aws-sdk-guardduty 1.153.0 → 1.155.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6adcc24edb8288ec2a463559ce6322630686396de0fc99c1cdbdda4054d63bb
-  data.tar.gz: d23a697f2f89452fb21ed7e0723895483a55ef02e1cb8545507b6bde634e312b
+  metadata.gz: be0ea6000a8150d0e4e7f4b509af744c53a4bbf8d85390c4e129374e27b335e4
+  data.tar.gz: c3058413d6ece21d3556cbd842c70aa40ac61c4c550dcb8b872b2d8229f669ef
 SHA512:
-  metadata.gz: c523d3a7e9ef6a92c06ad91e2aba0b46ccf4c7cd80d3e1b5704914b4a74d77d3325ec31404f7e68b493ab29ba9a5d3c05b20bb71c5216170614111fae62a411f
-  data.tar.gz: 1cc71c945575b1e223b8f2b3f9b07debfd348729bd75a13e93d64d897bc1cd53e538a06d1b810b7747c9b0efa353571aa8bbd5340bd5a36aa91338e299a2a403
+  metadata.gz: 475a9bf4c9e3e9f80c89fa17a6c63ae27310d7bc4fde116bea40b7b3d69724dca8db06e36b771525f47ad7d50fea555e07dfe2ca4363f9dc57edd1419a1458e9
+  data.tar.gz: cc999e46310471846a386887e7a6b176baf7f3f8be6f145cd5b3a1b36756594316c180f6d130711e748ae63d1a4a057a73602677a38da676d940e8cbaa716ea1

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.155.0 (2026-06-22)
+------------------
+
+* Feature - Added AI-powered investigations that automatically analyze security findings, correlate related activity, and produce structured summaries with risk assessment, confidence scoring, MITRE technique classification, and actionable next steps.
+
+1.154.0 (2026-06-04)
+------------------
+
+* Feature - Remove unsupported RDS field for filter
+
 1.153.0 (2026-06-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.153.0
+1.155.0

data/lib/aws-sdk-guardduty/client.rb

@@ -764,8 +764,6 @@ module Aws::GuardDuty
     #
     #     Type: Timestamp in Unix Epoch millisecond format. Ex: 1486685375000
     #
-    #   * description
-    #
     #   * id
     #
     #   * partition
@@ -1100,10 +1098,6 @@ module Aws::GuardDuty
     #
     #   * resource.rdsDbInstanceDetails.publiclyAccessible
     #
-    #   * resource.rdsDbInstanceDetails.tags.key
-    #
-    #   * resource.rdsDbInstanceDetails.tags.value
-    #
     #   * resource.rdsDbInstanceDetails.vpcId
     #
     #   * resource.rdsDbInstanceDetails.vpcSecurityGroups.status
@@ -1202,8 +1196,6 @@ module Aws::GuardDuty
     #
     #   * service.action.actionType
     #
-    #   * service.action.awsApiCallAction.affectedResources
-    #
     #   * service.action.awsApiCallAction.api
     #
     #   * service.action.awsApiCallAction.callerType
@@ -1492,10 +1484,6 @@ module Aws::GuardDuty
     #
     #   * service.count
     #
-    #   * service.detection.anomaly.profiles
-    #
-    #   * service.detection.anomaly.unusual.behavior
-    #
     #   * service.detection.sequence.actors.id
     #
     #   * service.detection.sequence.actors.process.name
@@ -2069,8 +2057,6 @@ module Aws::GuardDuty
     #     For more information, see [Findings severity levels][2] in the
     #     *Amazon GuardDuty User Guide*.
     #
-    #   * title
-    #
     #   * type
     #
     #   * updatedAt
@@ -2221,6 +2207,93 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # This API is currently available as a preview. During the preview, you
+    # can initiate up to 10 investigations per account per day, with a total
+    # limit of 100 investigations per account. This feature is available in
+    # the following Amazon Web Services Regions: US East (N. Virginia), US
+    # East (Ohio), US West (Oregon), Canada (Central), Europe (Frankfurt),
+    # Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm),
+    # and Asia Pacific (Tokyo).
+    #
+    # Initiates a GuardDuty investigation that automatically analyzes
+    # security findings, correlates related activity, performs account-level
+    # analysis, and produces a structured investigation summary with
+    # recommended next steps.
+    #
+    # Only the administrator account can create an investigation. Member
+    # accounts don't have permission to create investigations from their
+    # accounts.
+    #
+    # To use this operation, the `AI_ANALYST` feature must be enabled on
+    # your detector.
+    #
+    # This feature uses Amazon Bedrock models that leverage Cross-Region
+    # Inference (CRIS), which automatically selects the optimal Amazon Web
+    # Services Region within your geography to process the investigation
+    # analysis and generate the investigation report. This maximizes
+    # available compute resources, model availability, and delivers the best
+    # customer experience. Your data remains stored only in the Region where
+    # the investigation request originates, however, investigation data and
+    # summary results may be processed outside that Region. All data is
+    # transmitted encrypted across Amazon's secure network. For more
+    # information, see [GuardDuty Investigation][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-investigation.html
+    #
+    # @option params [required, String] :detector_id
+    #   The unique ID of the GuardDuty detector for the account in which the
+    #   investigation is created.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings page
+    #   in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #
+    # @option params [required, String] :trigger_prompt
+    #   A natural-language description of what to investigate. For example:
+    #
+    #   * `"Investigate finding 1ab2c3d4e5f6a7b8c9d0e1f2a3b4c5d6 in account
+    #     123456789012"`
+    #
+    #   * `"Analyze findings in account with id 123456789012"`
+    #
+    #   * `"Analyze findings in my organization"`
+    #
+    # @option params [String] :client_token
+    #   The idempotency token for the create request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @return [Types::CreateInvestigationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateInvestigationResponse#investigation_id #investigation_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_investigation({
+    #     detector_id: "DetectorId", # required
+    #     trigger_prompt: "TriggerPrompt", # required
+    #     client_token: "ClientToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.investigation_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateInvestigation AWS API Documentation
+    #
+    # @overload create_investigation(params = {})
+    # @param [Hash] params ({})
+    def create_investigation(params = {}, options = {})
+      req = build_request(:create_investigation, params)
+      req.send_request(options)
+    end
+
     # Creates a new Malware Protection plan for the protected resource.
     #
     # When you create a Malware Protection plan, the Amazon Web Services
@@ -4673,6 +4746,73 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # This API is currently available as a preview. This feature is
+    # available in the following Amazon Web Services Regions: US East (N.
+    # Virginia), US East (Ohio), US West (Oregon), Canada (Central), Europe
+    # (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe
+    # (Stockholm), and Asia Pacific (Tokyo).
+    #
+    # Retrieves the results and status of a specific GuardDuty
+    # investigation.
+    #
+    # An administrator account can retrieve any investigation within the
+    # organization. Member accounts can only retrieve investigations that
+    # belong to them.
+    #
+    # @option params [required, String] :detector_id
+    #   The unique ID of the GuardDuty detector associated with the
+    #   investigation.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings page
+    #   in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #
+    # @option params [required, String] :investigation_id
+    #   The unique identifier of the investigation to retrieve.
+    #
+    # @return [Types::GetInvestigationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetInvestigationResponse#investigation #investigation} => Types::Investigation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_investigation({
+    #     detector_id: "DetectorId", # required
+    #     investigation_id: "InvestigationId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.investigation.investigation_id #=> String
+    #   resp.investigation.status #=> String, one of "RUNNING", "COMPLETED", "FAILED"
+    #   resp.investigation.trigger_prompt #=> String
+    #   resp.investigation.triggered_by #=> String
+    #   resp.investigation.metadata.version #=> String
+    #   resp.investigation.metadata.product.name #=> String
+    #   resp.investigation.metadata.product.feature #=> String
+    #   resp.investigation.cloud.provider #=> String, one of "AWS"
+    #   resp.investigation.cloud.region #=> String
+    #   resp.investigation.cloud.account #=> String
+    #   resp.investigation.risk_level #=> String, one of "Info", "Low", "Medium", "High", "Critical"
+    #   resp.investigation.risk #=> String
+    #   resp.investigation.confidence #=> String, one of "Unknown", "Low", "Medium", "High"
+    #   resp.investigation.summary #=> String
+    #   resp.investigation.start_time #=> Time
+    #   resp.investigation.end_time #=> Time
+    #   resp.investigation.error #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetInvestigation AWS API Documentation
+    #
+    # @overload get_investigation(params = {})
+    # @param [Hash] params ({})
+    def get_investigation(params = {}, options = {})
+      req = build_request(:get_investigation, params)
+      req.send_request(options)
+    end
+
     # Returns the count of all GuardDuty membership invitations that were
     # sent to the current member account except the currently accepted
     # invitation.
@@ -5976,6 +6116,86 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # This API is currently available as a preview. This feature is
+    # available in the following Amazon Web Services Regions: US East (N.
+    # Virginia), US East (Ohio), US West (Oregon), Canada (Central), Europe
+    # (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe
+    # (Stockholm), and Asia Pacific (Tokyo).
+    #
+    # Returns a list of investigations associated with the specified
+    # GuardDuty detector.
+    #
+    # An administrator account sees all investigations across the
+    # organization. Member accounts see only the investigations that belong
+    # to them.
+    #
+    # @option params [required, String] :detector_id
+    #   The unique ID of the GuardDuty detector whose investigations you want
+    #   to list.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings page
+    #   in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #
+    # @option params [Types::InvestigationSortCriteria] :sort_criteria
+    #   Represents the criteria used for sorting investigations.
+    #
+    # @option params [Integer] :max_results
+    #   You can use this parameter to indicate the maximum number of items you
+    #   want in the response. The default value is 50.
+    #
+    # @option params [String] :next_token
+    #   You can use this parameter when paginating results. Set the value of
+    #   this parameter to null on your first call to the list action. For
+    #   subsequent calls to the action, fill nextToken in the request with the
+    #   value of NextToken from the previous response to continue listing
+    #   data.
+    #
+    # @return [Types::ListInvestigationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListInvestigationsResponse#investigations #investigations} => Array<Types::InvestigationSummary>
+    #   * {Types::ListInvestigationsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_investigations({
+    #     detector_id: "DetectorId", # required
+    #     sort_criteria: {
+    #       attribute_name: "START_TIME", # accepts START_TIME, END_TIME, STATUS, RISK_LEVEL, CONFIDENCE
+    #       order_by: "ASC", # accepts ASC, DESC
+    #     },
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.investigations #=> Array
+    #   resp.investigations[0].investigation_id #=> String
+    #   resp.investigations[0].status #=> String, one of "RUNNING", "COMPLETED", "FAILED"
+    #   resp.investigations[0].trigger_prompt #=> String
+    #   resp.investigations[0].risk_level #=> String, one of "Info", "Low", "Medium", "High", "Critical"
+    #   resp.investigations[0].confidence #=> String, one of "Unknown", "Low", "Medium", "High"
+    #   resp.investigations[0].title #=> String
+    #   resp.investigations[0].account_id #=> String
+    #   resp.investigations[0].start_time #=> Time
+    #   resp.investigations[0].end_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListInvestigations AWS API Documentation
+    #
+    # @overload list_investigations(params = {})
+    # @param [Hash] params ({})
+    def list_investigations(params = {}, options = {})
+      req = build_request(:list_investigations, params)
+      req.send_request(options)
+    end
+
     # Lists all GuardDuty membership invitations that were sent to the
     # current Amazon Web Services account.
     #
@@ -6949,8 +7169,6 @@ module Aws::GuardDuty
     #
     #     Type: Timestamp in Unix Epoch millisecond format. Ex: 1486685375000
     #
-    #   * description
-    #
     #   * id
     #
     #   * partition
@@ -7285,10 +7503,6 @@ module Aws::GuardDuty
     #
     #   * resource.rdsDbInstanceDetails.publiclyAccessible
     #
-    #   * resource.rdsDbInstanceDetails.tags.key
-    #
-    #   * resource.rdsDbInstanceDetails.tags.value
-    #
     #   * resource.rdsDbInstanceDetails.vpcId
     #
     #   * resource.rdsDbInstanceDetails.vpcSecurityGroups.status
@@ -7387,8 +7601,6 @@ module Aws::GuardDuty
     #
     #   * service.action.actionType
     #
-    #   * service.action.awsApiCallAction.affectedResources
-    #
     #   * service.action.awsApiCallAction.api
     #
     #   * service.action.awsApiCallAction.callerType
@@ -7677,10 +7889,6 @@ module Aws::GuardDuty
     #
     #   * service.count
     #
-    #   * service.detection.anomaly.profiles
-    #
-    #   * service.detection.anomaly.unusual.behavior
-    #
     #   * service.detection.sequence.actors.id
     #
     #   * service.detection.sequence.actors.process.name
@@ -8254,8 +8462,6 @@ module Aws::GuardDuty
     #     For more information, see [Findings severity levels][2] in the
     #     *Amazon GuardDuty User Guide*.
     #
-    #   * title
-    #
     #   * type
     #
     #   * updatedAt
@@ -8972,7 +9178,7 @@ module Aws::GuardDuty
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-guardduty'
-      context[:gem_version] = '1.153.0'
+      context[:gem_version] = '1.155.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-guardduty/client_api.rb

@@ -66,10 +66,13 @@ module Aws::GuardDuty
     BucketPolicy = Shapes::StructureShape.new(name: 'BucketPolicy')
     City = Shapes::StructureShape.new(name: 'City')
     ClientToken = Shapes::StringShape.new(name: 'ClientToken')
+    CloudDetails = Shapes::StructureShape.new(name: 'CloudDetails')
+    CloudProvider = Shapes::StringShape.new(name: 'CloudProvider')
     CloudTrailConfigurationResult = Shapes::StructureShape.new(name: 'CloudTrailConfigurationResult')
     CloudformationStack = Shapes::StructureShape.new(name: 'CloudformationStack')
     ClusterStatus = Shapes::StringShape.new(name: 'ClusterStatus')
     Condition = Shapes::StructureShape.new(name: 'Condition')
+    Confidence = Shapes::StringShape.new(name: 'Confidence')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     Container = Shapes::StructureShape.new(name: 'Container')
     ContainerFindingResource = Shapes::StructureShape.new(name: 'ContainerFindingResource')
@@ -106,6 +109,8 @@ module Aws::GuardDuty
     CreateFilterResponse = Shapes::StructureShape.new(name: 'CreateFilterResponse')
     CreateIPSetRequest = Shapes::StructureShape.new(name: 'CreateIPSetRequest')
     CreateIPSetResponse = Shapes::StructureShape.new(name: 'CreateIPSetResponse')
+    CreateInvestigationRequest = Shapes::StructureShape.new(name: 'CreateInvestigationRequest')
+    CreateInvestigationResponse = Shapes::StructureShape.new(name: 'CreateInvestigationResponse')
     CreateMalwareProtectionPlanRequest = Shapes::StructureShape.new(name: 'CreateMalwareProtectionPlanRequest')
     CreateMalwareProtectionPlanResponse = Shapes::StructureShape.new(name: 'CreateMalwareProtectionPlanResponse')
     CreateMembersRequest = Shapes::StructureShape.new(name: 'CreateMembersRequest')
@@ -269,6 +274,8 @@ module Aws::GuardDuty
     GetFindingsStatisticsResponse = Shapes::StructureShape.new(name: 'GetFindingsStatisticsResponse')
     GetIPSetRequest = Shapes::StructureShape.new(name: 'GetIPSetRequest')
     GetIPSetResponse = Shapes::StructureShape.new(name: 'GetIPSetResponse')
+    GetInvestigationRequest = Shapes::StructureShape.new(name: 'GetInvestigationRequest')
+    GetInvestigationResponse = Shapes::StructureShape.new(name: 'GetInvestigationResponse')
     GetInvitationsCountRequest = Shapes::StructureShape.new(name: 'GetInvitationsCountRequest')
     GetInvitationsCountResponse = Shapes::StructureShape.new(name: 'GetInvitationsCountResponse')
     GetMalwareProtectionPlanRequest = Shapes::StructureShape.new(name: 'GetMalwareProtectionPlanRequest')
@@ -320,6 +327,16 @@ module Aws::GuardDuty
     Integer = Shapes::IntegerShape.new(name: 'Integer')
     IntegerValueWithMax = Shapes::IntegerShape.new(name: 'IntegerValueWithMax')
     InternalServerErrorException = Shapes::StructureShape.new(name: 'InternalServerErrorException')
+    Investigation = Shapes::StructureShape.new(name: 'Investigation')
+    InvestigationErrorDetails = Shapes::StringShape.new(name: 'InvestigationErrorDetails')
+    InvestigationId = Shapes::StringShape.new(name: 'InvestigationId')
+    InvestigationMetadata = Shapes::StructureShape.new(name: 'InvestigationMetadata')
+    InvestigationSortCriteria = Shapes::StructureShape.new(name: 'InvestigationSortCriteria')
+    InvestigationSortField = Shapes::StringShape.new(name: 'InvestigationSortField')
+    InvestigationStatus = Shapes::StringShape.new(name: 'InvestigationStatus')
+    InvestigationSummaries = Shapes::ListShape.new(name: 'InvestigationSummaries')
+    InvestigationSummary = Shapes::StructureShape.new(name: 'InvestigationSummary')
+    InvestigationTitle = Shapes::StringShape.new(name: 'InvestigationTitle')
     Invitation = Shapes::StructureShape.new(name: 'Invitation')
     Invitations = Shapes::ListShape.new(name: 'Invitations')
     InviteMembersRequest = Shapes::StructureShape.new(name: 'InviteMembersRequest')
@@ -361,6 +378,8 @@ module Aws::GuardDuty
     ListFindingsResponse = Shapes::StructureShape.new(name: 'ListFindingsResponse')
     ListIPSetsRequest = Shapes::StructureShape.new(name: 'ListIPSetsRequest')
     ListIPSetsResponse = Shapes::StructureShape.new(name: 'ListIPSetsResponse')
+    ListInvestigationsRequest = Shapes::StructureShape.new(name: 'ListInvestigationsRequest')
+    ListInvestigationsResponse = Shapes::StructureShape.new(name: 'ListInvestigationsResponse')
     ListInvitationsRequest = Shapes::StructureShape.new(name: 'ListInvitationsRequest')
     ListInvitationsResponse = Shapes::StructureShape.new(name: 'ListInvitationsResponse')
     ListMalwareProtectionPlansRequest = Shapes::StructureShape.new(name: 'ListMalwareProtectionPlansRequest')
@@ -442,6 +461,7 @@ module Aws::GuardDuty
     NetworkGeoLocation = Shapes::StructureShape.new(name: 'NetworkGeoLocation')
     NetworkInterface = Shapes::StructureShape.new(name: 'NetworkInterface')
     NetworkInterfaces = Shapes::ListShape.new(name: 'NetworkInterfaces')
+    NextToken = Shapes::StringShape.new(name: 'NextToken')
     NonEmptyString = Shapes::StringShape.new(name: 'NonEmptyString')
     NonNegativeInteger = Shapes::IntegerShape.new(name: 'NonNegativeInteger')
     NotEquals = Shapes::ListShape.new(name: 'NotEquals')
@@ -494,6 +514,7 @@ module Aws::GuardDuty
     ProcessName = Shapes::StringShape.new(name: 'ProcessName')
     ProcessPath = Shapes::StringShape.new(name: 'ProcessPath')
     ProcessSha256 = Shapes::StringShape.new(name: 'ProcessSha256')
+    Product = Shapes::StructureShape.new(name: 'Product')
     ProductCode = Shapes::StructureShape.new(name: 'ProductCode')
     ProductCodes = Shapes::ListShape.new(name: 'ProductCodes')
     ProfileSubtype = Shapes::StringShape.new(name: 'ProfileSubtype')
@@ -525,6 +546,8 @@ module Aws::GuardDuty
     ResourceUids = Shapes::ListShape.new(name: 'ResourceUids')
     ResourceV2 = Shapes::StructureShape.new(name: 'ResourceV2')
     Resources = Shapes::ListShape.new(name: 'Resources')
+    RiskDetails = Shapes::StringShape.new(name: 'RiskDetails')
+    RiskLevel = Shapes::StringShape.new(name: 'RiskLevel')
     RuntimeContext = Shapes::StructureShape.new(name: 'RuntimeContext')
     RuntimeDetails = Shapes::StructureShape.new(name: 'RuntimeDetails')
     S3Bucket = Shapes::StructureShape.new(name: 'S3Bucket')
@@ -619,7 +642,9 @@ module Aws::GuardDuty
     Timestamp = Shapes::TimestampShape.new(name: 'Timestamp')
     Total = Shapes::StructureShape.new(name: 'Total')
     TriggerDetails = Shapes::StructureShape.new(name: 'TriggerDetails')
+    TriggerPrompt = Shapes::StringShape.new(name: 'TriggerPrompt')
     TriggerType = Shapes::StringShape.new(name: 'TriggerType')
+    TriggeredBy = Shapes::StringShape.new(name: 'TriggeredBy')
     TrustedEntitySetFormat = Shapes::StringShape.new(name: 'TrustedEntitySetFormat')
     TrustedEntitySetIds = Shapes::ListShape.new(name: 'TrustedEntitySetIds')
     TrustedEntitySetStatus = Shapes::StringShape.new(name: 'TrustedEntitySetStatus')
@@ -868,6 +893,11 @@ module Aws::GuardDuty
     City.add_member(:city_name, Shapes::ShapeRef.new(shape: String, location_name: "cityName"))
     City.struct_class = Types::City
 
+    CloudDetails.add_member(:provider, Shapes::ShapeRef.new(shape: CloudProvider, required: true, location_name: "provider"))
+    CloudDetails.add_member(:region, Shapes::ShapeRef.new(shape: String, required: true, location_name: "region"))
+    CloudDetails.add_member(:account, Shapes::ShapeRef.new(shape: String, required: true, location_name: "account"))
+    CloudDetails.struct_class = Types::CloudDetails
+
     CloudTrailConfigurationResult.add_member(:status, Shapes::ShapeRef.new(shape: DataSourceStatus, required: true, location_name: "status"))
     CloudTrailConfigurationResult.struct_class = Types::CloudTrailConfigurationResult
 
@@ -1029,6 +1059,14 @@ module Aws::GuardDuty
     CreateIPSetResponse.add_member(:ip_set_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "ipSetId"))
     CreateIPSetResponse.struct_class = Types::CreateIPSetResponse
 
+    CreateInvestigationRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "DetectorId"))
+    CreateInvestigationRequest.add_member(:trigger_prompt, Shapes::ShapeRef.new(shape: TriggerPrompt, required: true, location_name: "triggerPrompt"))
+    CreateInvestigationRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
+    CreateInvestigationRequest.struct_class = Types::CreateInvestigationRequest
+
+    CreateInvestigationResponse.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, required: true, location_name: "investigationId"))
+    CreateInvestigationResponse.struct_class = Types::CreateInvestigationResponse
+
     CreateMalwareProtectionPlanRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     CreateMalwareProtectionPlanRequest.add_member(:role, Shapes::ShapeRef.new(shape: String, required: true, location_name: "role"))
     CreateMalwareProtectionPlanRequest.add_member(:protected_resource, Shapes::ShapeRef.new(shape: CreateProtectedResource, required: true, location_name: "protectedResource"))
@@ -1597,6 +1635,13 @@ module Aws::GuardDuty
     GetIPSetResponse.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location_name: "expectedBucketOwner"))
     GetIPSetResponse.struct_class = Types::GetIPSetResponse
 
+    GetInvestigationRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "DetectorId"))
+    GetInvestigationRequest.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, required: true, location: "uri", location_name: "InvestigationId"))
+    GetInvestigationRequest.struct_class = Types::GetInvestigationRequest
+
+    GetInvestigationResponse.add_member(:investigation, Shapes::ShapeRef.new(shape: Investigation, required: true, location_name: "investigation"))
+    GetInvestigationResponse.struct_class = Types::GetInvestigationResponse
+
     GetInvitationsCountRequest.struct_class = Types::GetInvitationsCountRequest
 
     GetInvitationsCountResponse.add_member(:invitations_count, Shapes::ShapeRef.new(shape: Integer, location_name: "invitationsCount"))
@@ -1803,6 +1848,42 @@ module Aws::GuardDuty
     InternalServerErrorException.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "type"))
     InternalServerErrorException.struct_class = Types::InternalServerErrorException
 
+    Investigation.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, required: true, location_name: "investigationId"))
+    Investigation.add_member(:status, Shapes::ShapeRef.new(shape: InvestigationStatus, required: true, location_name: "status"))
+    Investigation.add_member(:trigger_prompt, Shapes::ShapeRef.new(shape: TriggerPrompt, required: true, location_name: "triggerPrompt"))
+    Investigation.add_member(:triggered_by, Shapes::ShapeRef.new(shape: TriggeredBy, required: true, location_name: "triggeredBy"))
+    Investigation.add_member(:metadata, Shapes::ShapeRef.new(shape: InvestigationMetadata, location_name: "metadata"))
+    Investigation.add_member(:cloud, Shapes::ShapeRef.new(shape: CloudDetails, location_name: "cloud"))
+    Investigation.add_member(:risk_level, Shapes::ShapeRef.new(shape: RiskLevel, location_name: "riskLevel"))
+    Investigation.add_member(:risk, Shapes::ShapeRef.new(shape: RiskDetails, location_name: "risk"))
+    Investigation.add_member(:confidence, Shapes::ShapeRef.new(shape: Confidence, location_name: "confidence"))
+    Investigation.add_member(:summary, Shapes::ShapeRef.new(shape: String, location_name: "summary"))
+    Investigation.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "startTime"))
+    Investigation.add_member(:end_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "endTime"))
+    Investigation.add_member(:error, Shapes::ShapeRef.new(shape: InvestigationErrorDetails, location_name: "error"))
+    Investigation.struct_class = Types::Investigation
+
+    InvestigationMetadata.add_member(:version, Shapes::ShapeRef.new(shape: String, required: true, location_name: "version"))
+    InvestigationMetadata.add_member(:product, Shapes::ShapeRef.new(shape: Product, required: true, location_name: "product"))
+    InvestigationMetadata.struct_class = Types::InvestigationMetadata
+
+    InvestigationSortCriteria.add_member(:attribute_name, Shapes::ShapeRef.new(shape: InvestigationSortField, location_name: "attributeName"))
+    InvestigationSortCriteria.add_member(:order_by, Shapes::ShapeRef.new(shape: OrderBy, location_name: "orderBy"))
+    InvestigationSortCriteria.struct_class = Types::InvestigationSortCriteria
+
+    InvestigationSummaries.member = Shapes::ShapeRef.new(shape: InvestigationSummary)
+
+    InvestigationSummary.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, location_name: "investigationId"))
+    InvestigationSummary.add_member(:status, Shapes::ShapeRef.new(shape: InvestigationStatus, location_name: "status"))
+    InvestigationSummary.add_member(:trigger_prompt, Shapes::ShapeRef.new(shape: TriggerPrompt, location_name: "triggerPrompt"))
+    InvestigationSummary.add_member(:risk_level, Shapes::ShapeRef.new(shape: RiskLevel, location_name: "riskLevel"))
+    InvestigationSummary.add_member(:confidence, Shapes::ShapeRef.new(shape: Confidence, location_name: "confidence"))
+    InvestigationSummary.add_member(:title, Shapes::ShapeRef.new(shape: InvestigationTitle, location_name: "title"))
+    InvestigationSummary.add_member(:account_id, Shapes::ShapeRef.new(shape: String, location_name: "accountId"))
+    InvestigationSummary.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "startTime"))
+    InvestigationSummary.add_member(:end_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "endTime"))
+    InvestigationSummary.struct_class = Types::InvestigationSummary
+
     Invitation.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "accountId"))
     Invitation.add_member(:invitation_id, Shapes::ShapeRef.new(shape: String, location_name: "invitationId"))
     Invitation.add_member(:relationship_status, Shapes::ShapeRef.new(shape: String, location_name: "relationshipStatus"))
@@ -1986,6 +2067,16 @@ module Aws::GuardDuty
     ListIPSetsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
     ListIPSetsResponse.struct_class = Types::ListIPSetsResponse
 
+    ListInvestigationsRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "DetectorId"))
+    ListInvestigationsRequest.add_member(:sort_criteria, Shapes::ShapeRef.new(shape: InvestigationSortCriteria, location_name: "sortCriteria"))
+    ListInvestigationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "maxResults"))
+    ListInvestigationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
+    ListInvestigationsRequest.struct_class = Types::ListInvestigationsRequest
+
+    ListInvestigationsResponse.add_member(:investigations, Shapes::ShapeRef.new(shape: InvestigationSummaries, required: true, location_name: "investigations"))
+    ListInvestigationsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
+    ListInvestigationsResponse.struct_class = Types::ListInvestigationsResponse
+
     ListInvitationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "maxResults"))
     ListInvitationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
     ListInvitationsRequest.struct_class = Types::ListInvitationsRequest
@@ -2404,6 +2495,10 @@ module Aws::GuardDuty
     ProcessDetails.add_member(:lineage, Shapes::ShapeRef.new(shape: Lineage, location_name: "lineage"))
     ProcessDetails.struct_class = Types::ProcessDetails
 
+    Product.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "name"))
+    Product.add_member(:feature, Shapes::ShapeRef.new(shape: String, location_name: "feature"))
+    Product.struct_class = Types::Product
+
     ProductCode.add_member(:code, Shapes::ShapeRef.new(shape: String, location_name: "productCodeId"))
     ProductCode.add_member(:product_type, Shapes::ShapeRef.new(shape: String, location_name: "productCodeType"))
     ProductCode.struct_class = Types::ProductCode
@@ -3207,6 +3302,17 @@ module Aws::GuardDuty
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:create_investigation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateInvestigation"
+        o.http_method = "POST"
+        o.http_request_uri = "/detector/{DetectorId}/investigation"
+        o.input = Shapes::ShapeRef.new(shape: CreateInvestigationRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateInvestigationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: BadRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:create_malware_protection_plan, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateMalwareProtectionPlan"
         o.http_method = "POST"
@@ -3555,6 +3661,18 @@ module Aws::GuardDuty
         o.errors << Shapes::ShapeRef.new(shape: InternalServerErrorException)
       end)
 
+      api.add_operation(:get_investigation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetInvestigation"
+        o.http_method = "GET"
+        o.http_request_uri = "/detector/{DetectorId}/investigation/{InvestigationId}"
+        o.input = Shapes::ShapeRef.new(shape: GetInvestigationRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetInvestigationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: BadRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:get_invitations_count, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetInvitationsCount"
         o.http_method = "GET"
@@ -3785,6 +3903,23 @@ module Aws::GuardDuty
         )
       end)
 
+      api.add_operation(:list_investigations, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListInvestigations"
+        o.http_method = "POST"
+        o.http_request_uri = "/detector/{DetectorId}/investigation/list"
+        o.input = Shapes::ShapeRef.new(shape: ListInvestigationsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListInvestigationsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: BadRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_invitations, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListInvitations"
         o.http_method = "GET"