| Class | Description |
|---|---|
| AcceptAdministratorInvitationRequest | |
| AcceptAdministratorInvitationResult | |
| AcceptInvitationRequest | |
| AcceptInvitationResult | Deprecated |
| AccessControlList |
Contains information on the current access control policies for the bucket.
|
| AccessKeyDetails |
Contains information about the access keys.
|
| AccountDetail |
Contains information about the account.
|
| AccountFreeTrialInfo |
Provides details of the GuardDuty member account that uses a free trial service.
|
| AccountLevelPermissions |
Contains information about the account level permissions on the S3 bucket.
|
| Action |
Contains information about actions.
|
| AddonDetails |
Information about the installed EKS add-on (GuardDuty security agent).
|
| AdminAccount |
The account within the organization specified as the GuardDuty delegated administrator.
|
| Administrator |
Contains information about the administrator account and invitation.
|
| AgentDetails |
Information about the installed GuardDuty security agent.
|
| Anomaly |
Contains information about the anomalies.
|
| AnomalyObject |
Contains information about the unusual anomalies.
|
| AnomalyUnusual |
Contains information about the behavior of the anomaly that is new to GuardDuty.
|
| ArchiveFindingsRequest | |
| ArchiveFindingsResult | |
| AwsApiCallAction |
Contains information about the API action.
|
| BlockPublicAccess |
Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket.
|
| BucketLevelPermissions |
Contains information about the bucket level permissions for the S3 bucket.
|
| BucketPolicy |
Contains information on the current bucket policies for the S3 bucket.
|
| City |
Contains information about the city associated with the IP address.
|
| CloudTrailConfigurationResult |
Contains information on the status of CloudTrail as a data source for the detector.
|
| Condition |
Contains information about the condition.
|
| Container |
Details of a container.
|
| ContainerInstanceDetails |
Contains information about the Amazon EC2 instance that is running the Amazon ECS container.
|
| Country |
Contains information about the country where the remote IP address is located.
|
| CoverageEc2InstanceDetails |
Contains information about the Amazon EC2 instance runtime coverage details.
|
| CoverageEcsClusterDetails |
Contains information about Amazon ECS cluster runtime coverage details.
|
| CoverageEksClusterDetails |
Information about the EKS cluster that has a coverage status.
|
| CoverageFilterCondition |
Represents a condition that when matched will be added to the response of the operation.
|
| CoverageFilterCriteria |
Represents the criteria used in the filter.
|
| CoverageFilterCriterion |
Represents a condition that when matched will be added to the response of the operation.
|
| CoverageResource |
Information about the resource of the GuardDuty account.
|
| CoverageResourceDetails |
Information about the resource for each individual EKS cluster.
|
| CoverageSortCriteria |
Information about the sorting criteria used in the coverage statistics.
|
| CoverageStatistics |
Information about the coverage statistics for a resource.
|
| CreateDetectorRequest | |
| CreateDetectorResult | |
| CreateFilterRequest | |
| CreateFilterResult | |
| CreateIPSetRequest | |
| CreateIPSetResult | |
| CreateMalwareProtectionPlanRequest | |
| CreateMalwareProtectionPlanResult | |
| CreateMembersRequest | |
| CreateMembersResult | |
| CreateProtectedResource |
Information about the protected resource that is associated with the created Malware Protection plan.
|
| CreatePublishingDestinationRequest | |
| CreatePublishingDestinationResult | |
| CreateS3BucketResource |
Information about the protected S3 bucket resource.
|
| CreateSampleFindingsRequest | |
| CreateSampleFindingsResult | |
| CreateThreatIntelSetRequest | |
| CreateThreatIntelSetResult | |
| DataSourceConfigurations |
Contains information about which data sources are enabled.
|
| DataSourceConfigurationsResult |
Contains information on the status of data sources for the detector.
|
| DataSourceFreeTrial |
Contains information about which data sources are enabled for the GuardDuty member account.
|
| DataSourcesFreeTrial |
Contains information about which data sources are enabled for the GuardDuty member account.
|
| DeclineInvitationsRequest | |
| DeclineInvitationsResult | |
| DefaultServerSideEncryption |
Contains information on the server side encryption method used in the S3 bucket.
|
| DeleteDetectorRequest | |
| DeleteDetectorResult | |
| DeleteFilterRequest | |
| DeleteFilterResult | |
| DeleteInvitationsRequest | |
| DeleteInvitationsResult | |
| DeleteIPSetRequest | |
| DeleteIPSetResult | |
| DeleteMalwareProtectionPlanRequest | |
| DeleteMalwareProtectionPlanResult | |
| DeleteMembersRequest | |
| DeleteMembersResult | |
| DeletePublishingDestinationRequest | |
| DeletePublishingDestinationResult | |
| DeleteThreatIntelSetRequest | |
| DeleteThreatIntelSetResult | |
| DescribeMalwareScansRequest | |
| DescribeMalwareScansResult | |
| DescribeOrganizationConfigurationRequest | |
| DescribeOrganizationConfigurationResult | |
| DescribePublishingDestinationRequest | |
| DescribePublishingDestinationResult | |
| Destination |
Contains information about the publishing destination, including the ID, type, and status.
|
| DestinationProperties |
Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS
key to use to encrypt published findings.
|
| Detection |
Contains information about the detected behavior.
|
| DetectorAdditionalConfiguration |
Information about the additional configuration for a feature in your GuardDuty account.
|
| DetectorAdditionalConfigurationResult |
Information about the additional configuration.
|
| DetectorFeatureConfiguration |
Contains information about a GuardDuty feature.
|
| DetectorFeatureConfigurationResult |
Contains information about a GuardDuty feature.
|
| DisableOrganizationAdminAccountRequest | |
| DisableOrganizationAdminAccountResult | |
| DisassociateFromAdministratorAccountRequest | |
| DisassociateFromAdministratorAccountResult | |
| DisassociateFromMasterAccountRequest | |
| DisassociateFromMasterAccountResult | Deprecated |
| DisassociateMembersRequest | |
| DisassociateMembersResult | |
| DNSLogsConfigurationResult |
Contains information on the status of DNS logs as a data source.
|
| DnsRequestAction |
Contains information about the DNS_REQUEST action described in this finding.
|
| DomainDetails |
Contains information about the domain.
|
| EbsVolumeDetails |
Contains list of scanned and skipped EBS volumes with details.
|
| EbsVolumeScanDetails |
Contains details from the malware scan that created a finding.
|
| EbsVolumesResult |
Describes the configuration of scanning EBS volumes as a data source.
|
| EcsClusterDetails |
Contains information about the details of the ECS Cluster.
|
| EcsTaskDetails |
Contains information about the task in an ECS cluster.
|
| EksClusterDetails |
Details about the EKS cluster involved in a Kubernetes finding.
|
| EnableOrganizationAdminAccountRequest | |
| EnableOrganizationAdminAccountResult | |
| Evidence |
Contains information about the reason that the finding was generated.
|
| FargateDetails |
Contains information about Amazon Web Services Fargate details associated with an Amazon ECS cluster.
|
| FilterCondition |
Contains information about the condition.
|
| FilterCriteria |
Represents the criteria to be used in the filter for describing scan entries.
|
| FilterCriterion |
Represents a condition that when matched will be added to the response of the operation.
|
| Finding |
Contains information about the finding that is generated when abnormal or suspicious activity is detected.
|
| FindingCriteria |
Contains information about the criteria used for querying findings.
|
| FindingStatistics |
Contains information about finding statistics.
|
| FlowLogsConfigurationResult |
Contains information on the status of VPC flow logs as a data source.
|
| FreeTrialFeatureConfigurationResult |
Contains information about the free trial period for a feature.
|
| GeoLocation |
Contains information about the location of the remote IP address.
|
| GetAdministratorAccountRequest | |
| GetAdministratorAccountResult | |
| GetCoverageStatisticsRequest | |
| GetCoverageStatisticsResult | |
| GetDetectorRequest | |
| GetDetectorResult | |
| GetFilterRequest | |
| GetFilterResult | |
| GetFindingsRequest | |
| GetFindingsResult | |
| GetFindingsStatisticsRequest | |
| GetFindingsStatisticsResult | |
| GetInvitationsCountRequest | |
| GetInvitationsCountResult | |
| GetIPSetRequest | |
| GetIPSetResult | |
| GetMalwareProtectionPlanRequest | |
| GetMalwareProtectionPlanResult | |
| GetMalwareScanSettingsRequest | |
| GetMalwareScanSettingsResult | |
| GetMasterAccountRequest | |
| GetMasterAccountResult | Deprecated |
| GetMemberDetectorsRequest | |
| GetMemberDetectorsResult | |
| GetMembersRequest | |
| GetMembersResult | |
| GetOrganizationStatisticsRequest | |
| GetOrganizationStatisticsResult | |
| GetRemainingFreeTrialDaysRequest | |
| GetRemainingFreeTrialDaysResult | |
| GetThreatIntelSetRequest | |
| GetThreatIntelSetResult | |
| GetUsageStatisticsRequest | |
| GetUsageStatisticsResult | |
| HighestSeverityThreatDetails |
Contains details of the highest severity threat detected during scan and number of infected files.
|
| HostPath |
Represents a pre-existing file or directory on the host machine that the volume maps to.
|
| IamInstanceProfile |
Contains information about the EC2 instance profile.
|
| ImpersonatedUser |
Contains information about the impersonated user.
|
| InstanceDetails |
Contains information about the details of an instance.
|
| Invitation |
Contains information about the invitation to become a member account.
|
| InviteMembersRequest | |
| InviteMembersResult | |
| ItemPath |
Information about the nested item path and hash of the protected resource.
|
| KubernetesApiCallAction |
Information about the Kubernetes API call action described in this finding.
|
| KubernetesAuditLogsConfiguration |
Describes whether Kubernetes audit logs are enabled as a data source.
|
| KubernetesAuditLogsConfigurationResult |
Describes whether Kubernetes audit logs are enabled as a data source.
|
| KubernetesConfiguration |
Describes whether any Kubernetes data sources are enabled.
|
| KubernetesConfigurationResult |
Describes whether any Kubernetes logs will be enabled as a data source.
|
| KubernetesDataSourceFreeTrial |
Provides details about the Kubernetes resources when it is enabled as a data source.
|
| KubernetesDetails |
Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.
|
| KubernetesPermissionCheckedDetails |
Information about the Kubernetes API for which you check if you have permission to call.
|
| KubernetesRoleBindingDetails |
Contains information about the role binding that grants the permission defined in a Kubernetes role.
|
| KubernetesRoleDetails |
Information about the Kubernetes role name and role type.
|
| KubernetesUserDetails |
Details about the Kubernetes user involved in a Kubernetes finding.
|
| KubernetesWorkloadDetails |
Details about the Kubernetes workload involved in a Kubernetes finding.
|
| LambdaDetails |
Information about the Lambda function involved in the finding.
|
| LineageObject |
Information about the runtime process details.
|
| ListCoverageRequest | |
| ListCoverageResult | |
| ListDetectorsRequest | |
| ListDetectorsResult | |
| ListFiltersRequest | |
| ListFiltersResult | |
| ListFindingsRequest | |
| ListFindingsResult | |
| ListInvitationsRequest | |
| ListInvitationsResult | |
| ListIPSetsRequest | |
| ListIPSetsResult | |
| ListMalwareProtectionPlansRequest | |
| ListMalwareProtectionPlansResult | |
| ListMembersRequest | |
| ListMembersResult | |
| ListOrganizationAdminAccountsRequest | |
| ListOrganizationAdminAccountsResult | |
| ListPublishingDestinationsRequest | |
| ListPublishingDestinationsResult | |
| ListTagsForResourceRequest | |
| ListTagsForResourceResult | |
| ListThreatIntelSetsRequest | |
| ListThreatIntelSetsResult | |
| LocalIpDetails |
Contains information about the local IP address of the connection.
|
| LocalPortDetails |
Contains information about the port for the local connection.
|
| LoginAttribute |
Information about the login attempts.
|
| MalwareProtectionConfiguration |
Describes whether Malware Protection will be enabled as a data source.
|
| MalwareProtectionConfigurationResult |
An object that contains information on the status of all Malware Protection data sources.
|
| MalwareProtectionDataSourceFreeTrial |
Provides details about Malware Protection when it is enabled as a data source.
|
| MalwareProtectionPlanActions |
Information about whether the tags will be added to the S3 object after scanning.
|
| MalwareProtectionPlanStatusReason |
Information about the issue code and message associated to the status of your Malware Protection plan.
|
| MalwareProtectionPlanSummary |
Information about the Malware Protection plan resource.
|
| MalwareProtectionPlanTaggingAction |
Information about adding tags to the scanned S3 object after the scan result.
|
| MalwareScanDetails |
Information about the malware scan that generated a GuardDuty finding.
|
| Master |
Contains information about the administrator account and invitation.
|
| Member |
Contains information about the member account.
|
| MemberAdditionalConfiguration |
Information about the additional configuration for the member account.
|
| MemberAdditionalConfigurationResult |
Information about the additional configuration for the member account.
|
| MemberDataSourceConfiguration |
Contains information on which data sources are enabled for a member account.
|
| MemberFeaturesConfiguration |
Contains information about the features for the member account.
|
| MemberFeaturesConfigurationResult |
Contains information about the features for the member account.
|
| NetworkConnectionAction |
Contains information about the NETWORK_CONNECTION action described in the finding.
|
| NetworkInterface |
Contains information about the elastic network interface of the EC2 instance.
|
| Observations |
Contains information about the observed behavior.
|
| Organization |
Contains information about the ISP organization of the remote IP address.
|
| OrganizationAdditionalConfiguration |
A list of additional configurations which will be configured for the organization.
|
| OrganizationAdditionalConfigurationResult |
A list of additional configuration which will be configured for the organization.
|
| OrganizationDataSourceConfigurations |
An object that contains information on which data sources will be configured to be automatically enabled for new
members within the organization.
|
| OrganizationDataSourceConfigurationsResult |
An object that contains information on which data sources are automatically enabled for new members within the
organization.
|
| OrganizationDetails |
Information about GuardDuty coverage statistics for members in your Amazon Web Services organization.
|
| OrganizationEbsVolumes |
Organization-wide EBS volumes scan configuration.
|
| OrganizationEbsVolumesResult |
An object that contains information on the status of whether EBS volumes scanning will be enabled as a data source
for an organization.
|
| OrganizationFeatureConfiguration |
A list of features which will be configured for the organization.
|
| OrganizationFeatureConfigurationResult |
A list of features which will be configured for the organization.
|
| OrganizationFeatureStatistics |
Information about the number of accounts that have enabled a specific feature.
|
| OrganizationFeatureStatisticsAdditionalConfiguration |
Information about the coverage statistic for the additional configuration of the feature.
|
| OrganizationKubernetesAuditLogsConfiguration |
Organization-wide Kubernetes audit logs configuration.
|
| OrganizationKubernetesAuditLogsConfigurationResult |
The current configuration of Kubernetes audit logs as a data source for the organization.
|
| OrganizationKubernetesConfiguration |
Organization-wide Kubernetes data sources configurations.
|
| OrganizationKubernetesConfigurationResult |
The current configuration of all Kubernetes data sources for the organization.
|
| OrganizationMalwareProtectionConfiguration |
Organization-wide Malware Protection configurations.
|
| OrganizationMalwareProtectionConfigurationResult |
An object that contains information on the status of all Malware Protection data source for an organization.
|
| OrganizationS3LogsConfiguration |
Describes whether S3 data event logs will be automatically enabled for new members of the organization.
|
| OrganizationS3LogsConfigurationResult |
The current configuration of S3 data event logs as a data source for the organization.
|
| OrganizationScanEc2InstanceWithFindings |
Organization-wide EC2 instances with findings scan configuration.
|
| OrganizationScanEc2InstanceWithFindingsResult |
An object that contains information on the status of scanning EC2 instances with findings for an organization.
|
| OrganizationStatistics |
Information about the coverage statistics of the features for the entire Amazon Web Services organization.
|
| Owner |
Contains information on the owner of the bucket.
|
| PermissionConfiguration |
Contains information about how permissions are configured for the S3 bucket.
|
| PortProbeAction |
Contains information about the PORT_PROBE action described in the finding.
|
| PortProbeDetail |
Contains information about the port probe details.
|
| PrivateIpAddressDetails |
Contains other private IP address information of the EC2 instance.
|
| ProcessDetails |
Information about the observed process.
|
| ProductCode |
Contains information about the product code for the EC2 instance.
|
| PublicAccess |
Describes the public access policies that apply to the S3 bucket.
|
| RdsDbInstanceDetails |
Contains information about the resource type
RDSDBInstance involved in a GuardDuty finding. |
| RdsDbUserDetails |
Contains information about the user and authentication details for a database instance involved in the finding.
|
| RdsLoginAttemptAction |
Indicates that a login attempt was made to the potentially compromised database from a remote IP address.
|
| RemoteAccountDetails |
Contains details about the remote Amazon Web Services account that made the API call.
|
| RemoteIpDetails |
Contains information about the remote IP address of the connection.
|
| RemotePortDetails |
Contains information about the remote port.
|
| Resource |
Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to
generate a finding.
|
| ResourceDetails |
Represents the resources that were scanned in the scan entry.
|
| RuntimeContext |
Additional information about the suspicious activity.
|
| RuntimeDetails |
Information about the process and any required context values for a specific finding.
|
| S3BucketDetail |
Contains information on the S3 bucket.
|
| S3LogsConfiguration |
Describes whether S3 data event logs will be enabled as a data source.
|
| S3LogsConfigurationResult |
Describes whether S3 data event logs will be enabled as a data source.
|
| S3ObjectDetail |
Information about the S3 object that was scanned
|
| Scan |
Contains information about a malware scan.
|
| ScanCondition |
Contains information about the condition.
|
| ScanConditionPair |
Represents the
key:value pair to be matched against given resource property. |
| ScanDetections |
Contains a complete view providing malware scan result details.
|
| ScanEc2InstanceWithFindings |
Describes whether Malware Protection for EC2 instances with findings will be enabled as a data source.
|
| ScanEc2InstanceWithFindingsResult |
An object that contains information on the status of whether Malware Protection for EC2 instances with findings will
be enabled as a data source.
|
| ScanFilePath |
Contains details of infected file including name, file path and hash.
|
| ScannedItemCount |
Total number of scanned files.
|
| ScanResourceCriteria |
Contains information about criteria used to filter resources before triggering malware scan.
|
| ScanResultDetails |
Represents the result of the scan.
|
| ScanThreatName |
Contains files infected with the given threat providing details of malware name and severity.
|
| SecurityContext |
Container security context.
|
| SecurityGroup |
Contains information about the security groups associated with the EC2 instance.
|
| Service |
Contains additional information about the generated finding.
|
| ServiceAdditionalInfo |
Additional information about the generated finding.
|
| SortCriteria |
Contains information about the criteria used for sorting findings.
|
| StartMalwareScanRequest | |
| StartMalwareScanResult | |
| StartMonitoringMembersRequest | |
| StartMonitoringMembersResult | |
| StopMonitoringMembersRequest | |
| StopMonitoringMembersResult | |
| Tag |
Contains information about a tag associated with the EC2 instance.
|
| TagResourceRequest | |
| TagResourceResult | |
| Threat |
Information about the detected threats associated with the generated finding.
|
| ThreatDetectedByName |
Contains details about identified threats organized by threat name.
|
| ThreatIntelligenceDetail |
An instance of a threat intelligence detail that constitutes evidence for the finding.
|
| ThreatsDetectedItemCount |
Contains total number of infected files.
|
| Total |
Contains the total usage with the corresponding currency unit for that value.
|
| TriggerDetails |
Represents the reason the scan was triggered.
|
| UnarchiveFindingsRequest | |
| UnarchiveFindingsResult | |
| UnprocessedAccount |
Contains information about the accounts that weren't processed.
|
| UnprocessedDataSourcesResult |
Specifies the names of the data sources that couldn't be enabled.
|
| UntagResourceRequest | |
| UntagResourceResult | |
| UpdateDetectorRequest | |
| UpdateDetectorResult | |
| UpdateFilterRequest | |
| UpdateFilterResult | |
| UpdateFindingsFeedbackRequest | |
| UpdateFindingsFeedbackResult | |
| UpdateIPSetRequest | |
| UpdateIPSetResult | |
| UpdateMalwareProtectionPlanRequest | |
| UpdateMalwareProtectionPlanResult | |
| UpdateMalwareScanSettingsRequest | |
| UpdateMalwareScanSettingsResult | |
| UpdateMemberDetectorsRequest | |
| UpdateMemberDetectorsResult | |
| UpdateOrganizationConfigurationRequest | |
| UpdateOrganizationConfigurationResult | |
| UpdateProtectedResource |
Information about the protected resource that is associated with the created Malware Protection plan.
|
| UpdatePublishingDestinationRequest | |
| UpdatePublishingDestinationResult | |
| UpdateS3BucketResource |
Information about the protected S3 bucket resource.
|
| UpdateThreatIntelSetRequest | |
| UpdateThreatIntelSetResult | |
| UsageAccountResult |
Contains information on the total of usage based on account IDs.
|
| UsageCriteria |
Contains information about the criteria used to query usage statistics.
|
| UsageDataSourceResult |
Contains information on the result of usage based on data source type.
|
| UsageFeatureResult |
Contains information about the result of the total usage based on the feature.
|
| UsageResourceResult |
Contains information on the sum of usage based on an Amazon Web Services resource.
|
| UsageStatistics |
Contains the result of GuardDuty usage.
|
| UsageTopAccountResult |
Contains information on the total of usage based on the topmost 50 account IDs.
|
| UsageTopAccountsResult |
Information about the usage statistics, calculated by top accounts by feature.
|
| Volume |
Volume used by the Kubernetes workload.
|
| VolumeDetail |
Contains EBS volume details.
|
| VolumeMount |
Container volume mount.
|
| VpcConfig |
Amazon Virtual Private Cloud configuration details associated with your Lambda function.
|
| Exception | Description |
|---|---|
| AccessDeniedException |
An access denied exception object.
|
| AmazonGuardDutyException |
Base exception for all service exceptions thrown by Amazon GuardDuty
|
| BadRequestException |
A bad request exception object.
|
| ConflictException |
A request conflict exception object.
|
| InternalServerErrorException |
An internal server error exception object.
|
| ResourceNotFoundException |
The requested resource can't be found.
|