletions clients/client-guardduty/src/commands/InviteMembersCommand.ts
View file
Expand Up @@ -45,6 +45,14 @@ export interface InviteMembersCommandOutput extends InviteMembersResponse, __Met
* <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html">CreateMembers</a> again. To
* remove the details associated with a member account, you must also invoke
* <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a>. </p>
* <p>If you disassociate a member account that was added by invitation, the member account details
* obtained from this API, including the associated email addresses, will be retained.
* This is done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
* remove the details associated with a member account, the delegated administrator must invoke the
* <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
* <p>When the member accounts added through Organizations are later disassociated, you (administrator)
* can't invite them by calling the InviteMembers API. You can create an association with these
* member accounts again only by calling the CreateMembers API.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
Expand Down
2 changes: 1 addition & 1 deletion clients/client-guardduty/src/commands/UpdateDetectorCommand.ts
View file
Expand Up @@ -67,7 +67,7 @@ export interface UpdateDetectorCommandOutput extends UpdateDetectorResponse, __M
* Status: "ENABLED" || "DISABLED",
* AdditionalConfiguration: [ // DetectorAdditionalConfigurations
* { // DetectorAdditionalConfiguration
* Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
* Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
* Status: "ENABLED" || "DISABLED",
* },
* ],
Expand Down
2 changes: 1 addition & 1 deletion clients/client-guardduty/src/commands/UpdateMemberDetectorsCommand.ts
View file
Expand Up @@ -68,7 +68,7 @@ export interface UpdateMemberDetectorsCommandOutput extends UpdateMemberDetector
* Status: "ENABLED" || "DISABLED",
* AdditionalConfiguration: [ // MemberAdditionalConfigurations
* { // MemberAdditionalConfiguration
* Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
* Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
* Status: "ENABLED" || "DISABLED",
* },
* ],
Expand Down
2 changes: 1 addition & 1 deletion clients/client-guardduty/src/commands/UpdateOrganizationConfigurationCommand.ts
View file
Expand Up @@ -74,7 +74,7 @@ export interface UpdateOrganizationConfigurationCommandOutput
* AutoEnable: "NEW" || "NONE" || "ALL",
* AdditionalConfiguration: [ // OrganizationAdditionalConfigurations
* { // OrganizationAdditionalConfiguration
* Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
* Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
* AutoEnable: "NEW" || "NONE" || "ALL",
* },
* ],
Expand Down
58 changes: 43 additions & 15 deletions clients/client-guardduty/src/models/models_0.ts
View file
Expand Up @@ -659,7 +659,8 @@ export interface DnsRequestAction {

/**
* <p>The second and top level domain involved in the
* activity that prompted GuardDuty to generate this finding.</p>
* activity that potentially prompted GuardDuty to generate this finding.
* For a list of top-level and second-level domains, see <a href="https://publicsuffix.org/">public suffix list</a>.</p>
* @public
*/
DomainWithSuffix?: string;
Expand Down Expand Up @@ -1673,13 +1674,7 @@ export const ManagementType = {
export type ManagementType = (typeof ManagementType)[keyof typeof ManagementType];

/**
* <note>
* <p>This API is also used when you use GuardDuty Runtime Monitoring
* for your Amazon EC2 instances (currently in preview
* release) and is subject to change. The use of this API is subject to Section 2 of the
* <a href="http://aws.amazon.com/service-terms/">Amazon Web Services Service Terms</a> ("Betas and Previews").</p>
* </note>
* <p>Contains information about the Amazon EC2 instance runtime
* <p>Contains information about the Amazon EC2 instance runtime
* coverage details.</p>
* @public
*/
Expand Down Expand Up @@ -1936,13 +1931,7 @@ export interface CoverageResourceDetails {
EcsClusterDetails?: CoverageEcsClusterDetails;

/**
* <note>
* <p>This API is also used when you use GuardDuty Runtime Monitoring
* for your Amazon EC2 instances (currently in preview
* release) and is subject to change. The use of this API is subject to Section 2 of the
* <a href="http://aws.amazon.com/service-terms/">Amazon Web Services Service Terms</a> ("Betas and Previews").</p>
* </note>
* <p>Information about the Amazon EC2 instance assessed
* <p>Information about the Amazon EC2 instance assessed
* for runtime coverage.</p>
* @public
*/
Expand Down Expand Up @@ -2178,6 +2167,7 @@ export interface DataSourceConfigurations {
* @enum
*/
export const FeatureAdditionalConfiguration = {
EC2_AGENT_MANAGEMENT: "EC2_AGENT_MANAGEMENT",
ECS_FARGATE_AGENT_MANAGEMENT: "ECS_FARGATE_AGENT_MANAGEMENT",
EKS_ADDON_MANAGEMENT: "EKS_ADDON_MANAGEMENT",
} as const;
Expand Down Expand Up @@ -3991,6 +3981,7 @@ export type OrgFeatureStatus = (typeof OrgFeatureStatus)[keyof typeof OrgFeature
* @enum
*/
export const OrgFeatureAdditionalConfiguration = {
EC2_AGENT_MANAGEMENT: "EC2_AGENT_MANAGEMENT",
ECS_FARGATE_AGENT_MANAGEMENT: "ECS_FARGATE_AGENT_MANAGEMENT",
EKS_ADDON_MANAGEMENT: "EKS_ADDON_MANAGEMENT",
} as const;
Expand Down Expand Up @@ -4986,6 +4977,12 @@ export interface ThreatIntelligenceDetail {
* @public
*/
ThreatNames?: string[];

/**
* <p>SHA256 of the file that generated the finding.</p>
* @public
*/
ThreatFileSha256?: string;
}

/**
Expand Down Expand Up @@ -6029,6 +6026,37 @@ export interface RuntimeContext {
* @public
*/
MemoryRegions?: string[];

/**
* <p>Name of the potentially suspicious tool.</p>
* @public
*/
ToolName?: string;

/**
* <p>Category that the tool belongs to. Some of the examples
* are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.</p>
* @public
*/
ToolCategory?: string;

/**
* <p>Name of the security service that has been potentially disabled.</p>
* @public
*/
ServiceName?: string;

/**
* <p>Example of the command line involved in the suspicious activity.</p>
* @public
*/
CommandLineExample?: string;

/**
* <p>The suspicious file path for which the threat intelligence details were found.</p>
* @public
*/
ThreatFilePath?: string;
}

/**
Expand Down
6 changes: 6 additions & 0 deletions clients/client-guardduty/src/protocols/Aws_restJson1.ts
View file
Expand Up @@ -5854,6 +5854,7 @@ const de_ResourceDetails = (output: any, context: __SerdeContext): ResourceDetai
const de_RuntimeContext = (output: any, context: __SerdeContext): RuntimeContext => {
return take(output, {
AddressFamily: [, __expectString, `addressFamily`],
CommandLineExample: [, __expectString, `commandLineExample`],
FileSystemType: [, __expectString, `fileSystemType`],
Flags: [, _json, `flags`],
IanaProtocolNumber: [, __expectInt32, `ianaProtocolNumber`],
Expand All @@ -5870,9 +5871,13 @@ const de_RuntimeContext = (output: any, context: __SerdeContext): RuntimeContext
ReleaseAgentPath: [, __expectString, `releaseAgentPath`],
RuncBinaryPath: [, __expectString, `runcBinaryPath`],
ScriptPath: [, __expectString, `scriptPath`],
ServiceName: [, __expectString, `serviceName`],
ShellHistoryFilePath: [, __expectString, `shellHistoryFilePath`],
SocketPath: [, __expectString, `socketPath`],
TargetProcess: [, (_: any) => de_ProcessDetails(_, context), `targetProcess`],
ThreatFilePath: [, __expectString, `threatFilePath`],
ToolCategory: [, __expectString, `toolCategory`],
ToolName: [, __expectString, `toolName`],
}) as any;
};

Expand Down Expand Up @@ -6205,6 +6210,7 @@ const de_ThreatDetectedByName = (output: any, context: __SerdeContext): ThreatDe
*/
const de_ThreatIntelligenceDetail = (output: any, context: __SerdeContext): ThreatIntelligenceDetail => {
return take(output, {
ThreatFileSha256: [, __expectString, `threatFileSha256`],
ThreatListName: [, __expectString, `threatListName`],
ThreatNames: [, _json, `threatNames`],
}) as any;
Expand Down

0 comments on commit 11a2340

Please sign in to comment.