Amazon GuardDuty

2019/11/15 - Amazon GuardDuty - 5 new api methods

Changes  Update guardduty client to latest version

ListPublishingDestinations (new) Link ¶

Returns a list of publishing destinations associated with the specified dectectorId.

See also: AWS API Documentation

Request Syntax

client.list_publishing_destinations(
    DetectorId='string',
    MaxResults=123,
    NextToken='string'
)
type DetectorId:

string

param DetectorId:

[REQUIRED]

The ID of the detector to retrieve publishing destinations for.

type MaxResults:

integer

param MaxResults:

The maximum number of results to return in the response.

type NextToken:

string

param NextToken:

A token to use for paginating results returned in the repsonse. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

rtype:

dict

returns:

Response Syntax

{
    'Destinations': [
        {
            'DestinationId': 'string',
            'DestinationType': 'S3',
            'Status': 'PENDING_VERIFICATION'|'PUBLISHING'|'UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY'|'STOPPED'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Destinations (list) --

      A Destinations obect that includes information about each publishing destination returned.

      • (dict) --

        Contains information about a publishing destination, including the ID, type, and status.

        • DestinationId (string) --

          The unique ID of the publishing destination.

        • DestinationType (string) --

          The type of resource used for the publishing destination. Currently, only S3 is supported.

        • Status (string) --

          The status of the publishing destination.

    • NextToken (string) --

      A token to use for paginating results returned in the repsonse. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

UpdatePublishingDestination (new) Link ¶

Updates information about the publishing destination specified by the destinationId.

See also: AWS API Documentation

Request Syntax

client.update_publishing_destination(
    DetectorId='string',
    DestinationId='string',
    DestinationProperties={
        'DestinationArn': 'string',
        'KmsKeyArn': 'string'
    }
)
type DetectorId:

string

param DetectorId:

[REQUIRED]

The ID of the

type DestinationId:

string

param DestinationId:

[REQUIRED]

The ID of the detector associated with the publishing destinations to update.

type DestinationProperties:

dict

param DestinationProperties:

A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

  • DestinationArn (string) --

    The ARN of the resource to publish to.

  • KmsKeyArn (string) --

    The ARN of the KMS key to use for encryption.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

CreatePublishingDestination (new) Link ¶

Creates a publishing destination to send findings to. The resource to send findings to must exist before you use this operation.

See also: AWS API Documentation

Request Syntax

client.create_publishing_destination(
    DetectorId='string',
    DestinationType='S3',
    DestinationProperties={
        'DestinationArn': 'string',
        'KmsKeyArn': 'string'
    },
    ClientToken='string'
)
type DetectorId:

string

param DetectorId:

[REQUIRED]

The ID of the GuardDuty detector associated with the publishing destination.

type DestinationType:

string

param DestinationType:

[REQUIRED]

The type of resource for the publishing destination. Currently only S3 is supported.

type DestinationProperties:

dict

param DestinationProperties:

[REQUIRED]

Properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.

  • DestinationArn (string) --

    The ARN of the resource to publish to.

  • KmsKeyArn (string) --

    The ARN of the KMS key to use for encryption.

type ClientToken:

string

param ClientToken:

The idempotency token for the request.

This field is autopopulated if not provided.

rtype:

dict

returns:

Response Syntax

{
    'DestinationId': 'string'
}

Response Structure

  • (dict) --

    • DestinationId (string) --

      The ID of the publishing destination created.

DeletePublishingDestination (new) Link ¶

Deletes the publishing definition with the specified destinationId.

See also: AWS API Documentation

Request Syntax

client.delete_publishing_destination(
    DetectorId='string',
    DestinationId='string'
)
type DetectorId:

string

param DetectorId:

[REQUIRED]

The unique ID of the detector associated with the publishing destination to delete.

type DestinationId:

string

param DestinationId:

[REQUIRED]

The ID of the publishing destination to delete.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

DescribePublishingDestination (new) Link ¶

Returns information about the publishing destination specified by the provided destinationId.

See also: AWS API Documentation

Request Syntax

client.describe_publishing_destination(
    DetectorId='string',
    DestinationId='string'
)
type DetectorId:

string

param DetectorId:

[REQUIRED]

The unique ID of the detector associated with the publishing destination to retrieve.

type DestinationId:

string

param DestinationId:

[REQUIRED]

The ID of the publishing destination to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'DestinationId': 'string',
    'DestinationType': 'S3',
    'Status': 'PENDING_VERIFICATION'|'PUBLISHING'|'UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY'|'STOPPED',
    'PublishingFailureStartTimestamp': 123,
    'DestinationProperties': {
        'DestinationArn': 'string',
        'KmsKeyArn': 'string'
    }
}

Response Structure

  • (dict) --

    • DestinationId (string) --

      The ID of the publishing destination.

    • DestinationType (string) --

      The type of the publishing destination. Currently, only S3 is supported.

    • Status (string) --

      The status of the publishing destination.

    • PublishingFailureStartTimestamp (integer) --

      The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.

    • DestinationProperties (dict) --

      A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

      • DestinationArn (string) --

        The ARN of the resource to publish to.

      • KmsKeyArn (string) --

        The ARN of the KMS key to use for encryption.