2023/08/09 - Amazon GuardDuty - 2 updated api methods
Changes Added autoEnable ALL to UpdateOrganizationConfiguration and DescribeOrganizationConfiguration APIs.
{'Features': {'AdditionalConfiguration': {'AutoEnable': {'ALL'}}, 'AutoEnable': {'ALL'}}}
Returns information about the account selected as the delegated administrator for GuardDuty.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.describe_organization_configuration( DetectorId='string', MaxResults=123, NextToken='string' )
string
[REQUIRED]
The ID of the detector to retrieve information about the delegated administrator from.
integer
You can use this parameter to indicate the maximum number of items that you want in the response.
string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
dict
Response Syntax
{ 'AutoEnable': True|False, 'MemberAccountLimitReached': True|False, 'DataSources': { 'S3Logs': { 'AutoEnable': True|False }, 'Kubernetes': { 'AuditLogs': { 'AutoEnable': True|False } }, 'MalwareProtection': { 'ScanEc2InstanceWithFindings': { 'EbsVolumes': { 'AutoEnable': True|False } } } }, 'Features': [ { 'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS', 'AutoEnable': 'NEW'|'NONE'|'ALL', 'AdditionalConfiguration': [ { 'Name': 'EKS_ADDON_MANAGEMENT', 'AutoEnable': 'NEW'|'NONE'|'ALL' }, ] }, ], 'NextToken': 'string', 'AutoEnableOrganizationMembers': 'NEW'|'ALL'|'NONE' }
Response Structure
(dict) --
AutoEnable (boolean) --
Indicates whether GuardDuty is automatically enabled for accounts added to the organization.
Even though this is still supported, we recommend using AutoEnableOrganizationMembers to achieve the similar results.
MemberAccountLimitReached (boolean) --
Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator account for your organization.
DataSources (dict) --
Describes which data sources are enabled automatically for member accounts.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
AutoEnable (boolean) --
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
Kubernetes (dict) --
Describes the configuration of Kubernetes data sources.
AuditLogs (dict) --
The current configuration of Kubernetes audit logs as a data source for the organization.
AutoEnable (boolean) --
Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.
MalwareProtection (dict) --
Describes the configuration of Malware Protection data source for an organization.
ScanEc2InstanceWithFindings (dict) --
Describes the configuration for scanning EC2 instances with findings for an organization.
EbsVolumes (dict) --
Describes the configuration for scanning EBS volumes for an organization.
AutoEnable (boolean) --
An object that contains the status of whether scanning EBS volumes should be auto-enabled for new members joining the organization.
Features (list) --
A list of features that are configured for this organization.
(dict) --
A list of features which will be configured for the organization.
Name (string) --
The name of the feature that is configured for the member accounts within the organization.
AutoEnable (string) --
Describes how The status of the feature that are configured for the member accounts within the organization.
If you set AutoEnable to NEW, a feature will be configured for only the new accounts when they join the organization.
If you set AutoEnable to NONE, no feature will be configured for the accounts when they join the organization.
AdditionalConfiguration (list) --
The additional configuration that is configured for the member accounts within the organization.
(dict) --
A list of additional configuration which will be configured for the organization.
Name (string) --
The name of the additional configuration that is configured for the member accounts within the organization.
AutoEnable (string) --
Describes how The status of the additional configuration that are configured for the member accounts within the organization.
If you set AutoEnable to NEW, a feature will be configured for only the new accounts when they join the organization.
If you set AutoEnable to NONE, no feature will be configured for the accounts when they join the organization.
NextToken (string) --
The pagination parameter to be used on the next list operation to retrieve more items.
AutoEnableOrganizationMembers (string) --
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization.
NEW: Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically.
ALL: Indicates that all accounts in the Amazon Web Services Organization have GuardDuty enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE: Indicates that GuardDuty will not be automatically enabled for any accounts in the organization. GuardDuty must be managed for each account individually by the administrator.
{'Features': {'AdditionalConfiguration': {'AutoEnable': {'ALL'}}, 'AutoEnable': {'ALL'}}}
Configures the delegated administrator account with the provided values. You must provide the value for either autoEnableOrganizationMembers or autoEnable.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
See also: AWS API Documentation
Request Syntax
client.update_organization_configuration( DetectorId='string', AutoEnable=True|False, DataSources={ 'S3Logs': { 'AutoEnable': True|False }, 'Kubernetes': { 'AuditLogs': { 'AutoEnable': True|False } }, 'MalwareProtection': { 'ScanEc2InstanceWithFindings': { 'EbsVolumes': { 'AutoEnable': True|False } } } }, Features=[ { 'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS', 'AutoEnable': 'NEW'|'NONE'|'ALL', 'AdditionalConfiguration': [ { 'Name': 'EKS_ADDON_MANAGEMENT', 'AutoEnable': 'NEW'|'NONE'|'ALL' }, ] }, ], AutoEnableOrganizationMembers='NEW'|'ALL'|'NONE' )
string
[REQUIRED]
The ID of the detector that configures the delegated administrator.
boolean
Indicates whether to automatically enable member accounts in the organization.
Even though this is still supported, we recommend using AutoEnableOrganizationMembers to achieve the similar results.
dict
Describes which data sources will be updated.
S3Logs (dict) --
Describes whether S3 data event logs are enabled for new members of the organization.
AutoEnable (boolean) -- [REQUIRED]
A value that contains information on whether S3 data event logs will be enabled automatically as a data source for the organization.
Kubernetes (dict) --
Describes the configuration of Kubernetes data sources for new members of the organization.
AuditLogs (dict) -- [REQUIRED]
Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.
AutoEnable (boolean) -- [REQUIRED]
A value that contains information on whether Kubernetes audit logs should be enabled automatically as a data source for the organization.
MalwareProtection (dict) --
Describes the configuration of Malware Protection for new members of the organization.
ScanEc2InstanceWithFindings (dict) --
Whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization.
EbsVolumes (dict) --
Whether scanning EBS volumes should be auto-enabled for new members joining the organization.
AutoEnable (boolean) --
Whether scanning EBS volumes should be auto-enabled for new members joining the organization.
list
A list of features that will be configured for the organization.
(dict) --
A list of features which will be configured for the organization.
Name (string) --
The name of the feature that will be configured for the organization.
AutoEnable (string) --
The status of the feature that will be configured for the organization.
AdditionalConfiguration (list) --
The additional information that will be configured for the organization.
(dict) --
A list of additional configurations which will be configured for the organization.
Name (string) --
The name of the additional configuration that will be configured for the organization.
AutoEnable (string) --
The status of the additional configuration that will be configured for the organization.
string
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization.
NEW: Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically.
ALL: Indicates that all accounts in the Amazon Web Services Organization have GuardDuty enabled automatically. This includes NEW accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE: Indicates that GuardDuty will not be automatically enabled for any accounts in the organization. GuardDuty must be managed for each account individually by the administrator.
dict
Response Syntax
{}
Response Structure
(dict) --