Amazon GuardDuty

{'Tags': {'string': 'string'}}

Creates a publishing destination where you can export your GuardDuty findings. Before you start exporting the findings, the destination resource must exist.

See also: AWS API Documentation

Request Syntax

client.create_publishing_destination(
    DetectorId='string',
    DestinationType='S3',
    DestinationProperties={
        'DestinationArn': 'string',
        'KmsKeyArn': 'string'
    },
    ClientToken='string',
    Tags={
        'string': 'string'
    }
)

type DetectorId:

string

param DetectorId:

[REQUIRED]

The ID of the GuardDuty detector associated with the publishing destination.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

type DestinationType:

string

param DestinationType:

[REQUIRED]

The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.

type DestinationProperties:

dict

param DestinationProperties:

[REQUIRED]

The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.

• DestinationArn (string) --

  The ARN of the resource to publish to.

  To specify an S3 bucket folder use the following format: arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/

• KmsKeyArn (string) --

  The ARN of the KMS key to use for encryption.

type ClientToken:

string

param ClientToken:

The idempotency token for the request.

This field is autopopulated if not provided.

type Tags:

dict

param Tags:

The tags to be added to a new publishing destination resource.

• (string) --

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'DestinationId': 'string'
}

Response Structure

• (dict) --

  • DestinationId (string) --

    The ID of the publishing destination that is created.

{'Tags': {'string': 'string'}}

Returns information about the publishing destination specified by the provided destinationId.

See also: AWS API Documentation

Request Syntax

client.describe_publishing_destination(
    DetectorId='string',
    DestinationId='string'
)

type DetectorId:

string

param DetectorId:

[REQUIRED]

The unique ID of the detector associated with the publishing destination to retrieve.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

type DestinationId:

string

param DestinationId:

[REQUIRED]

The ID of the publishing destination to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'DestinationId': 'string',
    'DestinationType': 'S3',
    'Status': 'PENDING_VERIFICATION'|'PUBLISHING'|'UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY'|'STOPPED',
    'PublishingFailureStartTimestamp': 123,
    'DestinationProperties': {
        'DestinationArn': 'string',
        'KmsKeyArn': 'string'
    },
    'Tags': {
        'string': 'string'
    }
}

Response Structure

• (dict) --

  • DestinationId (string) --

    The ID of the publishing destination.

  • DestinationType (string) --

    The type of publishing destination. Currently, only Amazon S3 buckets are supported.

  • Status (string) --

    The status of the publishing destination.

  • PublishingFailureStartTimestamp (integer) --

    The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.

  • DestinationProperties (dict) --

    A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

    • DestinationArn (string) --

      The ARN of the resource to publish to.

      To specify an S3 bucket folder use the following format: arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/

    • KmsKeyArn (string) --

      The ARN of the KMS key to use for encryption.

  • Tags (dict) --

    The tags of the publishing destination resource.

    • (string) --

      • (string) --