aws-sdk-guardduty 1.58.0 → 1.60.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-guardduty/client.rb +313 -6
- data/lib/aws-sdk-guardduty/client_api.rb +318 -0
- data/lib/aws-sdk-guardduty/types.rb +1283 -19
- data/lib/aws-sdk-guardduty.rb +1 -1
- metadata +2 -2
@@ -697,6 +697,11 @@ module Aws::GuardDuty
|
|
697
697
|
# enable: false, # required
|
698
698
|
# },
|
699
699
|
# },
|
700
|
+
# malware_protection: {
|
701
|
+
# scan_ec2_instance_with_findings: {
|
702
|
+
# ebs_volumes: false,
|
703
|
+
# },
|
704
|
+
# },
|
700
705
|
# },
|
701
706
|
# tags: {
|
702
707
|
# "TagKey" => "TagValue",
|
@@ -743,10 +748,16 @@ module Aws::GuardDuty
|
|
743
748
|
# The unique ID of the created detector.
|
744
749
|
# @return [String]
|
745
750
|
#
|
751
|
+
# @!attribute [rw] unprocessed_data_sources
|
752
|
+
# Specifies the data sources that couldn't be enabled when GuardDuty
|
753
|
+
# was enabled for the first time.
|
754
|
+
# @return [Types::UnprocessedDataSourcesResult]
|
755
|
+
#
|
746
756
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateDetectorResponse AWS API Documentation
|
747
757
|
#
|
748
758
|
class CreateDetectorResponse < Struct.new(
|
749
|
-
:detector_id
|
759
|
+
:detector_id,
|
760
|
+
:unprocessed_data_sources)
|
750
761
|
SENSITIVE = []
|
751
762
|
include Aws::Structure
|
752
763
|
end
|
@@ -1291,6 +1302,11 @@ module Aws::GuardDuty
|
|
1291
1302
|
# enable: false, # required
|
1292
1303
|
# },
|
1293
1304
|
# },
|
1305
|
+
# malware_protection: {
|
1306
|
+
# scan_ec2_instance_with_findings: {
|
1307
|
+
# ebs_volumes: false,
|
1308
|
+
# },
|
1309
|
+
# },
|
1294
1310
|
# }
|
1295
1311
|
#
|
1296
1312
|
# @!attribute [rw] s3_logs
|
@@ -1301,11 +1317,16 @@ module Aws::GuardDuty
|
|
1301
1317
|
# Describes whether any Kubernetes logs are enabled as data sources.
|
1302
1318
|
# @return [Types::KubernetesConfiguration]
|
1303
1319
|
#
|
1320
|
+
# @!attribute [rw] malware_protection
|
1321
|
+
# Describes whether Malware Protection is enabled as a data source.
|
1322
|
+
# @return [Types::MalwareProtectionConfiguration]
|
1323
|
+
#
|
1304
1324
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurations AWS API Documentation
|
1305
1325
|
#
|
1306
1326
|
class DataSourceConfigurations < Struct.new(
|
1307
1327
|
:s3_logs,
|
1308
|
-
:kubernetes
|
1328
|
+
:kubernetes,
|
1329
|
+
:malware_protection)
|
1309
1330
|
SENSITIVE = []
|
1310
1331
|
include Aws::Structure
|
1311
1332
|
end
|
@@ -1337,6 +1358,10 @@ module Aws::GuardDuty
|
|
1337
1358
|
# data sources.
|
1338
1359
|
# @return [Types::KubernetesConfigurationResult]
|
1339
1360
|
#
|
1361
|
+
# @!attribute [rw] malware_protection
|
1362
|
+
# Describes the configuration of Malware Protection data sources.
|
1363
|
+
# @return [Types::MalwareProtectionConfigurationResult]
|
1364
|
+
#
|
1340
1365
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurationsResult AWS API Documentation
|
1341
1366
|
#
|
1342
1367
|
class DataSourceConfigurationsResult < Struct.new(
|
@@ -1344,7 +1369,8 @@ module Aws::GuardDuty
|
|
1344
1369
|
:dns_logs,
|
1345
1370
|
:flow_logs,
|
1346
1371
|
:s3_logs,
|
1347
|
-
:kubernetes
|
1372
|
+
:kubernetes,
|
1373
|
+
:malware_protection)
|
1348
1374
|
SENSITIVE = []
|
1349
1375
|
include Aws::Structure
|
1350
1376
|
end
|
@@ -1369,8 +1395,8 @@ module Aws::GuardDuty
|
|
1369
1395
|
# GuardDuty member account.
|
1370
1396
|
#
|
1371
1397
|
# @!attribute [rw] cloud_trail
|
1372
|
-
# Describes whether any
|
1373
|
-
# enabled as data sources.
|
1398
|
+
# Describes whether any Amazon Web Services CloudTrail management
|
1399
|
+
# event logs are enabled as data sources.
|
1374
1400
|
# @return [Types::DataSourceFreeTrial]
|
1375
1401
|
#
|
1376
1402
|
# @!attribute [rw] dns_logs
|
@@ -1390,6 +1416,10 @@ module Aws::GuardDuty
|
|
1390
1416
|
# Describes whether any Kubernetes logs are enabled as data sources.
|
1391
1417
|
# @return [Types::KubernetesDataSourceFreeTrial]
|
1392
1418
|
#
|
1419
|
+
# @!attribute [rw] malware_protection
|
1420
|
+
# Describes whether Malware Protection is enabled as a data source.
|
1421
|
+
# @return [Types::MalwareProtectionDataSourceFreeTrial]
|
1422
|
+
#
|
1393
1423
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourcesFreeTrial AWS API Documentation
|
1394
1424
|
#
|
1395
1425
|
class DataSourcesFreeTrial < Struct.new(
|
@@ -1397,7 +1427,8 @@ module Aws::GuardDuty
|
|
1397
1427
|
:dns_logs,
|
1398
1428
|
:flow_logs,
|
1399
1429
|
:s3_logs,
|
1400
|
-
:kubernetes
|
1430
|
+
:kubernetes,
|
1431
|
+
:malware_protection)
|
1401
1432
|
SENSITIVE = []
|
1402
1433
|
include Aws::Structure
|
1403
1434
|
end
|
@@ -1675,6 +1706,88 @@ module Aws::GuardDuty
|
|
1675
1706
|
#
|
1676
1707
|
class DeleteThreatIntelSetResponse < Aws::EmptyStructure; end
|
1677
1708
|
|
1709
|
+
# @note When making an API call, you may pass DescribeMalwareScansRequest
|
1710
|
+
# data as a hash:
|
1711
|
+
#
|
1712
|
+
# {
|
1713
|
+
# detector_id: "DetectorId", # required
|
1714
|
+
# next_token: "String",
|
1715
|
+
# max_results: 1,
|
1716
|
+
# filter_criteria: {
|
1717
|
+
# filter_criterion: [
|
1718
|
+
# {
|
1719
|
+
# criterion_key: "EC2_INSTANCE_ARN", # accepts EC2_INSTANCE_ARN, SCAN_ID, ACCOUNT_ID, GUARDDUTY_FINDING_ID, SCAN_START_TIME, SCAN_STATUS
|
1720
|
+
# filter_condition: {
|
1721
|
+
# equals_value: "NonEmptyString",
|
1722
|
+
# greater_than: 1,
|
1723
|
+
# less_than: 1,
|
1724
|
+
# },
|
1725
|
+
# },
|
1726
|
+
# ],
|
1727
|
+
# },
|
1728
|
+
# sort_criteria: {
|
1729
|
+
# attribute_name: "String",
|
1730
|
+
# order_by: "ASC", # accepts ASC, DESC
|
1731
|
+
# },
|
1732
|
+
# }
|
1733
|
+
#
|
1734
|
+
# @!attribute [rw] detector_id
|
1735
|
+
# The unique ID of the detector that the request is associated with.
|
1736
|
+
# @return [String]
|
1737
|
+
#
|
1738
|
+
# @!attribute [rw] next_token
|
1739
|
+
# You can use this parameter when paginating results. Set the value of
|
1740
|
+
# this parameter to null on your first call to the list action. For
|
1741
|
+
# subsequent calls to the action, fill nextToken in the request with
|
1742
|
+
# the value of NextToken from the previous response to continue
|
1743
|
+
# listing data.
|
1744
|
+
# @return [String]
|
1745
|
+
#
|
1746
|
+
# @!attribute [rw] max_results
|
1747
|
+
# You can use this parameter to indicate the maximum number of items
|
1748
|
+
# that you want in the response. The default value is 50. The maximum
|
1749
|
+
# value is 50.
|
1750
|
+
# @return [Integer]
|
1751
|
+
#
|
1752
|
+
# @!attribute [rw] filter_criteria
|
1753
|
+
# Represents the criteria to be used in the filter for describing scan
|
1754
|
+
# entries.
|
1755
|
+
# @return [Types::FilterCriteria]
|
1756
|
+
#
|
1757
|
+
# @!attribute [rw] sort_criteria
|
1758
|
+
# Represents the criteria used for sorting scan entries.
|
1759
|
+
# @return [Types::SortCriteria]
|
1760
|
+
#
|
1761
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeMalwareScansRequest AWS API Documentation
|
1762
|
+
#
|
1763
|
+
class DescribeMalwareScansRequest < Struct.new(
|
1764
|
+
:detector_id,
|
1765
|
+
:next_token,
|
1766
|
+
:max_results,
|
1767
|
+
:filter_criteria,
|
1768
|
+
:sort_criteria)
|
1769
|
+
SENSITIVE = []
|
1770
|
+
include Aws::Structure
|
1771
|
+
end
|
1772
|
+
|
1773
|
+
# @!attribute [rw] scans
|
1774
|
+
# Contains information about malware scans.
|
1775
|
+
# @return [Array<Types::Scan>]
|
1776
|
+
#
|
1777
|
+
# @!attribute [rw] next_token
|
1778
|
+
# The pagination parameter to be used on the next list operation to
|
1779
|
+
# retrieve more items.
|
1780
|
+
# @return [String]
|
1781
|
+
#
|
1782
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeMalwareScansResponse AWS API Documentation
|
1783
|
+
#
|
1784
|
+
class DescribeMalwareScansResponse < Struct.new(
|
1785
|
+
:scans,
|
1786
|
+
:next_token)
|
1787
|
+
SENSITIVE = []
|
1788
|
+
include Aws::Structure
|
1789
|
+
end
|
1790
|
+
|
1678
1791
|
# @note When making an API call, you may pass DescribeOrganizationConfigurationRequest
|
1679
1792
|
# data as a hash:
|
1680
1793
|
#
|
@@ -1990,6 +2103,193 @@ module Aws::GuardDuty
|
|
1990
2103
|
include Aws::Structure
|
1991
2104
|
end
|
1992
2105
|
|
2106
|
+
# Contains list of scanned and skipped EBS volumes with details.
|
2107
|
+
#
|
2108
|
+
# @!attribute [rw] scanned_volume_details
|
2109
|
+
# List of EBS volumes that were scanned.
|
2110
|
+
# @return [Array<Types::VolumeDetail>]
|
2111
|
+
#
|
2112
|
+
# @!attribute [rw] skipped_volume_details
|
2113
|
+
# List of EBS volumes that were skipped from the malware scan.
|
2114
|
+
# @return [Array<Types::VolumeDetail>]
|
2115
|
+
#
|
2116
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumeDetails AWS API Documentation
|
2117
|
+
#
|
2118
|
+
class EbsVolumeDetails < Struct.new(
|
2119
|
+
:scanned_volume_details,
|
2120
|
+
:skipped_volume_details)
|
2121
|
+
SENSITIVE = []
|
2122
|
+
include Aws::Structure
|
2123
|
+
end
|
2124
|
+
|
2125
|
+
# Contains details from the malware scan that created a finding.
|
2126
|
+
#
|
2127
|
+
# @!attribute [rw] scan_id
|
2128
|
+
# Unique Id of the malware scan that generated the finding.
|
2129
|
+
# @return [String]
|
2130
|
+
#
|
2131
|
+
# @!attribute [rw] scan_started_at
|
2132
|
+
# Returns the start date and time of the malware scan.
|
2133
|
+
# @return [Time]
|
2134
|
+
#
|
2135
|
+
# @!attribute [rw] scan_completed_at
|
2136
|
+
# Returns the completion date and time of the malware scan.
|
2137
|
+
# @return [Time]
|
2138
|
+
#
|
2139
|
+
# @!attribute [rw] trigger_finding_id
|
2140
|
+
# GuardDuty finding ID that triggered a malware scan.
|
2141
|
+
# @return [String]
|
2142
|
+
#
|
2143
|
+
# @!attribute [rw] sources
|
2144
|
+
# Contains list of threat intelligence sources used to detect threats.
|
2145
|
+
# @return [Array<String>]
|
2146
|
+
#
|
2147
|
+
# @!attribute [rw] scan_detections
|
2148
|
+
# Contains a complete view providing malware scan result details.
|
2149
|
+
# @return [Types::ScanDetections]
|
2150
|
+
#
|
2151
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumeScanDetails AWS API Documentation
|
2152
|
+
#
|
2153
|
+
class EbsVolumeScanDetails < Struct.new(
|
2154
|
+
:scan_id,
|
2155
|
+
:scan_started_at,
|
2156
|
+
:scan_completed_at,
|
2157
|
+
:trigger_finding_id,
|
2158
|
+
:sources,
|
2159
|
+
:scan_detections)
|
2160
|
+
SENSITIVE = []
|
2161
|
+
include Aws::Structure
|
2162
|
+
end
|
2163
|
+
|
2164
|
+
# Describes the configuration of scanning EBS volumes as a data source.
|
2165
|
+
#
|
2166
|
+
# @!attribute [rw] status
|
2167
|
+
# Describes whether scanning EBS volumes is enabled as a data source.
|
2168
|
+
# @return [String]
|
2169
|
+
#
|
2170
|
+
# @!attribute [rw] reason
|
2171
|
+
# Specifies the reason why scanning EBS volumes (Malware Protection)
|
2172
|
+
# was not enabled as a data source.
|
2173
|
+
# @return [String]
|
2174
|
+
#
|
2175
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumesResult AWS API Documentation
|
2176
|
+
#
|
2177
|
+
class EbsVolumesResult < Struct.new(
|
2178
|
+
:status,
|
2179
|
+
:reason)
|
2180
|
+
SENSITIVE = []
|
2181
|
+
include Aws::Structure
|
2182
|
+
end
|
2183
|
+
|
2184
|
+
# Contains information about the details of the ECS Cluster.
|
2185
|
+
#
|
2186
|
+
# @!attribute [rw] name
|
2187
|
+
# The name of the ECS Cluster.
|
2188
|
+
# @return [String]
|
2189
|
+
#
|
2190
|
+
# @!attribute [rw] arn
|
2191
|
+
# The Amazon Resource Name (ARN) that identifies the cluster.
|
2192
|
+
# @return [String]
|
2193
|
+
#
|
2194
|
+
# @!attribute [rw] status
|
2195
|
+
# The status of the ECS cluster.
|
2196
|
+
# @return [String]
|
2197
|
+
#
|
2198
|
+
# @!attribute [rw] active_services_count
|
2199
|
+
# The number of services that are running on the cluster in an ACTIVE
|
2200
|
+
# state.
|
2201
|
+
# @return [Integer]
|
2202
|
+
#
|
2203
|
+
# @!attribute [rw] registered_container_instances_count
|
2204
|
+
# The number of container instances registered into the cluster.
|
2205
|
+
# @return [Integer]
|
2206
|
+
#
|
2207
|
+
# @!attribute [rw] running_tasks_count
|
2208
|
+
# The number of tasks in the cluster that are in the RUNNING state.
|
2209
|
+
# @return [Integer]
|
2210
|
+
#
|
2211
|
+
# @!attribute [rw] tags
|
2212
|
+
# The tags of the ECS Cluster.
|
2213
|
+
# @return [Array<Types::Tag>]
|
2214
|
+
#
|
2215
|
+
# @!attribute [rw] task_details
|
2216
|
+
# Contains information about the details of the ECS Task.
|
2217
|
+
# @return [Types::EcsTaskDetails]
|
2218
|
+
#
|
2219
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EcsClusterDetails AWS API Documentation
|
2220
|
+
#
|
2221
|
+
class EcsClusterDetails < Struct.new(
|
2222
|
+
:name,
|
2223
|
+
:arn,
|
2224
|
+
:status,
|
2225
|
+
:active_services_count,
|
2226
|
+
:registered_container_instances_count,
|
2227
|
+
:running_tasks_count,
|
2228
|
+
:tags,
|
2229
|
+
:task_details)
|
2230
|
+
SENSITIVE = []
|
2231
|
+
include Aws::Structure
|
2232
|
+
end
|
2233
|
+
|
2234
|
+
# Contains information about the task in an ECS cluster.
|
2235
|
+
#
|
2236
|
+
# @!attribute [rw] arn
|
2237
|
+
# The Amazon Resource Name (ARN) of the task.
|
2238
|
+
# @return [String]
|
2239
|
+
#
|
2240
|
+
# @!attribute [rw] definition_arn
|
2241
|
+
# The ARN of the task definition that creates the task.
|
2242
|
+
# @return [String]
|
2243
|
+
#
|
2244
|
+
# @!attribute [rw] version
|
2245
|
+
# The version counter for the task.
|
2246
|
+
# @return [String]
|
2247
|
+
#
|
2248
|
+
# @!attribute [rw] task_created_at
|
2249
|
+
# The Unix timestamp for the time when the task was created.
|
2250
|
+
# @return [Time]
|
2251
|
+
#
|
2252
|
+
# @!attribute [rw] started_at
|
2253
|
+
# The Unix timestamp for the time when the task started.
|
2254
|
+
# @return [Time]
|
2255
|
+
#
|
2256
|
+
# @!attribute [rw] started_by
|
2257
|
+
# Contains the tag specified when a task is started.
|
2258
|
+
# @return [String]
|
2259
|
+
#
|
2260
|
+
# @!attribute [rw] tags
|
2261
|
+
# The tags of the ECS Task.
|
2262
|
+
# @return [Array<Types::Tag>]
|
2263
|
+
#
|
2264
|
+
# @!attribute [rw] volumes
|
2265
|
+
# The list of data volume definitions for the task.
|
2266
|
+
# @return [Array<Types::Volume>]
|
2267
|
+
#
|
2268
|
+
# @!attribute [rw] containers
|
2269
|
+
# The containers that's associated with the task.
|
2270
|
+
# @return [Array<Types::Container>]
|
2271
|
+
#
|
2272
|
+
# @!attribute [rw] group
|
2273
|
+
# The name of the task group that's associated with the task.
|
2274
|
+
# @return [String]
|
2275
|
+
#
|
2276
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EcsTaskDetails AWS API Documentation
|
2277
|
+
#
|
2278
|
+
class EcsTaskDetails < Struct.new(
|
2279
|
+
:arn,
|
2280
|
+
:definition_arn,
|
2281
|
+
:version,
|
2282
|
+
:task_created_at,
|
2283
|
+
:started_at,
|
2284
|
+
:started_by,
|
2285
|
+
:tags,
|
2286
|
+
:volumes,
|
2287
|
+
:containers,
|
2288
|
+
:group)
|
2289
|
+
SENSITIVE = []
|
2290
|
+
include Aws::Structure
|
2291
|
+
end
|
2292
|
+
|
1993
2293
|
# Details about the EKS cluster involved in a Kubernetes finding.
|
1994
2294
|
#
|
1995
2295
|
# @!attribute [rw] name
|
@@ -2067,6 +2367,110 @@ module Aws::GuardDuty
|
|
2067
2367
|
include Aws::Structure
|
2068
2368
|
end
|
2069
2369
|
|
2370
|
+
# Contains information about the condition.
|
2371
|
+
#
|
2372
|
+
# @note When making an API call, you may pass FilterCondition
|
2373
|
+
# data as a hash:
|
2374
|
+
#
|
2375
|
+
# {
|
2376
|
+
# equals_value: "NonEmptyString",
|
2377
|
+
# greater_than: 1,
|
2378
|
+
# less_than: 1,
|
2379
|
+
# }
|
2380
|
+
#
|
2381
|
+
# @!attribute [rw] equals_value
|
2382
|
+
# Represents an *equal* **** condition to be applied to a single field
|
2383
|
+
# when querying for scan entries.
|
2384
|
+
# @return [String]
|
2385
|
+
#
|
2386
|
+
# @!attribute [rw] greater_than
|
2387
|
+
# Represents a *greater than* condition to be applied to a single
|
2388
|
+
# field when querying for scan entries.
|
2389
|
+
# @return [Integer]
|
2390
|
+
#
|
2391
|
+
# @!attribute [rw] less_than
|
2392
|
+
# Represents a *less than* condition to be applied to a single field
|
2393
|
+
# when querying for scan entries.
|
2394
|
+
# @return [Integer]
|
2395
|
+
#
|
2396
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCondition AWS API Documentation
|
2397
|
+
#
|
2398
|
+
class FilterCondition < Struct.new(
|
2399
|
+
:equals_value,
|
2400
|
+
:greater_than,
|
2401
|
+
:less_than)
|
2402
|
+
SENSITIVE = []
|
2403
|
+
include Aws::Structure
|
2404
|
+
end
|
2405
|
+
|
2406
|
+
# Represents the criteria to be used in the filter for describing scan
|
2407
|
+
# entries.
|
2408
|
+
#
|
2409
|
+
# @note When making an API call, you may pass FilterCriteria
|
2410
|
+
# data as a hash:
|
2411
|
+
#
|
2412
|
+
# {
|
2413
|
+
# filter_criterion: [
|
2414
|
+
# {
|
2415
|
+
# criterion_key: "EC2_INSTANCE_ARN", # accepts EC2_INSTANCE_ARN, SCAN_ID, ACCOUNT_ID, GUARDDUTY_FINDING_ID, SCAN_START_TIME, SCAN_STATUS
|
2416
|
+
# filter_condition: {
|
2417
|
+
# equals_value: "NonEmptyString",
|
2418
|
+
# greater_than: 1,
|
2419
|
+
# less_than: 1,
|
2420
|
+
# },
|
2421
|
+
# },
|
2422
|
+
# ],
|
2423
|
+
# }
|
2424
|
+
#
|
2425
|
+
# @!attribute [rw] filter_criterion
|
2426
|
+
# Represents a condition that when matched will be added to the
|
2427
|
+
# response of the operation.
|
2428
|
+
# @return [Array<Types::FilterCriterion>]
|
2429
|
+
#
|
2430
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCriteria AWS API Documentation
|
2431
|
+
#
|
2432
|
+
class FilterCriteria < Struct.new(
|
2433
|
+
:filter_criterion)
|
2434
|
+
SENSITIVE = []
|
2435
|
+
include Aws::Structure
|
2436
|
+
end
|
2437
|
+
|
2438
|
+
# Represents a condition that when matched will be added to the response
|
2439
|
+
# of the operation. Irrespective of using any filter criteria, an
|
2440
|
+
# administrator account can view the scan entries for all of its member
|
2441
|
+
# accounts. However, each member account can view the scan entries only
|
2442
|
+
# for their own account.
|
2443
|
+
#
|
2444
|
+
# @note When making an API call, you may pass FilterCriterion
|
2445
|
+
# data as a hash:
|
2446
|
+
#
|
2447
|
+
# {
|
2448
|
+
# criterion_key: "EC2_INSTANCE_ARN", # accepts EC2_INSTANCE_ARN, SCAN_ID, ACCOUNT_ID, GUARDDUTY_FINDING_ID, SCAN_START_TIME, SCAN_STATUS
|
2449
|
+
# filter_condition: {
|
2450
|
+
# equals_value: "NonEmptyString",
|
2451
|
+
# greater_than: 1,
|
2452
|
+
# less_than: 1,
|
2453
|
+
# },
|
2454
|
+
# }
|
2455
|
+
#
|
2456
|
+
# @!attribute [rw] criterion_key
|
2457
|
+
# An enum value representing possible scan properties to match with
|
2458
|
+
# given scan entries.
|
2459
|
+
# @return [String]
|
2460
|
+
#
|
2461
|
+
# @!attribute [rw] filter_condition
|
2462
|
+
# Contains information about the condition.
|
2463
|
+
# @return [Types::FilterCondition]
|
2464
|
+
#
|
2465
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCriterion AWS API Documentation
|
2466
|
+
#
|
2467
|
+
class FilterCriterion < Struct.new(
|
2468
|
+
:criterion_key,
|
2469
|
+
:filter_condition)
|
2470
|
+
SENSITIVE = []
|
2471
|
+
include Aws::Structure
|
2472
|
+
end
|
2473
|
+
|
2070
2474
|
# Contains information about the finding, which is generated when
|
2071
2475
|
# abnormal or suspicious activity is detected.
|
2072
2476
|
#
|
@@ -2580,6 +2984,44 @@ module Aws::GuardDuty
|
|
2580
2984
|
include Aws::Structure
|
2581
2985
|
end
|
2582
2986
|
|
2987
|
+
# @note When making an API call, you may pass GetMalwareScanSettingsRequest
|
2988
|
+
# data as a hash:
|
2989
|
+
#
|
2990
|
+
# {
|
2991
|
+
# detector_id: "DetectorId", # required
|
2992
|
+
# }
|
2993
|
+
#
|
2994
|
+
# @!attribute [rw] detector_id
|
2995
|
+
# The unique ID of the detector that the scan setting is associated
|
2996
|
+
# with.
|
2997
|
+
# @return [String]
|
2998
|
+
#
|
2999
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareScanSettingsRequest AWS API Documentation
|
3000
|
+
#
|
3001
|
+
class GetMalwareScanSettingsRequest < Struct.new(
|
3002
|
+
:detector_id)
|
3003
|
+
SENSITIVE = []
|
3004
|
+
include Aws::Structure
|
3005
|
+
end
|
3006
|
+
|
3007
|
+
# @!attribute [rw] scan_resource_criteria
|
3008
|
+
# Represents the criteria to be used in the filter for scanning
|
3009
|
+
# resources.
|
3010
|
+
# @return [Types::ScanResourceCriteria]
|
3011
|
+
#
|
3012
|
+
# @!attribute [rw] ebs_snapshot_preservation
|
3013
|
+
# An enum value representing possible snapshot preservation settings.
|
3014
|
+
# @return [String]
|
3015
|
+
#
|
3016
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareScanSettingsResponse AWS API Documentation
|
3017
|
+
#
|
3018
|
+
class GetMalwareScanSettingsResponse < Struct.new(
|
3019
|
+
:scan_resource_criteria,
|
3020
|
+
:ebs_snapshot_preservation)
|
3021
|
+
SENSITIVE = []
|
3022
|
+
include Aws::Structure
|
3023
|
+
end
|
3024
|
+
|
2583
3025
|
# @note When making an API call, you may pass GetMasterAccountRequest
|
2584
3026
|
# data as a hash:
|
2585
3027
|
#
|
@@ -2812,7 +3254,7 @@ module Aws::GuardDuty
|
|
2812
3254
|
# usage_statistic_type: "SUM_BY_ACCOUNT", # required, accepts SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES
|
2813
3255
|
# usage_criteria: { # required
|
2814
3256
|
# account_ids: ["AccountId"],
|
2815
|
-
# data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
|
3257
|
+
# data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS, EC2_MALWARE_SCAN
|
2816
3258
|
# resources: ["String"],
|
2817
3259
|
# },
|
2818
3260
|
# unit: "String",
|
@@ -2882,16 +3324,43 @@ module Aws::GuardDuty
|
|
2882
3324
|
include Aws::Structure
|
2883
3325
|
end
|
2884
3326
|
|
2885
|
-
#
|
2886
|
-
#
|
3327
|
+
# Contains details of the highest severity threat detected during scan
|
3328
|
+
# and number of infected files.
|
2887
3329
|
#
|
2888
|
-
# @!attribute [rw]
|
2889
|
-
#
|
3330
|
+
# @!attribute [rw] severity
|
3331
|
+
# Severity level of the highest severity threat detected.
|
2890
3332
|
# @return [String]
|
2891
3333
|
#
|
2892
|
-
#
|
3334
|
+
# @!attribute [rw] threat_name
|
3335
|
+
# Threat name of the highest severity threat detected as part of the
|
3336
|
+
# malware scan.
|
3337
|
+
# @return [String]
|
2893
3338
|
#
|
2894
|
-
|
3339
|
+
# @!attribute [rw] count
|
3340
|
+
# Total number of infected files with the highest severity threat
|
3341
|
+
# detected.
|
3342
|
+
# @return [Integer]
|
3343
|
+
#
|
3344
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HighestSeverityThreatDetails AWS API Documentation
|
3345
|
+
#
|
3346
|
+
class HighestSeverityThreatDetails < Struct.new(
|
3347
|
+
:severity,
|
3348
|
+
:threat_name,
|
3349
|
+
:count)
|
3350
|
+
SENSITIVE = []
|
3351
|
+
include Aws::Structure
|
3352
|
+
end
|
3353
|
+
|
3354
|
+
# Represents a pre-existing file or directory on the host machine that
|
3355
|
+
# the volume maps to.
|
3356
|
+
#
|
3357
|
+
# @!attribute [rw] path
|
3358
|
+
# Path of the file or directory on the host that the volume maps to.
|
3359
|
+
# @return [String]
|
3360
|
+
#
|
3361
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HostPath AWS API Documentation
|
3362
|
+
#
|
3363
|
+
class HostPath < Struct.new(
|
2895
3364
|
:path)
|
2896
3365
|
SENSITIVE = []
|
2897
3366
|
include Aws::Structure
|
@@ -3755,7 +4224,13 @@ module Aws::GuardDuty
|
|
3755
4224
|
# @!attribute [rw] only_associated
|
3756
4225
|
# Specifies whether to only return associated members or to return all
|
3757
4226
|
# members (including members who haven't been invited yet or have
|
3758
|
-
# been disassociated).
|
4227
|
+
# been disassociated). Member accounts must have been previously
|
4228
|
+
# associated with the GuardDuty administrator account using [ `Create
|
4229
|
+
# Members` ][1].
|
4230
|
+
#
|
4231
|
+
#
|
4232
|
+
#
|
4233
|
+
# [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html
|
3759
4234
|
# @return [String]
|
3760
4235
|
#
|
3761
4236
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListMembersRequest AWS API Documentation
|
@@ -4011,6 +4486,67 @@ module Aws::GuardDuty
|
|
4011
4486
|
include Aws::Structure
|
4012
4487
|
end
|
4013
4488
|
|
4489
|
+
# Describes whether Malware Protection will be enabled as a data source.
|
4490
|
+
#
|
4491
|
+
# @note When making an API call, you may pass MalwareProtectionConfiguration
|
4492
|
+
# data as a hash:
|
4493
|
+
#
|
4494
|
+
# {
|
4495
|
+
# scan_ec2_instance_with_findings: {
|
4496
|
+
# ebs_volumes: false,
|
4497
|
+
# },
|
4498
|
+
# }
|
4499
|
+
#
|
4500
|
+
# @!attribute [rw] scan_ec2_instance_with_findings
|
4501
|
+
# Describes the configuration of Malware Protection for EC2 instances
|
4502
|
+
# with findings.
|
4503
|
+
# @return [Types::ScanEc2InstanceWithFindings]
|
4504
|
+
#
|
4505
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionConfiguration AWS API Documentation
|
4506
|
+
#
|
4507
|
+
class MalwareProtectionConfiguration < Struct.new(
|
4508
|
+
:scan_ec2_instance_with_findings)
|
4509
|
+
SENSITIVE = []
|
4510
|
+
include Aws::Structure
|
4511
|
+
end
|
4512
|
+
|
4513
|
+
# An object that contains information on the status of all Malware
|
4514
|
+
# Protection data sources.
|
4515
|
+
#
|
4516
|
+
# @!attribute [rw] scan_ec2_instance_with_findings
|
4517
|
+
# Describes the configuration of Malware Protection for EC2 instances
|
4518
|
+
# with findings.
|
4519
|
+
# @return [Types::ScanEc2InstanceWithFindingsResult]
|
4520
|
+
#
|
4521
|
+
# @!attribute [rw] service_role
|
4522
|
+
# The GuardDuty Malware Protection service role.
|
4523
|
+
# @return [String]
|
4524
|
+
#
|
4525
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionConfigurationResult AWS API Documentation
|
4526
|
+
#
|
4527
|
+
class MalwareProtectionConfigurationResult < Struct.new(
|
4528
|
+
:scan_ec2_instance_with_findings,
|
4529
|
+
:service_role)
|
4530
|
+
SENSITIVE = []
|
4531
|
+
include Aws::Structure
|
4532
|
+
end
|
4533
|
+
|
4534
|
+
# Provides details about Malware Protection when it is enabled as a data
|
4535
|
+
# source.
|
4536
|
+
#
|
4537
|
+
# @!attribute [rw] scan_ec2_instance_with_findings
|
4538
|
+
# Describes whether Malware Protection for EC2 instances with findings
|
4539
|
+
# is enabled as a data source.
|
4540
|
+
# @return [Types::DataSourceFreeTrial]
|
4541
|
+
#
|
4542
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionDataSourceFreeTrial AWS API Documentation
|
4543
|
+
#
|
4544
|
+
class MalwareProtectionDataSourceFreeTrial < Struct.new(
|
4545
|
+
:scan_ec2_instance_with_findings)
|
4546
|
+
SENSITIVE = []
|
4547
|
+
include Aws::Structure
|
4548
|
+
end
|
4549
|
+
|
4014
4550
|
# Contains information about the administrator account and invitation.
|
4015
4551
|
#
|
4016
4552
|
# @!attribute [rw] account_id
|
@@ -4265,6 +4801,13 @@ module Aws::GuardDuty
|
|
4265
4801
|
# auto_enable: false, # required
|
4266
4802
|
# },
|
4267
4803
|
# },
|
4804
|
+
# malware_protection: {
|
4805
|
+
# scan_ec2_instance_with_findings: {
|
4806
|
+
# ebs_volumes: {
|
4807
|
+
# auto_enable: false,
|
4808
|
+
# },
|
4809
|
+
# },
|
4810
|
+
# },
|
4268
4811
|
# }
|
4269
4812
|
#
|
4270
4813
|
# @!attribute [rw] s3_logs
|
@@ -4277,11 +4820,17 @@ module Aws::GuardDuty
|
|
4277
4820
|
# members of the organization.
|
4278
4821
|
# @return [Types::OrganizationKubernetesConfiguration]
|
4279
4822
|
#
|
4823
|
+
# @!attribute [rw] malware_protection
|
4824
|
+
# Describes the configuration of Malware Protection for new members of
|
4825
|
+
# the organization.
|
4826
|
+
# @return [Types::OrganizationMalwareProtectionConfiguration]
|
4827
|
+
#
|
4280
4828
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurations AWS API Documentation
|
4281
4829
|
#
|
4282
4830
|
class OrganizationDataSourceConfigurations < Struct.new(
|
4283
4831
|
:s3_logs,
|
4284
|
-
:kubernetes
|
4832
|
+
:kubernetes,
|
4833
|
+
:malware_protection)
|
4285
4834
|
SENSITIVE = []
|
4286
4835
|
include Aws::Structure
|
4287
4836
|
end
|
@@ -4297,11 +4846,55 @@ module Aws::GuardDuty
|
|
4297
4846
|
# Describes the configuration of Kubernetes data sources.
|
4298
4847
|
# @return [Types::OrganizationKubernetesConfigurationResult]
|
4299
4848
|
#
|
4849
|
+
# @!attribute [rw] malware_protection
|
4850
|
+
# Describes the configuration of Malware Protection data source for an
|
4851
|
+
# organization.
|
4852
|
+
# @return [Types::OrganizationMalwareProtectionConfigurationResult]
|
4853
|
+
#
|
4300
4854
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurationsResult AWS API Documentation
|
4301
4855
|
#
|
4302
4856
|
class OrganizationDataSourceConfigurationsResult < Struct.new(
|
4303
4857
|
:s3_logs,
|
4304
|
-
:kubernetes
|
4858
|
+
:kubernetes,
|
4859
|
+
:malware_protection)
|
4860
|
+
SENSITIVE = []
|
4861
|
+
include Aws::Structure
|
4862
|
+
end
|
4863
|
+
|
4864
|
+
# Organization-wide EBS volumes scan configuration.
|
4865
|
+
#
|
4866
|
+
# @note When making an API call, you may pass OrganizationEbsVolumes
|
4867
|
+
# data as a hash:
|
4868
|
+
#
|
4869
|
+
# {
|
4870
|
+
# auto_enable: false,
|
4871
|
+
# }
|
4872
|
+
#
|
4873
|
+
# @!attribute [rw] auto_enable
|
4874
|
+
# Whether scanning EBS volumes should be auto-enabled for new members
|
4875
|
+
# joining the organization.
|
4876
|
+
# @return [Boolean]
|
4877
|
+
#
|
4878
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationEbsVolumes AWS API Documentation
|
4879
|
+
#
|
4880
|
+
class OrganizationEbsVolumes < Struct.new(
|
4881
|
+
:auto_enable)
|
4882
|
+
SENSITIVE = []
|
4883
|
+
include Aws::Structure
|
4884
|
+
end
|
4885
|
+
|
4886
|
+
# An object that contains information on the status of whether EBS
|
4887
|
+
# volumes scanning will be enabled as a data source for an organization.
|
4888
|
+
#
|
4889
|
+
# @!attribute [rw] auto_enable
|
4890
|
+
# An object that contains the status of whether scanning EBS volumes
|
4891
|
+
# should be auto-enabled for new members joining the organization.
|
4892
|
+
# @return [Boolean]
|
4893
|
+
#
|
4894
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationEbsVolumesResult AWS API Documentation
|
4895
|
+
#
|
4896
|
+
class OrganizationEbsVolumesResult < Struct.new(
|
4897
|
+
:auto_enable)
|
4305
4898
|
SENSITIVE = []
|
4306
4899
|
include Aws::Structure
|
4307
4900
|
end
|
@@ -4385,6 +4978,48 @@ module Aws::GuardDuty
|
|
4385
4978
|
include Aws::Structure
|
4386
4979
|
end
|
4387
4980
|
|
4981
|
+
# Organization-wide Malware Protection configurations.
|
4982
|
+
#
|
4983
|
+
# @note When making an API call, you may pass OrganizationMalwareProtectionConfiguration
|
4984
|
+
# data as a hash:
|
4985
|
+
#
|
4986
|
+
# {
|
4987
|
+
# scan_ec2_instance_with_findings: {
|
4988
|
+
# ebs_volumes: {
|
4989
|
+
# auto_enable: false,
|
4990
|
+
# },
|
4991
|
+
# },
|
4992
|
+
# }
|
4993
|
+
#
|
4994
|
+
# @!attribute [rw] scan_ec2_instance_with_findings
|
4995
|
+
# Whether Malware Protection for EC2 instances with findings should be
|
4996
|
+
# auto-enabled for new members joining the organization.
|
4997
|
+
# @return [Types::OrganizationScanEc2InstanceWithFindings]
|
4998
|
+
#
|
4999
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationMalwareProtectionConfiguration AWS API Documentation
|
5000
|
+
#
|
5001
|
+
class OrganizationMalwareProtectionConfiguration < Struct.new(
|
5002
|
+
:scan_ec2_instance_with_findings)
|
5003
|
+
SENSITIVE = []
|
5004
|
+
include Aws::Structure
|
5005
|
+
end
|
5006
|
+
|
5007
|
+
# An object that contains information on the status of all Malware
|
5008
|
+
# Protection data source for an organization.
|
5009
|
+
#
|
5010
|
+
# @!attribute [rw] scan_ec2_instance_with_findings
|
5011
|
+
# Describes the configuration for scanning EC2 instances with findings
|
5012
|
+
# for an organization.
|
5013
|
+
# @return [Types::OrganizationScanEc2InstanceWithFindingsResult]
|
5014
|
+
#
|
5015
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationMalwareProtectionConfigurationResult AWS API Documentation
|
5016
|
+
#
|
5017
|
+
class OrganizationMalwareProtectionConfigurationResult < Struct.new(
|
5018
|
+
:scan_ec2_instance_with_findings)
|
5019
|
+
SENSITIVE = []
|
5020
|
+
include Aws::Structure
|
5021
|
+
end
|
5022
|
+
|
4388
5023
|
# Describes whether S3 data event logs will be automatically enabled for
|
4389
5024
|
# new members of the organization.
|
4390
5025
|
#
|
@@ -4424,6 +5059,46 @@ module Aws::GuardDuty
|
|
4424
5059
|
include Aws::Structure
|
4425
5060
|
end
|
4426
5061
|
|
5062
|
+
# Organization-wide EC2 instances with findings scan configuration.
|
5063
|
+
#
|
5064
|
+
# @note When making an API call, you may pass OrganizationScanEc2InstanceWithFindings
|
5065
|
+
# data as a hash:
|
5066
|
+
#
|
5067
|
+
# {
|
5068
|
+
# ebs_volumes: {
|
5069
|
+
# auto_enable: false,
|
5070
|
+
# },
|
5071
|
+
# }
|
5072
|
+
#
|
5073
|
+
# @!attribute [rw] ebs_volumes
|
5074
|
+
# Whether scanning EBS volumes should be auto-enabled for new members
|
5075
|
+
# joining the organization.
|
5076
|
+
# @return [Types::OrganizationEbsVolumes]
|
5077
|
+
#
|
5078
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationScanEc2InstanceWithFindings AWS API Documentation
|
5079
|
+
#
|
5080
|
+
class OrganizationScanEc2InstanceWithFindings < Struct.new(
|
5081
|
+
:ebs_volumes)
|
5082
|
+
SENSITIVE = []
|
5083
|
+
include Aws::Structure
|
5084
|
+
end
|
5085
|
+
|
5086
|
+
# An object that contains information on the status of scanning EC2
|
5087
|
+
# instances with findings for an organization.
|
5088
|
+
#
|
5089
|
+
# @!attribute [rw] ebs_volumes
|
5090
|
+
# Describes the configuration for scanning EBS volumes for an
|
5091
|
+
# organization.
|
5092
|
+
# @return [Types::OrganizationEbsVolumesResult]
|
5093
|
+
#
|
5094
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationScanEc2InstanceWithFindingsResult AWS API Documentation
|
5095
|
+
#
|
5096
|
+
class OrganizationScanEc2InstanceWithFindingsResult < Struct.new(
|
5097
|
+
:ebs_volumes)
|
5098
|
+
SENSITIVE = []
|
5099
|
+
include Aws::Structure
|
5100
|
+
end
|
5101
|
+
|
4427
5102
|
# Contains information on the owner of the bucket.
|
4428
5103
|
#
|
4429
5104
|
# @!attribute [rw] id
|
@@ -4677,6 +5352,18 @@ module Aws::GuardDuty
|
|
4677
5352
|
# The type of Amazon Web Services resource.
|
4678
5353
|
# @return [String]
|
4679
5354
|
#
|
5355
|
+
# @!attribute [rw] ebs_volume_details
|
5356
|
+
# Contains list of scanned and skipped EBS volumes with details.
|
5357
|
+
# @return [Types::EbsVolumeDetails]
|
5358
|
+
#
|
5359
|
+
# @!attribute [rw] ecs_cluster_details
|
5360
|
+
# Contains information about the details of the ECS Cluster.
|
5361
|
+
# @return [Types::EcsClusterDetails]
|
5362
|
+
#
|
5363
|
+
# @!attribute [rw] container_details
|
5364
|
+
# Details of a container.
|
5365
|
+
# @return [Types::Container]
|
5366
|
+
#
|
4680
5367
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Resource AWS API Documentation
|
4681
5368
|
#
|
4682
5369
|
class Resource < Struct.new(
|
@@ -4685,7 +5372,24 @@ module Aws::GuardDuty
|
|
4685
5372
|
:instance_details,
|
4686
5373
|
:eks_cluster_details,
|
4687
5374
|
:kubernetes_details,
|
4688
|
-
:resource_type
|
5375
|
+
:resource_type,
|
5376
|
+
:ebs_volume_details,
|
5377
|
+
:ecs_cluster_details,
|
5378
|
+
:container_details)
|
5379
|
+
SENSITIVE = []
|
5380
|
+
include Aws::Structure
|
5381
|
+
end
|
5382
|
+
|
5383
|
+
# Represents the resources that were scanned in the scan entry.
|
5384
|
+
#
|
5385
|
+
# @!attribute [rw] instance_arn
|
5386
|
+
# InstanceArn that was scanned in the scan entry.
|
5387
|
+
# @return [String]
|
5388
|
+
#
|
5389
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ResourceDetails AWS API Documentation
|
5390
|
+
#
|
5391
|
+
class ResourceDetails < Struct.new(
|
5392
|
+
:instance_arn)
|
4689
5393
|
SENSITIVE = []
|
4690
5394
|
include Aws::Structure
|
4691
5395
|
end
|
@@ -4775,6 +5479,358 @@ module Aws::GuardDuty
|
|
4775
5479
|
include Aws::Structure
|
4776
5480
|
end
|
4777
5481
|
|
5482
|
+
# Contains information about a malware scan.
|
5483
|
+
#
|
5484
|
+
# @!attribute [rw] detector_id
|
5485
|
+
# The unique ID of the detector that the request is associated with.
|
5486
|
+
# @return [String]
|
5487
|
+
#
|
5488
|
+
# @!attribute [rw] admin_detector_id
|
5489
|
+
# The unique detector ID of the administrator account that the request
|
5490
|
+
# is associated with. Note that this value will be the same as the one
|
5491
|
+
# used for `DetectorId` if the account is an administrator.
|
5492
|
+
# @return [String]
|
5493
|
+
#
|
5494
|
+
# @!attribute [rw] scan_id
|
5495
|
+
# The unique scan ID associated with a scan entry.
|
5496
|
+
# @return [String]
|
5497
|
+
#
|
5498
|
+
# @!attribute [rw] scan_status
|
5499
|
+
# An enum value representing possible scan statuses.
|
5500
|
+
# @return [String]
|
5501
|
+
#
|
5502
|
+
# @!attribute [rw] failure_reason
|
5503
|
+
# Represents the reason for FAILED scan status.
|
5504
|
+
# @return [String]
|
5505
|
+
#
|
5506
|
+
# @!attribute [rw] scan_start_time
|
5507
|
+
# The timestamp of when the scan was triggered.
|
5508
|
+
# @return [Time]
|
5509
|
+
#
|
5510
|
+
# @!attribute [rw] scan_end_time
|
5511
|
+
# The timestamp of when the scan was finished.
|
5512
|
+
# @return [Time]
|
5513
|
+
#
|
5514
|
+
# @!attribute [rw] trigger_details
|
5515
|
+
# Represents the reason the scan was triggered.
|
5516
|
+
# @return [Types::TriggerDetails]
|
5517
|
+
#
|
5518
|
+
# @!attribute [rw] resource_details
|
5519
|
+
# Represents the resources that were scanned in the scan entry.
|
5520
|
+
# @return [Types::ResourceDetails]
|
5521
|
+
#
|
5522
|
+
# @!attribute [rw] scan_result_details
|
5523
|
+
# Represents the result of the scan.
|
5524
|
+
# @return [Types::ScanResultDetails]
|
5525
|
+
#
|
5526
|
+
# @!attribute [rw] account_id
|
5527
|
+
# The ID for the account that belongs to the scan.
|
5528
|
+
# @return [String]
|
5529
|
+
#
|
5530
|
+
# @!attribute [rw] total_bytes
|
5531
|
+
# Represents total bytes that were scanned.
|
5532
|
+
# @return [Integer]
|
5533
|
+
#
|
5534
|
+
# @!attribute [rw] file_count
|
5535
|
+
# Represents the number of files that were scanned.
|
5536
|
+
# @return [Integer]
|
5537
|
+
#
|
5538
|
+
# @!attribute [rw] attached_volumes
|
5539
|
+
# List of volumes that were attached to the original instance to be
|
5540
|
+
# scanned.
|
5541
|
+
# @return [Array<Types::VolumeDetail>]
|
5542
|
+
#
|
5543
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Scan AWS API Documentation
|
5544
|
+
#
|
5545
|
+
class Scan < Struct.new(
|
5546
|
+
:detector_id,
|
5547
|
+
:admin_detector_id,
|
5548
|
+
:scan_id,
|
5549
|
+
:scan_status,
|
5550
|
+
:failure_reason,
|
5551
|
+
:scan_start_time,
|
5552
|
+
:scan_end_time,
|
5553
|
+
:trigger_details,
|
5554
|
+
:resource_details,
|
5555
|
+
:scan_result_details,
|
5556
|
+
:account_id,
|
5557
|
+
:total_bytes,
|
5558
|
+
:file_count,
|
5559
|
+
:attached_volumes)
|
5560
|
+
SENSITIVE = []
|
5561
|
+
include Aws::Structure
|
5562
|
+
end
|
5563
|
+
|
5564
|
+
# Contains information about the condition.
|
5565
|
+
#
|
5566
|
+
# @note When making an API call, you may pass ScanCondition
|
5567
|
+
# data as a hash:
|
5568
|
+
#
|
5569
|
+
# {
|
5570
|
+
# map_equals: [ # required
|
5571
|
+
# {
|
5572
|
+
# key: "TagKey", # required
|
5573
|
+
# value: "TagValue",
|
5574
|
+
# },
|
5575
|
+
# ],
|
5576
|
+
# }
|
5577
|
+
#
|
5578
|
+
# @!attribute [rw] map_equals
|
5579
|
+
# Represents an *mapEqual* **** condition to be applied to a single
|
5580
|
+
# field when triggering for malware scan.
|
5581
|
+
# @return [Array<Types::ScanConditionPair>]
|
5582
|
+
#
|
5583
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanCondition AWS API Documentation
|
5584
|
+
#
|
5585
|
+
class ScanCondition < Struct.new(
|
5586
|
+
:map_equals)
|
5587
|
+
SENSITIVE = []
|
5588
|
+
include Aws::Structure
|
5589
|
+
end
|
5590
|
+
|
5591
|
+
# Represents key, value pair to be matched against given resource
|
5592
|
+
# property.
|
5593
|
+
#
|
5594
|
+
# @note When making an API call, you may pass ScanConditionPair
|
5595
|
+
# data as a hash:
|
5596
|
+
#
|
5597
|
+
# {
|
5598
|
+
# key: "TagKey", # required
|
5599
|
+
# value: "TagValue",
|
5600
|
+
# }
|
5601
|
+
#
|
5602
|
+
# @!attribute [rw] key
|
5603
|
+
# Represents *key* **** in the map condition.
|
5604
|
+
# @return [String]
|
5605
|
+
#
|
5606
|
+
# @!attribute [rw] value
|
5607
|
+
# Represents optional *value* **** in the map condition. If not
|
5608
|
+
# specified, only *key* **** will be matched.
|
5609
|
+
# @return [String]
|
5610
|
+
#
|
5611
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanConditionPair AWS API Documentation
|
5612
|
+
#
|
5613
|
+
class ScanConditionPair < Struct.new(
|
5614
|
+
:key,
|
5615
|
+
:value)
|
5616
|
+
SENSITIVE = []
|
5617
|
+
include Aws::Structure
|
5618
|
+
end
|
5619
|
+
|
5620
|
+
# Contains a complete view providing malware scan result details.
|
5621
|
+
#
|
5622
|
+
# @!attribute [rw] scanned_item_count
|
5623
|
+
# Total number of scanned files.
|
5624
|
+
# @return [Types::ScannedItemCount]
|
5625
|
+
#
|
5626
|
+
# @!attribute [rw] threats_detected_item_count
|
5627
|
+
# Total number of infected files.
|
5628
|
+
# @return [Types::ThreatsDetectedItemCount]
|
5629
|
+
#
|
5630
|
+
# @!attribute [rw] highest_severity_threat_details
|
5631
|
+
# Details of the highest severity threat detected during malware scan
|
5632
|
+
# and number of infected files.
|
5633
|
+
# @return [Types::HighestSeverityThreatDetails]
|
5634
|
+
#
|
5635
|
+
# @!attribute [rw] threat_detected_by_name
|
5636
|
+
# Contains details about identified threats organized by threat name.
|
5637
|
+
# @return [Types::ThreatDetectedByName]
|
5638
|
+
#
|
5639
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanDetections AWS API Documentation
|
5640
|
+
#
|
5641
|
+
class ScanDetections < Struct.new(
|
5642
|
+
:scanned_item_count,
|
5643
|
+
:threats_detected_item_count,
|
5644
|
+
:highest_severity_threat_details,
|
5645
|
+
:threat_detected_by_name)
|
5646
|
+
SENSITIVE = []
|
5647
|
+
include Aws::Structure
|
5648
|
+
end
|
5649
|
+
|
5650
|
+
# Describes whether Malware Protection for EC2 instances with findings
|
5651
|
+
# will be enabled as a data source.
|
5652
|
+
#
|
5653
|
+
# @note When making an API call, you may pass ScanEc2InstanceWithFindings
|
5654
|
+
# data as a hash:
|
5655
|
+
#
|
5656
|
+
# {
|
5657
|
+
# ebs_volumes: false,
|
5658
|
+
# }
|
5659
|
+
#
|
5660
|
+
# @!attribute [rw] ebs_volumes
|
5661
|
+
# Describes the configuration for scanning EBS volumes as data source.
|
5662
|
+
# @return [Boolean]
|
5663
|
+
#
|
5664
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanEc2InstanceWithFindings AWS API Documentation
|
5665
|
+
#
|
5666
|
+
class ScanEc2InstanceWithFindings < Struct.new(
|
5667
|
+
:ebs_volumes)
|
5668
|
+
SENSITIVE = []
|
5669
|
+
include Aws::Structure
|
5670
|
+
end
|
5671
|
+
|
5672
|
+
# An object that contains information on the status of whether Malware
|
5673
|
+
# Protection for EC2 instances with findings will be enabled as a data
|
5674
|
+
# source.
|
5675
|
+
#
|
5676
|
+
# @!attribute [rw] ebs_volumes
|
5677
|
+
# Describes the configuration of scanning EBS volumes as a data
|
5678
|
+
# source.
|
5679
|
+
# @return [Types::EbsVolumesResult]
|
5680
|
+
#
|
5681
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanEc2InstanceWithFindingsResult AWS API Documentation
|
5682
|
+
#
|
5683
|
+
class ScanEc2InstanceWithFindingsResult < Struct.new(
|
5684
|
+
:ebs_volumes)
|
5685
|
+
SENSITIVE = []
|
5686
|
+
include Aws::Structure
|
5687
|
+
end
|
5688
|
+
|
5689
|
+
# Contains details of infected file including name, file path and hash.
|
5690
|
+
#
|
5691
|
+
# @!attribute [rw] file_path
|
5692
|
+
# The file path of the infected file.
|
5693
|
+
# @return [String]
|
5694
|
+
#
|
5695
|
+
# @!attribute [rw] volume_arn
|
5696
|
+
# EBS volume Arn details of the infected file.
|
5697
|
+
# @return [String]
|
5698
|
+
#
|
5699
|
+
# @!attribute [rw] hash
|
5700
|
+
# The hash value of the infected file.
|
5701
|
+
# @return [String]
|
5702
|
+
#
|
5703
|
+
# @!attribute [rw] file_name
|
5704
|
+
# File name of the infected file.
|
5705
|
+
# @return [String]
|
5706
|
+
#
|
5707
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanFilePath AWS API Documentation
|
5708
|
+
#
|
5709
|
+
class ScanFilePath < Struct.new(
|
5710
|
+
:file_path,
|
5711
|
+
:volume_arn,
|
5712
|
+
:hash,
|
5713
|
+
:file_name)
|
5714
|
+
SENSITIVE = []
|
5715
|
+
include Aws::Structure
|
5716
|
+
end
|
5717
|
+
|
5718
|
+
# Contains information about criteria used to filter resources before
|
5719
|
+
# triggering malware scan.
|
5720
|
+
#
|
5721
|
+
# @note When making an API call, you may pass ScanResourceCriteria
|
5722
|
+
# data as a hash:
|
5723
|
+
#
|
5724
|
+
# {
|
5725
|
+
# include: {
|
5726
|
+
# "EC2_INSTANCE_TAG" => {
|
5727
|
+
# map_equals: [ # required
|
5728
|
+
# {
|
5729
|
+
# key: "TagKey", # required
|
5730
|
+
# value: "TagValue",
|
5731
|
+
# },
|
5732
|
+
# ],
|
5733
|
+
# },
|
5734
|
+
# },
|
5735
|
+
# exclude: {
|
5736
|
+
# "EC2_INSTANCE_TAG" => {
|
5737
|
+
# map_equals: [ # required
|
5738
|
+
# {
|
5739
|
+
# key: "TagKey", # required
|
5740
|
+
# value: "TagValue",
|
5741
|
+
# },
|
5742
|
+
# ],
|
5743
|
+
# },
|
5744
|
+
# },
|
5745
|
+
# }
|
5746
|
+
#
|
5747
|
+
# @!attribute [rw] include
|
5748
|
+
# Represents condition that when matched will allow a malware scan for
|
5749
|
+
# a certain resource.
|
5750
|
+
# @return [Hash<String,Types::ScanCondition>]
|
5751
|
+
#
|
5752
|
+
# @!attribute [rw] exclude
|
5753
|
+
# Represents condition that when matched will prevent a malware scan
|
5754
|
+
# for a certain resource.
|
5755
|
+
# @return [Hash<String,Types::ScanCondition>]
|
5756
|
+
#
|
5757
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanResourceCriteria AWS API Documentation
|
5758
|
+
#
|
5759
|
+
class ScanResourceCriteria < Struct.new(
|
5760
|
+
:include,
|
5761
|
+
:exclude)
|
5762
|
+
SENSITIVE = []
|
5763
|
+
include Aws::Structure
|
5764
|
+
end
|
5765
|
+
|
5766
|
+
# Represents the result of the scan.
|
5767
|
+
#
|
5768
|
+
# @!attribute [rw] scan_result
|
5769
|
+
# An enum value representing possible scan results.
|
5770
|
+
# @return [String]
|
5771
|
+
#
|
5772
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanResultDetails AWS API Documentation
|
5773
|
+
#
|
5774
|
+
class ScanResultDetails < Struct.new(
|
5775
|
+
:scan_result)
|
5776
|
+
SENSITIVE = []
|
5777
|
+
include Aws::Structure
|
5778
|
+
end
|
5779
|
+
|
5780
|
+
# Contains files infected with the given threat providing details of
|
5781
|
+
# malware name and severity.
|
5782
|
+
#
|
5783
|
+
# @!attribute [rw] name
|
5784
|
+
# The name of the identified threat.
|
5785
|
+
# @return [String]
|
5786
|
+
#
|
5787
|
+
# @!attribute [rw] severity
|
5788
|
+
# Severity of threat identified as part of the malware scan.
|
5789
|
+
# @return [String]
|
5790
|
+
#
|
5791
|
+
# @!attribute [rw] item_count
|
5792
|
+
# Total number of files infected with given threat.
|
5793
|
+
# @return [Integer]
|
5794
|
+
#
|
5795
|
+
# @!attribute [rw] file_paths
|
5796
|
+
# List of infected files in EBS volume with details.
|
5797
|
+
# @return [Array<Types::ScanFilePath>]
|
5798
|
+
#
|
5799
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanThreatName AWS API Documentation
|
5800
|
+
#
|
5801
|
+
class ScanThreatName < Struct.new(
|
5802
|
+
:name,
|
5803
|
+
:severity,
|
5804
|
+
:item_count,
|
5805
|
+
:file_paths)
|
5806
|
+
SENSITIVE = []
|
5807
|
+
include Aws::Structure
|
5808
|
+
end
|
5809
|
+
|
5810
|
+
# Total number of scanned files.
|
5811
|
+
#
|
5812
|
+
# @!attribute [rw] total_gb
|
5813
|
+
# Total GB of files scanned for malware.
|
5814
|
+
# @return [Integer]
|
5815
|
+
#
|
5816
|
+
# @!attribute [rw] files
|
5817
|
+
# Number of files scanned.
|
5818
|
+
# @return [Integer]
|
5819
|
+
#
|
5820
|
+
# @!attribute [rw] volumes
|
5821
|
+
# Total number of scanned volumes.
|
5822
|
+
# @return [Integer]
|
5823
|
+
#
|
5824
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScannedItemCount AWS API Documentation
|
5825
|
+
#
|
5826
|
+
class ScannedItemCount < Struct.new(
|
5827
|
+
:total_gb,
|
5828
|
+
:files,
|
5829
|
+
:volumes)
|
5830
|
+
SENSITIVE = []
|
5831
|
+
include Aws::Structure
|
5832
|
+
end
|
5833
|
+
|
4778
5834
|
# Container security context.
|
4779
5835
|
#
|
4780
5836
|
# @!attribute [rw] privileged
|
@@ -4858,6 +5914,14 @@ module Aws::GuardDuty
|
|
4858
5914
|
# Contains additional information about the generated finding.
|
4859
5915
|
# @return [Types::ServiceAdditionalInfo]
|
4860
5916
|
#
|
5917
|
+
# @!attribute [rw] feature_name
|
5918
|
+
# The name of the feature that generated a finding.
|
5919
|
+
# @return [String]
|
5920
|
+
#
|
5921
|
+
# @!attribute [rw] ebs_volume_scan_details
|
5922
|
+
# Returns details from the malware scan that created a finding.
|
5923
|
+
# @return [Types::EbsVolumeScanDetails]
|
5924
|
+
#
|
4861
5925
|
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Service AWS API Documentation
|
4862
5926
|
#
|
4863
5927
|
class Service < Struct.new(
|
@@ -4871,7 +5935,9 @@ module Aws::GuardDuty
|
|
4871
5935
|
:resource_role,
|
4872
5936
|
:service_name,
|
4873
5937
|
:user_feedback,
|
4874
|
-
:additional_info
|
5938
|
+
:additional_info,
|
5939
|
+
:feature_name,
|
5940
|
+
:ebs_volume_scan_details)
|
4875
5941
|
SENSITIVE = []
|
4876
5942
|
include Aws::Structure
|
4877
5943
|
end
|
@@ -5054,6 +6120,37 @@ module Aws::GuardDuty
|
|
5054
6120
|
#
|
5055
6121
|
class TagResourceResponse < Aws::EmptyStructure; end
|
5056
6122
|
|
6123
|
+
# Contains details about identified threats organized by threat name.
|
6124
|
+
#
|
6125
|
+
# @!attribute [rw] item_count
|
6126
|
+
# Total number of infected files identified.
|
6127
|
+
# @return [Integer]
|
6128
|
+
#
|
6129
|
+
# @!attribute [rw] unique_threat_name_count
|
6130
|
+
# Total number of unique threats by name identified, as part of the
|
6131
|
+
# malware scan.
|
6132
|
+
# @return [Integer]
|
6133
|
+
#
|
6134
|
+
# @!attribute [rw] shortened
|
6135
|
+
# Flag to determine if the finding contains every single infected
|
6136
|
+
# file-path and/or every threat.
|
6137
|
+
# @return [Boolean]
|
6138
|
+
#
|
6139
|
+
# @!attribute [rw] threat_names
|
6140
|
+
# List of identified threats with details, organized by threat name.
|
6141
|
+
# @return [Array<Types::ScanThreatName>]
|
6142
|
+
#
|
6143
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatDetectedByName AWS API Documentation
|
6144
|
+
#
|
6145
|
+
class ThreatDetectedByName < Struct.new(
|
6146
|
+
:item_count,
|
6147
|
+
:unique_threat_name_count,
|
6148
|
+
:shortened,
|
6149
|
+
:threat_names)
|
6150
|
+
SENSITIVE = []
|
6151
|
+
include Aws::Structure
|
6152
|
+
end
|
6153
|
+
|
5057
6154
|
# An instance of a threat intelligence detail that constitutes evidence
|
5058
6155
|
# for the finding.
|
5059
6156
|
#
|
@@ -5075,6 +6172,20 @@ module Aws::GuardDuty
|
|
5075
6172
|
include Aws::Structure
|
5076
6173
|
end
|
5077
6174
|
|
6175
|
+
# Contains total number of infected files.
|
6176
|
+
#
|
6177
|
+
# @!attribute [rw] files
|
6178
|
+
# Total number of infected files.
|
6179
|
+
# @return [Integer]
|
6180
|
+
#
|
6181
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatsDetectedItemCount AWS API Documentation
|
6182
|
+
#
|
6183
|
+
class ThreatsDetectedItemCount < Struct.new(
|
6184
|
+
:files)
|
6185
|
+
SENSITIVE = []
|
6186
|
+
include Aws::Structure
|
6187
|
+
end
|
6188
|
+
|
5078
6189
|
# Contains the total usage with the corresponding currency unit for that
|
5079
6190
|
# value.
|
5080
6191
|
#
|
@@ -5095,6 +6206,25 @@ module Aws::GuardDuty
|
|
5095
6206
|
include Aws::Structure
|
5096
6207
|
end
|
5097
6208
|
|
6209
|
+
# Represents the reason the scan was triggered.
|
6210
|
+
#
|
6211
|
+
# @!attribute [rw] guard_duty_finding_id
|
6212
|
+
# The ID of the GuardDuty finding that triggered the BirdDog scan.
|
6213
|
+
# @return [String]
|
6214
|
+
#
|
6215
|
+
# @!attribute [rw] description
|
6216
|
+
# The description of the scan trigger.
|
6217
|
+
# @return [String]
|
6218
|
+
#
|
6219
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/TriggerDetails AWS API Documentation
|
6220
|
+
#
|
6221
|
+
class TriggerDetails < Struct.new(
|
6222
|
+
:guard_duty_finding_id,
|
6223
|
+
:description)
|
6224
|
+
SENSITIVE = []
|
6225
|
+
include Aws::Structure
|
6226
|
+
end
|
6227
|
+
|
5098
6228
|
# @note When making an API call, you may pass UnarchiveFindingsRequest
|
5099
6229
|
# data as a hash:
|
5100
6230
|
#
|
@@ -5143,6 +6273,21 @@ module Aws::GuardDuty
|
|
5143
6273
|
include Aws::Structure
|
5144
6274
|
end
|
5145
6275
|
|
6276
|
+
# Specifies the names of the data sources that couldn't be enabled.
|
6277
|
+
#
|
6278
|
+
# @!attribute [rw] malware_protection
|
6279
|
+
# An object that contains information on the status of all Malware
|
6280
|
+
# Protection data sources.
|
6281
|
+
# @return [Types::MalwareProtectionConfigurationResult]
|
6282
|
+
#
|
6283
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UnprocessedDataSourcesResult AWS API Documentation
|
6284
|
+
#
|
6285
|
+
class UnprocessedDataSourcesResult < Struct.new(
|
6286
|
+
:malware_protection)
|
6287
|
+
SENSITIVE = []
|
6288
|
+
include Aws::Structure
|
6289
|
+
end
|
6290
|
+
|
5146
6291
|
# @note When making an API call, you may pass UntagResourceRequest
|
5147
6292
|
# data as a hash:
|
5148
6293
|
#
|
@@ -5188,6 +6333,11 @@ module Aws::GuardDuty
|
|
5188
6333
|
# enable: false, # required
|
5189
6334
|
# },
|
5190
6335
|
# },
|
6336
|
+
# malware_protection: {
|
6337
|
+
# scan_ec2_instance_with_findings: {
|
6338
|
+
# ebs_volumes: false,
|
6339
|
+
# },
|
6340
|
+
# },
|
5191
6341
|
# },
|
5192
6342
|
# }
|
5193
6343
|
#
|
@@ -5398,6 +6548,64 @@ module Aws::GuardDuty
|
|
5398
6548
|
#
|
5399
6549
|
class UpdateIPSetResponse < Aws::EmptyStructure; end
|
5400
6550
|
|
6551
|
+
# @note When making an API call, you may pass UpdateMalwareScanSettingsRequest
|
6552
|
+
# data as a hash:
|
6553
|
+
#
|
6554
|
+
# {
|
6555
|
+
# detector_id: "DetectorId", # required
|
6556
|
+
# scan_resource_criteria: {
|
6557
|
+
# include: {
|
6558
|
+
# "EC2_INSTANCE_TAG" => {
|
6559
|
+
# map_equals: [ # required
|
6560
|
+
# {
|
6561
|
+
# key: "TagKey", # required
|
6562
|
+
# value: "TagValue",
|
6563
|
+
# },
|
6564
|
+
# ],
|
6565
|
+
# },
|
6566
|
+
# },
|
6567
|
+
# exclude: {
|
6568
|
+
# "EC2_INSTANCE_TAG" => {
|
6569
|
+
# map_equals: [ # required
|
6570
|
+
# {
|
6571
|
+
# key: "TagKey", # required
|
6572
|
+
# value: "TagValue",
|
6573
|
+
# },
|
6574
|
+
# ],
|
6575
|
+
# },
|
6576
|
+
# },
|
6577
|
+
# },
|
6578
|
+
# ebs_snapshot_preservation: "NO_RETENTION", # accepts NO_RETENTION, RETENTION_WITH_FINDING
|
6579
|
+
# }
|
6580
|
+
#
|
6581
|
+
# @!attribute [rw] detector_id
|
6582
|
+
# The unique ID of the detector that specifies the GuardDuty service
|
6583
|
+
# where you want to update scan settings.
|
6584
|
+
# @return [String]
|
6585
|
+
#
|
6586
|
+
# @!attribute [rw] scan_resource_criteria
|
6587
|
+
# Represents the criteria to be used in the filter for selecting
|
6588
|
+
# resources to scan.
|
6589
|
+
# @return [Types::ScanResourceCriteria]
|
6590
|
+
#
|
6591
|
+
# @!attribute [rw] ebs_snapshot_preservation
|
6592
|
+
# An enum value representing possible snapshot preservation settings.
|
6593
|
+
# @return [String]
|
6594
|
+
#
|
6595
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMalwareScanSettingsRequest AWS API Documentation
|
6596
|
+
#
|
6597
|
+
class UpdateMalwareScanSettingsRequest < Struct.new(
|
6598
|
+
:detector_id,
|
6599
|
+
:scan_resource_criteria,
|
6600
|
+
:ebs_snapshot_preservation)
|
6601
|
+
SENSITIVE = []
|
6602
|
+
include Aws::Structure
|
6603
|
+
end
|
6604
|
+
|
6605
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMalwareScanSettingsResponse AWS API Documentation
|
6606
|
+
#
|
6607
|
+
class UpdateMalwareScanSettingsResponse < Aws::EmptyStructure; end
|
6608
|
+
|
5401
6609
|
# @note When making an API call, you may pass UpdateMemberDetectorsRequest
|
5402
6610
|
# data as a hash:
|
5403
6611
|
#
|
@@ -5413,6 +6621,11 @@ module Aws::GuardDuty
|
|
5413
6621
|
# enable: false, # required
|
5414
6622
|
# },
|
5415
6623
|
# },
|
6624
|
+
# malware_protection: {
|
6625
|
+
# scan_ec2_instance_with_findings: {
|
6626
|
+
# ebs_volumes: false,
|
6627
|
+
# },
|
6628
|
+
# },
|
5416
6629
|
# },
|
5417
6630
|
# }
|
5418
6631
|
#
|
@@ -5466,6 +6679,13 @@ module Aws::GuardDuty
|
|
5466
6679
|
# auto_enable: false, # required
|
5467
6680
|
# },
|
5468
6681
|
# },
|
6682
|
+
# malware_protection: {
|
6683
|
+
# scan_ec2_instance_with_findings: {
|
6684
|
+
# ebs_volumes: {
|
6685
|
+
# auto_enable: false,
|
6686
|
+
# },
|
6687
|
+
# },
|
6688
|
+
# },
|
5469
6689
|
# },
|
5470
6690
|
# }
|
5471
6691
|
#
|
@@ -5614,7 +6834,7 @@ module Aws::GuardDuty
|
|
5614
6834
|
#
|
5615
6835
|
# {
|
5616
6836
|
# account_ids: ["AccountId"],
|
5617
|
-
# data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
|
6837
|
+
# data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS, EC2_MALWARE_SCAN
|
5618
6838
|
# resources: ["String"],
|
5619
6839
|
# }
|
5620
6840
|
#
|
@@ -5731,6 +6951,50 @@ module Aws::GuardDuty
|
|
5731
6951
|
include Aws::Structure
|
5732
6952
|
end
|
5733
6953
|
|
6954
|
+
# Contains EBS volume details.
|
6955
|
+
#
|
6956
|
+
# @!attribute [rw] volume_arn
|
6957
|
+
# EBS volume Arn information.
|
6958
|
+
# @return [String]
|
6959
|
+
#
|
6960
|
+
# @!attribute [rw] volume_type
|
6961
|
+
# The EBS volume type.
|
6962
|
+
# @return [String]
|
6963
|
+
#
|
6964
|
+
# @!attribute [rw] device_name
|
6965
|
+
# The device name for the EBS volume.
|
6966
|
+
# @return [String]
|
6967
|
+
#
|
6968
|
+
# @!attribute [rw] volume_size_in_gb
|
6969
|
+
# EBS volume size in GB.
|
6970
|
+
# @return [Integer]
|
6971
|
+
#
|
6972
|
+
# @!attribute [rw] encryption_type
|
6973
|
+
# EBS volume encryption type.
|
6974
|
+
# @return [String]
|
6975
|
+
#
|
6976
|
+
# @!attribute [rw] snapshot_arn
|
6977
|
+
# Snapshot Arn of the EBS volume.
|
6978
|
+
# @return [String]
|
6979
|
+
#
|
6980
|
+
# @!attribute [rw] kms_key_arn
|
6981
|
+
# KMS key Arn used to encrypt the EBS volume.
|
6982
|
+
# @return [String]
|
6983
|
+
#
|
6984
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/VolumeDetail AWS API Documentation
|
6985
|
+
#
|
6986
|
+
class VolumeDetail < Struct.new(
|
6987
|
+
:volume_arn,
|
6988
|
+
:volume_type,
|
6989
|
+
:device_name,
|
6990
|
+
:volume_size_in_gb,
|
6991
|
+
:encryption_type,
|
6992
|
+
:snapshot_arn,
|
6993
|
+
:kms_key_arn)
|
6994
|
+
SENSITIVE = []
|
6995
|
+
include Aws::Structure
|
6996
|
+
end
|
6997
|
+
|
5734
6998
|
# Container volume mount.
|
5735
6999
|
#
|
5736
7000
|
# @!attribute [rw] name
|