2024/06/11 - 5 new 1 updated api methods
Changes Added API support for GuardDuty Malware Protection for S3.
2024/04/18 - 1 updated api methods
Changes Added IPv6Address fields for local and remote IP addresses
2024/03/28 - 9 updated api methods
Changes Add EC2 support for GuardDuty Runtime Monitoring auto management.
2024/03/08 - 1 updated api methods
Changes Add RDS Provisioned and Serverless Usage types
2023/12/20 - 1 new 1 updated api methods
Changes This release 1) introduces a new API: GetOrganizationStatistics , and 2) adds a new UsageStatisticType TOP_ACCOUNTS_BY_FEATURE for GetUsageStatistics API
2023/11/27 - 11 updated api methods
Changes Add support for Runtime Monitoring for ECS and ECS-EC2.
2023/11/08 - 1 updated api methods
Changes Added API support for new GuardDuty EKS Audit Log finding types.
2023/10/17 - 1 updated api methods
Changes Add domainWithSuffix finding field to dnsRequestAction
2023/09/22 - 2 updated api methods
Changes Add `EKS_CLUSTER_NAME` to filter and sort key.
2023/09/13 - 2 updated api methods
Changes Add `managementType` field to ListCoverage API response.
2023/08/09 - 2 updated api methods
Changes Added autoEnable ALL to UpdateOrganizationConfiguration and DescribeOrganizationConfiguration APIs.
2023/06/26 - 1 updated api methods
Changes Add support for user.extra.sessionName in Kubernetes Audit Logs Findings.
2023/04/27 - 1 new 2 updated api methods
Changes Added API support to initiate on-demand malware scan on specific resources.
2023/04/20 - 9 updated api methods
Changes This release adds support for the new Lambda Protection feature.
2023/03/30 - 2 new 9 updated api methods
Changes Added EKS Runtime Monitoring feature support to existing detector, finding APIs and introducing new Coverage APIs
2023/03/23 - 2 updated api methods
Changes Adds AutoEnableOrganizationMembers attribute to DescribeOrganizationConfiguration and UpdateOrganizationConfiguration APIs.
2023/03/16 - 10 updated api methods
Changes Updated 9 APIs for feature enablement to reflect expansion of GuardDuty to features. Added new APIs and updated existing APIs to support RDS Protection GA.
2022/10/13 - 3 updated api methods
Changes Add UnprocessedDataSources to CreateDetectorResponse which specifies the data sources that couldn't be enabled during the CreateDetector request. In addition, update documentations.
2022/07/26 - 3 new 10 updated api methods
Changes Amazon GuardDuty introduces a new Malware Protection feature that triggers malware scan on selected EC2 instance resources, after the service detects a potentially malicious activity.
2022/06/15 - 4 new 3 updated api methods
Changes Adds finding fields available from GuardDuty Console. Adds FreeTrial related operations. Deprecates the use of various APIs related to Master Accounts and Replace them with Administrator Accounts.
2022/01/25 - 9 updated api methods
Changes Amazon GuardDuty expands threat detection coverage to protect Amazon Elastic Kubernetes Service (EKS) workloads.
2022/01/20 - 1 updated api methods
Changes Amazon GuardDuty findings now include remoteAccountDetails under AwsApiCallAction section if instance credential is exfiltrated.
2020/09/03 - 1 updated api methods
Changes GuardDuty findings triggered by failed events now include the error code name within the AwsApiCallAction section.
2020/07/30 - 1 new api methods
Changes GuardDuty can now provide detailed cost metrics broken down by account, data source, and S3 resources, based on the past 30 days of usage. This new feature also supports viewing cost metrics for all member accounts as a GuardDuty master.
2020/07/29 - 2 new 5 updated api methods
Changes GuardDuty now supports S3 Data Events as a configurable data source type. This feature expands GuardDuty's monitoring scope to include S3 data plane operations, such as GetObject and PutObject. This data source is optional and can be enabled or disabled at anytime. Accounts already using GuardDuty must first enable the new feature to use it; new accounts will be enabled by default. GuardDuty masters can configure this data source for individual member accounts and GuardDuty masters associated through AWS Organizations can automatically enable the data source in member accounts.
2020/06/02 - 1 updated api methods
Changes Amazon GuardDuty findings now include S3 bucket details under the resource section if an S3 Bucket was one of the affected resources
2020/04/21 - 5 new api methods
Changes AWS GuardDuty now supports using AWS Organizations delegated administrators to create and manage GuardDuty master and member accounts. The feature also allows GuardDuty to be automatically enabled on associated organization accounts.
2020/03/06 - 1 updated api methods
Changes Amazon GuardDuty findings now include the OutpostArn if the finding is generated for an AWS Outposts EC2 host.
2020/03/05 - 1 updated api methods
Changes Add a new finding field for EC2 findings indicating the instance's local IP address involved in the threat.
2019/11/15 - 5 new api methods
Changes This release includes new operations related to findings export, including: CreatePublishingDestination, UpdatePublishingDestination, DescribePublishingDestination, DeletePublishingDestination and ListPublishingDestinations.
2019/08/09 - 1 updated api methods
Changes New "evidence" field in the finding model to provide evidence information explaining why the finding has been triggered. Currently only threat-intelligence findings have this field. Some documentation updates.
2019/06/13 - 3 new 8 updated api methods
Changes Support for tagging functionality in Create and Get operations for Detector, IP Set, Threat Intel Set, and Finding Filter resources and 3 new tagging APIs: ListTagsForResource, TagResource, and UntagResource.
2019/06/06 - 6 updated api methods
Changes Improve FindingCriteria Condition field names, support long-typed conditions and deprecate old Condition field names.
2018/10/01 - 5 updated api methods
Changes Support optional FindingPublishingFrequency parameter in CreateDetector and UpdateDetector operations, and ClientToken on Create* operations
2018/05/04 - 5 new 1 updated api methods
Changes Amazon GuardDuty is adding five new API operations for creating and managing filters. For each filter, you can specify a criteria and an action. The action you specify is applied to findings that match the specified criteria.
2018/04/30 - 1 updated api methods
Changes You can disable the email notification when inviting GuardDuty members using the disableEmailNotification parameter in the InviteMembers operation.
2018/02/12 - 1 updated api methods
Changes Added PortProbeAction information to the Action section of the port probe-type finding.
2018/01/25 - 1 updated api methods
Changes Added the missing AccessKeyDetails object to the resource shape.
2017/11/29 - 37 new api methods
Changes Enable Amazon GuardDuty to continuously monitor and process AWS data sources to identify threats to your AWS accounts and workloads. You can add customization by uploading additional threat intelligence lists and IP safe lists. You can list security findings, suspend, and disable the service.