aws-sdk-guardduty 1.154.0 → 1.155.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 52bcf647e9275664f8705f5cf312175aea0f4de960cecb5e7be5e88cefb993f1
-  data.tar.gz: b707f5264aeec56481c7aefd48e6846f9847014a7cad5d9a05ba297ca9960f6b
+  metadata.gz: be0ea6000a8150d0e4e7f4b509af744c53a4bbf8d85390c4e129374e27b335e4
+  data.tar.gz: c3058413d6ece21d3556cbd842c70aa40ac61c4c550dcb8b872b2d8229f669ef
 SHA512:
-  metadata.gz: c9e426ff95aac71fd0f7847feb060d592115df28b7425dd70a46191c066aad140737f8fdd06adbd3c1a3d5f2fae02f82eeec3640b59e854f1562f2df716b5833
-  data.tar.gz: 16cc33db93b74f911e79dabbf60f4889a830140776502dbaf8fa2058cd061f92f8a2467c7e35564499db04a36660a45f875cb70f40004f5e0e737953f7908c22
+  metadata.gz: 475a9bf4c9e3e9f80c89fa17a6c63ae27310d7bc4fde116bea40b7b3d69724dca8db06e36b771525f47ad7d50fea555e07dfe2ca4363f9dc57edd1419a1458e9
+  data.tar.gz: cc999e46310471846a386887e7a6b176baf7f3f8be6f145cd5b3a1b36756594316c180f6d130711e748ae63d1a4a057a73602677a38da676d940e8cbaa716ea1

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.155.0 (2026-06-22)
+------------------
+
+* Feature - Added AI-powered investigations that automatically analyze security findings, correlate related activity, and produce structured summaries with risk assessment, confidence scoring, MITRE technique classification, and actionable next steps.
+
 1.154.0 (2026-06-04)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.154.0
+1.155.0

data/lib/aws-sdk-guardduty/client.rb

@@ -2207,6 +2207,93 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # This API is currently available as a preview. During the preview, you
+    # can initiate up to 10 investigations per account per day, with a total
+    # limit of 100 investigations per account. This feature is available in
+    # the following Amazon Web Services Regions: US East (N. Virginia), US
+    # East (Ohio), US West (Oregon), Canada (Central), Europe (Frankfurt),
+    # Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm),
+    # and Asia Pacific (Tokyo).
+    #
+    # Initiates a GuardDuty investigation that automatically analyzes
+    # security findings, correlates related activity, performs account-level
+    # analysis, and produces a structured investigation summary with
+    # recommended next steps.
+    #
+    # Only the administrator account can create an investigation. Member
+    # accounts don't have permission to create investigations from their
+    # accounts.
+    #
+    # To use this operation, the `AI_ANALYST` feature must be enabled on
+    # your detector.
+    #
+    # This feature uses Amazon Bedrock models that leverage Cross-Region
+    # Inference (CRIS), which automatically selects the optimal Amazon Web
+    # Services Region within your geography to process the investigation
+    # analysis and generate the investigation report. This maximizes
+    # available compute resources, model availability, and delivers the best
+    # customer experience. Your data remains stored only in the Region where
+    # the investigation request originates, however, investigation data and
+    # summary results may be processed outside that Region. All data is
+    # transmitted encrypted across Amazon's secure network. For more
+    # information, see [GuardDuty Investigation][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-investigation.html
+    #
+    # @option params [required, String] :detector_id
+    #   The unique ID of the GuardDuty detector for the account in which the
+    #   investigation is created.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings page
+    #   in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #
+    # @option params [required, String] :trigger_prompt
+    #   A natural-language description of what to investigate. For example:
+    #
+    #   * `"Investigate finding 1ab2c3d4e5f6a7b8c9d0e1f2a3b4c5d6 in account
+    #     123456789012"`
+    #
+    #   * `"Analyze findings in account with id 123456789012"`
+    #
+    #   * `"Analyze findings in my organization"`
+    #
+    # @option params [String] :client_token
+    #   The idempotency token for the create request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @return [Types::CreateInvestigationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateInvestigationResponse#investigation_id #investigation_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_investigation({
+    #     detector_id: "DetectorId", # required
+    #     trigger_prompt: "TriggerPrompt", # required
+    #     client_token: "ClientToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.investigation_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateInvestigation AWS API Documentation
+    #
+    # @overload create_investigation(params = {})
+    # @param [Hash] params ({})
+    def create_investigation(params = {}, options = {})
+      req = build_request(:create_investigation, params)
+      req.send_request(options)
+    end
+
     # Creates a new Malware Protection plan for the protected resource.
     #
     # When you create a Malware Protection plan, the Amazon Web Services
@@ -4659,6 +4746,73 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # This API is currently available as a preview. This feature is
+    # available in the following Amazon Web Services Regions: US East (N.
+    # Virginia), US East (Ohio), US West (Oregon), Canada (Central), Europe
+    # (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe
+    # (Stockholm), and Asia Pacific (Tokyo).
+    #
+    # Retrieves the results and status of a specific GuardDuty
+    # investigation.
+    #
+    # An administrator account can retrieve any investigation within the
+    # organization. Member accounts can only retrieve investigations that
+    # belong to them.
+    #
+    # @option params [required, String] :detector_id
+    #   The unique ID of the GuardDuty detector associated with the
+    #   investigation.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings page
+    #   in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #
+    # @option params [required, String] :investigation_id
+    #   The unique identifier of the investigation to retrieve.
+    #
+    # @return [Types::GetInvestigationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetInvestigationResponse#investigation #investigation} => Types::Investigation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_investigation({
+    #     detector_id: "DetectorId", # required
+    #     investigation_id: "InvestigationId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.investigation.investigation_id #=> String
+    #   resp.investigation.status #=> String, one of "RUNNING", "COMPLETED", "FAILED"
+    #   resp.investigation.trigger_prompt #=> String
+    #   resp.investigation.triggered_by #=> String
+    #   resp.investigation.metadata.version #=> String
+    #   resp.investigation.metadata.product.name #=> String
+    #   resp.investigation.metadata.product.feature #=> String
+    #   resp.investigation.cloud.provider #=> String, one of "AWS"
+    #   resp.investigation.cloud.region #=> String
+    #   resp.investigation.cloud.account #=> String
+    #   resp.investigation.risk_level #=> String, one of "Info", "Low", "Medium", "High", "Critical"
+    #   resp.investigation.risk #=> String
+    #   resp.investigation.confidence #=> String, one of "Unknown", "Low", "Medium", "High"
+    #   resp.investigation.summary #=> String
+    #   resp.investigation.start_time #=> Time
+    #   resp.investigation.end_time #=> Time
+    #   resp.investigation.error #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetInvestigation AWS API Documentation
+    #
+    # @overload get_investigation(params = {})
+    # @param [Hash] params ({})
+    def get_investigation(params = {}, options = {})
+      req = build_request(:get_investigation, params)
+      req.send_request(options)
+    end
+
     # Returns the count of all GuardDuty membership invitations that were
     # sent to the current member account except the currently accepted
     # invitation.
@@ -5962,6 +6116,86 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
+    # This API is currently available as a preview. This feature is
+    # available in the following Amazon Web Services Regions: US East (N.
+    # Virginia), US East (Ohio), US West (Oregon), Canada (Central), Europe
+    # (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe
+    # (Stockholm), and Asia Pacific (Tokyo).
+    #
+    # Returns a list of investigations associated with the specified
+    # GuardDuty detector.
+    #
+    # An administrator account sees all investigations across the
+    # organization. Member accounts see only the investigations that belong
+    # to them.
+    #
+    # @option params [required, String] :detector_id
+    #   The unique ID of the GuardDuty detector whose investigations you want
+    #   to list.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings page
+    #   in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #
+    # @option params [Types::InvestigationSortCriteria] :sort_criteria
+    #   Represents the criteria used for sorting investigations.
+    #
+    # @option params [Integer] :max_results
+    #   You can use this parameter to indicate the maximum number of items you
+    #   want in the response. The default value is 50.
+    #
+    # @option params [String] :next_token
+    #   You can use this parameter when paginating results. Set the value of
+    #   this parameter to null on your first call to the list action. For
+    #   subsequent calls to the action, fill nextToken in the request with the
+    #   value of NextToken from the previous response to continue listing
+    #   data.
+    #
+    # @return [Types::ListInvestigationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListInvestigationsResponse#investigations #investigations} => Array<Types::InvestigationSummary>
+    #   * {Types::ListInvestigationsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_investigations({
+    #     detector_id: "DetectorId", # required
+    #     sort_criteria: {
+    #       attribute_name: "START_TIME", # accepts START_TIME, END_TIME, STATUS, RISK_LEVEL, CONFIDENCE
+    #       order_by: "ASC", # accepts ASC, DESC
+    #     },
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.investigations #=> Array
+    #   resp.investigations[0].investigation_id #=> String
+    #   resp.investigations[0].status #=> String, one of "RUNNING", "COMPLETED", "FAILED"
+    #   resp.investigations[0].trigger_prompt #=> String
+    #   resp.investigations[0].risk_level #=> String, one of "Info", "Low", "Medium", "High", "Critical"
+    #   resp.investigations[0].confidence #=> String, one of "Unknown", "Low", "Medium", "High"
+    #   resp.investigations[0].title #=> String
+    #   resp.investigations[0].account_id #=> String
+    #   resp.investigations[0].start_time #=> Time
+    #   resp.investigations[0].end_time #=> Time
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListInvestigations AWS API Documentation
+    #
+    # @overload list_investigations(params = {})
+    # @param [Hash] params ({})
+    def list_investigations(params = {}, options = {})
+      req = build_request(:list_investigations, params)
+      req.send_request(options)
+    end
+
     # Lists all GuardDuty membership invitations that were sent to the
     # current Amazon Web Services account.
     #
@@ -8944,7 +9178,7 @@ module Aws::GuardDuty
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-guardduty'
-      context[:gem_version] = '1.154.0'
+      context[:gem_version] = '1.155.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-guardduty/client_api.rb

@@ -66,10 +66,13 @@ module Aws::GuardDuty
     BucketPolicy = Shapes::StructureShape.new(name: 'BucketPolicy')
     City = Shapes::StructureShape.new(name: 'City')
     ClientToken = Shapes::StringShape.new(name: 'ClientToken')
+    CloudDetails = Shapes::StructureShape.new(name: 'CloudDetails')
+    CloudProvider = Shapes::StringShape.new(name: 'CloudProvider')
     CloudTrailConfigurationResult = Shapes::StructureShape.new(name: 'CloudTrailConfigurationResult')
     CloudformationStack = Shapes::StructureShape.new(name: 'CloudformationStack')
     ClusterStatus = Shapes::StringShape.new(name: 'ClusterStatus')
     Condition = Shapes::StructureShape.new(name: 'Condition')
+    Confidence = Shapes::StringShape.new(name: 'Confidence')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     Container = Shapes::StructureShape.new(name: 'Container')
     ContainerFindingResource = Shapes::StructureShape.new(name: 'ContainerFindingResource')
@@ -106,6 +109,8 @@ module Aws::GuardDuty
     CreateFilterResponse = Shapes::StructureShape.new(name: 'CreateFilterResponse')
     CreateIPSetRequest = Shapes::StructureShape.new(name: 'CreateIPSetRequest')
     CreateIPSetResponse = Shapes::StructureShape.new(name: 'CreateIPSetResponse')
+    CreateInvestigationRequest = Shapes::StructureShape.new(name: 'CreateInvestigationRequest')
+    CreateInvestigationResponse = Shapes::StructureShape.new(name: 'CreateInvestigationResponse')
     CreateMalwareProtectionPlanRequest = Shapes::StructureShape.new(name: 'CreateMalwareProtectionPlanRequest')
     CreateMalwareProtectionPlanResponse = Shapes::StructureShape.new(name: 'CreateMalwareProtectionPlanResponse')
     CreateMembersRequest = Shapes::StructureShape.new(name: 'CreateMembersRequest')
@@ -269,6 +274,8 @@ module Aws::GuardDuty
     GetFindingsStatisticsResponse = Shapes::StructureShape.new(name: 'GetFindingsStatisticsResponse')
     GetIPSetRequest = Shapes::StructureShape.new(name: 'GetIPSetRequest')
     GetIPSetResponse = Shapes::StructureShape.new(name: 'GetIPSetResponse')
+    GetInvestigationRequest = Shapes::StructureShape.new(name: 'GetInvestigationRequest')
+    GetInvestigationResponse = Shapes::StructureShape.new(name: 'GetInvestigationResponse')
     GetInvitationsCountRequest = Shapes::StructureShape.new(name: 'GetInvitationsCountRequest')
     GetInvitationsCountResponse = Shapes::StructureShape.new(name: 'GetInvitationsCountResponse')
     GetMalwareProtectionPlanRequest = Shapes::StructureShape.new(name: 'GetMalwareProtectionPlanRequest')
@@ -320,6 +327,16 @@ module Aws::GuardDuty
     Integer = Shapes::IntegerShape.new(name: 'Integer')
     IntegerValueWithMax = Shapes::IntegerShape.new(name: 'IntegerValueWithMax')
     InternalServerErrorException = Shapes::StructureShape.new(name: 'InternalServerErrorException')
+    Investigation = Shapes::StructureShape.new(name: 'Investigation')
+    InvestigationErrorDetails = Shapes::StringShape.new(name: 'InvestigationErrorDetails')
+    InvestigationId = Shapes::StringShape.new(name: 'InvestigationId')
+    InvestigationMetadata = Shapes::StructureShape.new(name: 'InvestigationMetadata')
+    InvestigationSortCriteria = Shapes::StructureShape.new(name: 'InvestigationSortCriteria')
+    InvestigationSortField = Shapes::StringShape.new(name: 'InvestigationSortField')
+    InvestigationStatus = Shapes::StringShape.new(name: 'InvestigationStatus')
+    InvestigationSummaries = Shapes::ListShape.new(name: 'InvestigationSummaries')
+    InvestigationSummary = Shapes::StructureShape.new(name: 'InvestigationSummary')
+    InvestigationTitle = Shapes::StringShape.new(name: 'InvestigationTitle')
     Invitation = Shapes::StructureShape.new(name: 'Invitation')
     Invitations = Shapes::ListShape.new(name: 'Invitations')
     InviteMembersRequest = Shapes::StructureShape.new(name: 'InviteMembersRequest')
@@ -361,6 +378,8 @@ module Aws::GuardDuty
     ListFindingsResponse = Shapes::StructureShape.new(name: 'ListFindingsResponse')
     ListIPSetsRequest = Shapes::StructureShape.new(name: 'ListIPSetsRequest')
     ListIPSetsResponse = Shapes::StructureShape.new(name: 'ListIPSetsResponse')
+    ListInvestigationsRequest = Shapes::StructureShape.new(name: 'ListInvestigationsRequest')
+    ListInvestigationsResponse = Shapes::StructureShape.new(name: 'ListInvestigationsResponse')
     ListInvitationsRequest = Shapes::StructureShape.new(name: 'ListInvitationsRequest')
     ListInvitationsResponse = Shapes::StructureShape.new(name: 'ListInvitationsResponse')
     ListMalwareProtectionPlansRequest = Shapes::StructureShape.new(name: 'ListMalwareProtectionPlansRequest')
@@ -442,6 +461,7 @@ module Aws::GuardDuty
     NetworkGeoLocation = Shapes::StructureShape.new(name: 'NetworkGeoLocation')
     NetworkInterface = Shapes::StructureShape.new(name: 'NetworkInterface')
     NetworkInterfaces = Shapes::ListShape.new(name: 'NetworkInterfaces')
+    NextToken = Shapes::StringShape.new(name: 'NextToken')
     NonEmptyString = Shapes::StringShape.new(name: 'NonEmptyString')
     NonNegativeInteger = Shapes::IntegerShape.new(name: 'NonNegativeInteger')
     NotEquals = Shapes::ListShape.new(name: 'NotEquals')
@@ -494,6 +514,7 @@ module Aws::GuardDuty
     ProcessName = Shapes::StringShape.new(name: 'ProcessName')
     ProcessPath = Shapes::StringShape.new(name: 'ProcessPath')
     ProcessSha256 = Shapes::StringShape.new(name: 'ProcessSha256')
+    Product = Shapes::StructureShape.new(name: 'Product')
     ProductCode = Shapes::StructureShape.new(name: 'ProductCode')
     ProductCodes = Shapes::ListShape.new(name: 'ProductCodes')
     ProfileSubtype = Shapes::StringShape.new(name: 'ProfileSubtype')
@@ -525,6 +546,8 @@ module Aws::GuardDuty
     ResourceUids = Shapes::ListShape.new(name: 'ResourceUids')
     ResourceV2 = Shapes::StructureShape.new(name: 'ResourceV2')
     Resources = Shapes::ListShape.new(name: 'Resources')
+    RiskDetails = Shapes::StringShape.new(name: 'RiskDetails')
+    RiskLevel = Shapes::StringShape.new(name: 'RiskLevel')
     RuntimeContext = Shapes::StructureShape.new(name: 'RuntimeContext')
     RuntimeDetails = Shapes::StructureShape.new(name: 'RuntimeDetails')
     S3Bucket = Shapes::StructureShape.new(name: 'S3Bucket')
@@ -619,7 +642,9 @@ module Aws::GuardDuty
     Timestamp = Shapes::TimestampShape.new(name: 'Timestamp')
     Total = Shapes::StructureShape.new(name: 'Total')
     TriggerDetails = Shapes::StructureShape.new(name: 'TriggerDetails')
+    TriggerPrompt = Shapes::StringShape.new(name: 'TriggerPrompt')
     TriggerType = Shapes::StringShape.new(name: 'TriggerType')
+    TriggeredBy = Shapes::StringShape.new(name: 'TriggeredBy')
     TrustedEntitySetFormat = Shapes::StringShape.new(name: 'TrustedEntitySetFormat')
     TrustedEntitySetIds = Shapes::ListShape.new(name: 'TrustedEntitySetIds')
     TrustedEntitySetStatus = Shapes::StringShape.new(name: 'TrustedEntitySetStatus')
@@ -868,6 +893,11 @@ module Aws::GuardDuty
     City.add_member(:city_name, Shapes::ShapeRef.new(shape: String, location_name: "cityName"))
     City.struct_class = Types::City
 
+    CloudDetails.add_member(:provider, Shapes::ShapeRef.new(shape: CloudProvider, required: true, location_name: "provider"))
+    CloudDetails.add_member(:region, Shapes::ShapeRef.new(shape: String, required: true, location_name: "region"))
+    CloudDetails.add_member(:account, Shapes::ShapeRef.new(shape: String, required: true, location_name: "account"))
+    CloudDetails.struct_class = Types::CloudDetails
+
     CloudTrailConfigurationResult.add_member(:status, Shapes::ShapeRef.new(shape: DataSourceStatus, required: true, location_name: "status"))
     CloudTrailConfigurationResult.struct_class = Types::CloudTrailConfigurationResult
 
@@ -1029,6 +1059,14 @@ module Aws::GuardDuty
     CreateIPSetResponse.add_member(:ip_set_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "ipSetId"))
     CreateIPSetResponse.struct_class = Types::CreateIPSetResponse
 
+    CreateInvestigationRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "DetectorId"))
+    CreateInvestigationRequest.add_member(:trigger_prompt, Shapes::ShapeRef.new(shape: TriggerPrompt, required: true, location_name: "triggerPrompt"))
+    CreateInvestigationRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
+    CreateInvestigationRequest.struct_class = Types::CreateInvestigationRequest
+
+    CreateInvestigationResponse.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, required: true, location_name: "investigationId"))
+    CreateInvestigationResponse.struct_class = Types::CreateInvestigationResponse
+
     CreateMalwareProtectionPlanRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: ClientToken, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     CreateMalwareProtectionPlanRequest.add_member(:role, Shapes::ShapeRef.new(shape: String, required: true, location_name: "role"))
     CreateMalwareProtectionPlanRequest.add_member(:protected_resource, Shapes::ShapeRef.new(shape: CreateProtectedResource, required: true, location_name: "protectedResource"))
@@ -1597,6 +1635,13 @@ module Aws::GuardDuty
     GetIPSetResponse.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location_name: "expectedBucketOwner"))
     GetIPSetResponse.struct_class = Types::GetIPSetResponse
 
+    GetInvestigationRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "DetectorId"))
+    GetInvestigationRequest.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, required: true, location: "uri", location_name: "InvestigationId"))
+    GetInvestigationRequest.struct_class = Types::GetInvestigationRequest
+
+    GetInvestigationResponse.add_member(:investigation, Shapes::ShapeRef.new(shape: Investigation, required: true, location_name: "investigation"))
+    GetInvestigationResponse.struct_class = Types::GetInvestigationResponse
+
     GetInvitationsCountRequest.struct_class = Types::GetInvitationsCountRequest
 
     GetInvitationsCountResponse.add_member(:invitations_count, Shapes::ShapeRef.new(shape: Integer, location_name: "invitationsCount"))
@@ -1803,6 +1848,42 @@ module Aws::GuardDuty
     InternalServerErrorException.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "type"))
     InternalServerErrorException.struct_class = Types::InternalServerErrorException
 
+    Investigation.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, required: true, location_name: "investigationId"))
+    Investigation.add_member(:status, Shapes::ShapeRef.new(shape: InvestigationStatus, required: true, location_name: "status"))
+    Investigation.add_member(:trigger_prompt, Shapes::ShapeRef.new(shape: TriggerPrompt, required: true, location_name: "triggerPrompt"))
+    Investigation.add_member(:triggered_by, Shapes::ShapeRef.new(shape: TriggeredBy, required: true, location_name: "triggeredBy"))
+    Investigation.add_member(:metadata, Shapes::ShapeRef.new(shape: InvestigationMetadata, location_name: "metadata"))
+    Investigation.add_member(:cloud, Shapes::ShapeRef.new(shape: CloudDetails, location_name: "cloud"))
+    Investigation.add_member(:risk_level, Shapes::ShapeRef.new(shape: RiskLevel, location_name: "riskLevel"))
+    Investigation.add_member(:risk, Shapes::ShapeRef.new(shape: RiskDetails, location_name: "risk"))
+    Investigation.add_member(:confidence, Shapes::ShapeRef.new(shape: Confidence, location_name: "confidence"))
+    Investigation.add_member(:summary, Shapes::ShapeRef.new(shape: String, location_name: "summary"))
+    Investigation.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "startTime"))
+    Investigation.add_member(:end_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "endTime"))
+    Investigation.add_member(:error, Shapes::ShapeRef.new(shape: InvestigationErrorDetails, location_name: "error"))
+    Investigation.struct_class = Types::Investigation
+
+    InvestigationMetadata.add_member(:version, Shapes::ShapeRef.new(shape: String, required: true, location_name: "version"))
+    InvestigationMetadata.add_member(:product, Shapes::ShapeRef.new(shape: Product, required: true, location_name: "product"))
+    InvestigationMetadata.struct_class = Types::InvestigationMetadata
+
+    InvestigationSortCriteria.add_member(:attribute_name, Shapes::ShapeRef.new(shape: InvestigationSortField, location_name: "attributeName"))
+    InvestigationSortCriteria.add_member(:order_by, Shapes::ShapeRef.new(shape: OrderBy, location_name: "orderBy"))
+    InvestigationSortCriteria.struct_class = Types::InvestigationSortCriteria
+
+    InvestigationSummaries.member = Shapes::ShapeRef.new(shape: InvestigationSummary)
+
+    InvestigationSummary.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, location_name: "investigationId"))
+    InvestigationSummary.add_member(:status, Shapes::ShapeRef.new(shape: InvestigationStatus, location_name: "status"))
+    InvestigationSummary.add_member(:trigger_prompt, Shapes::ShapeRef.new(shape: TriggerPrompt, location_name: "triggerPrompt"))
+    InvestigationSummary.add_member(:risk_level, Shapes::ShapeRef.new(shape: RiskLevel, location_name: "riskLevel"))
+    InvestigationSummary.add_member(:confidence, Shapes::ShapeRef.new(shape: Confidence, location_name: "confidence"))
+    InvestigationSummary.add_member(:title, Shapes::ShapeRef.new(shape: InvestigationTitle, location_name: "title"))
+    InvestigationSummary.add_member(:account_id, Shapes::ShapeRef.new(shape: String, location_name: "accountId"))
+    InvestigationSummary.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "startTime"))
+    InvestigationSummary.add_member(:end_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "endTime"))
+    InvestigationSummary.struct_class = Types::InvestigationSummary
+
     Invitation.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "accountId"))
     Invitation.add_member(:invitation_id, Shapes::ShapeRef.new(shape: String, location_name: "invitationId"))
     Invitation.add_member(:relationship_status, Shapes::ShapeRef.new(shape: String, location_name: "relationshipStatus"))
@@ -1986,6 +2067,16 @@ module Aws::GuardDuty
     ListIPSetsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
     ListIPSetsResponse.struct_class = Types::ListIPSetsResponse
 
+    ListInvestigationsRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "DetectorId"))
+    ListInvestigationsRequest.add_member(:sort_criteria, Shapes::ShapeRef.new(shape: InvestigationSortCriteria, location_name: "sortCriteria"))
+    ListInvestigationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "maxResults"))
+    ListInvestigationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
+    ListInvestigationsRequest.struct_class = Types::ListInvestigationsRequest
+
+    ListInvestigationsResponse.add_member(:investigations, Shapes::ShapeRef.new(shape: InvestigationSummaries, required: true, location_name: "investigations"))
+    ListInvestigationsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
+    ListInvestigationsResponse.struct_class = Types::ListInvestigationsResponse
+
     ListInvitationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "maxResults"))
     ListInvitationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
     ListInvitationsRequest.struct_class = Types::ListInvitationsRequest
@@ -2404,6 +2495,10 @@ module Aws::GuardDuty
     ProcessDetails.add_member(:lineage, Shapes::ShapeRef.new(shape: Lineage, location_name: "lineage"))
     ProcessDetails.struct_class = Types::ProcessDetails
 
+    Product.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "name"))
+    Product.add_member(:feature, Shapes::ShapeRef.new(shape: String, location_name: "feature"))
+    Product.struct_class = Types::Product
+
     ProductCode.add_member(:code, Shapes::ShapeRef.new(shape: String, location_name: "productCodeId"))
     ProductCode.add_member(:product_type, Shapes::ShapeRef.new(shape: String, location_name: "productCodeType"))
     ProductCode.struct_class = Types::ProductCode
@@ -3207,6 +3302,17 @@ module Aws::GuardDuty
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:create_investigation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateInvestigation"
+        o.http_method = "POST"
+        o.http_request_uri = "/detector/{DetectorId}/investigation"
+        o.input = Shapes::ShapeRef.new(shape: CreateInvestigationRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateInvestigationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: BadRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:create_malware_protection_plan, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateMalwareProtectionPlan"
         o.http_method = "POST"
@@ -3555,6 +3661,18 @@ module Aws::GuardDuty
         o.errors << Shapes::ShapeRef.new(shape: InternalServerErrorException)
       end)
 
+      api.add_operation(:get_investigation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetInvestigation"
+        o.http_method = "GET"
+        o.http_request_uri = "/detector/{DetectorId}/investigation/{InvestigationId}"
+        o.input = Shapes::ShapeRef.new(shape: GetInvestigationRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetInvestigationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: BadRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:get_invitations_count, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetInvitationsCount"
         o.http_method = "GET"
@@ -3785,6 +3903,23 @@ module Aws::GuardDuty
         )
       end)
 
+      api.add_operation(:list_investigations, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListInvestigations"
+        o.http_method = "POST"
+        o.http_request_uri = "/detector/{DetectorId}/investigation/list"
+        o.input = Shapes::ShapeRef.new(shape: ListInvestigationsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListInvestigationsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: BadRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_invitations, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListInvitations"
         o.http_method = "GET"

data/lib/aws-sdk-guardduty/types.rb

@@ -827,6 +827,32 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains details about the cloud environment associated with an
+    # investigation.
+    #
+    # @!attribute [rw] provider
+    #   The cloud provider. Currently, only `AWS` is supported.
+    #   @return [String]
+    #
+    # @!attribute [rw] region
+    #   The Amazon Web Services Region in which the investigated resource
+    #   resides.
+    #   @return [String]
+    #
+    # @!attribute [rw] account
+    #   The Amazon Web Services account ID of the investigated resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CloudDetails AWS API Documentation
+    #
+    class CloudDetails < Struct.new(
+      :provider,
+      :region,
+      :account)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information on the status of CloudTrail as a data source for
     # the detector.
     #
@@ -2996,6 +3022,58 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # @!attribute [rw] detector_id
+    #   The unique ID of the GuardDuty detector for the account in which the
+    #   investigation is created.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings
+    #   page in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #   @return [String]
+    #
+    # @!attribute [rw] trigger_prompt
+    #   A natural-language description of what to investigate. For example:
+    #
+    #   * `"Investigate finding 1ab2c3d4e5f6a7b8c9d0e1f2a3b4c5d6 in account
+    #     123456789012"`
+    #
+    #   * `"Analyze findings in account with id 123456789012"`
+    #
+    #   * `"Analyze findings in my organization"`
+    #   @return [String]
+    #
+    # @!attribute [rw] client_token
+    #   The idempotency token for the create request.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateInvestigationRequest AWS API Documentation
+    #
+    class CreateInvestigationRequest < Struct.new(
+      :detector_id,
+      :trigger_prompt,
+      :client_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] investigation_id
+    #   The unique identifier of the newly created investigation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateInvestigationResponse AWS API Documentation
+    #
+    class CreateInvestigationResponse < Struct.new(
+      :investigation_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] client_token
     #   The idempotency token for the create request.
     #
@@ -5819,6 +5897,43 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # @!attribute [rw] detector_id
+    #   The unique ID of the GuardDuty detector associated with the
+    #   investigation.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings
+    #   page in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #   @return [String]
+    #
+    # @!attribute [rw] investigation_id
+    #   The unique identifier of the investigation to retrieve.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetInvestigationRequest AWS API Documentation
+    #
+    class GetInvestigationRequest < Struct.new(
+      :detector_id,
+      :investigation_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] investigation
+    #   The details and results of the requested investigation.
+    #   @return [Types::Investigation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetInvestigationResponse AWS API Documentation
+    #
+    class GetInvestigationResponse < Struct.new(
+      :investigation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetInvitationsCountRequest AWS API Documentation
@@ -6823,6 +6938,182 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains the details and results of a GuardDuty investigation.
+    #
+    # @!attribute [rw] investigation_id
+    #   The unique identifier of the investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the investigation. Possible values are
+    #   `RUNNING`, `COMPLETED`, and `FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] trigger_prompt
+    #   The natural-language prompt that initiated this investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] triggered_by
+    #   The account that initiated the investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] metadata
+    #   Metadata about the product and version that produced the
+    #   investigation.
+    #   @return [Types::InvestigationMetadata]
+    #
+    # @!attribute [rw] cloud
+    #   Details about the cloud environment in which the investigation was
+    #   performed, including the provider, region, and account.
+    #   @return [Types::CloudDetails]
+    #
+    # @!attribute [rw] risk_level
+    #   The assessed risk level of the investigated threat. Possible values
+    #   are `Info`, `Low`, `Medium`, `High`, and `Critical`.
+    #   @return [String]
+    #
+    # @!attribute [rw] risk
+    #   A human-readable description of the assessed risk.
+    #   @return [String]
+    #
+    # @!attribute [rw] confidence
+    #   The confidence level of the investigation's assessment. Possible
+    #   values are `Unknown`, `Low`, `Medium`, and `High`.
+    #   @return [String]
+    #
+    # @!attribute [rw] summary
+    #   A structured summary of the investigation findings, including
+    #   affected resources, threat assessment, and recommended remediation
+    #   steps.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_time
+    #   The timestamp at which the investigation started.
+    #   @return [Time]
+    #
+    # @!attribute [rw] end_time
+    #   The timestamp at which the investigation completed.
+    #   @return [Time]
+    #
+    # @!attribute [rw] error
+    #   Details about the error if the investigation status is `FAILED`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Investigation AWS API Documentation
+    #
+    class Investigation < Struct.new(
+      :investigation_id,
+      :status,
+      :trigger_prompt,
+      :triggered_by,
+      :metadata,
+      :cloud,
+      :risk_level,
+      :risk,
+      :confidence,
+      :summary,
+      :start_time,
+      :end_time,
+      :error)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains metadata about the product and version that produced an
+    # investigation.
+    #
+    # @!attribute [rw] version
+    #   The version of the investigation engine that produced the results.
+    #   @return [String]
+    #
+    # @!attribute [rw] product
+    #   Information about the product that produced the investigation.
+    #   @return [Types::Product]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/InvestigationMetadata AWS API Documentation
+    #
+    class InvestigationMetadata < Struct.new(
+      :version,
+      :product)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the criteria used for sorting
+    # investigations.
+    #
+    # @!attribute [rw] attribute_name
+    #   The attribute by which to sort investigations.
+    #   @return [String]
+    #
+    # @!attribute [rw] order_by
+    #   The order in which the sorted results are to be displayed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/InvestigationSortCriteria AWS API Documentation
+    #
+    class InvestigationSortCriteria < Struct.new(
+      :attribute_name,
+      :order_by)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains summary information about a GuardDuty investigation.
+    #
+    # @!attribute [rw] investigation_id
+    #   The unique identifier of the investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current status of the investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] trigger_prompt
+    #   The natural-language prompt that initiated this investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] risk_level
+    #   The assessed risk level of the investigated threat.
+    #   @return [String]
+    #
+    # @!attribute [rw] confidence
+    #   The confidence level of the investigation's assessment.
+    #   @return [String]
+    #
+    # @!attribute [rw] title
+    #   A short title summarizing the investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The Amazon Web Services account ID associated with the
+    #   investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_time
+    #   The timestamp at which the investigation started.
+    #   @return [Time]
+    #
+    # @!attribute [rw] end_time
+    #   The timestamp at which the investigation completed.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/InvestigationSummary AWS API Documentation
+    #
+    class InvestigationSummary < Struct.new(
+      :investigation_id,
+      :status,
+      :trigger_prompt,
+      :risk_level,
+      :confidence,
+      :title,
+      :account_id,
+      :start_time,
+      :end_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about the invitation to become a member account.
     #
     # @!attribute [rw] account_id
@@ -7833,6 +8124,65 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # @!attribute [rw] detector_id
+    #   The unique ID of the GuardDuty detector whose investigations you
+    #   want to list.
+    #
+    #   To find the `detectorId` in the current Region, see the Settings
+    #   page in the GuardDuty console, or run the [ListDetectors][1] API.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html
+    #   @return [String]
+    #
+    # @!attribute [rw] sort_criteria
+    #   Represents the criteria used for sorting investigations.
+    #   @return [Types::InvestigationSortCriteria]
+    #
+    # @!attribute [rw] max_results
+    #   You can use this parameter to indicate the maximum number of items
+    #   you want in the response. The default value is 50.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   You can use this parameter when paginating results. Set the value of
+    #   this parameter to null on your first call to the list action. For
+    #   subsequent calls to the action, fill nextToken in the request with
+    #   the value of NextToken from the previous response to continue
+    #   listing data.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListInvestigationsRequest AWS API Documentation
+    #
+    class ListInvestigationsRequest < Struct.new(
+      :detector_id,
+      :sort_criteria,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] investigations
+    #   A list of investigation summaries associated with the specified
+    #   detector.
+    #   @return [Array<Types::InvestigationSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   The pagination parameter to be used on the next list operation to
+    #   retrieve more items.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListInvestigationsResponse AWS API Documentation
+    #
+    class ListInvestigationsResponse < Struct.new(
+      :investigations,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] max_results
     #   You can use this parameter to indicate the maximum number of items
     #   that you want in the response. The default value is 50. The maximum
@@ -9808,6 +10158,26 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains information about the product that produced an investigation.
+    #
+    # @!attribute [rw] name
+    #   The name of the product.
+    #   @return [String]
+    #
+    # @!attribute [rw] feature
+    #   The specific feature within the product that produced the
+    #   investigation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Product AWS API Documentation
+    #
+    class Product < Struct.new(
+      :name,
+      :feature)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about the product code for the EC2 instance.
     #
     # @!attribute [rw] code

data/lib/aws-sdk-guardduty.rb

@@ -54,7 +54,7 @@ module Aws::GuardDuty
   autoload :EndpointProvider, 'aws-sdk-guardduty/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-guardduty/endpoints'
 
-  GEM_VERSION = '1.154.0'
+  GEM_VERSION = '1.155.0'
 
 end
 

data/sig/client.rbs

@@ -162,6 +162,18 @@ module Aws
                          ) -> _CreateIPSetResponseSuccess
                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateIPSetResponseSuccess
 
+      interface _CreateInvestigationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::CreateInvestigationResponse]
+        def investigation_id: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/GuardDuty/Client.html#create_investigation-instance_method
+      def create_investigation: (
+                                  detector_id: ::String,
+                                  trigger_prompt: ::String,
+                                  ?client_token: ::String
+                                ) -> _CreateInvestigationResponseSuccess
+                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateInvestigationResponseSuccess
+
       interface _CreateMalwareProtectionPlanResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::CreateMalwareProtectionPlanResponse]
         def malware_protection_plan_id: () -> ::String
@@ -596,6 +608,17 @@ module Aws
                       ) -> _GetIPSetResponseSuccess
                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetIPSetResponseSuccess
 
+      interface _GetInvestigationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GetInvestigationResponse]
+        def investigation: () -> Types::Investigation
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/GuardDuty/Client.html#get_investigation-instance_method
+      def get_investigation: (
+                               detector_id: ::String,
+                               investigation_id: ::String
+                             ) -> _GetInvestigationResponseSuccess
+                           | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetInvestigationResponseSuccess
+
       interface _GetInvitationsCountResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetInvitationsCountResponse]
         def invitations_count: () -> ::Integer
@@ -875,6 +898,23 @@ module Aws
                         ) -> _ListIPSetsResponseSuccess
                       | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListIPSetsResponseSuccess
 
+      interface _ListInvestigationsResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::ListInvestigationsResponse]
+        def investigations: () -> ::Array[Types::InvestigationSummary]
+        def next_token: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/GuardDuty/Client.html#list_investigations-instance_method
+      def list_investigations: (
+                                 detector_id: ::String,
+                                 ?sort_criteria: {
+                                   attribute_name: ("START_TIME" | "END_TIME" | "STATUS" | "RISK_LEVEL" | "CONFIDENCE")?,
+                                   order_by: ("ASC" | "DESC")?
+                                 },
+                                 ?max_results: ::Integer,
+                                 ?next_token: ::String
+                               ) -> _ListInvestigationsResponseSuccess
+                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListInvestigationsResponseSuccess
+
       interface _ListInvitationsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::ListInvitationsResponse]
         def invitations: () -> ::Array[Types::Invitation]

data/sig/types.rbs

@@ -229,6 +229,13 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class CloudDetails
+      attr_accessor provider: ("AWS")
+      attr_accessor region: ::String
+      attr_accessor account: ::String
+      SENSITIVE: []
+    end
+
     class CloudTrailConfigurationResult
       attr_accessor status: ("ENABLED" | "DISABLED")
       SENSITIVE: []
@@ -421,6 +428,18 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class CreateInvestigationRequest
+      attr_accessor detector_id: ::String
+      attr_accessor trigger_prompt: ::String
+      attr_accessor client_token: ::String
+      SENSITIVE: []
+    end
+
+    class CreateInvestigationResponse
+      attr_accessor investigation_id: ::String
+      SENSITIVE: []
+    end
+
     class CreateMalwareProtectionPlanRequest
       attr_accessor client_token: ::String
       attr_accessor role: ::String
@@ -1156,6 +1175,17 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class GetInvestigationRequest
+      attr_accessor detector_id: ::String
+      attr_accessor investigation_id: ::String
+      SENSITIVE: []
+    end
+
+    class GetInvestigationResponse
+      attr_accessor investigation: Types::Investigation
+      SENSITIVE: []
+    end
+
     class GetInvitationsCountRequest < Aws::EmptyStructure
     end
 
@@ -1415,6 +1445,48 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class Investigation
+      attr_accessor investigation_id: ::String
+      attr_accessor status: ("RUNNING" | "COMPLETED" | "FAILED")
+      attr_accessor trigger_prompt: ::String
+      attr_accessor triggered_by: ::String
+      attr_accessor metadata: Types::InvestigationMetadata
+      attr_accessor cloud: Types::CloudDetails
+      attr_accessor risk_level: ("Info" | "Low" | "Medium" | "High" | "Critical")
+      attr_accessor risk: ::String
+      attr_accessor confidence: ("Unknown" | "Low" | "Medium" | "High")
+      attr_accessor summary: ::String
+      attr_accessor start_time: ::Time
+      attr_accessor end_time: ::Time
+      attr_accessor error: ::String
+      SENSITIVE: []
+    end
+
+    class InvestigationMetadata
+      attr_accessor version: ::String
+      attr_accessor product: Types::Product
+      SENSITIVE: []
+    end
+
+    class InvestigationSortCriteria
+      attr_accessor attribute_name: ("START_TIME" | "END_TIME" | "STATUS" | "RISK_LEVEL" | "CONFIDENCE")
+      attr_accessor order_by: ("ASC" | "DESC")
+      SENSITIVE: []
+    end
+
+    class InvestigationSummary
+      attr_accessor investigation_id: ::String
+      attr_accessor status: ("RUNNING" | "COMPLETED" | "FAILED")
+      attr_accessor trigger_prompt: ::String
+      attr_accessor risk_level: ("Info" | "Low" | "Medium" | "High" | "Critical")
+      attr_accessor confidence: ("Unknown" | "Low" | "Medium" | "High")
+      attr_accessor title: ::String
+      attr_accessor account_id: ::String
+      attr_accessor start_time: ::Time
+      attr_accessor end_time: ::Time
+      SENSITIVE: []
+    end
+
     class Invitation
       attr_accessor account_id: ::String
       attr_accessor invitation_id: ::String
@@ -1644,6 +1716,20 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class ListInvestigationsRequest
+      attr_accessor detector_id: ::String
+      attr_accessor sort_criteria: Types::InvestigationSortCriteria
+      attr_accessor max_results: ::Integer
+      attr_accessor next_token: ::String
+      SENSITIVE: []
+    end
+
+    class ListInvestigationsResponse
+      attr_accessor investigations: ::Array[Types::InvestigationSummary]
+      attr_accessor next_token: ::String
+      SENSITIVE: []
+    end
+
     class ListInvitationsRequest
       attr_accessor max_results: ::Integer
       attr_accessor next_token: ::String
@@ -2158,6 +2244,12 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class Product
+      attr_accessor name: ::String
+      attr_accessor feature: ::String
+      SENSITIVE: []
+    end
+
     class ProductCode
       attr_accessor code: ::String
       attr_accessor product_type: ::String

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-guardduty
 version: !ruby/object:Gem::Version
-  version: 1.154.0
+  version: 1.155.0
 platform: ruby
 authors:
 - Amazon Web Services