aws-sdk-guardduty 1.51.0 → 1.55.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -165,6 +165,11 @@ module Aws::GuardDuty
165
165
  # Information about the PORT\_PROBE action described in this finding.
166
166
  # @return [Types::PortProbeAction]
167
167
  #
168
+ # @!attribute [rw] kubernetes_api_call_action
169
+ # Information about the Kubernetes API call action described in this
170
+ # finding.
171
+ # @return [Types::KubernetesApiCallAction]
172
+ #
168
173
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Action AWS API Documentation
169
174
  #
170
175
  class Action < Struct.new(
@@ -172,7 +177,8 @@ module Aws::GuardDuty
172
177
  :aws_api_call_action,
173
178
  :dns_request_action,
174
179
  :network_connection_action,
175
- :port_probe_action)
180
+ :port_probe_action,
181
+ :kubernetes_api_call_action)
176
182
  SENSITIVE = []
177
183
  include Aws::Structure
178
184
  end
@@ -181,7 +187,7 @@ module Aws::GuardDuty
181
187
  # delegated administrator.
182
188
  #
183
189
  # @!attribute [rw] admin_account_id
184
- # The AWS account ID for the account.
190
+ # The Amazon Web Services account ID for the account.
185
191
  # @return [String]
186
192
  #
187
193
  # @!attribute [rw] admin_status
@@ -231,30 +237,39 @@ module Aws::GuardDuty
231
237
  # Contains information about the API action.
232
238
  #
233
239
  # @!attribute [rw] api
234
- # The AWS API name.
240
+ # The Amazon Web Services API name.
235
241
  # @return [String]
236
242
  #
237
243
  # @!attribute [rw] caller_type
238
- # The AWS API caller type.
244
+ # The Amazon Web Services API caller type.
239
245
  # @return [String]
240
246
  #
241
247
  # @!attribute [rw] domain_details
242
- # The domain information for the AWS API call.
248
+ # The domain information for the Amazon Web Services API call.
243
249
  # @return [Types::DomainDetails]
244
250
  #
245
251
  # @!attribute [rw] error_code
246
- # The error code of the failed AWS API action.
252
+ # The error code of the failed Amazon Web Services API action.
253
+ # @return [String]
254
+ #
255
+ # @!attribute [rw] user_agent
247
256
  # @return [String]
248
257
  #
249
258
  # @!attribute [rw] remote_ip_details
250
- # The remote IP information of the connection that initiated the AWS
251
- # API call.
259
+ # The remote IP information of the connection that initiated the
260
+ # Amazon Web Services API call.
252
261
  # @return [Types::RemoteIpDetails]
253
262
  #
254
263
  # @!attribute [rw] service_name
255
- # The AWS service name whose API was invoked.
264
+ # The Amazon Web Services service name whose API was invoked.
256
265
  # @return [String]
257
266
  #
267
+ # @!attribute [rw] remote_account_details
268
+ # The details of the Amazon Web Services account that made the API
269
+ # call. This field appears if the call was made from outside your
270
+ # account.
271
+ # @return [Types::RemoteAccountDetails]
272
+ #
258
273
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AwsApiCallAction AWS API Documentation
259
274
  #
260
275
  class AwsApiCallAction < Struct.new(
@@ -262,8 +277,10 @@ module Aws::GuardDuty
262
277
  :caller_type,
263
278
  :domain_details,
264
279
  :error_code,
280
+ :user_agent,
265
281
  :remote_ip_details,
266
- :service_name)
282
+ :service_name,
283
+ :remote_account_details)
267
284
  SENSITIVE = []
268
285
  include Aws::Structure
269
286
  end
@@ -500,6 +517,54 @@ module Aws::GuardDuty
500
517
  include Aws::Structure
501
518
  end
502
519
 
520
+ # Details of a container.
521
+ #
522
+ # @!attribute [rw] container_runtime
523
+ # The container runtime (such as, Docker or containerd) used to run
524
+ # the container.
525
+ # @return [String]
526
+ #
527
+ # @!attribute [rw] id
528
+ # Container ID.
529
+ # @return [String]
530
+ #
531
+ # @!attribute [rw] name
532
+ # Container name.
533
+ # @return [String]
534
+ #
535
+ # @!attribute [rw] image
536
+ # Container image.
537
+ # @return [String]
538
+ #
539
+ # @!attribute [rw] image_prefix
540
+ # Part of the image name before the last slash. For example,
541
+ # imagePrefix for public.ecr.aws/amazonlinux/amazonlinux:latest would
542
+ # be public.ecr.aws/amazonlinux. If the image name is relative and
543
+ # does not have a slash, this field is empty.
544
+ # @return [String]
545
+ #
546
+ # @!attribute [rw] volume_mounts
547
+ # Container volume mounts.
548
+ # @return [Array<Types::VolumeMount>]
549
+ #
550
+ # @!attribute [rw] security_context
551
+ # Container security context.
552
+ # @return [Types::SecurityContext]
553
+ #
554
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Container AWS API Documentation
555
+ #
556
+ class Container < Struct.new(
557
+ :container_runtime,
558
+ :id,
559
+ :name,
560
+ :image,
561
+ :image_prefix,
562
+ :volume_mounts,
563
+ :security_context)
564
+ SENSITIVE = []
565
+ include Aws::Structure
566
+ end
567
+
503
568
  # Contains information about the country where the remote IP address is
504
569
  # located.
505
570
  #
@@ -531,6 +596,11 @@ module Aws::GuardDuty
531
596
  # s3_logs: {
532
597
  # enable: false, # required
533
598
  # },
599
+ # kubernetes: {
600
+ # audit_logs: { # required
601
+ # enable: false, # required
602
+ # },
603
+ # },
534
604
  # },
535
605
  # tags: {
536
606
  # "TagKey" => "TagValue",
@@ -742,6 +812,16 @@ module Aws::GuardDuty
742
812
  #
743
813
  # * service.additionalInfo.threatListName
744
814
  #
815
+ # * resource.s3BucketDetails.publicAccess.effectivePermissions
816
+ #
817
+ # * resource.s3BucketDetails.name
818
+ #
819
+ # * resource.s3BucketDetails.tags.key
820
+ #
821
+ # * resource.s3BucketDetails.tags.value
822
+ #
823
+ # * resource.s3BucketDetails.type
824
+ #
745
825
  # * service.archived
746
826
  #
747
827
  # When this attribute is set to TRUE, only archived findings are
@@ -832,8 +912,7 @@ module Aws::GuardDuty
832
912
  # @return [String]
833
913
  #
834
914
  # @!attribute [rw] location
835
- # The URI of the file that contains the IPSet. For example:
836
- # https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
915
+ # The URI of the file that contains the IPSet.
837
916
  # @return [String]
838
917
  #
839
918
  # @!attribute [rw] activate
@@ -1041,8 +1120,7 @@ module Aws::GuardDuty
1041
1120
  # @return [String]
1042
1121
  #
1043
1122
  # @!attribute [rw] location
1044
- # The URI of the file that contains the ThreatIntelSet. For example:
1045
- # https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
1123
+ # The URI of the file that contains the ThreatIntelSet.
1046
1124
  # @return [String]
1047
1125
  #
1048
1126
  # @!attribute [rw] activate
@@ -1110,16 +1188,26 @@ module Aws::GuardDuty
1110
1188
  # s3_logs: {
1111
1189
  # enable: false, # required
1112
1190
  # },
1191
+ # kubernetes: {
1192
+ # audit_logs: { # required
1193
+ # enable: false, # required
1194
+ # },
1195
+ # },
1113
1196
  # }
1114
1197
  #
1115
1198
  # @!attribute [rw] s3_logs
1116
1199
  # Describes whether S3 data event logs are enabled as a data source.
1117
1200
  # @return [Types::S3LogsConfiguration]
1118
1201
  #
1202
+ # @!attribute [rw] kubernetes
1203
+ # Describes whether any Kubernetes logs are enabled as data sources.
1204
+ # @return [Types::KubernetesConfiguration]
1205
+ #
1119
1206
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurations AWS API Documentation
1120
1207
  #
1121
1208
  class DataSourceConfigurations < Struct.new(
1122
- :s3_logs)
1209
+ :s3_logs,
1210
+ :kubernetes)
1123
1211
  SENSITIVE = []
1124
1212
  include Aws::Structure
1125
1213
  end
@@ -1146,13 +1234,19 @@ module Aws::GuardDuty
1146
1234
  # logs as a data source.
1147
1235
  # @return [Types::S3LogsConfigurationResult]
1148
1236
  #
1237
+ # @!attribute [rw] kubernetes
1238
+ # An object that contains information on the status of all Kubernetes
1239
+ # data sources.
1240
+ # @return [Types::KubernetesConfigurationResult]
1241
+ #
1149
1242
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurationsResult AWS API Documentation
1150
1243
  #
1151
1244
  class DataSourceConfigurationsResult < Struct.new(
1152
1245
  :cloud_trail,
1153
1246
  :dns_logs,
1154
1247
  :flow_logs,
1155
- :s3_logs)
1248
+ :s3_logs,
1249
+ :kubernetes)
1156
1250
  SENSITIVE = []
1157
1251
  include Aws::Structure
1158
1252
  end
@@ -1165,9 +1259,9 @@ module Aws::GuardDuty
1165
1259
  # }
1166
1260
  #
1167
1261
  # @!attribute [rw] account_ids
1168
- # A list of account IDs of the AWS accounts that sent invitations to
1169
- # the current member account that you want to decline invitations
1170
- # from.
1262
+ # A list of account IDs of the Amazon Web Services accounts that sent
1263
+ # invitations to the current member account that you want to decline
1264
+ # invitations from.
1171
1265
  # @return [Array<String>]
1172
1266
  #
1173
1267
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeclineInvitationsRequest AWS API Documentation
@@ -1305,8 +1399,9 @@ module Aws::GuardDuty
1305
1399
  # }
1306
1400
  #
1307
1401
  # @!attribute [rw] account_ids
1308
- # A list of account IDs of the AWS accounts that sent invitations to
1309
- # the current member account that you want to delete invitations from.
1402
+ # A list of account IDs of the Amazon Web Services accounts that sent
1403
+ # invitations to the current member account that you want to delete
1404
+ # invitations from.
1310
1405
  # @return [Array<String>]
1311
1406
  #
1312
1407
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteInvitationsRequest AWS API Documentation
@@ -1576,6 +1671,9 @@ module Aws::GuardDuty
1576
1671
  #
1577
1672
  # @!attribute [rw] destination_arn
1578
1673
  # The ARN of the resource to publish to.
1674
+ #
1675
+ # To specify an S3 bucket folder use the following format:
1676
+ # `arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/`
1579
1677
  # @return [String]
1580
1678
  #
1581
1679
  # @!attribute [rw] kms_key_arn
@@ -1599,8 +1697,8 @@ module Aws::GuardDuty
1599
1697
  # }
1600
1698
  #
1601
1699
  # @!attribute [rw] admin_account_id
1602
- # The AWS Account ID for the organizations account to be disabled as a
1603
- # GuardDuty delegated administrator.
1700
+ # The Amazon Web Services Account ID for the organizations account to
1701
+ # be disabled as a GuardDuty delegated administrator.
1604
1702
  # @return [String]
1605
1703
  #
1606
1704
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisableOrganizationAdminAccountRequest AWS API Documentation
@@ -1696,7 +1794,7 @@ module Aws::GuardDuty
1696
1794
  # Contains information about the domain.
1697
1795
  #
1698
1796
  # @!attribute [rw] domain
1699
- # The domain information for the AWS API call.
1797
+ # The domain information for the Amazon Web Services API call.
1700
1798
  # @return [String]
1701
1799
  #
1702
1800
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DomainDetails AWS API Documentation
@@ -1707,6 +1805,45 @@ module Aws::GuardDuty
1707
1805
  include Aws::Structure
1708
1806
  end
1709
1807
 
1808
+ # Details about the EKS cluster involved in a Kubernetes finding.
1809
+ #
1810
+ # @!attribute [rw] name
1811
+ # EKS cluster name.
1812
+ # @return [String]
1813
+ #
1814
+ # @!attribute [rw] arn
1815
+ # EKS cluster ARN.
1816
+ # @return [String]
1817
+ #
1818
+ # @!attribute [rw] vpc_id
1819
+ # The VPC ID to which the EKS cluster is attached.
1820
+ # @return [String]
1821
+ #
1822
+ # @!attribute [rw] status
1823
+ # The EKS cluster status.
1824
+ # @return [String]
1825
+ #
1826
+ # @!attribute [rw] tags
1827
+ # The EKS cluster tags.
1828
+ # @return [Array<Types::Tag>]
1829
+ #
1830
+ # @!attribute [rw] created_at
1831
+ # The timestamp when the EKS cluster was created.
1832
+ # @return [Time]
1833
+ #
1834
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EksClusterDetails AWS API Documentation
1835
+ #
1836
+ class EksClusterDetails < Struct.new(
1837
+ :name,
1838
+ :arn,
1839
+ :vpc_id,
1840
+ :status,
1841
+ :tags,
1842
+ :created_at)
1843
+ SENSITIVE = []
1844
+ include Aws::Structure
1845
+ end
1846
+
1710
1847
  # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest
1711
1848
  # data as a hash:
1712
1849
  #
@@ -1715,8 +1852,8 @@ module Aws::GuardDuty
1715
1852
  # }
1716
1853
  #
1717
1854
  # @!attribute [rw] admin_account_id
1718
- # The AWS Account ID for the organization account to be enabled as a
1719
- # GuardDuty delegated administrator.
1855
+ # The Amazon Web Services Account ID for the organization account to
1856
+ # be enabled as a GuardDuty delegated administrator.
1720
1857
  # @return [String]
1721
1858
  #
1722
1859
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EnableOrganizationAdminAccountRequest AWS API Documentation
@@ -1781,8 +1918,9 @@ module Aws::GuardDuty
1781
1918
  # @return [String]
1782
1919
  #
1783
1920
  # @!attribute [rw] resource
1784
- # Contains information about the AWS resource associated with the
1785
- # activity that prompted GuardDuty to generate a finding.
1921
+ # Contains information about the Amazon Web Services resource
1922
+ # associated with the activity that prompted GuardDuty to generate a
1923
+ # finding.
1786
1924
  # @return [Types::Resource]
1787
1925
  #
1788
1926
  # @!attribute [rw] schema_version
@@ -2185,8 +2323,7 @@ module Aws::GuardDuty
2185
2323
  # @return [String]
2186
2324
  #
2187
2325
  # @!attribute [rw] location
2188
- # The URI of the file that contains the IPSet. For example:
2189
- # https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
2326
+ # The URI of the file that contains the IPSet.
2190
2327
  # @return [String]
2191
2328
  #
2192
2329
  # @!attribute [rw] status
@@ -2384,8 +2521,7 @@ module Aws::GuardDuty
2384
2521
  # @return [String]
2385
2522
  #
2386
2523
  # @!attribute [rw] location
2387
- # The URI of the file that contains the ThreatIntelSet. For example:
2388
- # https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
2524
+ # The URI of the file that contains the ThreatIntelSet.
2389
2525
  # @return [String]
2390
2526
  #
2391
2527
  # @!attribute [rw] status
@@ -2416,7 +2552,7 @@ module Aws::GuardDuty
2416
2552
  # usage_statistic_type: "SUM_BY_ACCOUNT", # required, accepts SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES
2417
2553
  # usage_criteria: { # required
2418
2554
  # account_ids: ["AccountId"],
2419
- # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS
2555
+ # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
2420
2556
  # resources: ["String"],
2421
2557
  # },
2422
2558
  # unit: "String",
@@ -2486,6 +2622,21 @@ module Aws::GuardDuty
2486
2622
  include Aws::Structure
2487
2623
  end
2488
2624
 
2625
+ # Represents a pre-existing file or directory on the host machine that
2626
+ # the volume maps to.
2627
+ #
2628
+ # @!attribute [rw] path
2629
+ # Path of the file or directory on the host that the volume maps to.
2630
+ # @return [String]
2631
+ #
2632
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HostPath AWS API Documentation
2633
+ #
2634
+ class HostPath < Struct.new(
2635
+ :path)
2636
+ SENSITIVE = []
2637
+ include Aws::Structure
2638
+ end
2639
+
2489
2640
  # Contains information about the EC2 instance profile.
2490
2641
  #
2491
2642
  # @!attribute [rw] arn
@@ -2536,8 +2687,8 @@ module Aws::GuardDuty
2536
2687
  # @return [String]
2537
2688
  #
2538
2689
  # @!attribute [rw] outpost_arn
2539
- # The Amazon Resource Name (ARN) of the AWS Outpost. Only applicable
2540
- # to AWS Outposts instances.
2690
+ # The Amazon Resource Name (ARN) of the Amazon Web Services Outpost.
2691
+ # Only applicable to Amazon Web Services Outposts instances.
2541
2692
  # @return [String]
2542
2693
  #
2543
2694
  # @!attribute [rw] launch_time
@@ -2685,6 +2836,218 @@ module Aws::GuardDuty
2685
2836
  include Aws::Structure
2686
2837
  end
2687
2838
 
2839
+ # Information about the Kubernetes API call action described in this
2840
+ # finding.
2841
+ #
2842
+ # @!attribute [rw] request_uri
2843
+ # The Kubernetes API request URI.
2844
+ # @return [String]
2845
+ #
2846
+ # @!attribute [rw] verb
2847
+ # The Kubernetes API request HTTP verb.
2848
+ # @return [String]
2849
+ #
2850
+ # @!attribute [rw] source_ips
2851
+ # The IP of the Kubernetes API caller and the IPs of any proxies or
2852
+ # load balancers between the caller and the API endpoint.
2853
+ # @return [Array<String>]
2854
+ #
2855
+ # @!attribute [rw] user_agent
2856
+ # The user agent of the caller of the Kubernetes API.
2857
+ # @return [String]
2858
+ #
2859
+ # @!attribute [rw] remote_ip_details
2860
+ # Contains information about the remote IP address of the connection.
2861
+ # @return [Types::RemoteIpDetails]
2862
+ #
2863
+ # @!attribute [rw] status_code
2864
+ # The resulting HTTP response code of the Kubernetes API call action.
2865
+ # @return [Integer]
2866
+ #
2867
+ # @!attribute [rw] parameters
2868
+ # Parameters related to the Kubernetes API call action.
2869
+ # @return [String]
2870
+ #
2871
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesApiCallAction AWS API Documentation
2872
+ #
2873
+ class KubernetesApiCallAction < Struct.new(
2874
+ :request_uri,
2875
+ :verb,
2876
+ :source_ips,
2877
+ :user_agent,
2878
+ :remote_ip_details,
2879
+ :status_code,
2880
+ :parameters)
2881
+ SENSITIVE = []
2882
+ include Aws::Structure
2883
+ end
2884
+
2885
+ # Describes whether Kubernetes audit logs are enabled as a data source.
2886
+ #
2887
+ # @note When making an API call, you may pass KubernetesAuditLogsConfiguration
2888
+ # data as a hash:
2889
+ #
2890
+ # {
2891
+ # enable: false, # required
2892
+ # }
2893
+ #
2894
+ # @!attribute [rw] enable
2895
+ # The status of Kubernetes audit logs as a data source.
2896
+ # @return [Boolean]
2897
+ #
2898
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesAuditLogsConfiguration AWS API Documentation
2899
+ #
2900
+ class KubernetesAuditLogsConfiguration < Struct.new(
2901
+ :enable)
2902
+ SENSITIVE = []
2903
+ include Aws::Structure
2904
+ end
2905
+
2906
+ # Describes whether Kubernetes audit logs are enabled as a data source.
2907
+ #
2908
+ # @!attribute [rw] status
2909
+ # A value that describes whether Kubernetes audit logs are enabled as
2910
+ # a data source.
2911
+ # @return [String]
2912
+ #
2913
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesAuditLogsConfigurationResult AWS API Documentation
2914
+ #
2915
+ class KubernetesAuditLogsConfigurationResult < Struct.new(
2916
+ :status)
2917
+ SENSITIVE = []
2918
+ include Aws::Structure
2919
+ end
2920
+
2921
+ # Describes whether any Kubernetes data sources are enabled.
2922
+ #
2923
+ # @note When making an API call, you may pass KubernetesConfiguration
2924
+ # data as a hash:
2925
+ #
2926
+ # {
2927
+ # audit_logs: { # required
2928
+ # enable: false, # required
2929
+ # },
2930
+ # }
2931
+ #
2932
+ # @!attribute [rw] audit_logs
2933
+ # The status of Kubernetes audit logs as a data source.
2934
+ # @return [Types::KubernetesAuditLogsConfiguration]
2935
+ #
2936
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesConfiguration AWS API Documentation
2937
+ #
2938
+ class KubernetesConfiguration < Struct.new(
2939
+ :audit_logs)
2940
+ SENSITIVE = []
2941
+ include Aws::Structure
2942
+ end
2943
+
2944
+ # Describes whether any Kubernetes logs will be enabled as a data
2945
+ # source.
2946
+ #
2947
+ # @!attribute [rw] audit_logs
2948
+ # Describes whether Kubernetes audit logs are enabled as a data
2949
+ # source.
2950
+ # @return [Types::KubernetesAuditLogsConfigurationResult]
2951
+ #
2952
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesConfigurationResult AWS API Documentation
2953
+ #
2954
+ class KubernetesConfigurationResult < Struct.new(
2955
+ :audit_logs)
2956
+ SENSITIVE = []
2957
+ include Aws::Structure
2958
+ end
2959
+
2960
+ # Details about Kubernetes resources such as a Kubernetes user or
2961
+ # workload resource involved in a Kubernetes finding.
2962
+ #
2963
+ # @!attribute [rw] kubernetes_user_details
2964
+ # Details about the Kubernetes user involved in a Kubernetes finding.
2965
+ # @return [Types::KubernetesUserDetails]
2966
+ #
2967
+ # @!attribute [rw] kubernetes_workload_details
2968
+ # Details about the Kubernetes workload involved in a Kubernetes
2969
+ # finding.
2970
+ # @return [Types::KubernetesWorkloadDetails]
2971
+ #
2972
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesDetails AWS API Documentation
2973
+ #
2974
+ class KubernetesDetails < Struct.new(
2975
+ :kubernetes_user_details,
2976
+ :kubernetes_workload_details)
2977
+ SENSITIVE = []
2978
+ include Aws::Structure
2979
+ end
2980
+
2981
+ # Details about the Kubernetes user involved in a Kubernetes finding.
2982
+ #
2983
+ # @!attribute [rw] username
2984
+ # The username of the user who called the Kubernetes API.
2985
+ # @return [String]
2986
+ #
2987
+ # @!attribute [rw] uid
2988
+ # The user ID of the user who called the Kubernetes API.
2989
+ # @return [String]
2990
+ #
2991
+ # @!attribute [rw] groups
2992
+ # The groups that include the user who called the Kubernetes API.
2993
+ # @return [Array<String>]
2994
+ #
2995
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesUserDetails AWS API Documentation
2996
+ #
2997
+ class KubernetesUserDetails < Struct.new(
2998
+ :username,
2999
+ :uid,
3000
+ :groups)
3001
+ SENSITIVE = []
3002
+ include Aws::Structure
3003
+ end
3004
+
3005
+ # Details about the Kubernetes workload involved in a Kubernetes
3006
+ # finding.
3007
+ #
3008
+ # @!attribute [rw] name
3009
+ # Kubernetes workload name.
3010
+ # @return [String]
3011
+ #
3012
+ # @!attribute [rw] type
3013
+ # Kubernetes workload type (e.g. Pod, Deployment, etc.).
3014
+ # @return [String]
3015
+ #
3016
+ # @!attribute [rw] uid
3017
+ # Kubernetes workload ID.
3018
+ # @return [String]
3019
+ #
3020
+ # @!attribute [rw] namespace
3021
+ # Kubernetes namespace that the workload is part of.
3022
+ # @return [String]
3023
+ #
3024
+ # @!attribute [rw] host_network
3025
+ # Whether the hostNetwork flag is enabled for the pods included in the
3026
+ # workload.
3027
+ # @return [Boolean]
3028
+ #
3029
+ # @!attribute [rw] containers
3030
+ # Containers running as part of the Kubernetes workload.
3031
+ # @return [Array<Types::Container>]
3032
+ #
3033
+ # @!attribute [rw] volumes
3034
+ # Volumes used by the Kubernetes workload.
3035
+ # @return [Array<Types::Volume>]
3036
+ #
3037
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesWorkloadDetails AWS API Documentation
3038
+ #
3039
+ class KubernetesWorkloadDetails < Struct.new(
3040
+ :name,
3041
+ :type,
3042
+ :uid,
3043
+ :namespace,
3044
+ :host_network,
3045
+ :containers,
3046
+ :volumes)
3047
+ SENSITIVE = []
3048
+ include Aws::Structure
3049
+ end
3050
+
2688
3051
  # @note When making an API call, you may pass ListDetectorsRequest
2689
3052
  # data as a hash:
2690
3053
  #
@@ -2903,8 +3266,6 @@ module Aws::GuardDuty
2903
3266
  #
2904
3267
  # * service.action.networkConnectionAction.protocol
2905
3268
  #
2906
- # * service.action.networkConnectionAction.remoteIpDetails.city.cityName
2907
- #
2908
3269
  # * service.action.networkConnectionAction.remoteIpDetails.country.countryName
2909
3270
  #
2910
3271
  # * service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
@@ -3618,6 +3979,11 @@ module Aws::GuardDuty
3618
3979
  # s3_logs: {
3619
3980
  # auto_enable: false, # required
3620
3981
  # },
3982
+ # kubernetes: {
3983
+ # audit_logs: { # required
3984
+ # auto_enable: false, # required
3985
+ # },
3986
+ # },
3621
3987
  # }
3622
3988
  #
3623
3989
  # @!attribute [rw] s3_logs
@@ -3625,10 +3991,16 @@ module Aws::GuardDuty
3625
3991
  # the organization.
3626
3992
  # @return [Types::OrganizationS3LogsConfiguration]
3627
3993
  #
3994
+ # @!attribute [rw] kubernetes
3995
+ # Describes the configuration of Kubernetes data sources for new
3996
+ # members of the organization.
3997
+ # @return [Types::OrganizationKubernetesConfiguration]
3998
+ #
3628
3999
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurations AWS API Documentation
3629
4000
  #
3630
4001
  class OrganizationDataSourceConfigurations < Struct.new(
3631
- :s3_logs)
4002
+ :s3_logs,
4003
+ :kubernetes)
3632
4004
  SENSITIVE = []
3633
4005
  include Aws::Structure
3634
4006
  end
@@ -3640,10 +4012,94 @@ module Aws::GuardDuty
3640
4012
  # Describes whether S3 data event logs are enabled as a data source.
3641
4013
  # @return [Types::OrganizationS3LogsConfigurationResult]
3642
4014
  #
4015
+ # @!attribute [rw] kubernetes
4016
+ # Describes the configuration of Kubernetes data sources.
4017
+ # @return [Types::OrganizationKubernetesConfigurationResult]
4018
+ #
3643
4019
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurationsResult AWS API Documentation
3644
4020
  #
3645
4021
  class OrganizationDataSourceConfigurationsResult < Struct.new(
3646
- :s3_logs)
4022
+ :s3_logs,
4023
+ :kubernetes)
4024
+ SENSITIVE = []
4025
+ include Aws::Structure
4026
+ end
4027
+
4028
+ # Organization-wide Kubernetes audit logs configuration.
4029
+ #
4030
+ # @note When making an API call, you may pass OrganizationKubernetesAuditLogsConfiguration
4031
+ # data as a hash:
4032
+ #
4033
+ # {
4034
+ # auto_enable: false, # required
4035
+ # }
4036
+ #
4037
+ # @!attribute [rw] auto_enable
4038
+ # A value that contains information on whether Kubernetes audit logs
4039
+ # should be enabled automatically as a data source for the
4040
+ # organization.
4041
+ # @return [Boolean]
4042
+ #
4043
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesAuditLogsConfiguration AWS API Documentation
4044
+ #
4045
+ class OrganizationKubernetesAuditLogsConfiguration < Struct.new(
4046
+ :auto_enable)
4047
+ SENSITIVE = []
4048
+ include Aws::Structure
4049
+ end
4050
+
4051
+ # The current configuration of Kubernetes audit logs as a data source
4052
+ # for the organization.
4053
+ #
4054
+ # @!attribute [rw] auto_enable
4055
+ # Whether Kubernetes audit logs data source should be auto-enabled for
4056
+ # new members joining the organization.
4057
+ # @return [Boolean]
4058
+ #
4059
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesAuditLogsConfigurationResult AWS API Documentation
4060
+ #
4061
+ class OrganizationKubernetesAuditLogsConfigurationResult < Struct.new(
4062
+ :auto_enable)
4063
+ SENSITIVE = []
4064
+ include Aws::Structure
4065
+ end
4066
+
4067
+ # Organization-wide Kubernetes data sources configurations.
4068
+ #
4069
+ # @note When making an API call, you may pass OrganizationKubernetesConfiguration
4070
+ # data as a hash:
4071
+ #
4072
+ # {
4073
+ # audit_logs: { # required
4074
+ # auto_enable: false, # required
4075
+ # },
4076
+ # }
4077
+ #
4078
+ # @!attribute [rw] audit_logs
4079
+ # Whether Kubernetes audit logs data source should be auto-enabled for
4080
+ # new members joining the organization.
4081
+ # @return [Types::OrganizationKubernetesAuditLogsConfiguration]
4082
+ #
4083
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesConfiguration AWS API Documentation
4084
+ #
4085
+ class OrganizationKubernetesConfiguration < Struct.new(
4086
+ :audit_logs)
4087
+ SENSITIVE = []
4088
+ include Aws::Structure
4089
+ end
4090
+
4091
+ # The current configuration of all Kubernetes data sources for the
4092
+ # organization.
4093
+ #
4094
+ # @!attribute [rw] audit_logs
4095
+ # The current configuration of Kubernetes audit logs as a data source
4096
+ # for the organization.
4097
+ # @return [Types::OrganizationKubernetesAuditLogsConfigurationResult]
4098
+ #
4099
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesConfigurationResult AWS API Documentation
4100
+ #
4101
+ class OrganizationKubernetesConfigurationResult < Struct.new(
4102
+ :audit_logs)
3647
4103
  SENSITIVE = []
3648
4104
  include Aws::Structure
3649
4105
  end
@@ -3833,6 +4289,29 @@ module Aws::GuardDuty
3833
4289
  include Aws::Structure
3834
4290
  end
3835
4291
 
4292
+ # Contains details about the remote Amazon Web Services account that
4293
+ # made the API call.
4294
+ #
4295
+ # @!attribute [rw] account_id
4296
+ # The Amazon Web Services account ID of the remote API caller.
4297
+ # @return [String]
4298
+ #
4299
+ # @!attribute [rw] affiliated
4300
+ # Details on whether the Amazon Web Services account of the remote API
4301
+ # caller is related to your GuardDuty environment. If this value is
4302
+ # `True` the API caller is affiliated to your account in some way. If
4303
+ # it is `False` the API caller is from outside your environment.
4304
+ # @return [Boolean]
4305
+ #
4306
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/RemoteAccountDetails AWS API Documentation
4307
+ #
4308
+ class RemoteAccountDetails < Struct.new(
4309
+ :account_id,
4310
+ :affiliated)
4311
+ SENSITIVE = []
4312
+ include Aws::Structure
4313
+ end
4314
+
3836
4315
  # Contains information about the remote IP address of the connection.
3837
4316
  #
3838
4317
  # @!attribute [rw] city
@@ -3886,8 +4365,8 @@ module Aws::GuardDuty
3886
4365
  include Aws::Structure
3887
4366
  end
3888
4367
 
3889
- # Contains information about the AWS resource associated with the
3890
- # activity that prompted GuardDuty to generate a finding.
4368
+ # Contains information about the Amazon Web Services resource associated
4369
+ # with the activity that prompted GuardDuty to generate a finding.
3891
4370
  #
3892
4371
  # @!attribute [rw] access_key_details
3893
4372
  # The IAM access key details (IAM user information) of a user that
@@ -3904,8 +4383,17 @@ module Aws::GuardDuty
3904
4383
  # that prompted GuardDuty to generate a finding.
3905
4384
  # @return [Types::InstanceDetails]
3906
4385
  #
4386
+ # @!attribute [rw] eks_cluster_details
4387
+ # Details about the EKS cluster involved in a Kubernetes finding.
4388
+ # @return [Types::EksClusterDetails]
4389
+ #
4390
+ # @!attribute [rw] kubernetes_details
4391
+ # Details about the Kubernetes user and workload involved in a
4392
+ # Kubernetes finding.
4393
+ # @return [Types::KubernetesDetails]
4394
+ #
3907
4395
  # @!attribute [rw] resource_type
3908
- # The type of AWS resource.
4396
+ # The type of Amazon Web Services resource.
3909
4397
  # @return [String]
3910
4398
  #
3911
4399
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Resource AWS API Documentation
@@ -3914,6 +4402,8 @@ module Aws::GuardDuty
3914
4402
  :access_key_details,
3915
4403
  :s3_bucket_details,
3916
4404
  :instance_details,
4405
+ :eks_cluster_details,
4406
+ :kubernetes_details,
3917
4407
  :resource_type)
3918
4408
  SENSITIVE = []
3919
4409
  include Aws::Structure
@@ -4004,6 +4494,20 @@ module Aws::GuardDuty
4004
4494
  include Aws::Structure
4005
4495
  end
4006
4496
 
4497
+ # Container security context.
4498
+ #
4499
+ # @!attribute [rw] privileged
4500
+ # Whether the container is privileged.
4501
+ # @return [Boolean]
4502
+ #
4503
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/SecurityContext AWS API Documentation
4504
+ #
4505
+ class SecurityContext < Struct.new(
4506
+ :privileged)
4507
+ SENSITIVE = []
4508
+ include Aws::Structure
4509
+ end
4510
+
4007
4511
  # Contains information about the security groups associated with the EC2
4008
4512
  # instance.
4009
4513
  #
@@ -4061,7 +4565,8 @@ module Aws::GuardDuty
4061
4565
  # @return [String]
4062
4566
  #
4063
4567
  # @!attribute [rw] service_name
4064
- # The name of the AWS service (GuardDuty) that generated a finding.
4568
+ # The name of the Amazon Web Services service (GuardDuty) that
4569
+ # generated a finding.
4065
4570
  # @return [String]
4066
4571
  #
4067
4572
  # @!attribute [rw] user_feedback
@@ -4317,7 +4822,7 @@ module Aws::GuardDuty
4317
4822
  # Contains information about the accounts that weren't processed.
4318
4823
  #
4319
4824
  # @!attribute [rw] account_id
4320
- # The AWS account ID.
4825
+ # The Amazon Web Services account ID.
4321
4826
  # @return [String]
4322
4827
  #
4323
4828
  # @!attribute [rw] result
@@ -4373,6 +4878,11 @@ module Aws::GuardDuty
4373
4878
  # s3_logs: {
4374
4879
  # enable: false, # required
4375
4880
  # },
4881
+ # kubernetes: {
4882
+ # audit_logs: { # required
4883
+ # enable: false, # required
4884
+ # },
4885
+ # },
4376
4886
  # },
4377
4887
  # }
4378
4888
  #
@@ -4559,8 +5069,7 @@ module Aws::GuardDuty
4559
5069
  # @return [String]
4560
5070
  #
4561
5071
  # @!attribute [rw] location
4562
- # The updated URI of the file that contains the IPSet. For example:
4563
- # https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.
5072
+ # The updated URI of the file that contains the IPSet.
4564
5073
  # @return [String]
4565
5074
  #
4566
5075
  # @!attribute [rw] activate
@@ -4594,6 +5103,11 @@ module Aws::GuardDuty
4594
5103
  # s3_logs: {
4595
5104
  # enable: false, # required
4596
5105
  # },
5106
+ # kubernetes: {
5107
+ # audit_logs: { # required
5108
+ # enable: false, # required
5109
+ # },
5110
+ # },
4597
5111
  # },
4598
5112
  # }
4599
5113
  #
@@ -4642,6 +5156,11 @@ module Aws::GuardDuty
4642
5156
  # s3_logs: {
4643
5157
  # auto_enable: false, # required
4644
5158
  # },
5159
+ # kubernetes: {
5160
+ # audit_logs: { # required
5161
+ # auto_enable: false, # required
5162
+ # },
5163
+ # },
4645
5164
  # },
4646
5165
  # }
4647
5166
  #
@@ -4790,7 +5309,7 @@ module Aws::GuardDuty
4790
5309
  #
4791
5310
  # {
4792
5311
  # account_ids: ["AccountId"],
4793
- # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS
5312
+ # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
4794
5313
  # resources: ["String"],
4795
5314
  # }
4796
5315
  #
@@ -4836,10 +5355,11 @@ module Aws::GuardDuty
4836
5355
  include Aws::Structure
4837
5356
  end
4838
5357
 
4839
- # Contains information on the sum of usage based on an AWS resource.
5358
+ # Contains information on the sum of usage based on an Amazon Web
5359
+ # Services resource.
4840
5360
  #
4841
5361
  # @!attribute [rw] resource
4842
- # The AWS resource that generated usage.
5362
+ # The Amazon Web Services resource that generated usage.
4843
5363
  # @return [String]
4844
5364
  #
4845
5365
  # @!attribute [rw] total
@@ -4886,5 +5406,44 @@ module Aws::GuardDuty
4886
5406
  include Aws::Structure
4887
5407
  end
4888
5408
 
5409
+ # Volume used by the Kubernetes workload.
5410
+ #
5411
+ # @!attribute [rw] name
5412
+ # Volume name.
5413
+ # @return [String]
5414
+ #
5415
+ # @!attribute [rw] host_path
5416
+ # Represents a pre-existing file or directory on the host machine that
5417
+ # the volume maps to.
5418
+ # @return [Types::HostPath]
5419
+ #
5420
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Volume AWS API Documentation
5421
+ #
5422
+ class Volume < Struct.new(
5423
+ :name,
5424
+ :host_path)
5425
+ SENSITIVE = []
5426
+ include Aws::Structure
5427
+ end
5428
+
5429
+ # Container volume mount.
5430
+ #
5431
+ # @!attribute [rw] name
5432
+ # Volume mount name.
5433
+ # @return [String]
5434
+ #
5435
+ # @!attribute [rw] mount_path
5436
+ # Volume mount path.
5437
+ # @return [String]
5438
+ #
5439
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/VolumeMount AWS API Documentation
5440
+ #
5441
+ class VolumeMount < Struct.new(
5442
+ :name,
5443
+ :mount_path)
5444
+ SENSITIVE = []
5445
+ include Aws::Structure
5446
+ end
5447
+
4889
5448
  end
4890
5449
  end