aws-sdk-guardduty 1.132.0 → 1.134.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0c134ec320e4a4734acac70160b65590d98de072e9a4cc6c3f822606ba0b67a
-  data.tar.gz: c24b41f7b666f932b34bd3f712892e4291de306ee174218df665b840e9311b65
+  metadata.gz: 0b2658d4978877533ab0c8a7ee6dc19659d224b7c5b3c5d31d2fd42b501c6d44
+  data.tar.gz: 117429fb1e99e1d34c05eca2bd802dbef11cb3663137a3216916fd4469cecc72
 SHA512:
-  metadata.gz: b4d7a9d3382be5f405090d6c6f6cbcf70f23b476e453846e8a4bf2565fa4f130afcf508fced1c3826fc6bb17126c0d71845b6f54d8548fb882bb86cd0e91ebf2
-  data.tar.gz: 2fe2e23004adcc91d91eb8705140414cf5e9bc535aa9b1b74f7c90d84c80b35210ed7e2e20473211a215e152f61072f683f7cbc9378063f607911068fdafd661
+  metadata.gz: 40646ec1ac5380d7ddf9301661bb21ebe814eeea8480f3532cd2d4af3893c07176c80d96f885b97d472382991ac37ff55567914fcc180e5067789ab19e6f91d3
+  data.tar.gz: f48f9c7dff958c546bb709b44d007fb890b5247da5b0fd92098de03a1298c54106b4fd07ed52d4cc3bbf55a06d48c387bb890926392ab8be5935f9c8a7f08988

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.134.0 (2025-11-19)
+------------------
+
+* Feature - Add support for scanning and viewing scan results for backup resource types
+
+1.133.0 (2025-11-17)
+------------------
+
+* Feature - Add S3 On-Demand Object Scanning
+
 1.132.0 (2025-11-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.132.0
+1.134.0

data/lib/aws-sdk-guardduty/client.rb

@@ -2079,6 +2079,7 @@ module Aws::GuardDuty
     #   resp.scans[0].scan_end_time #=> Time
     #   resp.scans[0].trigger_details.guard_duty_finding_id #=> String
     #   resp.scans[0].trigger_details.description #=> String
+    #   resp.scans[0].trigger_details.trigger_type #=> String, one of "BACKUP", "GUARDDUTY"
     #   resp.scans[0].resource_details.instance_arn #=> String
     #   resp.scans[0].scan_result_details.scan_result #=> String, one of "CLEAN", "INFECTED"
     #   resp.scans[0].account_id #=> String
@@ -2929,6 +2930,10 @@ module Aws::GuardDuty
     #   resp.findings[0].resource.lambda_details.tags #=> Array
     #   resp.findings[0].resource.lambda_details.tags[0].key #=> String
     #   resp.findings[0].resource.lambda_details.tags[0].value #=> String
+    #   resp.findings[0].resource.ebs_snapshot_details.snapshot_arn #=> String
+    #   resp.findings[0].resource.ec2_image_details.image_arn #=> String
+    #   resp.findings[0].resource.recovery_point_details.recovery_point_arn #=> String
+    #   resp.findings[0].resource.recovery_point_details.backup_vault_name #=> String
     #   resp.findings[0].schema_version #=> String
     #   resp.findings[0].service.action.action_type #=> String
     #   resp.findings[0].service.action.aws_api_call_action.api #=> String
@@ -3325,6 +3330,20 @@ module Aws::GuardDuty
     #   resp.findings[0].service.malware_scan_details.threats[0].item_paths #=> Array
     #   resp.findings[0].service.malware_scan_details.threats[0].item_paths[0].nested_item_path #=> String
     #   resp.findings[0].service.malware_scan_details.threats[0].item_paths[0].hash #=> String
+    #   resp.findings[0].service.malware_scan_details.threats[0].count #=> Integer
+    #   resp.findings[0].service.malware_scan_details.threats[0].hash #=> String
+    #   resp.findings[0].service.malware_scan_details.threats[0].item_details #=> Array
+    #   resp.findings[0].service.malware_scan_details.threats[0].item_details[0].resource_arn #=> String
+    #   resp.findings[0].service.malware_scan_details.threats[0].item_details[0].item_path #=> String
+    #   resp.findings[0].service.malware_scan_details.threats[0].item_details[0].hash #=> String
+    #   resp.findings[0].service.malware_scan_details.threats[0].item_details[0].additional_info.version_id #=> String
+    #   resp.findings[0].service.malware_scan_details.threats[0].item_details[0].additional_info.device_name #=> String
+    #   resp.findings[0].service.malware_scan_details.scan_id #=> String
+    #   resp.findings[0].service.malware_scan_details.scan_type #=> String, one of "BACKUP_INITIATED", "ON_DEMAND", "GUARDDUTY_INITIATED"
+    #   resp.findings[0].service.malware_scan_details.scan_category #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
+    #   resp.findings[0].service.malware_scan_details.scan_configuration.trigger_type #=> String, one of "BACKUP", "GUARDDUTY"
+    #   resp.findings[0].service.malware_scan_details.scan_configuration.incremental_scan_details.baseline_resource_arn #=> String
+    #   resp.findings[0].service.malware_scan_details.unique_threat_count #=> Integer
     #   resp.findings[0].severity #=> Float
     #   resp.findings[0].title #=> String
     #   resp.findings[0].type #=> String
@@ -3576,6 +3595,114 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # Retrieves the detailed information for a specific malware scan. Each
+    # member account can view the malware scan details for their own
+    # account. An administrator can view malware scan details for all
+    # accounts in the organization.
+    #
+    # There might be regional differences because some data sources might
+    # not be available in all the Amazon Web Services Regions where
+    # GuardDuty is presently supported. For more information, see [Regions
+    # and endpoints][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
+    #
+    # @option params [required, String] :scan_id
+    #   A unique identifier that gets generated when you invoke the API
+    #   without any error. Each malware scan has a corresponding scan ID.
+    #   Using this scan ID, you can monitor the status of your malware scan.
+    #
+    # @return [Types::GetMalwareScanResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetMalwareScanResponse#scan_id #scan_id} => String
+    #   * {Types::GetMalwareScanResponse#detector_id #detector_id} => String
+    #   * {Types::GetMalwareScanResponse#admin_detector_id #admin_detector_id} => String
+    #   * {Types::GetMalwareScanResponse#resource_arn #resource_arn} => String
+    #   * {Types::GetMalwareScanResponse#resource_type #resource_type} => String
+    #   * {Types::GetMalwareScanResponse#scanned_resources_count #scanned_resources_count} => Integer
+    #   * {Types::GetMalwareScanResponse#skipped_resources_count #skipped_resources_count} => Integer
+    #   * {Types::GetMalwareScanResponse#failed_resources_count #failed_resources_count} => Integer
+    #   * {Types::GetMalwareScanResponse#scanned_resources #scanned_resources} => Array<Types::ScannedResource>
+    #   * {Types::GetMalwareScanResponse#scan_configuration #scan_configuration} => Types::ScanConfiguration
+    #   * {Types::GetMalwareScanResponse#scan_category #scan_category} => String
+    #   * {Types::GetMalwareScanResponse#scan_status #scan_status} => String
+    #   * {Types::GetMalwareScanResponse#scan_status_reason #scan_status_reason} => String
+    #   * {Types::GetMalwareScanResponse#scan_type #scan_type} => String
+    #   * {Types::GetMalwareScanResponse#scan_started_at #scan_started_at} => Time
+    #   * {Types::GetMalwareScanResponse#scan_completed_at #scan_completed_at} => Time
+    #   * {Types::GetMalwareScanResponse#scan_result_details #scan_result_details} => Types::GetMalwareScanResultDetails
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_malware_scan({
+    #     scan_id: "String", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.scan_id #=> String
+    #   resp.detector_id #=> String
+    #   resp.admin_detector_id #=> String
+    #   resp.resource_arn #=> String
+    #   resp.resource_type #=> String, one of "EBS_RECOVERY_POINT", "EBS_SNAPSHOT", "EBS_VOLUME", "EC2_AMI", "EC2_INSTANCE", "EC2_RECOVERY_POINT", "S3_RECOVERY_POINT", "S3_BUCKET"
+    #   resp.scanned_resources_count #=> Integer
+    #   resp.skipped_resources_count #=> Integer
+    #   resp.failed_resources_count #=> Integer
+    #   resp.scanned_resources #=> Array
+    #   resp.scanned_resources[0].scanned_resource_arn #=> String
+    #   resp.scanned_resources[0].scanned_resource_type #=> String, one of "EBS_RECOVERY_POINT", "EBS_SNAPSHOT", "EBS_VOLUME", "EC2_AMI", "EC2_INSTANCE", "EC2_RECOVERY_POINT", "S3_RECOVERY_POINT", "S3_BUCKET"
+    #   resp.scanned_resources[0].scanned_resource_status #=> String, one of "RUNNING", "COMPLETED", "COMPLETED_WITH_ISSUES", "FAILED", "SKIPPED"
+    #   resp.scanned_resources[0].scan_status_reason #=> String, one of "ACCESS_DENIED", "RESOURCE_NOT_FOUND", "SNAPSHOT_SIZE_LIMIT_EXCEEDED", "RESOURCE_UNAVAILABLE", "INCONSISTENT_SOURCE", "INCREMENTAL_NO_DIFFERENCE", "NO_EBS_VOLUMES_FOUND", "UNSUPPORTED_PRODUCT_CODE_TYPE", "AMI_SNAPSHOT_LIMIT_EXCEEDED", "UNRELATED_RESOURCES", "BASE_RESOURCE_NOT_SCANNED", "BASE_CREATED_AFTER_TARGET", "UNSUPPORTED_FOR_INCREMENTAL", "UNSUPPORTED_AMI", "UNSUPPORTED_SNAPSHOT", "UNSUPPORTED_COMPOSITE_RECOVERY_POINT"
+    #   resp.scanned_resources[0].resource_details.ebs_volume.volume_arn #=> String
+    #   resp.scanned_resources[0].resource_details.ebs_volume.volume_type #=> String
+    #   resp.scanned_resources[0].resource_details.ebs_volume.device_name #=> String
+    #   resp.scanned_resources[0].resource_details.ebs_volume.volume_size_in_gb #=> Integer
+    #   resp.scanned_resources[0].resource_details.ebs_volume.encryption_type #=> String
+    #   resp.scanned_resources[0].resource_details.ebs_volume.snapshot_arn #=> String
+    #   resp.scanned_resources[0].resource_details.ebs_volume.kms_key_arn #=> String
+    #   resp.scanned_resources[0].resource_details.ebs_snapshot.device_name #=> String
+    #   resp.scan_configuration.role #=> String
+    #   resp.scan_configuration.trigger_details.guard_duty_finding_id #=> String
+    #   resp.scan_configuration.trigger_details.description #=> String
+    #   resp.scan_configuration.trigger_details.trigger_type #=> String, one of "BACKUP", "GUARDDUTY"
+    #   resp.scan_configuration.incremental_scan_details.baseline_resource_arn #=> String
+    #   resp.scan_configuration.recovery_point.backup_vault_name #=> String
+    #   resp.scan_category #=> String, one of "FULL_SCAN", "INCREMENTAL_SCAN"
+    #   resp.scan_status #=> String, one of "RUNNING", "COMPLETED", "COMPLETED_WITH_ISSUES", "FAILED", "SKIPPED"
+    #   resp.scan_status_reason #=> String, one of "ACCESS_DENIED", "RESOURCE_NOT_FOUND", "SNAPSHOT_SIZE_LIMIT_EXCEEDED", "RESOURCE_UNAVAILABLE", "INCONSISTENT_SOURCE", "INCREMENTAL_NO_DIFFERENCE", "NO_EBS_VOLUMES_FOUND", "UNSUPPORTED_PRODUCT_CODE_TYPE", "AMI_SNAPSHOT_LIMIT_EXCEEDED", "UNRELATED_RESOURCES", "BASE_RESOURCE_NOT_SCANNED", "BASE_CREATED_AFTER_TARGET", "UNSUPPORTED_FOR_INCREMENTAL", "UNSUPPORTED_AMI", "UNSUPPORTED_SNAPSHOT", "UNSUPPORTED_COMPOSITE_RECOVERY_POINT"
+    #   resp.scan_type #=> String, one of "BACKUP_INITIATED", "ON_DEMAND", "GUARDDUTY_INITIATED"
+    #   resp.scan_started_at #=> Time
+    #   resp.scan_completed_at #=> Time
+    #   resp.scan_result_details.scan_result_status #=> String, one of "NO_THREATS_FOUND", "THREATS_FOUND"
+    #   resp.scan_result_details.skipped_file_count #=> Integer
+    #   resp.scan_result_details.failed_file_count #=> Integer
+    #   resp.scan_result_details.threat_found_file_count #=> Integer
+    #   resp.scan_result_details.total_file_count #=> Integer
+    #   resp.scan_result_details.total_bytes #=> Integer
+    #   resp.scan_result_details.unique_threat_count #=> Integer
+    #   resp.scan_result_details.threats #=> Array
+    #   resp.scan_result_details.threats[0].name #=> String
+    #   resp.scan_result_details.threats[0].source #=> String, one of "AMAZON", "BITDEFENDER"
+    #   resp.scan_result_details.threats[0].count #=> Integer
+    #   resp.scan_result_details.threats[0].hash #=> String
+    #   resp.scan_result_details.threats[0].item_details #=> Array
+    #   resp.scan_result_details.threats[0].item_details[0].resource_arn #=> String
+    #   resp.scan_result_details.threats[0].item_details[0].item_path #=> String
+    #   resp.scan_result_details.threats[0].item_details[0].hash #=> String
+    #   resp.scan_result_details.threats[0].item_details[0].additional_info.version_id #=> String
+    #   resp.scan_result_details.threats[0].item_details[0].additional_info.device_name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareScan AWS API Documentation
+    #
+    # @overload get_malware_scan(params = {})
+    # @param [Hash] params ({})
+    def get_malware_scan(params = {}, options = {})
+      req = build_request(:get_malware_scan, params)
+      req.send_request(options)
+    end
+
     # Returns the details of the malware scan settings.
     #
     # There might be regional differences because some data sources might
@@ -4781,6 +4908,80 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # Returns a list of malware scans. Each member account can view the
+    # malware scans for their own accounts. An administrator can view the
+    # malware scans for all of its members' accounts.
+    #
+    # @option params [Integer] :max_results
+    #   You can use this parameter to indicate the maximum number of items
+    #   that you want in the response. The default value is 50. The maximum
+    #   value is 50.
+    #
+    # @option params [String] :next_token
+    #   You can use this parameter when paginating results. Set the value of
+    #   this parameter to null on your first call to the list action. For
+    #   subsequent calls to the action, fill nextToken in the request with the
+    #   value of NextToken from the previous response to continue listing
+    #   results.
+    #
+    # @option params [Types::ListMalwareScansFilterCriteria] :filter_criteria
+    #   Represents the criteria used to filter the malware scan entries.
+    #
+    # @option params [Types::SortCriteria] :sort_criteria
+    #   Represents the criteria used for sorting malware scan entries.
+    #
+    # @return [Types::ListMalwareScansResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListMalwareScansResponse#scans #scans} => Array<Types::MalwareScan>
+    #   * {Types::ListMalwareScansResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_malware_scans({
+    #     max_results: 1,
+    #     next_token: "String",
+    #     filter_criteria: {
+    #       list_malware_scans_filter_criterion: [
+    #         {
+    #           list_malware_scans_criterion_key: "RESOURCE_ARN", # accepts RESOURCE_ARN, SCAN_ID, ACCOUNT_ID, GUARDDUTY_FINDING_ID, RESOURCE_TYPE, SCAN_START_TIME, SCAN_STATUS, SCAN_TYPE
+    #           filter_condition: {
+    #             equals_value: "NonEmptyString",
+    #             greater_than: 1,
+    #             less_than: 1,
+    #           },
+    #         },
+    #       ],
+    #     },
+    #     sort_criteria: {
+    #       attribute_name: "String",
+    #       order_by: "ASC", # accepts ASC, DESC
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.scans #=> Array
+    #   resp.scans[0].resource_arn #=> String
+    #   resp.scans[0].resource_type #=> String, one of "EBS_RECOVERY_POINT", "EBS_SNAPSHOT", "EBS_VOLUME", "EC2_AMI", "EC2_INSTANCE", "EC2_RECOVERY_POINT", "S3_RECOVERY_POINT", "S3_BUCKET"
+    #   resp.scans[0].scan_id #=> String
+    #   resp.scans[0].scan_status #=> String, one of "RUNNING", "COMPLETED", "COMPLETED_WITH_ISSUES", "FAILED", "SKIPPED"
+    #   resp.scans[0].scan_result_status #=> String, one of "NO_THREATS_FOUND", "THREATS_FOUND"
+    #   resp.scans[0].scan_type #=> String, one of "BACKUP_INITIATED", "ON_DEMAND", "GUARDDUTY_INITIATED"
+    #   resp.scans[0].scan_started_at #=> Time
+    #   resp.scans[0].scan_completed_at #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListMalwareScans AWS API Documentation
+    #
+    # @overload list_malware_scans(params = {})
+    # @param [Hash] params ({})
+    def list_malware_scans(params = {}, options = {})
+      req = build_request(:list_malware_scans, params)
+      req.send_request(options)
+    end
+
     # Lists details about all member accounts for the current GuardDuty
     # administrator account.
     #
@@ -5159,22 +5360,76 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # Initiates a malware scan for a specific S3 object. This API allows you
+    # to perform on-demand malware scanning of individual objects in S3
+    # buckets that have Malware Protection for S3 enabled.
+    #
+    # When you use this API, the Amazon Web Services service terms for
+    # GuardDuty Malware Protection apply. For more information, see [Amazon
+    # Web Services service terms for GuardDuty Malware Protection][1].
+    #
+    #
+    #
+    # [1]: http://aws.amazon.com/service-terms/#87._Amazon_GuardDuty
+    #
+    # @option params [Types::S3ObjectForSendObjectMalwareScan] :s3_object
+    #   The S3 object information for the object you want to scan. The bucket
+    #   must have a Malware Protection plan configured to use this API.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.send_object_malware_scan({
+    #     s3_object: {
+    #       bucket: "String",
+    #       key: "String",
+    #       version_id: "String",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/SendObjectMalwareScan AWS API Documentation
+    #
+    # @overload send_object_malware_scan(params = {})
+    # @param [Hash] params ({})
+    def send_object_malware_scan(params = {}, options = {})
+      req = build_request(:send_object_malware_scan, params)
+      req.send_request(options)
+    end
+
     # Initiates the malware scan. Invoking this API will automatically
-    # create the [Service-linked role][1] in the corresponding account.
+    # create the [Service-linked role][1] in the corresponding account if
+    # the resourceArn belongs to an EC2 instance.
     #
     # When the malware scan starts, you can use the associated scan ID to
     # track the status of the scan. For more information, see
-    # [DescribeMalwareScans][2].
+    # [ListMalwareScans][2] and [GetMalwareScan][3].
+    #
+    # When you use this API, the Amazon Web Services service terms for
+    # GuardDuty Malware Protection apply. For more information, see [Amazon
+    # Web Services service terms for GuardDuty Malware Protection][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/slr-permissions-malware-protection.html
-    # [2]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DescribeMalwareScans.html
+    # [2]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListMalwareScans.html
+    # [3]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_GetMalwareScan.html
+    # [4]: http://aws.amazon.com/service-terms/#87._Amazon_GuardDuty
     #
     # @option params [required, String] :resource_arn
     #   Amazon Resource Name (ARN) of the resource for which you invoked the
     #   API.
     #
+    # @option params [String] :client_token
+    #   The idempotency token for the create request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [Types::StartMalwareScanConfiguration] :scan_configuration
+    #   Contains information about the configuration to be used for the
+    #   malware scan.
+    #
     # @return [Types::StartMalwareScanResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::StartMalwareScanResponse#scan_id #scan_id} => String
@@ -5183,6 +5438,16 @@ module Aws::GuardDuty
     #
     #   resp = client.start_malware_scan({
     #     resource_arn: "ResourceArn", # required
+    #     client_token: "ClientToken",
+    #     scan_configuration: {
+    #       role: "NonEmptyString", # required
+    #       incremental_scan_details: {
+    #         baseline_resource_arn: "NonEmptyString", # required
+    #       },
+    #       recovery_point: {
+    #         backup_vault_name: "String", # required
+    #       },
+    #     },
     #   })
     #
     # @example Response structure
@@ -6218,7 +6483,7 @@ module Aws::GuardDuty
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-guardduty'
-      context[:gem_version] = '1.132.0'
+      context[:gem_version] = '1.134.0'
       Seahorse::Client::Request.new(handlers, context)
     end