2020/07/29 - Amazon GuardDuty - 2 new5 updated api methods
Changes Update guardduty client to latest version
Describes which data sources are enabled for the member account's detector.
See also: AWS API Documentation
Request Syntax
client.get_member_detectors(
DetectorId='string',
AccountIds=[
'string',
]
)
string
[REQUIRED]
The detector ID for the master account.
list
[REQUIRED]
The account ID of the member account.
(string) --
dict
Response Syntax
{
'MemberDataSourceConfigurations': [
{
'AccountId': 'string',
'DataSources': {
'CloudTrail': {
'Status': 'ENABLED'|'DISABLED'
},
'DNSLogs': {
'Status': 'ENABLED'|'DISABLED'
},
'FlowLogs': {
'Status': 'ENABLED'|'DISABLED'
},
'S3Logs': {
'Status': 'ENABLED'|'DISABLED'
}
}
},
],
'UnprocessedAccounts': [
{
'AccountId': 'string',
'Result': 'string'
},
]
}
Response Structure
(dict) --
MemberDataSourceConfigurations (list) --
An object that describes which data sources are enabled for a member account.
(dict) --
Contains information on which data sources are enabled for a member account.
AccountId (string) --
The account ID for the member account.
DataSources (dict) --
Contains information on the status of data sources for the account.
CloudTrail (dict) --
An object that contains information on the status of CloudTrail as a data source.
Status (string) --
Describes whether CloudTrail is enabled as a data source for the detector.
DNSLogs (dict) --
An object that contains information on the status of DNS logs as a data source.
Status (string) --
Denotes whether DNS logs is enabled as a data source.
FlowLogs (dict) --
An object that contains information on the status of VPC flow logs as a data source.
Status (string) --
Denotes whether VPC flow logs is enabled as a data source.
S3Logs (dict) --
An object that contains information on the status of S3 Data event logs as a data source.
Status (string) --
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
UnprocessedAccounts (list) --
A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.
(dict) --
Contains information about the accounts that weren't processed.
AccountId (string) --
The AWS account ID.
Result (string) --
A reason why the account hasn't been processed.
Contains information on member accounts to be updated.
See also: AWS API Documentation
Request Syntax
client.update_member_detectors(
DetectorId='string',
AccountIds=[
'string',
],
DataSources={
'S3Logs': {
'Enable': True|False
}
}
)
string
[REQUIRED]
The detector ID of the master account.
list
[REQUIRED]
A list of member account IDs to be updated.
(string) --
dict
An object describes which data sources will be updated.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
Enable (boolean) -- [REQUIRED]
The status of S3 data event logs as a data source.
dict
Response Syntax
{
'UnprocessedAccounts': [
{
'AccountId': 'string',
'Result': 'string'
},
]
}
Response Structure
(dict) --
UnprocessedAccounts (list) --
A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.
(dict) --
Contains information about the accounts that weren't processed.
AccountId (string) --
The AWS account ID.
Result (string) --
A reason why the account hasn't been processed.
{'DataSources': {'S3Logs': {'Enable': 'boolean'}}}
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region.
See also: AWS API Documentation
Request Syntax
client.create_detector(
Enable=True|False,
ClientToken='string',
FindingPublishingFrequency='FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
DataSources={
'S3Logs': {
'Enable': True|False
}
},
Tags={
'string': 'string'
}
)
boolean
[REQUIRED]
A Boolean value that specifies whether the detector is to be enabled.
string
The idempotency token for the create request.
This field is autopopulated if not provided.
string
An enum value that specifies how frequently updated findings are exported.
dict
An object that describes which data sources will be enabled for the detector.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
Enable (boolean) -- [REQUIRED]
The status of S3 data event logs as a data source.
dict
The tags to be added to a new detector resource.
(string) --
(string) --
dict
Response Syntax
{
'DetectorId': 'string'
}
Response Structure
(dict) --
DetectorId (string) --
The unique ID of the created detector.
{'DataSources': {'S3Logs': {'AutoEnable': 'boolean'}}}
Returns information about the account selected as the delegated administrator for GuardDuty.
See also: AWS API Documentation
Request Syntax
client.describe_organization_configuration(
DetectorId='string'
)
string
[REQUIRED]
The ID of the detector to retrieve information about the delegated administrator from.
dict
Response Syntax
{
'AutoEnable': True|False,
'MemberAccountLimitReached': True|False,
'DataSources': {
'S3Logs': {
'AutoEnable': True|False
}
}
}
Response Structure
(dict) --
AutoEnable (boolean) --
Indicates whether GuardDuty is automatically enabled for accounts added to the organization.
MemberAccountLimitReached (boolean) --
Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator master account.
DataSources (dict) --
An object that describes which data sources are enabled automatically for member accounts.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
AutoEnable (boolean) --
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
{'DataSources': {'CloudTrail': {'Status': 'ENABLED | DISABLED'},
'DNSLogs': {'Status': 'ENABLED | DISABLED'},
'FlowLogs': {'Status': 'ENABLED | DISABLED'},
'S3Logs': {'Status': 'ENABLED | DISABLED'}}}
Retrieves an Amazon GuardDuty detector specified by the detectorId.
See also: AWS API Documentation
Request Syntax
client.get_detector(
DetectorId='string'
)
string
[REQUIRED]
The unique ID of the detector that you want to get.
dict
Response Syntax
{
'CreatedAt': 'string',
'FindingPublishingFrequency': 'FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
'ServiceRole': 'string',
'Status': 'ENABLED'|'DISABLED',
'UpdatedAt': 'string',
'DataSources': {
'CloudTrail': {
'Status': 'ENABLED'|'DISABLED'
},
'DNSLogs': {
'Status': 'ENABLED'|'DISABLED'
},
'FlowLogs': {
'Status': 'ENABLED'|'DISABLED'
},
'S3Logs': {
'Status': 'ENABLED'|'DISABLED'
}
},
'Tags': {
'string': 'string'
}
}
Response Structure
(dict) --
CreatedAt (string) --
The timestamp of when the detector was created.
FindingPublishingFrequency (string) --
The publishing frequency of the finding.
ServiceRole (string) --
The GuardDuty service role.
Status (string) --
The detector status.
UpdatedAt (string) --
The last-updated timestamp for the detector.
DataSources (dict) --
An object that describes which data sources are enabled for the detector.
CloudTrail (dict) --
An object that contains information on the status of CloudTrail as a data source.
Status (string) --
Describes whether CloudTrail is enabled as a data source for the detector.
DNSLogs (dict) --
An object that contains information on the status of DNS logs as a data source.
Status (string) --
Denotes whether DNS logs is enabled as a data source.
FlowLogs (dict) --
An object that contains information on the status of VPC flow logs as a data source.
Status (string) --
Denotes whether VPC flow logs is enabled as a data source.
S3Logs (dict) --
An object that contains information on the status of S3 Data event logs as a data source.
Status (string) --
A value that describes whether S3 data event logs are automatically enabled for new members of the organization.
Tags (dict) --
The tags of the detector resource.
(string) --
(string) --
{'DataSources': {'S3Logs': {'Enable': 'boolean'}}}
Updates the Amazon GuardDuty detector specified by the detectorId.
See also: AWS API Documentation
Request Syntax
client.update_detector(
DetectorId='string',
Enable=True|False,
FindingPublishingFrequency='FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
DataSources={
'S3Logs': {
'Enable': True|False
}
}
)
string
[REQUIRED]
The unique ID of the detector to update.
boolean
Specifies whether the detector is enabled or not enabled.
string
An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.
dict
An object that describes which data sources will be updated.
S3Logs (dict) --
Describes whether S3 data event logs are enabled as a data source.
Enable (boolean) -- [REQUIRED]
The status of S3 data event logs as a data source.
dict
Response Syntax
{}
Response Structure
(dict) --
{'DataSources': {'S3Logs': {'AutoEnable': 'boolean'}}}
Updates the delegated administrator account with the values provided.
See also: AWS API Documentation
Request Syntax
client.update_organization_configuration(
DetectorId='string',
AutoEnable=True|False,
DataSources={
'S3Logs': {
'AutoEnable': True|False
}
}
)
string
[REQUIRED]
The ID of the detector to update the delegated administrator for.
boolean
[REQUIRED]
Indicates whether to automatically enable member accounts in the organization.
dict
An object describes which data sources will be updated.
S3Logs (dict) --
Describes whether S3 data event logs are enabled for new members of the organization.
AutoEnable (boolean) -- [REQUIRED]
A value that contains information on whether S3 data event logs will be enabled automatically as a data source for the organization.
dict
Response Syntax
{}
Response Structure
(dict) --