Amazon GuardDuty

2019/11/15 - Amazon GuardDuty - 5 new api methods

Changes  This release includes new operations related to findings export, including: CreatePublishingDestination, UpdatePublishingDestination, DescribePublishingDestination, DeletePublishingDestination and ListPublishingDestinations.

ListPublishingDestinations (new) Link ¶

Returns a list of publishing destinations associated with the specified dectectorId .

See also: AWS API Documentation

Request Syntax

client.list_publishing_destinations(
    DetectorId='string',
    MaxResults=123,
    NextToken='string'
)
type DetectorId

string

param DetectorId

[REQUIRED]

The ID of the detector to retrieve publishing destinations for.

type MaxResults

integer

param MaxResults

The maximum number of results to return in the response.

type NextToken

string

param NextToken

A token to use for paginating results returned in the repsonse. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

rtype

dict

returns

Response Syntax

{
    'Destinations': [
        {
            'DestinationId': 'string',
            'DestinationType': 'S3',
            'Status': 'PENDING_VERIFICATION'|'PUBLISHING'|'UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY'|'STOPPED'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Destinations (list) --

      A Destinations obect that includes information about each publishing destination returned.

      • (dict) --

        Contains information about a publishing destination, including the ID, type, and status.

        • DestinationId (string) --

          The unique ID of the publishing destination.

        • DestinationType (string) --

          The type of resource used for the publishing destination. Currently, only S3 is supported.

        • Status (string) --

          The status of the publishing destination.

    • NextToken (string) --

      A token to use for paginating results returned in the repsonse. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

UpdatePublishingDestination (new) Link ¶

Updates information about the publishing destination specified by the destinationId .

See also: AWS API Documentation

Request Syntax

client.update_publishing_destination(
    DetectorId='string',
    DestinationId='string',
    DestinationProperties={
        'DestinationArn': 'string',
        'KmsKeyArn': 'string'
    }
)
type DetectorId

string

param DetectorId

[REQUIRED]

The ID of the

type DestinationId

string

param DestinationId

[REQUIRED]

The ID of the detector associated with the publishing destinations to update.

type DestinationProperties

dict

param DestinationProperties

A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

  • DestinationArn (string) --

    The ARN of the resource to publish to.

  • KmsKeyArn (string) --

    The ARN of the KMS key to use for encryption.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

DescribePublishingDestination (new) Link ¶

Returns information about the publishing destination specified by the provided destinationId .

See also: AWS API Documentation

Request Syntax

client.describe_publishing_destination(
    DetectorId='string',
    DestinationId='string'
)
type DetectorId

string

param DetectorId

[REQUIRED]

The unique ID of the detector associated with the publishing destination to retrieve.

type DestinationId

string

param DestinationId

[REQUIRED]

The ID of the publishing destination to retrieve.

rtype

dict

returns

Response Syntax

{
    'DestinationId': 'string',
    'DestinationType': 'S3',
    'Status': 'PENDING_VERIFICATION'|'PUBLISHING'|'UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY'|'STOPPED',
    'PublishingFailureStartTimestamp': 123,
    'DestinationProperties': {
        'DestinationArn': 'string',
        'KmsKeyArn': 'string'
    }
}

Response Structure

  • (dict) --

    • DestinationId (string) --

      The ID of the publishing destination.

    • DestinationType (string) --

      The type of the publishing destination. Currently, only S3 is supported.

    • Status (string) --

      The status of the publishing destination.

    • PublishingFailureStartTimestamp (integer) --

      The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.

    • DestinationProperties (dict) --

      A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

      • DestinationArn (string) --

        The ARN of the resource to publish to.

      • KmsKeyArn (string) --

        The ARN of the KMS key to use for encryption.

CreatePublishingDestination (new) Link ¶

Creates a publishing destination to send findings to. The resource to send findings to must exist before you use this operation.

See also: AWS API Documentation

Request Syntax

client.create_publishing_destination(
    DetectorId='string',
    DestinationType='S3',
    DestinationProperties={
        'DestinationArn': 'string',
        'KmsKeyArn': 'string'
    },
    ClientToken='string'
)
type DetectorId

string

param DetectorId

[REQUIRED]

The ID of the GuardDuty detector associated with the publishing destination.

type DestinationType

string

param DestinationType

[REQUIRED]

The type of resource for the publishing destination. Currently only S3 is supported.

type DestinationProperties

dict

param DestinationProperties

[REQUIRED]

Properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.

  • DestinationArn (string) --

    The ARN of the resource to publish to.

  • KmsKeyArn (string) --

    The ARN of the KMS key to use for encryption.

type ClientToken

string

param ClientToken

The idempotency token for the request.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{
    'DestinationId': 'string'
}

Response Structure

  • (dict) --

    • DestinationId (string) --

      The ID of the publishing destination created.

DeletePublishingDestination (new) Link ¶

Deletes the publishing definition with the specified destinationId .

See also: AWS API Documentation

Request Syntax

client.delete_publishing_destination(
    DetectorId='string',
    DestinationId='string'
)
type DetectorId

string

param DetectorId

[REQUIRED]

The unique ID of the detector associated with the publishing destination to delete.

type DestinationId

string

param DestinationId

[REQUIRED]

The ID of the publishing destination to delete.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --