2023/11/27 - Amazon GuardDuty - 11 updated api methods
Changes Add support for Runtime Monitoring for ECS and ECS-EC2.
{'Features': {'AdditionalConfiguration': {'Name': {'ECS_FARGATE_AGENT_MANAGEMENT'}},
'Name': {'RUNTIME_MONITORING'}}}
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.create_detector(
Enable=True|False,
ClientToken='string',
FindingPublishingFrequency='FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
DataSources={
'S3Logs': {
'Enable': True|False
},
'Kubernetes': {
'AuditLogs': {
'Enable': True|False
}
},
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'EbsVolumes': True|False
}
}
},
Tags={
'string': 'string'
},
Features=[
{
'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'RUNTIME_MONITORING',
'Status': 'ENABLED'|'DISABLED',
'AdditionalConfiguration': [
{
'Name': 'EKS_ADDON_MANAGEMENT'|'ECS_FARGATE_AGENT_MANAGEMENT',
'Status': 'ENABLED'|'DISABLED'
},
]
},
]
)
boolean
[REQUIRED]
A Boolean value that specifies whether the detector is to be enabled.
string
The idempotency token for the create request.
This field is autopopulated if not provided.
string
A value that specifies how frequently updated findings are exported.
dict
Describes which data sources will be enabled for the detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
Enable (boolean) -- [REQUIRED]
The status of S3 data event logs as a data source.
Kubernetes (dict) --
Describes whether any Kubernetes logs are enabled as data sources.
AuditLogs (dict) -- [REQUIRED]
The status of Kubernetes audit logs as a data source.
Enable (boolean) -- [REQUIRED]
The status of Kubernetes audit logs as a data source.
MalwareProtection (dict) --
Describes whether Malware Protection is enabled as a data source.
ScanEc2InstanceWithFindings (dict) --
Describes the configuration of Malware Protection for EC2 instances with findings.
EbsVolumes (boolean) --
Describes the configuration for scanning EBS volumes as data source.
dict
The tags to be added to a new detector resource.
(string) --
(string) --
list
A list of features that will be configured for the detector.
(dict) --
Contains information about a GuardDuty feature.
Name (string) --
The name of the feature.
Status (string) --
The status of the feature.
AdditionalConfiguration (list) --
Additional configuration for a resource.
(dict) --
Information about the additional configuration for a feature in your GuardDuty account.
Name (string) --
Name of the additional configuration.
Status (string) --
Status of the additional configuration.
dict
Response Syntax
{
'DetectorId': 'string',
'UnprocessedDataSources': {
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'EbsVolumes': {
'Status': 'ENABLED'|'DISABLED',
'Reason': 'string'
}
},
'ServiceRole': 'string'
}
}
}
Response Structure
(dict) --
DetectorId (string) --
The unique ID of the created detector.
UnprocessedDataSources (dict) --
Specifies the data sources that couldn't be enabled when GuardDuty was enabled for the first time.
MalwareProtection (dict) --
An object that contains information on the status of all Malware Protection data sources.
ScanEc2InstanceWithFindings (dict) --
Describes the configuration of Malware Protection for EC2 instances with findings.
EbsVolumes (dict) --
Describes the configuration of scanning EBS volumes as a data source.
Status (string) --
Describes whether scanning EBS volumes is enabled as a data source.
Reason (string) --
Specifies the reason why scanning EBS volumes (Malware Protection) was not enabled as a data source.
ServiceRole (string) --
The GuardDuty Malware Protection service role.
{'Features': {'AdditionalConfiguration': {'Name': {'ECS_FARGATE_AGENT_MANAGEMENT'}},
'Name': {'RUNTIME_MONITORING'}}}
Returns information about the account selected as the delegated administrator for GuardDuty.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.describe_organization_configuration(
DetectorId='string',
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The ID of the detector to retrieve information about the delegated administrator from.
integer
You can use this parameter to indicate the maximum number of items that you want in the response.
string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
dict
Response Syntax
{
'AutoEnable': True|False,
'MemberAccountLimitReached': True|False,
'DataSources': {
'S3Logs': {
'AutoEnable': True|False
},
'Kubernetes': {
'AuditLogs': {
'AutoEnable': True|False
}
},
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'EbsVolumes': {
'AutoEnable': True|False
}
}
}
},
'Features': [
{
'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'RUNTIME_MONITORING',
'AutoEnable': 'NEW'|'NONE'|'ALL',
'AdditionalConfiguration': [
{
'Name': 'EKS_ADDON_MANAGEMENT'|'ECS_FARGATE_AGENT_MANAGEMENT',
'AutoEnable': 'NEW'|'NONE'|'ALL'
},
]
},
],
'NextToken': 'string',
'AutoEnableOrganizationMembers': 'NEW'|'ALL'|'NONE'
}
Response Structure
(dict) --
AutoEnable (boolean) --
Indicates whether GuardDuty is automatically enabled for accounts added to the organization.
Even though this is still supported, we recommend using AutoEnableOrganizationMembers to achieve the similar results.
MemberAccountLimitReached (boolean) --
Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator account for your organization.
DataSources (dict) --
Describes which data sources are enabled automatically for member accounts.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
AutoEnable (boolean) --
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
Kubernetes (dict) --
Describes the configuration of Kubernetes data sources.
AuditLogs (dict) --
The current configuration of Kubernetes audit logs as a data source for the organization.
AutoEnable (boolean) --
Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.
MalwareProtection (dict) --
Describes the configuration of Malware Protection data source for an organization.
ScanEc2InstanceWithFindings (dict) --
Describes the configuration for scanning EC2 instances with findings for an organization.
EbsVolumes (dict) --
Describes the configuration for scanning EBS volumes for an organization.
AutoEnable (boolean) --
An object that contains the status of whether scanning EBS volumes should be auto-enabled for new members joining the organization.
Features (list) --
A list of features that are configured for this organization.
(dict) --
A list of features which will be configured for the organization.
Name (string) --
The name of the feature that is configured for the member accounts within the organization.
AutoEnable (string) --
Describes the status of the feature that is configured for the member accounts within the organization.
NEW : Indicates that when a new account joins the organization, they will have the feature enabled automatically.
ALL : Indicates that all accounts in the organization have the feature enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE : Indicates that the feature will not be automatically enabled for any account in the organization. In this case, each account will be managed individually by the administrator.
AdditionalConfiguration (list) --
The additional configuration that is configured for the member accounts within the organization.
(dict) --
A list of additional configuration which will be configured for the organization.
Name (string) --
The name of the additional configuration that is configured for the member accounts within the organization.
AutoEnable (string) --
Describes the status of the additional configuration that is configured for the member accounts within the organization. One of the following values is the status for the entire organization:
NEW : Indicates that when a new account joins the organization, they will have the additional configuration enabled automatically.
ALL : Indicates that all accounts in the organization have the additional configuration enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty. It may take up to 24 hours to update the configuration for all the member accounts.
NONE : Indicates that the additional configuration will not be automatically enabled for any account in the organization. The administrator must manage the additional configuration for each account individually.
NextToken (string) --
The pagination parameter to be used on the next list operation to retrieve more items.
AutoEnableOrganizationMembers (string) --
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization.
NEW : Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically.
ALL : Indicates that all accounts in the organization have GuardDuty enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE : Indicates that GuardDuty will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.
{'FilterCriteria': {'FilterCriterion': {'CriterionKey': {'AGENT_VERSION',
'CLUSTER_ARN',
'ECS_CLUSTER_NAME',
'INSTANCE_ID'}}}}
Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled EKS Runtime Monitoring and have the GuardDuty agent running on their EKS nodes.
See also: AWS API Documentation
Request Syntax
client.get_coverage_statistics(
DetectorId='string',
FilterCriteria={
'FilterCriterion': [
{
'CriterionKey': 'ACCOUNT_ID'|'CLUSTER_NAME'|'RESOURCE_TYPE'|'COVERAGE_STATUS'|'ADDON_VERSION'|'MANAGEMENT_TYPE'|'EKS_CLUSTER_NAME'|'ECS_CLUSTER_NAME'|'AGENT_VERSION'|'INSTANCE_ID'|'CLUSTER_ARN',
'FilterCondition': {
'Equals': [
'string',
],
'NotEquals': [
'string',
]
}
},
]
},
StatisticsType=[
'COUNT_BY_RESOURCE_TYPE'|'COUNT_BY_COVERAGE_STATUS',
]
)
string
[REQUIRED]
The unique ID of the GuardDuty detector associated to the coverage statistics.
dict
Represents the criteria used to filter the coverage statistics
FilterCriterion (list) --
Represents a condition that when matched will be added to the response of the operation.
(dict) --
Represents a condition that when matched will be added to the response of the operation.
CriterionKey (string) --
An enum value representing possible filter fields.
Note
Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME . CLUSTER_NAME has been deprecated.
FilterCondition (dict) --
Contains information about the condition.
Equals (list) --
Represents an equal condition that is applied to a single field while retrieving the coverage details.
(string) --
NotEquals (list) --
Represents a not equal condition that is applied to a single field while retrieving the coverage details.
(string) --
list
[REQUIRED]
Represents the statistics type used to aggregate the coverage details.
(string) --
dict
Response Syntax
{
'CoverageStatistics': {
'CountByResourceType': {
'string': 123
},
'CountByCoverageStatus': {
'string': 123
}
}
}
Response Structure
(dict) --
CoverageStatistics (dict) --
Represents the count aggregated by the statusCode and resourceType .
CountByResourceType (dict) --
Represents coverage statistics for EKS clusters aggregated by resource type.
(string) --
(integer) --
CountByCoverageStatus (dict) --
Represents coverage statistics for EKS clusters aggregated by coverage status.
(string) --
(integer) --
{'Features': {'AdditionalConfiguration': {'Name': {'ECS_FARGATE_AGENT_MANAGEMENT'}},
'Name': {'RUNTIME_MONITORING'}}}
Retrieves an Amazon GuardDuty detector specified by the detectorId.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.get_detector(
DetectorId='string'
)
string
[REQUIRED]
The unique ID of the detector that you want to get.
dict
Response Syntax
{
'CreatedAt': 'string',
'FindingPublishingFrequency': 'FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
'ServiceRole': 'string',
'Status': 'ENABLED'|'DISABLED',
'UpdatedAt': 'string',
'DataSources': {
'CloudTrail': {
'Status': 'ENABLED'|'DISABLED'
},
'DNSLogs': {
'Status': 'ENABLED'|'DISABLED'
},
'FlowLogs': {
'Status': 'ENABLED'|'DISABLED'
},
'S3Logs': {
'Status': 'ENABLED'|'DISABLED'
},
'Kubernetes': {
'AuditLogs': {
'Status': 'ENABLED'|'DISABLED'
}
},
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'EbsVolumes': {
'Status': 'ENABLED'|'DISABLED',
'Reason': 'string'
}
},
'ServiceRole': 'string'
}
},
'Tags': {
'string': 'string'
},
'Features': [
{
'Name': 'FLOW_LOGS'|'CLOUD_TRAIL'|'DNS_LOGS'|'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'RUNTIME_MONITORING',
'Status': 'ENABLED'|'DISABLED',
'UpdatedAt': datetime(2015, 1, 1),
'AdditionalConfiguration': [
{
'Name': 'EKS_ADDON_MANAGEMENT'|'ECS_FARGATE_AGENT_MANAGEMENT',
'Status': 'ENABLED'|'DISABLED',
'UpdatedAt': datetime(2015, 1, 1)
},
]
},
]
}
Response Structure
(dict) --
CreatedAt (string) --
The timestamp of when the detector was created.
FindingPublishingFrequency (string) --
The publishing frequency of the finding.
ServiceRole (string) --
The GuardDuty service role.
Status (string) --
The detector status.
UpdatedAt (string) --
The last-updated timestamp for the detector.
DataSources (dict) --
Describes which data sources are enabled for the detector.
CloudTrail (dict) --
An object that contains information on the status of CloudTrail as a data source.
Status (string) --
Describes whether CloudTrail is enabled as a data source for the detector.
DNSLogs (dict) --
An object that contains information on the status of DNS logs as a data source.
Status (string) --
Denotes whether DNS logs is enabled as a data source.
FlowLogs (dict) --
An object that contains information on the status of VPC flow logs as a data source.
Status (string) --
Denotes whether VPC flow logs is enabled as a data source.
S3Logs (dict) --
An object that contains information on the status of S3 Data event logs as a data source.
Status (string) --
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
Kubernetes (dict) --
An object that contains information on the status of all Kubernetes data sources.
AuditLogs (dict) --
Describes whether Kubernetes audit logs are enabled as a data source.
Status (string) --
A value that describes whether Kubernetes audit logs are enabled as a data source.
MalwareProtection (dict) --
Describes the configuration of Malware Protection data sources.
ScanEc2InstanceWithFindings (dict) --
Describes the configuration of Malware Protection for EC2 instances with findings.
EbsVolumes (dict) --
Describes the configuration of scanning EBS volumes as a data source.
Status (string) --
Describes whether scanning EBS volumes is enabled as a data source.
Reason (string) --
Specifies the reason why scanning EBS volumes (Malware Protection) was not enabled as a data source.
ServiceRole (string) --
The GuardDuty Malware Protection service role.
Tags (dict) --
The tags of the detector resource.
(string) --
(string) --
Features (list) --
Describes the features that have been enabled for the detector.
(dict) --
Contains information about a GuardDuty feature.
Name (string) --
Indicates the name of the feature that can be enabled for the detector.
Status (string) --
Indicates the status of the feature that is enabled for the detector.
UpdatedAt (datetime) --
The timestamp at which the feature object was updated.
AdditionalConfiguration (list) --
Additional configuration for a resource.
(dict) --
Information about the additional configuration.
Name (string) --
Name of the additional configuration.
Status (string) --
Status of the additional configuration.
UpdatedAt (datetime) --
The timestamp at which the additional configuration was last updated. This is in UTC format.
{'MemberDataSourceConfigurations': {'Features': {'AdditionalConfiguration': {'Name': {'ECS_FARGATE_AGENT_MANAGEMENT'}},
'Name': {'RUNTIME_MONITORING'}}}}
Describes which data sources are enabled for the member account's detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.get_member_detectors(
DetectorId='string',
AccountIds=[
'string',
]
)
string
[REQUIRED]
The detector ID for the administrator account.
list
[REQUIRED]
The account ID of the member account.
(string) --
dict
Response Syntax
{
'MemberDataSourceConfigurations': [
{
'AccountId': 'string',
'DataSources': {
'CloudTrail': {
'Status': 'ENABLED'|'DISABLED'
},
'DNSLogs': {
'Status': 'ENABLED'|'DISABLED'
},
'FlowLogs': {
'Status': 'ENABLED'|'DISABLED'
},
'S3Logs': {
'Status': 'ENABLED'|'DISABLED'
},
'Kubernetes': {
'AuditLogs': {
'Status': 'ENABLED'|'DISABLED'
}
},
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'EbsVolumes': {
'Status': 'ENABLED'|'DISABLED',
'Reason': 'string'
}
},
'ServiceRole': 'string'
}
},
'Features': [
{
'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'RUNTIME_MONITORING',
'Status': 'ENABLED'|'DISABLED',
'UpdatedAt': datetime(2015, 1, 1),
'AdditionalConfiguration': [
{
'Name': 'EKS_ADDON_MANAGEMENT'|'ECS_FARGATE_AGENT_MANAGEMENT',
'Status': 'ENABLED'|'DISABLED',
'UpdatedAt': datetime(2015, 1, 1)
},
]
},
]
},
],
'UnprocessedAccounts': [
{
'AccountId': 'string',
'Result': 'string'
},
]
}
Response Structure
(dict) --
MemberDataSourceConfigurations (list) --
An object that describes which data sources are enabled for a member account.
(dict) --
Contains information on which data sources are enabled for a member account.
AccountId (string) --
The account ID for the member account.
DataSources (dict) --
Contains information on the status of data sources for the account.
CloudTrail (dict) --
An object that contains information on the status of CloudTrail as a data source.
Status (string) --
Describes whether CloudTrail is enabled as a data source for the detector.
DNSLogs (dict) --
An object that contains information on the status of DNS logs as a data source.
Status (string) --
Denotes whether DNS logs is enabled as a data source.
FlowLogs (dict) --
An object that contains information on the status of VPC flow logs as a data source.
Status (string) --
Denotes whether VPC flow logs is enabled as a data source.
S3Logs (dict) --
An object that contains information on the status of S3 Data event logs as a data source.
Status (string) --
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
Kubernetes (dict) --
An object that contains information on the status of all Kubernetes data sources.
AuditLogs (dict) --
Describes whether Kubernetes audit logs are enabled as a data source.
Status (string) --
A value that describes whether Kubernetes audit logs are enabled as a data source.
MalwareProtection (dict) --
Describes the configuration of Malware Protection data sources.
ScanEc2InstanceWithFindings (dict) --
Describes the configuration of Malware Protection for EC2 instances with findings.
EbsVolumes (dict) --
Describes the configuration of scanning EBS volumes as a data source.
Status (string) --
Describes whether scanning EBS volumes is enabled as a data source.
Reason (string) --
Specifies the reason why scanning EBS volumes (Malware Protection) was not enabled as a data source.
ServiceRole (string) --
The GuardDuty Malware Protection service role.
Features (list) --
Contains information about the status of the features for the member account.
(dict) --
Contains information about the features for the member account.
Name (string) --
Indicates the name of the feature that is enabled for the detector.
Status (string) --
Indicates the status of the feature that is enabled for the detector.
UpdatedAt (datetime) --
The timestamp at which the feature object was updated.
AdditionalConfiguration (list) --
Indicates the additional configuration of the feature that is configured for the member account.
(dict) --
Information about the additional configuration for the member account.
Name (string) --
Indicates the name of the additional configuration that is set for the member account.
Status (string) --
Indicates the status of the additional configuration that is set for the member account.
UpdatedAt (datetime) --
The timestamp at which the additional configuration was set for the member account. This is in UTC format.
UnprocessedAccounts (list) --
A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.
(dict) --
Contains information about the accounts that weren't processed.
AccountId (string) --
The Amazon Web Services account ID.
Result (string) --
A reason why the account hasn't been processed.
{'Accounts': {'Features': {'Name': {'EC2_RUNTIME_MONITORING',
'FARGATE_RUNTIME_MONITORING'}}}}
Provides the number of days left for each data source used in the free trial period.
See also: AWS API Documentation
Request Syntax
client.get_remaining_free_trial_days(
DetectorId='string',
AccountIds=[
'string',
]
)
string
[REQUIRED]
The unique ID of the detector of the GuardDuty member account.
list
A list of account identifiers of the GuardDuty member account.
(string) --
dict
Response Syntax
{
'Accounts': [
{
'AccountId': 'string',
'DataSources': {
'CloudTrail': {
'FreeTrialDaysRemaining': 123
},
'DnsLogs': {
'FreeTrialDaysRemaining': 123
},
'FlowLogs': {
'FreeTrialDaysRemaining': 123
},
'S3Logs': {
'FreeTrialDaysRemaining': 123
},
'Kubernetes': {
'AuditLogs': {
'FreeTrialDaysRemaining': 123
}
},
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'FreeTrialDaysRemaining': 123
}
}
},
'Features': [
{
'Name': 'FLOW_LOGS'|'CLOUD_TRAIL'|'DNS_LOGS'|'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'FARGATE_RUNTIME_MONITORING'|'EC2_RUNTIME_MONITORING',
'FreeTrialDaysRemaining': 123
},
]
},
],
'UnprocessedAccounts': [
{
'AccountId': 'string',
'Result': 'string'
},
]
}
Response Structure
(dict) --
Accounts (list) --
The member accounts which were included in a request and were processed successfully.
(dict) --
Provides details of the GuardDuty member account that uses a free trial service.
AccountId (string) --
The account identifier of the GuardDuty member account.
DataSources (dict) --
Describes the data source enabled for the GuardDuty member account.
CloudTrail (dict) --
Describes whether any Amazon Web Services CloudTrail management event logs are enabled as data sources.
FreeTrialDaysRemaining (integer) --
A value that specifies the number of days left to use each enabled data source.
DnsLogs (dict) --
Describes whether any DNS logs are enabled as data sources.
FreeTrialDaysRemaining (integer) --
A value that specifies the number of days left to use each enabled data source.
FlowLogs (dict) --
Describes whether any VPC Flow logs are enabled as data sources.
FreeTrialDaysRemaining (integer) --
A value that specifies the number of days left to use each enabled data source.
S3Logs (dict) --
Describes whether any S3 data event logs are enabled as data sources.
FreeTrialDaysRemaining (integer) --
A value that specifies the number of days left to use each enabled data source.
Kubernetes (dict) --
Describes whether any Kubernetes logs are enabled as data sources.
AuditLogs (dict) --
Describes whether Kubernetes audit logs are enabled as a data source.
FreeTrialDaysRemaining (integer) --
A value that specifies the number of days left to use each enabled data source.
MalwareProtection (dict) --
Describes whether Malware Protection is enabled as a data source.
ScanEc2InstanceWithFindings (dict) --
Describes whether Malware Protection for EC2 instances with findings is enabled as a data source.
FreeTrialDaysRemaining (integer) --
A value that specifies the number of days left to use each enabled data source.
Features (list) --
A list of features enabled for the GuardDuty account.
(dict) --
Contains information about the free trial period for a feature.
Name (string) --
The name of the feature for which the free trial is configured.
FreeTrialDaysRemaining (integer) --
The number of the remaining free trial days for the feature.
UnprocessedAccounts (list) --
The member account that was included in a request but for which the request could not be processed.
(dict) --
Contains information about the accounts that weren't processed.
AccountId (string) --
The Amazon Web Services account ID.
Result (string) --
A reason why the account hasn't been processed.
{'UsageCriteria': {'Features': {'EC2_RUNTIME_MONITORING',
'FARGATE_RUNTIME_MONITORING'}}}
Response {'UsageStatistics': {'SumByFeature': {'Feature': {'EC2_RUNTIME_MONITORING',
'FARGATE_RUNTIME_MONITORING'}}}}
Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated.
See also: AWS API Documentation
Request Syntax
client.get_usage_statistics(
DetectorId='string',
UsageStatisticType='SUM_BY_ACCOUNT'|'SUM_BY_DATA_SOURCE'|'SUM_BY_RESOURCE'|'TOP_RESOURCES'|'SUM_BY_FEATURES',
UsageCriteria={
'AccountIds': [
'string',
],
'DataSources': [
'FLOW_LOGS'|'CLOUD_TRAIL'|'DNS_LOGS'|'S3_LOGS'|'KUBERNETES_AUDIT_LOGS'|'EC2_MALWARE_SCAN',
],
'Resources': [
'string',
],
'Features': [
'FLOW_LOGS'|'CLOUD_TRAIL'|'DNS_LOGS'|'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'LAMBDA_NETWORK_LOGS'|'EKS_RUNTIME_MONITORING'|'FARGATE_RUNTIME_MONITORING'|'EC2_RUNTIME_MONITORING',
]
},
Unit='string',
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.
string
[REQUIRED]
The type of usage statistics to retrieve.
dict
[REQUIRED]
Represents the criteria used for querying usage.
AccountIds (list) --
The account IDs to aggregate usage statistics from.
(string) --
DataSources (list) --
The data sources to aggregate usage statistics from.
(string) --
Resources (list) --
The resources to aggregate usage statistics from. Only accepts exact resource names.
(string) --
Features (list) --
The features to aggregate usage statistics from.
(string) --
string
The currency unit you would like to view your usage statistics in. Current valid values are USD.
integer
The maximum number of results to return in the response.
string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
dict
Response Syntax
{
'UsageStatistics': {
'SumByAccount': [
{
'AccountId': 'string',
'Total': {
'Amount': 'string',
'Unit': 'string'
}
},
],
'SumByDataSource': [
{
'DataSource': 'FLOW_LOGS'|'CLOUD_TRAIL'|'DNS_LOGS'|'S3_LOGS'|'KUBERNETES_AUDIT_LOGS'|'EC2_MALWARE_SCAN',
'Total': {
'Amount': 'string',
'Unit': 'string'
}
},
],
'SumByResource': [
{
'Resource': 'string',
'Total': {
'Amount': 'string',
'Unit': 'string'
}
},
],
'TopResources': [
{
'Resource': 'string',
'Total': {
'Amount': 'string',
'Unit': 'string'
}
},
],
'SumByFeature': [
{
'Feature': 'FLOW_LOGS'|'CLOUD_TRAIL'|'DNS_LOGS'|'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'LAMBDA_NETWORK_LOGS'|'EKS_RUNTIME_MONITORING'|'FARGATE_RUNTIME_MONITORING'|'EC2_RUNTIME_MONITORING',
'Total': {
'Amount': 'string',
'Unit': 'string'
}
},
]
},
'NextToken': 'string'
}
Response Structure
(dict) --
UsageStatistics (dict) --
The usage statistics object. If a UsageStatisticType was provided, the objects representing other types will be null.
SumByAccount (list) --
The usage statistic sum organized by account ID.
(dict) --
Contains information on the total of usage based on account IDs.
AccountId (string) --
The Account ID that generated usage.
Total (dict) --
Represents the total of usage for the Account ID.
Amount (string) --
The total usage.
Unit (string) --
The currency unit that the amount is given in.
SumByDataSource (list) --
The usage statistic sum organized by on data source.
(dict) --
Contains information on the result of usage based on data source type.
DataSource (string) --
The data source type that generated usage.
Total (dict) --
Represents the total of usage for the specified data source.
Amount (string) --
The total usage.
Unit (string) --
The currency unit that the amount is given in.
SumByResource (list) --
The usage statistic sum organized by resource.
(dict) --
Contains information on the sum of usage based on an Amazon Web Services resource.
Resource (string) --
The Amazon Web Services resource that generated usage.
Total (dict) --
Represents the sum total of usage for the specified resource type.
Amount (string) --
The total usage.
Unit (string) --
The currency unit that the amount is given in.
TopResources (list) --
Lists the top 50 resources that have generated the most GuardDuty usage, in order from most to least expensive.
(dict) --
Contains information on the sum of usage based on an Amazon Web Services resource.
Resource (string) --
The Amazon Web Services resource that generated usage.
Total (dict) --
Represents the sum total of usage for the specified resource type.
Amount (string) --
The total usage.
Unit (string) --
The currency unit that the amount is given in.
SumByFeature (list) --
The usage statistic sum organized by feature.
(dict) --
Contains information about the result of the total usage based on the feature.
Feature (string) --
The feature that generated the usage cost.
Total (dict) --
Contains the total usage with the corresponding currency unit for that value.
Amount (string) --
The total usage.
Unit (string) --
The currency unit that the amount is given in.
NextToken (string) --
The pagination parameter to be used on the next list operation to retrieve more items.
{'FilterCriteria': {'FilterCriterion': {'CriterionKey': {'AGENT_VERSION',
'CLUSTER_ARN',
'ECS_CLUSTER_NAME',
'INSTANCE_ID'}}},
'SortCriteria': {'AttributeName': {'ECS_CLUSTER_NAME', 'INSTANCE_ID'}}}
Response {'Resources': {'ResourceDetails': {'Ec2InstanceDetails': {'AgentDetails': {'Version': 'string'},
'ClusterArn': 'string',
'InstanceId': 'string',
'InstanceType': 'string',
'ManagementType': 'AUTO_MANAGED '
'| '
'MANUAL '
'| '
'DISABLED'},
'EcsClusterDetails': {'ClusterName': 'string',
'ContainerInstanceDetails': {'CompatibleContainerInstances': 'long',
'CoveredContainerInstances': 'long'},
'FargateDetails': {'Issues': ['string'],
'ManagementType': 'AUTO_MANAGED '
'| '
'MANUAL '
'| '
'DISABLED'}},
'EksClusterDetails': {'ManagementType': {'DISABLED'}},
'ResourceType': {'EC2', 'ECS'}}}}
Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization.
Make sure the accounts have EKS Runtime Monitoring enabled and GuardDuty agent running on their EKS nodes.
See also: AWS API Documentation
Request Syntax
client.list_coverage(
DetectorId='string',
NextToken='string',
MaxResults=123,
FilterCriteria={
'FilterCriterion': [
{
'CriterionKey': 'ACCOUNT_ID'|'CLUSTER_NAME'|'RESOURCE_TYPE'|'COVERAGE_STATUS'|'ADDON_VERSION'|'MANAGEMENT_TYPE'|'EKS_CLUSTER_NAME'|'ECS_CLUSTER_NAME'|'AGENT_VERSION'|'INSTANCE_ID'|'CLUSTER_ARN',
'FilterCondition': {
'Equals': [
'string',
],
'NotEquals': [
'string',
]
}
},
]
},
SortCriteria={
'AttributeName': 'ACCOUNT_ID'|'CLUSTER_NAME'|'COVERAGE_STATUS'|'ISSUE'|'ADDON_VERSION'|'UPDATED_AT'|'EKS_CLUSTER_NAME'|'ECS_CLUSTER_NAME'|'INSTANCE_ID',
'OrderBy': 'ASC'|'DESC'
}
)
string
[REQUIRED]
The unique ID of the detector whose coverage details you want to retrieve.
string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
integer
The maximum number of results to return in the response.
dict
Represents the criteria used to filter the coverage details.
FilterCriterion (list) --
Represents a condition that when matched will be added to the response of the operation.
(dict) --
Represents a condition that when matched will be added to the response of the operation.
CriterionKey (string) --
An enum value representing possible filter fields.
Note
Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME . CLUSTER_NAME has been deprecated.
FilterCondition (dict) --
Contains information about the condition.
Equals (list) --
Represents an equal condition that is applied to a single field while retrieving the coverage details.
(string) --
NotEquals (list) --
Represents a not equal condition that is applied to a single field while retrieving the coverage details.
(string) --
dict
Represents the criteria used to sort the coverage details.
AttributeName (string) --
Represents the field name used to sort the coverage details.
Note
Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME . CLUSTER_NAME has been deprecated.
OrderBy (string) --
The order in which the sorted findings are to be displayed.
dict
Response Syntax
{
'Resources': [
{
'ResourceId': 'string',
'DetectorId': 'string',
'AccountId': 'string',
'ResourceDetails': {
'EksClusterDetails': {
'ClusterName': 'string',
'CoveredNodes': 123,
'CompatibleNodes': 123,
'AddonDetails': {
'AddonVersion': 'string',
'AddonStatus': 'string'
},
'ManagementType': 'AUTO_MANAGED'|'MANUAL'|'DISABLED'
},
'ResourceType': 'EKS'|'ECS'|'EC2',
'EcsClusterDetails': {
'ClusterName': 'string',
'FargateDetails': {
'Issues': [
'string',
],
'ManagementType': 'AUTO_MANAGED'|'MANUAL'|'DISABLED'
},
'ContainerInstanceDetails': {
'CoveredContainerInstances': 123,
'CompatibleContainerInstances': 123
}
},
'Ec2InstanceDetails': {
'InstanceId': 'string',
'InstanceType': 'string',
'ClusterArn': 'string',
'AgentDetails': {
'Version': 'string'
},
'ManagementType': 'AUTO_MANAGED'|'MANUAL'|'DISABLED'
}
},
'CoverageStatus': 'HEALTHY'|'UNHEALTHY',
'Issue': 'string',
'UpdatedAt': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Resources (list) --
A list of resources and their attributes providing cluster details.
(dict) --
Information about the resource of the GuardDuty account.
ResourceId (string) --
The unique ID of the resource.
DetectorId (string) --
The unique ID of the GuardDuty detector associated with the resource.
AccountId (string) --
The unique ID of the Amazon Web Services account.
ResourceDetails (dict) --
Information about the resource for which the coverage statistics are retrieved.
EksClusterDetails (dict) --
EKS cluster details involved in the coverage statistics.
ClusterName (string) --
Name of the EKS cluster.
CoveredNodes (integer) --
Represents the nodes within the EKS cluster that have a HEALTHY coverage status.
CompatibleNodes (integer) --
Represents all the nodes within the EKS cluster in your account.
AddonDetails (dict) --
Information about the installed EKS add-on.
AddonVersion (string) --
Version of the installed EKS add-on.
AddonStatus (string) --
Status of the installed EKS add-on.
ManagementType (string) --
Indicates how the Amazon EKS add-on GuardDuty agent is managed for this EKS cluster.
AUTO_MANAGED indicates GuardDuty deploys and manages updates for this resource.
MANUAL indicates that you are responsible to deploy, update, and manage the Amazon EKS add-on GuardDuty agent for this resource.
ResourceType (string) --
The type of Amazon Web Services resource.
EcsClusterDetails (dict) --
Information about the Amazon ECS cluster that is assessed for runtime coverage.
ClusterName (string) --
The name of the Amazon ECS cluster.
FargateDetails (dict) --
Information about the Fargate details associated with the Amazon ECS cluster.
Issues (list) --
Runtime coverage issues identified for the resource running on AWS Fargate.
(string) --
ManagementType (string) --
Indicates how the GuardDuty security agent is managed for this resource.
AUTO_MANAGED indicates that GuardDuty deploys and manages updates for this resource.
MANUAL indicates that you are responsible to deploy, update, and manage the GuardDuty security agent updates for this resource.
DISABLED indicates that the deployment of the GuardDuty security agent is disabled for this resource.
ContainerInstanceDetails (dict) --
Information about the Amazon ECS container running on Amazon EC2 instance.
CoveredContainerInstances (integer) --
Represents the nodes in the Amazon ECS cluster that has a HEALTHY coverage status.
CompatibleContainerInstances (integer) --
Represents total number of nodes in the Amazon ECS cluster.
Ec2InstanceDetails (dict) --
Note
This API is also used when you use GuardDuty Runtime Monitoring for your Amazon EC2 instances (currently in preview release) and is subject to change.
Information about the Amazon EC2 instance assessed for runtime coverage.
InstanceId (string) --
The Amazon EC2 instance ID.
InstanceType (string) --
The instance type of the Amazon EC2 instance.
ClusterArn (string) --
The cluster ARN of the Amazon ECS cluster running on the Amazon EC2 instance.
AgentDetails (dict) --
Information about the installed security agent.
Version (string) --
Version of the installed GuardDuty security agent.
ManagementType (string) --
Indicates how the GuardDuty security agent is managed for this resource.
AUTO_MANAGED indicates that GuardDuty deploys and manages updates for this resource.
MANUAL indicates that you are responsible to deploy, update, and manage the GuardDuty security agent updates for this resource.
Note
The DISABLED status doesn't apply to Amazon EC2 instances and Amazon EKS clusters that run on Amazon EC2 instances.
CoverageStatus (string) --
Represents the status of the EKS cluster coverage.
Issue (string) --
Represents the reason why a coverage status was UNHEALTHY for the EKS cluster.
UpdatedAt (datetime) --
The timestamp at which the coverage details for the resource were last updated. This is in UTC format.
NextToken (string) --
The pagination parameter to be used on the next list operation to retrieve more items.
{'Features': {'AdditionalConfiguration': {'Name': {'ECS_FARGATE_AGENT_MANAGEMENT'}},
'Name': {'RUNTIME_MONITORING'}}}
Updates the Amazon GuardDuty detector specified by the detectorId.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.update_detector(
DetectorId='string',
Enable=True|False,
FindingPublishingFrequency='FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
DataSources={
'S3Logs': {
'Enable': True|False
},
'Kubernetes': {
'AuditLogs': {
'Enable': True|False
}
},
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'EbsVolumes': True|False
}
}
},
Features=[
{
'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'RUNTIME_MONITORING',
'Status': 'ENABLED'|'DISABLED',
'AdditionalConfiguration': [
{
'Name': 'EKS_ADDON_MANAGEMENT'|'ECS_FARGATE_AGENT_MANAGEMENT',
'Status': 'ENABLED'|'DISABLED'
},
]
},
]
)
string
[REQUIRED]
The unique ID of the detector to update.
boolean
Specifies whether the detector is enabled or not enabled.
string
An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.
dict
Describes which data sources will be updated.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
Enable (boolean) -- [REQUIRED]
The status of S3 data event logs as a data source.
Kubernetes (dict) --
Describes whether any Kubernetes logs are enabled as data sources.
AuditLogs (dict) -- [REQUIRED]
The status of Kubernetes audit logs as a data source.
Enable (boolean) -- [REQUIRED]
The status of Kubernetes audit logs as a data source.
MalwareProtection (dict) --
Describes whether Malware Protection is enabled as a data source.
ScanEc2InstanceWithFindings (dict) --
Describes the configuration of Malware Protection for EC2 instances with findings.
EbsVolumes (boolean) --
Describes the configuration for scanning EBS volumes as data source.
list
Provides the features that will be updated for the detector.
(dict) --
Contains information about a GuardDuty feature.
Name (string) --
The name of the feature.
Status (string) --
The status of the feature.
AdditionalConfiguration (list) --
Additional configuration for a resource.
(dict) --
Information about the additional configuration for a feature in your GuardDuty account.
Name (string) --
Name of the additional configuration.
Status (string) --
Status of the additional configuration.
dict
Response Syntax
{}
Response Structure
(dict) --
{'Features': {'AdditionalConfiguration': {'Name': {'ECS_FARGATE_AGENT_MANAGEMENT'}},
'Name': {'RUNTIME_MONITORING'}}}
Contains information on member accounts to be updated.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.update_member_detectors(
DetectorId='string',
AccountIds=[
'string',
],
DataSources={
'S3Logs': {
'Enable': True|False
},
'Kubernetes': {
'AuditLogs': {
'Enable': True|False
}
},
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'EbsVolumes': True|False
}
}
},
Features=[
{
'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'RUNTIME_MONITORING',
'Status': 'ENABLED'|'DISABLED',
'AdditionalConfiguration': [
{
'Name': 'EKS_ADDON_MANAGEMENT'|'ECS_FARGATE_AGENT_MANAGEMENT',
'Status': 'ENABLED'|'DISABLED'
},
]
},
]
)
string
[REQUIRED]
The detector ID of the administrator account.
list
[REQUIRED]
A list of member account IDs to be updated.
(string) --
dict
Describes which data sources will be updated.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
Enable (boolean) -- [REQUIRED]
The status of S3 data event logs as a data source.
Kubernetes (dict) --
Describes whether any Kubernetes logs are enabled as data sources.
AuditLogs (dict) -- [REQUIRED]
The status of Kubernetes audit logs as a data source.
Enable (boolean) -- [REQUIRED]
The status of Kubernetes audit logs as a data source.
MalwareProtection (dict) --
Describes whether Malware Protection is enabled as a data source.
ScanEc2InstanceWithFindings (dict) --
Describes the configuration of Malware Protection for EC2 instances with findings.
EbsVolumes (boolean) --
Describes the configuration for scanning EBS volumes as data source.
list
A list of features that will be updated for the specified member accounts.
(dict) --
Contains information about the features for the member account.
Name (string) --
The name of the feature.
Status (string) --
The status of the feature.
AdditionalConfiguration (list) --
Additional configuration of the feature for the member account.
(dict) --
Information about the additional configuration for the member account.
Name (string) --
Name of the additional configuration.
Status (string) --
Status of the additional configuration.
dict
Response Syntax
{
'UnprocessedAccounts': [
{
'AccountId': 'string',
'Result': 'string'
},
]
}
Response Structure
(dict) --
UnprocessedAccounts (list) --
A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.
(dict) --
Contains information about the accounts that weren't processed.
AccountId (string) --
The Amazon Web Services account ID.
Result (string) --
A reason why the account hasn't been processed.
{'Features': {'AdditionalConfiguration': {'Name': {'ECS_FARGATE_AGENT_MANAGEMENT'}},
'Name': {'RUNTIME_MONITORING'}}}
Configures the delegated administrator account with the provided values. You must provide a value for either autoEnableOrganizationMembers or autoEnable , but not both.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.update_organization_configuration(
DetectorId='string',
AutoEnable=True|False,
DataSources={
'S3Logs': {
'AutoEnable': True|False
},
'Kubernetes': {
'AuditLogs': {
'AutoEnable': True|False
}
},
'MalwareProtection': {
'ScanEc2InstanceWithFindings': {
'EbsVolumes': {
'AutoEnable': True|False
}
}
}
},
Features=[
{
'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'RUNTIME_MONITORING',
'AutoEnable': 'NEW'|'NONE'|'ALL',
'AdditionalConfiguration': [
{
'Name': 'EKS_ADDON_MANAGEMENT'|'ECS_FARGATE_AGENT_MANAGEMENT',
'AutoEnable': 'NEW'|'NONE'|'ALL'
},
]
},
],
AutoEnableOrganizationMembers='NEW'|'ALL'|'NONE'
)
string
[REQUIRED]
The ID of the detector that configures the delegated administrator.
boolean
Represents whether or not to automatically enable member accounts in the organization.
Even though this is still supported, we recommend using AutoEnableOrganizationMembers to achieve the similar results. You must provide a value for either autoEnableOrganizationMembers or autoEnable .
dict
Describes which data sources will be updated.
S3Logs (dict) --
Describes whether S3 data event logs are enabled for new members of the organization.
AutoEnable (boolean) -- [REQUIRED]
A value that contains information on whether S3 data event logs will be enabled automatically as a data source for the organization.
Kubernetes (dict) --
Describes the configuration of Kubernetes data sources for new members of the organization.
AuditLogs (dict) -- [REQUIRED]
Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.
AutoEnable (boolean) -- [REQUIRED]
A value that contains information on whether Kubernetes audit logs should be enabled automatically as a data source for the organization.
MalwareProtection (dict) --
Describes the configuration of Malware Protection for new members of the organization.
ScanEc2InstanceWithFindings (dict) --
Whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization.
EbsVolumes (dict) --
Whether scanning EBS volumes should be auto-enabled for new members joining the organization.
AutoEnable (boolean) --
Whether scanning EBS volumes should be auto-enabled for new members joining the organization.
list
A list of features that will be configured for the organization.
(dict) --
A list of features which will be configured for the organization.
Name (string) --
The name of the feature that will be configured for the organization.
AutoEnable (string) --
Describes the status of the feature that is configured for the member accounts within the organization. One of the following values is the status for the entire organization:
NEW : Indicates that when a new account joins the organization, they will have the feature enabled automatically.
ALL : Indicates that all accounts in the organization have the feature enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty. It may take up to 24 hours to update the configuration for all the member accounts.
NONE : Indicates that the feature will not be automatically enabled for any account in the organization. The administrator must manage the feature for each account individually.
AdditionalConfiguration (list) --
The additional information that will be configured for the organization.
(dict) --
A list of additional configurations which will be configured for the organization.
Name (string) --
The name of the additional configuration that will be configured for the organization.
AutoEnable (string) --
The status of the additional configuration that will be configured for the organization. Use one of the following values to configure the feature status for the entire organization:
NEW : Indicates that when a new account joins the organization, they will have the additional configuration enabled automatically.
ALL : Indicates that all accounts in the organization have the additional configuration enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty. It may take up to 24 hours to update the configuration for all the member accounts.
NONE : Indicates that the additional configuration will not be automatically enabled for any account in the organization. The administrator must manage the additional configuration for each account individually.
string
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. You must provide a value for either autoEnableOrganizationMembers or autoEnable .
Use one of the following configuration values for autoEnableOrganizationMembers :
NEW : Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically.
ALL : Indicates that all accounts in the organization have GuardDuty enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty. It may take up to 24 hours to update the configuration for all the member accounts.
NONE : Indicates that GuardDuty will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.
dict
Response Syntax
{}
Response Structure
(dict) --