aws-sdk-guardduty 1.58.0 → 1.60.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -697,6 +697,11 @@ module Aws::GuardDuty
697
697
  # enable: false, # required
698
698
  # },
699
699
  # },
700
+ # malware_protection: {
701
+ # scan_ec2_instance_with_findings: {
702
+ # ebs_volumes: false,
703
+ # },
704
+ # },
700
705
  # },
701
706
  # tags: {
702
707
  # "TagKey" => "TagValue",
@@ -743,10 +748,16 @@ module Aws::GuardDuty
743
748
  # The unique ID of the created detector.
744
749
  # @return [String]
745
750
  #
751
+ # @!attribute [rw] unprocessed_data_sources
752
+ # Specifies the data sources that couldn't be enabled when GuardDuty
753
+ # was enabled for the first time.
754
+ # @return [Types::UnprocessedDataSourcesResult]
755
+ #
746
756
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateDetectorResponse AWS API Documentation
747
757
  #
748
758
  class CreateDetectorResponse < Struct.new(
749
- :detector_id)
759
+ :detector_id,
760
+ :unprocessed_data_sources)
750
761
  SENSITIVE = []
751
762
  include Aws::Structure
752
763
  end
@@ -1291,6 +1302,11 @@ module Aws::GuardDuty
1291
1302
  # enable: false, # required
1292
1303
  # },
1293
1304
  # },
1305
+ # malware_protection: {
1306
+ # scan_ec2_instance_with_findings: {
1307
+ # ebs_volumes: false,
1308
+ # },
1309
+ # },
1294
1310
  # }
1295
1311
  #
1296
1312
  # @!attribute [rw] s3_logs
@@ -1301,11 +1317,16 @@ module Aws::GuardDuty
1301
1317
  # Describes whether any Kubernetes logs are enabled as data sources.
1302
1318
  # @return [Types::KubernetesConfiguration]
1303
1319
  #
1320
+ # @!attribute [rw] malware_protection
1321
+ # Describes whether Malware Protection is enabled as a data source.
1322
+ # @return [Types::MalwareProtectionConfiguration]
1323
+ #
1304
1324
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurations AWS API Documentation
1305
1325
  #
1306
1326
  class DataSourceConfigurations < Struct.new(
1307
1327
  :s3_logs,
1308
- :kubernetes)
1328
+ :kubernetes,
1329
+ :malware_protection)
1309
1330
  SENSITIVE = []
1310
1331
  include Aws::Structure
1311
1332
  end
@@ -1337,6 +1358,10 @@ module Aws::GuardDuty
1337
1358
  # data sources.
1338
1359
  # @return [Types::KubernetesConfigurationResult]
1339
1360
  #
1361
+ # @!attribute [rw] malware_protection
1362
+ # Describes the configuration of Malware Protection data sources.
1363
+ # @return [Types::MalwareProtectionConfigurationResult]
1364
+ #
1340
1365
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurationsResult AWS API Documentation
1341
1366
  #
1342
1367
  class DataSourceConfigurationsResult < Struct.new(
@@ -1344,7 +1369,8 @@ module Aws::GuardDuty
1344
1369
  :dns_logs,
1345
1370
  :flow_logs,
1346
1371
  :s3_logs,
1347
- :kubernetes)
1372
+ :kubernetes,
1373
+ :malware_protection)
1348
1374
  SENSITIVE = []
1349
1375
  include Aws::Structure
1350
1376
  end
@@ -1369,8 +1395,8 @@ module Aws::GuardDuty
1369
1395
  # GuardDuty member account.
1370
1396
  #
1371
1397
  # @!attribute [rw] cloud_trail
1372
- # Describes whether any AWS CloudTrail management event logs are
1373
- # enabled as data sources.
1398
+ # Describes whether any Amazon Web Services CloudTrail management
1399
+ # event logs are enabled as data sources.
1374
1400
  # @return [Types::DataSourceFreeTrial]
1375
1401
  #
1376
1402
  # @!attribute [rw] dns_logs
@@ -1390,6 +1416,10 @@ module Aws::GuardDuty
1390
1416
  # Describes whether any Kubernetes logs are enabled as data sources.
1391
1417
  # @return [Types::KubernetesDataSourceFreeTrial]
1392
1418
  #
1419
+ # @!attribute [rw] malware_protection
1420
+ # Describes whether Malware Protection is enabled as a data source.
1421
+ # @return [Types::MalwareProtectionDataSourceFreeTrial]
1422
+ #
1393
1423
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourcesFreeTrial AWS API Documentation
1394
1424
  #
1395
1425
  class DataSourcesFreeTrial < Struct.new(
@@ -1397,7 +1427,8 @@ module Aws::GuardDuty
1397
1427
  :dns_logs,
1398
1428
  :flow_logs,
1399
1429
  :s3_logs,
1400
- :kubernetes)
1430
+ :kubernetes,
1431
+ :malware_protection)
1401
1432
  SENSITIVE = []
1402
1433
  include Aws::Structure
1403
1434
  end
@@ -1675,6 +1706,88 @@ module Aws::GuardDuty
1675
1706
  #
1676
1707
  class DeleteThreatIntelSetResponse < Aws::EmptyStructure; end
1677
1708
 
1709
+ # @note When making an API call, you may pass DescribeMalwareScansRequest
1710
+ # data as a hash:
1711
+ #
1712
+ # {
1713
+ # detector_id: "DetectorId", # required
1714
+ # next_token: "String",
1715
+ # max_results: 1,
1716
+ # filter_criteria: {
1717
+ # filter_criterion: [
1718
+ # {
1719
+ # criterion_key: "EC2_INSTANCE_ARN", # accepts EC2_INSTANCE_ARN, SCAN_ID, ACCOUNT_ID, GUARDDUTY_FINDING_ID, SCAN_START_TIME, SCAN_STATUS
1720
+ # filter_condition: {
1721
+ # equals_value: "NonEmptyString",
1722
+ # greater_than: 1,
1723
+ # less_than: 1,
1724
+ # },
1725
+ # },
1726
+ # ],
1727
+ # },
1728
+ # sort_criteria: {
1729
+ # attribute_name: "String",
1730
+ # order_by: "ASC", # accepts ASC, DESC
1731
+ # },
1732
+ # }
1733
+ #
1734
+ # @!attribute [rw] detector_id
1735
+ # The unique ID of the detector that the request is associated with.
1736
+ # @return [String]
1737
+ #
1738
+ # @!attribute [rw] next_token
1739
+ # You can use this parameter when paginating results. Set the value of
1740
+ # this parameter to null on your first call to the list action. For
1741
+ # subsequent calls to the action, fill nextToken in the request with
1742
+ # the value of NextToken from the previous response to continue
1743
+ # listing data.
1744
+ # @return [String]
1745
+ #
1746
+ # @!attribute [rw] max_results
1747
+ # You can use this parameter to indicate the maximum number of items
1748
+ # that you want in the response. The default value is 50. The maximum
1749
+ # value is 50.
1750
+ # @return [Integer]
1751
+ #
1752
+ # @!attribute [rw] filter_criteria
1753
+ # Represents the criteria to be used in the filter for describing scan
1754
+ # entries.
1755
+ # @return [Types::FilterCriteria]
1756
+ #
1757
+ # @!attribute [rw] sort_criteria
1758
+ # Represents the criteria used for sorting scan entries.
1759
+ # @return [Types::SortCriteria]
1760
+ #
1761
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeMalwareScansRequest AWS API Documentation
1762
+ #
1763
+ class DescribeMalwareScansRequest < Struct.new(
1764
+ :detector_id,
1765
+ :next_token,
1766
+ :max_results,
1767
+ :filter_criteria,
1768
+ :sort_criteria)
1769
+ SENSITIVE = []
1770
+ include Aws::Structure
1771
+ end
1772
+
1773
+ # @!attribute [rw] scans
1774
+ # Contains information about malware scans.
1775
+ # @return [Array<Types::Scan>]
1776
+ #
1777
+ # @!attribute [rw] next_token
1778
+ # The pagination parameter to be used on the next list operation to
1779
+ # retrieve more items.
1780
+ # @return [String]
1781
+ #
1782
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeMalwareScansResponse AWS API Documentation
1783
+ #
1784
+ class DescribeMalwareScansResponse < Struct.new(
1785
+ :scans,
1786
+ :next_token)
1787
+ SENSITIVE = []
1788
+ include Aws::Structure
1789
+ end
1790
+
1678
1791
  # @note When making an API call, you may pass DescribeOrganizationConfigurationRequest
1679
1792
  # data as a hash:
1680
1793
  #
@@ -1990,6 +2103,193 @@ module Aws::GuardDuty
1990
2103
  include Aws::Structure
1991
2104
  end
1992
2105
 
2106
+ # Contains list of scanned and skipped EBS volumes with details.
2107
+ #
2108
+ # @!attribute [rw] scanned_volume_details
2109
+ # List of EBS volumes that were scanned.
2110
+ # @return [Array<Types::VolumeDetail>]
2111
+ #
2112
+ # @!attribute [rw] skipped_volume_details
2113
+ # List of EBS volumes that were skipped from the malware scan.
2114
+ # @return [Array<Types::VolumeDetail>]
2115
+ #
2116
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumeDetails AWS API Documentation
2117
+ #
2118
+ class EbsVolumeDetails < Struct.new(
2119
+ :scanned_volume_details,
2120
+ :skipped_volume_details)
2121
+ SENSITIVE = []
2122
+ include Aws::Structure
2123
+ end
2124
+
2125
+ # Contains details from the malware scan that created a finding.
2126
+ #
2127
+ # @!attribute [rw] scan_id
2128
+ # Unique Id of the malware scan that generated the finding.
2129
+ # @return [String]
2130
+ #
2131
+ # @!attribute [rw] scan_started_at
2132
+ # Returns the start date and time of the malware scan.
2133
+ # @return [Time]
2134
+ #
2135
+ # @!attribute [rw] scan_completed_at
2136
+ # Returns the completion date and time of the malware scan.
2137
+ # @return [Time]
2138
+ #
2139
+ # @!attribute [rw] trigger_finding_id
2140
+ # GuardDuty finding ID that triggered a malware scan.
2141
+ # @return [String]
2142
+ #
2143
+ # @!attribute [rw] sources
2144
+ # Contains list of threat intelligence sources used to detect threats.
2145
+ # @return [Array<String>]
2146
+ #
2147
+ # @!attribute [rw] scan_detections
2148
+ # Contains a complete view providing malware scan result details.
2149
+ # @return [Types::ScanDetections]
2150
+ #
2151
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumeScanDetails AWS API Documentation
2152
+ #
2153
+ class EbsVolumeScanDetails < Struct.new(
2154
+ :scan_id,
2155
+ :scan_started_at,
2156
+ :scan_completed_at,
2157
+ :trigger_finding_id,
2158
+ :sources,
2159
+ :scan_detections)
2160
+ SENSITIVE = []
2161
+ include Aws::Structure
2162
+ end
2163
+
2164
+ # Describes the configuration of scanning EBS volumes as a data source.
2165
+ #
2166
+ # @!attribute [rw] status
2167
+ # Describes whether scanning EBS volumes is enabled as a data source.
2168
+ # @return [String]
2169
+ #
2170
+ # @!attribute [rw] reason
2171
+ # Specifies the reason why scanning EBS volumes (Malware Protection)
2172
+ # was not enabled as a data source.
2173
+ # @return [String]
2174
+ #
2175
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumesResult AWS API Documentation
2176
+ #
2177
+ class EbsVolumesResult < Struct.new(
2178
+ :status,
2179
+ :reason)
2180
+ SENSITIVE = []
2181
+ include Aws::Structure
2182
+ end
2183
+
2184
+ # Contains information about the details of the ECS Cluster.
2185
+ #
2186
+ # @!attribute [rw] name
2187
+ # The name of the ECS Cluster.
2188
+ # @return [String]
2189
+ #
2190
+ # @!attribute [rw] arn
2191
+ # The Amazon Resource Name (ARN) that identifies the cluster.
2192
+ # @return [String]
2193
+ #
2194
+ # @!attribute [rw] status
2195
+ # The status of the ECS cluster.
2196
+ # @return [String]
2197
+ #
2198
+ # @!attribute [rw] active_services_count
2199
+ # The number of services that are running on the cluster in an ACTIVE
2200
+ # state.
2201
+ # @return [Integer]
2202
+ #
2203
+ # @!attribute [rw] registered_container_instances_count
2204
+ # The number of container instances registered into the cluster.
2205
+ # @return [Integer]
2206
+ #
2207
+ # @!attribute [rw] running_tasks_count
2208
+ # The number of tasks in the cluster that are in the RUNNING state.
2209
+ # @return [Integer]
2210
+ #
2211
+ # @!attribute [rw] tags
2212
+ # The tags of the ECS Cluster.
2213
+ # @return [Array<Types::Tag>]
2214
+ #
2215
+ # @!attribute [rw] task_details
2216
+ # Contains information about the details of the ECS Task.
2217
+ # @return [Types::EcsTaskDetails]
2218
+ #
2219
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EcsClusterDetails AWS API Documentation
2220
+ #
2221
+ class EcsClusterDetails < Struct.new(
2222
+ :name,
2223
+ :arn,
2224
+ :status,
2225
+ :active_services_count,
2226
+ :registered_container_instances_count,
2227
+ :running_tasks_count,
2228
+ :tags,
2229
+ :task_details)
2230
+ SENSITIVE = []
2231
+ include Aws::Structure
2232
+ end
2233
+
2234
+ # Contains information about the task in an ECS cluster.
2235
+ #
2236
+ # @!attribute [rw] arn
2237
+ # The Amazon Resource Name (ARN) of the task.
2238
+ # @return [String]
2239
+ #
2240
+ # @!attribute [rw] definition_arn
2241
+ # The ARN of the task definition that creates the task.
2242
+ # @return [String]
2243
+ #
2244
+ # @!attribute [rw] version
2245
+ # The version counter for the task.
2246
+ # @return [String]
2247
+ #
2248
+ # @!attribute [rw] task_created_at
2249
+ # The Unix timestamp for the time when the task was created.
2250
+ # @return [Time]
2251
+ #
2252
+ # @!attribute [rw] started_at
2253
+ # The Unix timestamp for the time when the task started.
2254
+ # @return [Time]
2255
+ #
2256
+ # @!attribute [rw] started_by
2257
+ # Contains the tag specified when a task is started.
2258
+ # @return [String]
2259
+ #
2260
+ # @!attribute [rw] tags
2261
+ # The tags of the ECS Task.
2262
+ # @return [Array<Types::Tag>]
2263
+ #
2264
+ # @!attribute [rw] volumes
2265
+ # The list of data volume definitions for the task.
2266
+ # @return [Array<Types::Volume>]
2267
+ #
2268
+ # @!attribute [rw] containers
2269
+ # The containers that's associated with the task.
2270
+ # @return [Array<Types::Container>]
2271
+ #
2272
+ # @!attribute [rw] group
2273
+ # The name of the task group that's associated with the task.
2274
+ # @return [String]
2275
+ #
2276
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EcsTaskDetails AWS API Documentation
2277
+ #
2278
+ class EcsTaskDetails < Struct.new(
2279
+ :arn,
2280
+ :definition_arn,
2281
+ :version,
2282
+ :task_created_at,
2283
+ :started_at,
2284
+ :started_by,
2285
+ :tags,
2286
+ :volumes,
2287
+ :containers,
2288
+ :group)
2289
+ SENSITIVE = []
2290
+ include Aws::Structure
2291
+ end
2292
+
1993
2293
  # Details about the EKS cluster involved in a Kubernetes finding.
1994
2294
  #
1995
2295
  # @!attribute [rw] name
@@ -2067,6 +2367,110 @@ module Aws::GuardDuty
2067
2367
  include Aws::Structure
2068
2368
  end
2069
2369
 
2370
+ # Contains information about the condition.
2371
+ #
2372
+ # @note When making an API call, you may pass FilterCondition
2373
+ # data as a hash:
2374
+ #
2375
+ # {
2376
+ # equals_value: "NonEmptyString",
2377
+ # greater_than: 1,
2378
+ # less_than: 1,
2379
+ # }
2380
+ #
2381
+ # @!attribute [rw] equals_value
2382
+ # Represents an *equal* **** condition to be applied to a single field
2383
+ # when querying for scan entries.
2384
+ # @return [String]
2385
+ #
2386
+ # @!attribute [rw] greater_than
2387
+ # Represents a *greater than* condition to be applied to a single
2388
+ # field when querying for scan entries.
2389
+ # @return [Integer]
2390
+ #
2391
+ # @!attribute [rw] less_than
2392
+ # Represents a *less than* condition to be applied to a single field
2393
+ # when querying for scan entries.
2394
+ # @return [Integer]
2395
+ #
2396
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCondition AWS API Documentation
2397
+ #
2398
+ class FilterCondition < Struct.new(
2399
+ :equals_value,
2400
+ :greater_than,
2401
+ :less_than)
2402
+ SENSITIVE = []
2403
+ include Aws::Structure
2404
+ end
2405
+
2406
+ # Represents the criteria to be used in the filter for describing scan
2407
+ # entries.
2408
+ #
2409
+ # @note When making an API call, you may pass FilterCriteria
2410
+ # data as a hash:
2411
+ #
2412
+ # {
2413
+ # filter_criterion: [
2414
+ # {
2415
+ # criterion_key: "EC2_INSTANCE_ARN", # accepts EC2_INSTANCE_ARN, SCAN_ID, ACCOUNT_ID, GUARDDUTY_FINDING_ID, SCAN_START_TIME, SCAN_STATUS
2416
+ # filter_condition: {
2417
+ # equals_value: "NonEmptyString",
2418
+ # greater_than: 1,
2419
+ # less_than: 1,
2420
+ # },
2421
+ # },
2422
+ # ],
2423
+ # }
2424
+ #
2425
+ # @!attribute [rw] filter_criterion
2426
+ # Represents a condition that when matched will be added to the
2427
+ # response of the operation.
2428
+ # @return [Array<Types::FilterCriterion>]
2429
+ #
2430
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCriteria AWS API Documentation
2431
+ #
2432
+ class FilterCriteria < Struct.new(
2433
+ :filter_criterion)
2434
+ SENSITIVE = []
2435
+ include Aws::Structure
2436
+ end
2437
+
2438
+ # Represents a condition that when matched will be added to the response
2439
+ # of the operation. Irrespective of using any filter criteria, an
2440
+ # administrator account can view the scan entries for all of its member
2441
+ # accounts. However, each member account can view the scan entries only
2442
+ # for their own account.
2443
+ #
2444
+ # @note When making an API call, you may pass FilterCriterion
2445
+ # data as a hash:
2446
+ #
2447
+ # {
2448
+ # criterion_key: "EC2_INSTANCE_ARN", # accepts EC2_INSTANCE_ARN, SCAN_ID, ACCOUNT_ID, GUARDDUTY_FINDING_ID, SCAN_START_TIME, SCAN_STATUS
2449
+ # filter_condition: {
2450
+ # equals_value: "NonEmptyString",
2451
+ # greater_than: 1,
2452
+ # less_than: 1,
2453
+ # },
2454
+ # }
2455
+ #
2456
+ # @!attribute [rw] criterion_key
2457
+ # An enum value representing possible scan properties to match with
2458
+ # given scan entries.
2459
+ # @return [String]
2460
+ #
2461
+ # @!attribute [rw] filter_condition
2462
+ # Contains information about the condition.
2463
+ # @return [Types::FilterCondition]
2464
+ #
2465
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCriterion AWS API Documentation
2466
+ #
2467
+ class FilterCriterion < Struct.new(
2468
+ :criterion_key,
2469
+ :filter_condition)
2470
+ SENSITIVE = []
2471
+ include Aws::Structure
2472
+ end
2473
+
2070
2474
  # Contains information about the finding, which is generated when
2071
2475
  # abnormal or suspicious activity is detected.
2072
2476
  #
@@ -2580,6 +2984,44 @@ module Aws::GuardDuty
2580
2984
  include Aws::Structure
2581
2985
  end
2582
2986
 
2987
+ # @note When making an API call, you may pass GetMalwareScanSettingsRequest
2988
+ # data as a hash:
2989
+ #
2990
+ # {
2991
+ # detector_id: "DetectorId", # required
2992
+ # }
2993
+ #
2994
+ # @!attribute [rw] detector_id
2995
+ # The unique ID of the detector that the scan setting is associated
2996
+ # with.
2997
+ # @return [String]
2998
+ #
2999
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareScanSettingsRequest AWS API Documentation
3000
+ #
3001
+ class GetMalwareScanSettingsRequest < Struct.new(
3002
+ :detector_id)
3003
+ SENSITIVE = []
3004
+ include Aws::Structure
3005
+ end
3006
+
3007
+ # @!attribute [rw] scan_resource_criteria
3008
+ # Represents the criteria to be used in the filter for scanning
3009
+ # resources.
3010
+ # @return [Types::ScanResourceCriteria]
3011
+ #
3012
+ # @!attribute [rw] ebs_snapshot_preservation
3013
+ # An enum value representing possible snapshot preservation settings.
3014
+ # @return [String]
3015
+ #
3016
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareScanSettingsResponse AWS API Documentation
3017
+ #
3018
+ class GetMalwareScanSettingsResponse < Struct.new(
3019
+ :scan_resource_criteria,
3020
+ :ebs_snapshot_preservation)
3021
+ SENSITIVE = []
3022
+ include Aws::Structure
3023
+ end
3024
+
2583
3025
  # @note When making an API call, you may pass GetMasterAccountRequest
2584
3026
  # data as a hash:
2585
3027
  #
@@ -2812,7 +3254,7 @@ module Aws::GuardDuty
2812
3254
  # usage_statistic_type: "SUM_BY_ACCOUNT", # required, accepts SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES
2813
3255
  # usage_criteria: { # required
2814
3256
  # account_ids: ["AccountId"],
2815
- # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
3257
+ # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS, EC2_MALWARE_SCAN
2816
3258
  # resources: ["String"],
2817
3259
  # },
2818
3260
  # unit: "String",
@@ -2882,16 +3324,43 @@ module Aws::GuardDuty
2882
3324
  include Aws::Structure
2883
3325
  end
2884
3326
 
2885
- # Represents a pre-existing file or directory on the host machine that
2886
- # the volume maps to.
3327
+ # Contains details of the highest severity threat detected during scan
3328
+ # and number of infected files.
2887
3329
  #
2888
- # @!attribute [rw] path
2889
- # Path of the file or directory on the host that the volume maps to.
3330
+ # @!attribute [rw] severity
3331
+ # Severity level of the highest severity threat detected.
2890
3332
  # @return [String]
2891
3333
  #
2892
- # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HostPath AWS API Documentation
3334
+ # @!attribute [rw] threat_name
3335
+ # Threat name of the highest severity threat detected as part of the
3336
+ # malware scan.
3337
+ # @return [String]
2893
3338
  #
2894
- class HostPath < Struct.new(
3339
+ # @!attribute [rw] count
3340
+ # Total number of infected files with the highest severity threat
3341
+ # detected.
3342
+ # @return [Integer]
3343
+ #
3344
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HighestSeverityThreatDetails AWS API Documentation
3345
+ #
3346
+ class HighestSeverityThreatDetails < Struct.new(
3347
+ :severity,
3348
+ :threat_name,
3349
+ :count)
3350
+ SENSITIVE = []
3351
+ include Aws::Structure
3352
+ end
3353
+
3354
+ # Represents a pre-existing file or directory on the host machine that
3355
+ # the volume maps to.
3356
+ #
3357
+ # @!attribute [rw] path
3358
+ # Path of the file or directory on the host that the volume maps to.
3359
+ # @return [String]
3360
+ #
3361
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HostPath AWS API Documentation
3362
+ #
3363
+ class HostPath < Struct.new(
2895
3364
  :path)
2896
3365
  SENSITIVE = []
2897
3366
  include Aws::Structure
@@ -3755,7 +4224,13 @@ module Aws::GuardDuty
3755
4224
  # @!attribute [rw] only_associated
3756
4225
  # Specifies whether to only return associated members or to return all
3757
4226
  # members (including members who haven't been invited yet or have
3758
- # been disassociated).
4227
+ # been disassociated). Member accounts must have been previously
4228
+ # associated with the GuardDuty administrator account using [ `Create
4229
+ # Members` ][1].
4230
+ #
4231
+ #
4232
+ #
4233
+ # [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html
3759
4234
  # @return [String]
3760
4235
  #
3761
4236
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListMembersRequest AWS API Documentation
@@ -4011,6 +4486,67 @@ module Aws::GuardDuty
4011
4486
  include Aws::Structure
4012
4487
  end
4013
4488
 
4489
+ # Describes whether Malware Protection will be enabled as a data source.
4490
+ #
4491
+ # @note When making an API call, you may pass MalwareProtectionConfiguration
4492
+ # data as a hash:
4493
+ #
4494
+ # {
4495
+ # scan_ec2_instance_with_findings: {
4496
+ # ebs_volumes: false,
4497
+ # },
4498
+ # }
4499
+ #
4500
+ # @!attribute [rw] scan_ec2_instance_with_findings
4501
+ # Describes the configuration of Malware Protection for EC2 instances
4502
+ # with findings.
4503
+ # @return [Types::ScanEc2InstanceWithFindings]
4504
+ #
4505
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionConfiguration AWS API Documentation
4506
+ #
4507
+ class MalwareProtectionConfiguration < Struct.new(
4508
+ :scan_ec2_instance_with_findings)
4509
+ SENSITIVE = []
4510
+ include Aws::Structure
4511
+ end
4512
+
4513
+ # An object that contains information on the status of all Malware
4514
+ # Protection data sources.
4515
+ #
4516
+ # @!attribute [rw] scan_ec2_instance_with_findings
4517
+ # Describes the configuration of Malware Protection for EC2 instances
4518
+ # with findings.
4519
+ # @return [Types::ScanEc2InstanceWithFindingsResult]
4520
+ #
4521
+ # @!attribute [rw] service_role
4522
+ # The GuardDuty Malware Protection service role.
4523
+ # @return [String]
4524
+ #
4525
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionConfigurationResult AWS API Documentation
4526
+ #
4527
+ class MalwareProtectionConfigurationResult < Struct.new(
4528
+ :scan_ec2_instance_with_findings,
4529
+ :service_role)
4530
+ SENSITIVE = []
4531
+ include Aws::Structure
4532
+ end
4533
+
4534
+ # Provides details about Malware Protection when it is enabled as a data
4535
+ # source.
4536
+ #
4537
+ # @!attribute [rw] scan_ec2_instance_with_findings
4538
+ # Describes whether Malware Protection for EC2 instances with findings
4539
+ # is enabled as a data source.
4540
+ # @return [Types::DataSourceFreeTrial]
4541
+ #
4542
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionDataSourceFreeTrial AWS API Documentation
4543
+ #
4544
+ class MalwareProtectionDataSourceFreeTrial < Struct.new(
4545
+ :scan_ec2_instance_with_findings)
4546
+ SENSITIVE = []
4547
+ include Aws::Structure
4548
+ end
4549
+
4014
4550
  # Contains information about the administrator account and invitation.
4015
4551
  #
4016
4552
  # @!attribute [rw] account_id
@@ -4265,6 +4801,13 @@ module Aws::GuardDuty
4265
4801
  # auto_enable: false, # required
4266
4802
  # },
4267
4803
  # },
4804
+ # malware_protection: {
4805
+ # scan_ec2_instance_with_findings: {
4806
+ # ebs_volumes: {
4807
+ # auto_enable: false,
4808
+ # },
4809
+ # },
4810
+ # },
4268
4811
  # }
4269
4812
  #
4270
4813
  # @!attribute [rw] s3_logs
@@ -4277,11 +4820,17 @@ module Aws::GuardDuty
4277
4820
  # members of the organization.
4278
4821
  # @return [Types::OrganizationKubernetesConfiguration]
4279
4822
  #
4823
+ # @!attribute [rw] malware_protection
4824
+ # Describes the configuration of Malware Protection for new members of
4825
+ # the organization.
4826
+ # @return [Types::OrganizationMalwareProtectionConfiguration]
4827
+ #
4280
4828
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurations AWS API Documentation
4281
4829
  #
4282
4830
  class OrganizationDataSourceConfigurations < Struct.new(
4283
4831
  :s3_logs,
4284
- :kubernetes)
4832
+ :kubernetes,
4833
+ :malware_protection)
4285
4834
  SENSITIVE = []
4286
4835
  include Aws::Structure
4287
4836
  end
@@ -4297,11 +4846,55 @@ module Aws::GuardDuty
4297
4846
  # Describes the configuration of Kubernetes data sources.
4298
4847
  # @return [Types::OrganizationKubernetesConfigurationResult]
4299
4848
  #
4849
+ # @!attribute [rw] malware_protection
4850
+ # Describes the configuration of Malware Protection data source for an
4851
+ # organization.
4852
+ # @return [Types::OrganizationMalwareProtectionConfigurationResult]
4853
+ #
4300
4854
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurationsResult AWS API Documentation
4301
4855
  #
4302
4856
  class OrganizationDataSourceConfigurationsResult < Struct.new(
4303
4857
  :s3_logs,
4304
- :kubernetes)
4858
+ :kubernetes,
4859
+ :malware_protection)
4860
+ SENSITIVE = []
4861
+ include Aws::Structure
4862
+ end
4863
+
4864
+ # Organization-wide EBS volumes scan configuration.
4865
+ #
4866
+ # @note When making an API call, you may pass OrganizationEbsVolumes
4867
+ # data as a hash:
4868
+ #
4869
+ # {
4870
+ # auto_enable: false,
4871
+ # }
4872
+ #
4873
+ # @!attribute [rw] auto_enable
4874
+ # Whether scanning EBS volumes should be auto-enabled for new members
4875
+ # joining the organization.
4876
+ # @return [Boolean]
4877
+ #
4878
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationEbsVolumes AWS API Documentation
4879
+ #
4880
+ class OrganizationEbsVolumes < Struct.new(
4881
+ :auto_enable)
4882
+ SENSITIVE = []
4883
+ include Aws::Structure
4884
+ end
4885
+
4886
+ # An object that contains information on the status of whether EBS
4887
+ # volumes scanning will be enabled as a data source for an organization.
4888
+ #
4889
+ # @!attribute [rw] auto_enable
4890
+ # An object that contains the status of whether scanning EBS volumes
4891
+ # should be auto-enabled for new members joining the organization.
4892
+ # @return [Boolean]
4893
+ #
4894
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationEbsVolumesResult AWS API Documentation
4895
+ #
4896
+ class OrganizationEbsVolumesResult < Struct.new(
4897
+ :auto_enable)
4305
4898
  SENSITIVE = []
4306
4899
  include Aws::Structure
4307
4900
  end
@@ -4385,6 +4978,48 @@ module Aws::GuardDuty
4385
4978
  include Aws::Structure
4386
4979
  end
4387
4980
 
4981
+ # Organization-wide Malware Protection configurations.
4982
+ #
4983
+ # @note When making an API call, you may pass OrganizationMalwareProtectionConfiguration
4984
+ # data as a hash:
4985
+ #
4986
+ # {
4987
+ # scan_ec2_instance_with_findings: {
4988
+ # ebs_volumes: {
4989
+ # auto_enable: false,
4990
+ # },
4991
+ # },
4992
+ # }
4993
+ #
4994
+ # @!attribute [rw] scan_ec2_instance_with_findings
4995
+ # Whether Malware Protection for EC2 instances with findings should be
4996
+ # auto-enabled for new members joining the organization.
4997
+ # @return [Types::OrganizationScanEc2InstanceWithFindings]
4998
+ #
4999
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationMalwareProtectionConfiguration AWS API Documentation
5000
+ #
5001
+ class OrganizationMalwareProtectionConfiguration < Struct.new(
5002
+ :scan_ec2_instance_with_findings)
5003
+ SENSITIVE = []
5004
+ include Aws::Structure
5005
+ end
5006
+
5007
+ # An object that contains information on the status of all Malware
5008
+ # Protection data source for an organization.
5009
+ #
5010
+ # @!attribute [rw] scan_ec2_instance_with_findings
5011
+ # Describes the configuration for scanning EC2 instances with findings
5012
+ # for an organization.
5013
+ # @return [Types::OrganizationScanEc2InstanceWithFindingsResult]
5014
+ #
5015
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationMalwareProtectionConfigurationResult AWS API Documentation
5016
+ #
5017
+ class OrganizationMalwareProtectionConfigurationResult < Struct.new(
5018
+ :scan_ec2_instance_with_findings)
5019
+ SENSITIVE = []
5020
+ include Aws::Structure
5021
+ end
5022
+
4388
5023
  # Describes whether S3 data event logs will be automatically enabled for
4389
5024
  # new members of the organization.
4390
5025
  #
@@ -4424,6 +5059,46 @@ module Aws::GuardDuty
4424
5059
  include Aws::Structure
4425
5060
  end
4426
5061
 
5062
+ # Organization-wide EC2 instances with findings scan configuration.
5063
+ #
5064
+ # @note When making an API call, you may pass OrganizationScanEc2InstanceWithFindings
5065
+ # data as a hash:
5066
+ #
5067
+ # {
5068
+ # ebs_volumes: {
5069
+ # auto_enable: false,
5070
+ # },
5071
+ # }
5072
+ #
5073
+ # @!attribute [rw] ebs_volumes
5074
+ # Whether scanning EBS volumes should be auto-enabled for new members
5075
+ # joining the organization.
5076
+ # @return [Types::OrganizationEbsVolumes]
5077
+ #
5078
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationScanEc2InstanceWithFindings AWS API Documentation
5079
+ #
5080
+ class OrganizationScanEc2InstanceWithFindings < Struct.new(
5081
+ :ebs_volumes)
5082
+ SENSITIVE = []
5083
+ include Aws::Structure
5084
+ end
5085
+
5086
+ # An object that contains information on the status of scanning EC2
5087
+ # instances with findings for an organization.
5088
+ #
5089
+ # @!attribute [rw] ebs_volumes
5090
+ # Describes the configuration for scanning EBS volumes for an
5091
+ # organization.
5092
+ # @return [Types::OrganizationEbsVolumesResult]
5093
+ #
5094
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationScanEc2InstanceWithFindingsResult AWS API Documentation
5095
+ #
5096
+ class OrganizationScanEc2InstanceWithFindingsResult < Struct.new(
5097
+ :ebs_volumes)
5098
+ SENSITIVE = []
5099
+ include Aws::Structure
5100
+ end
5101
+
4427
5102
  # Contains information on the owner of the bucket.
4428
5103
  #
4429
5104
  # @!attribute [rw] id
@@ -4677,6 +5352,18 @@ module Aws::GuardDuty
4677
5352
  # The type of Amazon Web Services resource.
4678
5353
  # @return [String]
4679
5354
  #
5355
+ # @!attribute [rw] ebs_volume_details
5356
+ # Contains list of scanned and skipped EBS volumes with details.
5357
+ # @return [Types::EbsVolumeDetails]
5358
+ #
5359
+ # @!attribute [rw] ecs_cluster_details
5360
+ # Contains information about the details of the ECS Cluster.
5361
+ # @return [Types::EcsClusterDetails]
5362
+ #
5363
+ # @!attribute [rw] container_details
5364
+ # Details of a container.
5365
+ # @return [Types::Container]
5366
+ #
4680
5367
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Resource AWS API Documentation
4681
5368
  #
4682
5369
  class Resource < Struct.new(
@@ -4685,7 +5372,24 @@ module Aws::GuardDuty
4685
5372
  :instance_details,
4686
5373
  :eks_cluster_details,
4687
5374
  :kubernetes_details,
4688
- :resource_type)
5375
+ :resource_type,
5376
+ :ebs_volume_details,
5377
+ :ecs_cluster_details,
5378
+ :container_details)
5379
+ SENSITIVE = []
5380
+ include Aws::Structure
5381
+ end
5382
+
5383
+ # Represents the resources that were scanned in the scan entry.
5384
+ #
5385
+ # @!attribute [rw] instance_arn
5386
+ # InstanceArn that was scanned in the scan entry.
5387
+ # @return [String]
5388
+ #
5389
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ResourceDetails AWS API Documentation
5390
+ #
5391
+ class ResourceDetails < Struct.new(
5392
+ :instance_arn)
4689
5393
  SENSITIVE = []
4690
5394
  include Aws::Structure
4691
5395
  end
@@ -4775,6 +5479,358 @@ module Aws::GuardDuty
4775
5479
  include Aws::Structure
4776
5480
  end
4777
5481
 
5482
+ # Contains information about a malware scan.
5483
+ #
5484
+ # @!attribute [rw] detector_id
5485
+ # The unique ID of the detector that the request is associated with.
5486
+ # @return [String]
5487
+ #
5488
+ # @!attribute [rw] admin_detector_id
5489
+ # The unique detector ID of the administrator account that the request
5490
+ # is associated with. Note that this value will be the same as the one
5491
+ # used for `DetectorId` if the account is an administrator.
5492
+ # @return [String]
5493
+ #
5494
+ # @!attribute [rw] scan_id
5495
+ # The unique scan ID associated with a scan entry.
5496
+ # @return [String]
5497
+ #
5498
+ # @!attribute [rw] scan_status
5499
+ # An enum value representing possible scan statuses.
5500
+ # @return [String]
5501
+ #
5502
+ # @!attribute [rw] failure_reason
5503
+ # Represents the reason for FAILED scan status.
5504
+ # @return [String]
5505
+ #
5506
+ # @!attribute [rw] scan_start_time
5507
+ # The timestamp of when the scan was triggered.
5508
+ # @return [Time]
5509
+ #
5510
+ # @!attribute [rw] scan_end_time
5511
+ # The timestamp of when the scan was finished.
5512
+ # @return [Time]
5513
+ #
5514
+ # @!attribute [rw] trigger_details
5515
+ # Represents the reason the scan was triggered.
5516
+ # @return [Types::TriggerDetails]
5517
+ #
5518
+ # @!attribute [rw] resource_details
5519
+ # Represents the resources that were scanned in the scan entry.
5520
+ # @return [Types::ResourceDetails]
5521
+ #
5522
+ # @!attribute [rw] scan_result_details
5523
+ # Represents the result of the scan.
5524
+ # @return [Types::ScanResultDetails]
5525
+ #
5526
+ # @!attribute [rw] account_id
5527
+ # The ID for the account that belongs to the scan.
5528
+ # @return [String]
5529
+ #
5530
+ # @!attribute [rw] total_bytes
5531
+ # Represents total bytes that were scanned.
5532
+ # @return [Integer]
5533
+ #
5534
+ # @!attribute [rw] file_count
5535
+ # Represents the number of files that were scanned.
5536
+ # @return [Integer]
5537
+ #
5538
+ # @!attribute [rw] attached_volumes
5539
+ # List of volumes that were attached to the original instance to be
5540
+ # scanned.
5541
+ # @return [Array<Types::VolumeDetail>]
5542
+ #
5543
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Scan AWS API Documentation
5544
+ #
5545
+ class Scan < Struct.new(
5546
+ :detector_id,
5547
+ :admin_detector_id,
5548
+ :scan_id,
5549
+ :scan_status,
5550
+ :failure_reason,
5551
+ :scan_start_time,
5552
+ :scan_end_time,
5553
+ :trigger_details,
5554
+ :resource_details,
5555
+ :scan_result_details,
5556
+ :account_id,
5557
+ :total_bytes,
5558
+ :file_count,
5559
+ :attached_volumes)
5560
+ SENSITIVE = []
5561
+ include Aws::Structure
5562
+ end
5563
+
5564
+ # Contains information about the condition.
5565
+ #
5566
+ # @note When making an API call, you may pass ScanCondition
5567
+ # data as a hash:
5568
+ #
5569
+ # {
5570
+ # map_equals: [ # required
5571
+ # {
5572
+ # key: "TagKey", # required
5573
+ # value: "TagValue",
5574
+ # },
5575
+ # ],
5576
+ # }
5577
+ #
5578
+ # @!attribute [rw] map_equals
5579
+ # Represents an *mapEqual* **** condition to be applied to a single
5580
+ # field when triggering for malware scan.
5581
+ # @return [Array<Types::ScanConditionPair>]
5582
+ #
5583
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanCondition AWS API Documentation
5584
+ #
5585
+ class ScanCondition < Struct.new(
5586
+ :map_equals)
5587
+ SENSITIVE = []
5588
+ include Aws::Structure
5589
+ end
5590
+
5591
+ # Represents key, value pair to be matched against given resource
5592
+ # property.
5593
+ #
5594
+ # @note When making an API call, you may pass ScanConditionPair
5595
+ # data as a hash:
5596
+ #
5597
+ # {
5598
+ # key: "TagKey", # required
5599
+ # value: "TagValue",
5600
+ # }
5601
+ #
5602
+ # @!attribute [rw] key
5603
+ # Represents *key* **** in the map condition.
5604
+ # @return [String]
5605
+ #
5606
+ # @!attribute [rw] value
5607
+ # Represents optional *value* **** in the map condition. If not
5608
+ # specified, only *key* **** will be matched.
5609
+ # @return [String]
5610
+ #
5611
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanConditionPair AWS API Documentation
5612
+ #
5613
+ class ScanConditionPair < Struct.new(
5614
+ :key,
5615
+ :value)
5616
+ SENSITIVE = []
5617
+ include Aws::Structure
5618
+ end
5619
+
5620
+ # Contains a complete view providing malware scan result details.
5621
+ #
5622
+ # @!attribute [rw] scanned_item_count
5623
+ # Total number of scanned files.
5624
+ # @return [Types::ScannedItemCount]
5625
+ #
5626
+ # @!attribute [rw] threats_detected_item_count
5627
+ # Total number of infected files.
5628
+ # @return [Types::ThreatsDetectedItemCount]
5629
+ #
5630
+ # @!attribute [rw] highest_severity_threat_details
5631
+ # Details of the highest severity threat detected during malware scan
5632
+ # and number of infected files.
5633
+ # @return [Types::HighestSeverityThreatDetails]
5634
+ #
5635
+ # @!attribute [rw] threat_detected_by_name
5636
+ # Contains details about identified threats organized by threat name.
5637
+ # @return [Types::ThreatDetectedByName]
5638
+ #
5639
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanDetections AWS API Documentation
5640
+ #
5641
+ class ScanDetections < Struct.new(
5642
+ :scanned_item_count,
5643
+ :threats_detected_item_count,
5644
+ :highest_severity_threat_details,
5645
+ :threat_detected_by_name)
5646
+ SENSITIVE = []
5647
+ include Aws::Structure
5648
+ end
5649
+
5650
+ # Describes whether Malware Protection for EC2 instances with findings
5651
+ # will be enabled as a data source.
5652
+ #
5653
+ # @note When making an API call, you may pass ScanEc2InstanceWithFindings
5654
+ # data as a hash:
5655
+ #
5656
+ # {
5657
+ # ebs_volumes: false,
5658
+ # }
5659
+ #
5660
+ # @!attribute [rw] ebs_volumes
5661
+ # Describes the configuration for scanning EBS volumes as data source.
5662
+ # @return [Boolean]
5663
+ #
5664
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanEc2InstanceWithFindings AWS API Documentation
5665
+ #
5666
+ class ScanEc2InstanceWithFindings < Struct.new(
5667
+ :ebs_volumes)
5668
+ SENSITIVE = []
5669
+ include Aws::Structure
5670
+ end
5671
+
5672
+ # An object that contains information on the status of whether Malware
5673
+ # Protection for EC2 instances with findings will be enabled as a data
5674
+ # source.
5675
+ #
5676
+ # @!attribute [rw] ebs_volumes
5677
+ # Describes the configuration of scanning EBS volumes as a data
5678
+ # source.
5679
+ # @return [Types::EbsVolumesResult]
5680
+ #
5681
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanEc2InstanceWithFindingsResult AWS API Documentation
5682
+ #
5683
+ class ScanEc2InstanceWithFindingsResult < Struct.new(
5684
+ :ebs_volumes)
5685
+ SENSITIVE = []
5686
+ include Aws::Structure
5687
+ end
5688
+
5689
+ # Contains details of infected file including name, file path and hash.
5690
+ #
5691
+ # @!attribute [rw] file_path
5692
+ # The file path of the infected file.
5693
+ # @return [String]
5694
+ #
5695
+ # @!attribute [rw] volume_arn
5696
+ # EBS volume Arn details of the infected file.
5697
+ # @return [String]
5698
+ #
5699
+ # @!attribute [rw] hash
5700
+ # The hash value of the infected file.
5701
+ # @return [String]
5702
+ #
5703
+ # @!attribute [rw] file_name
5704
+ # File name of the infected file.
5705
+ # @return [String]
5706
+ #
5707
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanFilePath AWS API Documentation
5708
+ #
5709
+ class ScanFilePath < Struct.new(
5710
+ :file_path,
5711
+ :volume_arn,
5712
+ :hash,
5713
+ :file_name)
5714
+ SENSITIVE = []
5715
+ include Aws::Structure
5716
+ end
5717
+
5718
+ # Contains information about criteria used to filter resources before
5719
+ # triggering malware scan.
5720
+ #
5721
+ # @note When making an API call, you may pass ScanResourceCriteria
5722
+ # data as a hash:
5723
+ #
5724
+ # {
5725
+ # include: {
5726
+ # "EC2_INSTANCE_TAG" => {
5727
+ # map_equals: [ # required
5728
+ # {
5729
+ # key: "TagKey", # required
5730
+ # value: "TagValue",
5731
+ # },
5732
+ # ],
5733
+ # },
5734
+ # },
5735
+ # exclude: {
5736
+ # "EC2_INSTANCE_TAG" => {
5737
+ # map_equals: [ # required
5738
+ # {
5739
+ # key: "TagKey", # required
5740
+ # value: "TagValue",
5741
+ # },
5742
+ # ],
5743
+ # },
5744
+ # },
5745
+ # }
5746
+ #
5747
+ # @!attribute [rw] include
5748
+ # Represents condition that when matched will allow a malware scan for
5749
+ # a certain resource.
5750
+ # @return [Hash<String,Types::ScanCondition>]
5751
+ #
5752
+ # @!attribute [rw] exclude
5753
+ # Represents condition that when matched will prevent a malware scan
5754
+ # for a certain resource.
5755
+ # @return [Hash<String,Types::ScanCondition>]
5756
+ #
5757
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanResourceCriteria AWS API Documentation
5758
+ #
5759
+ class ScanResourceCriteria < Struct.new(
5760
+ :include,
5761
+ :exclude)
5762
+ SENSITIVE = []
5763
+ include Aws::Structure
5764
+ end
5765
+
5766
+ # Represents the result of the scan.
5767
+ #
5768
+ # @!attribute [rw] scan_result
5769
+ # An enum value representing possible scan results.
5770
+ # @return [String]
5771
+ #
5772
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanResultDetails AWS API Documentation
5773
+ #
5774
+ class ScanResultDetails < Struct.new(
5775
+ :scan_result)
5776
+ SENSITIVE = []
5777
+ include Aws::Structure
5778
+ end
5779
+
5780
+ # Contains files infected with the given threat providing details of
5781
+ # malware name and severity.
5782
+ #
5783
+ # @!attribute [rw] name
5784
+ # The name of the identified threat.
5785
+ # @return [String]
5786
+ #
5787
+ # @!attribute [rw] severity
5788
+ # Severity of threat identified as part of the malware scan.
5789
+ # @return [String]
5790
+ #
5791
+ # @!attribute [rw] item_count
5792
+ # Total number of files infected with given threat.
5793
+ # @return [Integer]
5794
+ #
5795
+ # @!attribute [rw] file_paths
5796
+ # List of infected files in EBS volume with details.
5797
+ # @return [Array<Types::ScanFilePath>]
5798
+ #
5799
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanThreatName AWS API Documentation
5800
+ #
5801
+ class ScanThreatName < Struct.new(
5802
+ :name,
5803
+ :severity,
5804
+ :item_count,
5805
+ :file_paths)
5806
+ SENSITIVE = []
5807
+ include Aws::Structure
5808
+ end
5809
+
5810
+ # Total number of scanned files.
5811
+ #
5812
+ # @!attribute [rw] total_gb
5813
+ # Total GB of files scanned for malware.
5814
+ # @return [Integer]
5815
+ #
5816
+ # @!attribute [rw] files
5817
+ # Number of files scanned.
5818
+ # @return [Integer]
5819
+ #
5820
+ # @!attribute [rw] volumes
5821
+ # Total number of scanned volumes.
5822
+ # @return [Integer]
5823
+ #
5824
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScannedItemCount AWS API Documentation
5825
+ #
5826
+ class ScannedItemCount < Struct.new(
5827
+ :total_gb,
5828
+ :files,
5829
+ :volumes)
5830
+ SENSITIVE = []
5831
+ include Aws::Structure
5832
+ end
5833
+
4778
5834
  # Container security context.
4779
5835
  #
4780
5836
  # @!attribute [rw] privileged
@@ -4858,6 +5914,14 @@ module Aws::GuardDuty
4858
5914
  # Contains additional information about the generated finding.
4859
5915
  # @return [Types::ServiceAdditionalInfo]
4860
5916
  #
5917
+ # @!attribute [rw] feature_name
5918
+ # The name of the feature that generated a finding.
5919
+ # @return [String]
5920
+ #
5921
+ # @!attribute [rw] ebs_volume_scan_details
5922
+ # Returns details from the malware scan that created a finding.
5923
+ # @return [Types::EbsVolumeScanDetails]
5924
+ #
4861
5925
  # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Service AWS API Documentation
4862
5926
  #
4863
5927
  class Service < Struct.new(
@@ -4871,7 +5935,9 @@ module Aws::GuardDuty
4871
5935
  :resource_role,
4872
5936
  :service_name,
4873
5937
  :user_feedback,
4874
- :additional_info)
5938
+ :additional_info,
5939
+ :feature_name,
5940
+ :ebs_volume_scan_details)
4875
5941
  SENSITIVE = []
4876
5942
  include Aws::Structure
4877
5943
  end
@@ -5054,6 +6120,37 @@ module Aws::GuardDuty
5054
6120
  #
5055
6121
  class TagResourceResponse < Aws::EmptyStructure; end
5056
6122
 
6123
+ # Contains details about identified threats organized by threat name.
6124
+ #
6125
+ # @!attribute [rw] item_count
6126
+ # Total number of infected files identified.
6127
+ # @return [Integer]
6128
+ #
6129
+ # @!attribute [rw] unique_threat_name_count
6130
+ # Total number of unique threats by name identified, as part of the
6131
+ # malware scan.
6132
+ # @return [Integer]
6133
+ #
6134
+ # @!attribute [rw] shortened
6135
+ # Flag to determine if the finding contains every single infected
6136
+ # file-path and/or every threat.
6137
+ # @return [Boolean]
6138
+ #
6139
+ # @!attribute [rw] threat_names
6140
+ # List of identified threats with details, organized by threat name.
6141
+ # @return [Array<Types::ScanThreatName>]
6142
+ #
6143
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatDetectedByName AWS API Documentation
6144
+ #
6145
+ class ThreatDetectedByName < Struct.new(
6146
+ :item_count,
6147
+ :unique_threat_name_count,
6148
+ :shortened,
6149
+ :threat_names)
6150
+ SENSITIVE = []
6151
+ include Aws::Structure
6152
+ end
6153
+
5057
6154
  # An instance of a threat intelligence detail that constitutes evidence
5058
6155
  # for the finding.
5059
6156
  #
@@ -5075,6 +6172,20 @@ module Aws::GuardDuty
5075
6172
  include Aws::Structure
5076
6173
  end
5077
6174
 
6175
+ # Contains total number of infected files.
6176
+ #
6177
+ # @!attribute [rw] files
6178
+ # Total number of infected files.
6179
+ # @return [Integer]
6180
+ #
6181
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatsDetectedItemCount AWS API Documentation
6182
+ #
6183
+ class ThreatsDetectedItemCount < Struct.new(
6184
+ :files)
6185
+ SENSITIVE = []
6186
+ include Aws::Structure
6187
+ end
6188
+
5078
6189
  # Contains the total usage with the corresponding currency unit for that
5079
6190
  # value.
5080
6191
  #
@@ -5095,6 +6206,25 @@ module Aws::GuardDuty
5095
6206
  include Aws::Structure
5096
6207
  end
5097
6208
 
6209
+ # Represents the reason the scan was triggered.
6210
+ #
6211
+ # @!attribute [rw] guard_duty_finding_id
6212
+ # The ID of the GuardDuty finding that triggered the BirdDog scan.
6213
+ # @return [String]
6214
+ #
6215
+ # @!attribute [rw] description
6216
+ # The description of the scan trigger.
6217
+ # @return [String]
6218
+ #
6219
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/TriggerDetails AWS API Documentation
6220
+ #
6221
+ class TriggerDetails < Struct.new(
6222
+ :guard_duty_finding_id,
6223
+ :description)
6224
+ SENSITIVE = []
6225
+ include Aws::Structure
6226
+ end
6227
+
5098
6228
  # @note When making an API call, you may pass UnarchiveFindingsRequest
5099
6229
  # data as a hash:
5100
6230
  #
@@ -5143,6 +6273,21 @@ module Aws::GuardDuty
5143
6273
  include Aws::Structure
5144
6274
  end
5145
6275
 
6276
+ # Specifies the names of the data sources that couldn't be enabled.
6277
+ #
6278
+ # @!attribute [rw] malware_protection
6279
+ # An object that contains information on the status of all Malware
6280
+ # Protection data sources.
6281
+ # @return [Types::MalwareProtectionConfigurationResult]
6282
+ #
6283
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UnprocessedDataSourcesResult AWS API Documentation
6284
+ #
6285
+ class UnprocessedDataSourcesResult < Struct.new(
6286
+ :malware_protection)
6287
+ SENSITIVE = []
6288
+ include Aws::Structure
6289
+ end
6290
+
5146
6291
  # @note When making an API call, you may pass UntagResourceRequest
5147
6292
  # data as a hash:
5148
6293
  #
@@ -5188,6 +6333,11 @@ module Aws::GuardDuty
5188
6333
  # enable: false, # required
5189
6334
  # },
5190
6335
  # },
6336
+ # malware_protection: {
6337
+ # scan_ec2_instance_with_findings: {
6338
+ # ebs_volumes: false,
6339
+ # },
6340
+ # },
5191
6341
  # },
5192
6342
  # }
5193
6343
  #
@@ -5398,6 +6548,64 @@ module Aws::GuardDuty
5398
6548
  #
5399
6549
  class UpdateIPSetResponse < Aws::EmptyStructure; end
5400
6550
 
6551
+ # @note When making an API call, you may pass UpdateMalwareScanSettingsRequest
6552
+ # data as a hash:
6553
+ #
6554
+ # {
6555
+ # detector_id: "DetectorId", # required
6556
+ # scan_resource_criteria: {
6557
+ # include: {
6558
+ # "EC2_INSTANCE_TAG" => {
6559
+ # map_equals: [ # required
6560
+ # {
6561
+ # key: "TagKey", # required
6562
+ # value: "TagValue",
6563
+ # },
6564
+ # ],
6565
+ # },
6566
+ # },
6567
+ # exclude: {
6568
+ # "EC2_INSTANCE_TAG" => {
6569
+ # map_equals: [ # required
6570
+ # {
6571
+ # key: "TagKey", # required
6572
+ # value: "TagValue",
6573
+ # },
6574
+ # ],
6575
+ # },
6576
+ # },
6577
+ # },
6578
+ # ebs_snapshot_preservation: "NO_RETENTION", # accepts NO_RETENTION, RETENTION_WITH_FINDING
6579
+ # }
6580
+ #
6581
+ # @!attribute [rw] detector_id
6582
+ # The unique ID of the detector that specifies the GuardDuty service
6583
+ # where you want to update scan settings.
6584
+ # @return [String]
6585
+ #
6586
+ # @!attribute [rw] scan_resource_criteria
6587
+ # Represents the criteria to be used in the filter for selecting
6588
+ # resources to scan.
6589
+ # @return [Types::ScanResourceCriteria]
6590
+ #
6591
+ # @!attribute [rw] ebs_snapshot_preservation
6592
+ # An enum value representing possible snapshot preservation settings.
6593
+ # @return [String]
6594
+ #
6595
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMalwareScanSettingsRequest AWS API Documentation
6596
+ #
6597
+ class UpdateMalwareScanSettingsRequest < Struct.new(
6598
+ :detector_id,
6599
+ :scan_resource_criteria,
6600
+ :ebs_snapshot_preservation)
6601
+ SENSITIVE = []
6602
+ include Aws::Structure
6603
+ end
6604
+
6605
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMalwareScanSettingsResponse AWS API Documentation
6606
+ #
6607
+ class UpdateMalwareScanSettingsResponse < Aws::EmptyStructure; end
6608
+
5401
6609
  # @note When making an API call, you may pass UpdateMemberDetectorsRequest
5402
6610
  # data as a hash:
5403
6611
  #
@@ -5413,6 +6621,11 @@ module Aws::GuardDuty
5413
6621
  # enable: false, # required
5414
6622
  # },
5415
6623
  # },
6624
+ # malware_protection: {
6625
+ # scan_ec2_instance_with_findings: {
6626
+ # ebs_volumes: false,
6627
+ # },
6628
+ # },
5416
6629
  # },
5417
6630
  # }
5418
6631
  #
@@ -5466,6 +6679,13 @@ module Aws::GuardDuty
5466
6679
  # auto_enable: false, # required
5467
6680
  # },
5468
6681
  # },
6682
+ # malware_protection: {
6683
+ # scan_ec2_instance_with_findings: {
6684
+ # ebs_volumes: {
6685
+ # auto_enable: false,
6686
+ # },
6687
+ # },
6688
+ # },
5469
6689
  # },
5470
6690
  # }
5471
6691
  #
@@ -5614,7 +6834,7 @@ module Aws::GuardDuty
5614
6834
  #
5615
6835
  # {
5616
6836
  # account_ids: ["AccountId"],
5617
- # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS
6837
+ # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS, EC2_MALWARE_SCAN
5618
6838
  # resources: ["String"],
5619
6839
  # }
5620
6840
  #
@@ -5731,6 +6951,50 @@ module Aws::GuardDuty
5731
6951
  include Aws::Structure
5732
6952
  end
5733
6953
 
6954
+ # Contains EBS volume details.
6955
+ #
6956
+ # @!attribute [rw] volume_arn
6957
+ # EBS volume Arn information.
6958
+ # @return [String]
6959
+ #
6960
+ # @!attribute [rw] volume_type
6961
+ # The EBS volume type.
6962
+ # @return [String]
6963
+ #
6964
+ # @!attribute [rw] device_name
6965
+ # The device name for the EBS volume.
6966
+ # @return [String]
6967
+ #
6968
+ # @!attribute [rw] volume_size_in_gb
6969
+ # EBS volume size in GB.
6970
+ # @return [Integer]
6971
+ #
6972
+ # @!attribute [rw] encryption_type
6973
+ # EBS volume encryption type.
6974
+ # @return [String]
6975
+ #
6976
+ # @!attribute [rw] snapshot_arn
6977
+ # Snapshot Arn of the EBS volume.
6978
+ # @return [String]
6979
+ #
6980
+ # @!attribute [rw] kms_key_arn
6981
+ # KMS key Arn used to encrypt the EBS volume.
6982
+ # @return [String]
6983
+ #
6984
+ # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/VolumeDetail AWS API Documentation
6985
+ #
6986
+ class VolumeDetail < Struct.new(
6987
+ :volume_arn,
6988
+ :volume_type,
6989
+ :device_name,
6990
+ :volume_size_in_gb,
6991
+ :encryption_type,
6992
+ :snapshot_arn,
6993
+ :kms_key_arn)
6994
+ SENSITIVE = []
6995
+ include Aws::Structure
6996
+ end
6997
+
5734
6998
  # Container volume mount.
5735
6999
  #
5736
7000
  # @!attribute [rw] name