aws-sdk-guardduty 1.87.0 → 1.89.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f65ec1425196f2ee15974da2d6574666be9a660203529a63a3d310c6b9fa1028
-  data.tar.gz: a1b0a489c3995991432f60c3af92db31e9cfce93945af9f1b66cc7ada485b54e
+  metadata.gz: 17b65972af65719879325e2105b93afa525189c5851a519d735654f8282ea2fc
+  data.tar.gz: f1b9299e18b7f95e4cb643e3a655756b6decad4ecd590d69c452b86e9e27b6e5
 SHA512:
-  metadata.gz: f89de28ad36850f57d7d40465f75a0df2a355157e5fb0197461be41b598e1486968e911a1bbe0a781a793b5e12e7779ef05101e9a01abac3faae3f845202ecda
-  data.tar.gz: 9c6fa8c45db4b83cbbd39f8476a8e30b12e92dd53247702166b54109521a98127205b345f2b12161b75fe994142f235ce39e441dfd7443d5ea6690389081ef2d
+  metadata.gz: 8a7139d8178d2b490ca621c8656b20c57043ade1900ddd37127ddf4a902b01967ed0bf0f4cbef0bde52fdcd8a9f4b5cba555fa3d43e81391ebb2668aef27bfd3
+  data.tar.gz: cecdd4ccab6555b0ab9befacf0c6db6ba16f6354a9c0db764712da5295356a5f3325eec2a02c06a00cc0409de687548dd5503bb87db0979fc4e08692ec8e132c

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.89.0 (2024-03-28)
+------------------
+
+* Feature - Add EC2 support for GuardDuty Runtime Monitoring auto management.
+
+1.88.0 (2024-03-08)
+------------------
+
+* Feature - Add RDS Provisioned and Serverless Usage types
+
 1.87.0 (2024-01-26)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.87.0
+1.89.0

data/lib/aws-sdk-guardduty/client.rb

@@ -487,20 +487,35 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
-    # Creates a single Amazon GuardDuty detector. A detector is a resource
-    # that represents the GuardDuty service. To start using GuardDuty, you
-    # must create a detector in each Region where you enable the service.
-    # You can have only one detector per account per Region. All data
-    # sources are enabled in a new detector by default.
+    # Creates a single GuardDuty detector. A detector is a resource that
+    # represents the GuardDuty service. To start using GuardDuty, you must
+    # create a detector in each Region where you enable the service. You can
+    # have only one detector per account per Region. All data sources are
+    # enabled in a new detector by default.
+    #
+    # * When you don't specify any `features`, with an exception to
+    #   `RUNTIME_MONITORING`, all the optional features are enabled by
+    #   default.
+    #
+    # * When you specify some of the `features`, any feature that is not
+    #   specified in the API call gets enabled by default, with an exception
+    #   to `RUNTIME_MONITORING`.
+    #
+    # Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and
+    # Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can
+    # add only one of these two features because Runtime Monitoring already
+    # includes the threat detection for Amazon EKS resources. For more
+    # information, see [Runtime Monitoring][1].
     #
     # There might be regional differences because some data sources might
     # not be available in all the Amazon Web Services Regions where
     # GuardDuty is presently supported. For more information, see [Regions
-    # and endpoints][1].
+    # and endpoints][2].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html
+    # [2]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
     #
     # @option params [required, Boolean] :enable
     #   A Boolean value that specifies whether the detector is to be enabled.
@@ -567,7 +582,7 @@ module Aws::GuardDuty
     #         status: "ENABLED", # accepts ENABLED, DISABLED
     #         additional_configuration: [
     #           {
-    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT
+    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT, EC2_AGENT_MANAGEMENT
     #             status: "ENABLED", # accepts ENABLED, DISABLED
     #           },
     #         ],
@@ -975,18 +990,19 @@ module Aws::GuardDuty
     # existing auto-enable settings for your organization, see
     # [DescribeOrganizationConfiguration][1].
     #
-    # If you are adding accounts by invitation, before using
-    # [InviteMembers][2], use `CreateMembers` after GuardDuty has been
-    # enabled in potential member accounts.
-    #
-    # If you disassociate a member from a GuardDuty delegated administrator,
-    # the member account details obtained from this API, including the
+    # If you disassociate a member account that was added by invitation, the
+    # member account details obtained from this API, including the
     # associated email addresses, will be retained. This is done so that the
     # delegated administrator can invoke the [InviteMembers][2] API without
     # the need to invoke the CreateMembers API again. To remove the details
     # associated with a member account, the delegated administrator must
     # invoke the [DeleteMembers][3] API.
     #
+    # When the member accounts added through Organizations are later
+    # disassociated, you (administrator) can't invite them by calling the
+    # InviteMembers API. You can create an association with these member
+    # accounts again only by calling the CreateMembers API.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DescribeOrganizationConfiguration.html
@@ -1576,7 +1592,7 @@ module Aws::GuardDuty
     #   resp.features[0].name #=> String, one of "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING"
     #   resp.features[0].auto_enable #=> String, one of "NEW", "NONE", "ALL"
     #   resp.features[0].additional_configuration #=> Array
-    #   resp.features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"
+    #   resp.features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT"
     #   resp.features[0].additional_configuration[0].auto_enable #=> String, one of "NEW", "NONE", "ALL"
     #   resp.next_token #=> String
     #   resp.auto_enable_organization_members #=> String, one of "NEW", "ALL", "NONE"
@@ -1755,6 +1771,19 @@ module Aws::GuardDuty
     # disassociate a member account before removing them from your
     # organization.
     #
+    # If you disassociate a member account that was added by invitation, the
+    # member account details obtained from this API, including the
+    # associated email addresses, will be retained. This is done so that the
+    # delegated administrator can invoke the [InviteMembers][2] API without
+    # the need to invoke the CreateMembers API again. To remove the details
+    # associated with a member account, the delegated administrator must
+    # invoke the [DeleteMembers][3] API.
+    #
+    # When the member accounts added through Organizations are later
+    # disassociated, you (administrator) can't invite them by calling the
+    # InviteMembers API. You can create an association with these member
+    # accounts again only by calling the CreateMembers API.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html
@@ -1964,7 +1993,7 @@ module Aws::GuardDuty
     #   resp.features[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.features[0].updated_at #=> Time
     #   resp.features[0].additional_configuration #=> Array
-    #   resp.features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"
+    #   resp.features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT"
     #   resp.features[0].additional_configuration[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.features[0].additional_configuration[0].updated_at #=> Time
     #
@@ -2374,6 +2403,7 @@ module Aws::GuardDuty
     #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_list_name #=> String
     #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names #=> Array
     #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names[0] #=> String
+    #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_file_sha_256 #=> String
     #   resp.findings[0].service.archived #=> Boolean
     #   resp.findings[0].service.count #=> Integer
     #   resp.findings[0].service.detector_id #=> String
@@ -2497,6 +2527,11 @@ module Aws::GuardDuty
     #   resp.findings[0].service.runtime_details.context.iana_protocol_number #=> Integer
     #   resp.findings[0].service.runtime_details.context.memory_regions #=> Array
     #   resp.findings[0].service.runtime_details.context.memory_regions[0] #=> String
+    #   resp.findings[0].service.runtime_details.context.tool_name #=> String
+    #   resp.findings[0].service.runtime_details.context.tool_category #=> String
+    #   resp.findings[0].service.runtime_details.context.service_name #=> String
+    #   resp.findings[0].service.runtime_details.context.command_line_example #=> String
+    #   resp.findings[0].service.runtime_details.context.threat_file_path #=> String
     #   resp.findings[0].service.detection.anomaly.profiles #=> Hash
     #   resp.findings[0].service.detection.anomaly.profiles["String"] #=> Hash
     #   resp.findings[0].service.detection.anomaly.profiles["String"]["String"] #=> Array
@@ -2527,6 +2562,14 @@ module Aws::GuardDuty
     # Lists Amazon GuardDuty findings statistics for the specified detector
     # ID.
     #
+    # There might be regional differences because some flags might not be
+    # available in all the Regions where GuardDuty is currently supported.
+    # For more information, see [Regions and endpoints][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
+    #
     # @option params [required, String] :detector_id
     #   The ID of the detector that specifies the GuardDuty service whose
     #   findings' statistics you want to retrieve.
@@ -2768,7 +2811,7 @@ module Aws::GuardDuty
     #   resp.member_data_source_configurations[0].features[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.member_data_source_configurations[0].features[0].updated_at #=> Time
     #   resp.member_data_source_configurations[0].features[0].additional_configuration #=> Array
-    #   resp.member_data_source_configurations[0].features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"
+    #   resp.member_data_source_configurations[0].features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT"
     #   resp.member_data_source_configurations[0].features[0].additional_configuration[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.member_data_source_configurations[0].features[0].additional_configuration[0].updated_at #=> Time
     #   resp.unprocessed_accounts #=> Array
@@ -2831,12 +2874,12 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
-    # Retrieves how many active member accounts in your Amazon Web Services
-    # organization have each feature enabled within GuardDuty. Only a
-    # delegated GuardDuty administrator of an organization can run this API.
+    # Retrieves how many active member accounts have each feature enabled
+    # within GuardDuty. Only a delegated GuardDuty administrator of an
+    # organization can run this API.
     #
-    # When you create a new Amazon Web Services organization, it might take
-    # up to 24 hours to generate the statistics for the entire organization.
+    # When you create a new organization, it might take up to 24 hours to
+    # generate the statistics for the entire organization.
     #
     # @return [Types::GetOrganizationStatisticsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2853,7 +2896,7 @@ module Aws::GuardDuty
     #   resp.organization_details.organization_statistics.count_by_feature[0].name #=> String, one of "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING"
     #   resp.organization_details.organization_statistics.count_by_feature[0].enabled_accounts_count #=> Integer
     #   resp.organization_details.organization_statistics.count_by_feature[0].additional_configuration #=> Array
-    #   resp.organization_details.organization_statistics.count_by_feature[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"
+    #   resp.organization_details.organization_statistics.count_by_feature[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT"
     #   resp.organization_details.organization_statistics.count_by_feature[0].additional_configuration[0].enabled_accounts_count #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetOrganizationStatistics AWS API Documentation
@@ -3006,7 +3049,7 @@ module Aws::GuardDuty
     #       account_ids: ["AccountId"],
     #       data_sources: ["FLOW_LOGS"], # accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS, EC2_MALWARE_SCAN
     #       resources: ["String"],
-    #       features: ["FLOW_LOGS"], # accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_DATA_EVENTS, EKS_AUDIT_LOGS, EBS_MALWARE_PROTECTION, RDS_LOGIN_EVENTS, LAMBDA_NETWORK_LOGS, EKS_RUNTIME_MONITORING, FARGATE_RUNTIME_MONITORING, EC2_RUNTIME_MONITORING
+    #       features: ["FLOW_LOGS"], # accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_DATA_EVENTS, EKS_AUDIT_LOGS, EBS_MALWARE_PROTECTION, RDS_LOGIN_EVENTS, LAMBDA_NETWORK_LOGS, EKS_RUNTIME_MONITORING, FARGATE_RUNTIME_MONITORING, EC2_RUNTIME_MONITORING, RDS_DBI_PROTECTION_PROVISIONED, RDS_DBI_PROTECTION_SERVERLESS
     #     },
     #     unit: "String",
     #     max_results: 1,
@@ -3020,7 +3063,7 @@ module Aws::GuardDuty
     #   resp.usage_statistics.sum_by_account[0].total.amount #=> String
     #   resp.usage_statistics.sum_by_account[0].total.unit #=> String
     #   resp.usage_statistics.top_accounts_by_feature #=> Array
-    #   resp.usage_statistics.top_accounts_by_feature[0].feature #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "LAMBDA_NETWORK_LOGS", "EKS_RUNTIME_MONITORING", "FARGATE_RUNTIME_MONITORING", "EC2_RUNTIME_MONITORING"
+    #   resp.usage_statistics.top_accounts_by_feature[0].feature #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "LAMBDA_NETWORK_LOGS", "EKS_RUNTIME_MONITORING", "FARGATE_RUNTIME_MONITORING", "EC2_RUNTIME_MONITORING", "RDS_DBI_PROTECTION_PROVISIONED", "RDS_DBI_PROTECTION_SERVERLESS"
     #   resp.usage_statistics.top_accounts_by_feature[0].accounts #=> Array
     #   resp.usage_statistics.top_accounts_by_feature[0].accounts[0].account_id #=> String
     #   resp.usage_statistics.top_accounts_by_feature[0].accounts[0].total.amount #=> String
@@ -3038,7 +3081,7 @@ module Aws::GuardDuty
     #   resp.usage_statistics.top_resources[0].total.amount #=> String
     #   resp.usage_statistics.top_resources[0].total.unit #=> String
     #   resp.usage_statistics.sum_by_feature #=> Array
-    #   resp.usage_statistics.sum_by_feature[0].feature #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "LAMBDA_NETWORK_LOGS", "EKS_RUNTIME_MONITORING", "FARGATE_RUNTIME_MONITORING", "EC2_RUNTIME_MONITORING"
+    #   resp.usage_statistics.sum_by_feature[0].feature #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "LAMBDA_NETWORK_LOGS", "EKS_RUNTIME_MONITORING", "FARGATE_RUNTIME_MONITORING", "EC2_RUNTIME_MONITORING", "RDS_DBI_PROTECTION_PROVISIONED", "RDS_DBI_PROTECTION_SERVERLESS"
     #   resp.usage_statistics.sum_by_feature[0].total.amount #=> String
     #   resp.usage_statistics.sum_by_feature[0].total.unit #=> String
     #   resp.next_token #=> String
@@ -3076,6 +3119,19 @@ module Aws::GuardDuty
     # associated with a member account, you must also invoke
     # [DeleteMembers][5].
     #
+    # If you disassociate a member account that was added by invitation, the
+    # member account details obtained from this API, including the
+    # associated email addresses, will be retained. This is done so that the
+    # delegated administrator can invoke the [InviteMembers][6] API without
+    # the need to invoke the CreateMembers API again. To remove the details
+    # associated with a member account, the delegated administrator must
+    # invoke the [DeleteMembers][5] API.
+    #
+    # When the member accounts added through Organizations are later
+    # disassociated, you (administrator) can't invite them by calling the
+    # InviteMembers API. You can create an association with these member
+    # accounts again only by calling the CreateMembers API.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html
@@ -3083,6 +3139,7 @@ module Aws::GuardDuty
     # [3]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DisassociateMembers.html
     # [4]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html
     # [5]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html
+    # [6]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html
     #
     # @option params [required, String] :detector_id
     #   The unique ID of the detector of the GuardDuty account that you want
@@ -3315,7 +3372,15 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
-    # Lists Amazon GuardDuty findings for the specified detector ID.
+    # Lists GuardDuty findings for the specified detector ID.
+    #
+    # There might be regional differences because some flags might not be
+    # available in all the Regions where GuardDuty is currently supported.
+    # For more information, see [Regions and endpoints][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
     #
     # @option params [required, String] :detector_id
     #   The ID of the detector that specifies the GuardDuty service whose
@@ -3836,11 +3901,16 @@ module Aws::GuardDuty
     end
 
     # Initiates the malware scan. Invoking this API will automatically
-    # create the [Service-linked role ][1] in the corresponding account.
+    # create the [Service-linked role][1] in the corresponding account.
+    #
+    # When the malware scan starts, you can use the associated scan ID to
+    # track the status of the scan. For more information, see
+    # [DescribeMalwareScans][2].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/slr-permissions-malware-protection.html
+    # [2]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DescribeMalwareScans.html
     #
     # @option params [required, String] :resource_arn
     #   Amazon Resource Name (ARN) of the resource for which you invoked the
@@ -4033,16 +4103,23 @@ module Aws::GuardDuty
       req.send_request(options)
     end
 
-    # Updates the Amazon GuardDuty detector specified by the detectorId.
+    # Updates the GuardDuty detector specified by the detector ID.
+    #
+    # Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and
+    # Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can
+    # add only one of these two features because Runtime Monitoring already
+    # includes the threat detection for Amazon EKS resources. For more
+    # information, see [Runtime Monitoring][1].
     #
     # There might be regional differences because some data sources might
     # not be available in all the Amazon Web Services Regions where
     # GuardDuty is presently supported. For more information, see [Regions
-    # and endpoints][1].
+    # and endpoints][2].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html
+    # [2]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
     #
     # @option params [required, String] :detector_id
     #   The unique ID of the detector to update.
@@ -4098,7 +4175,7 @@ module Aws::GuardDuty
     #         status: "ENABLED", # accepts ENABLED, DISABLED
     #         additional_configuration: [
     #           {
-    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT
+    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT, EC2_AGENT_MANAGEMENT
     #             status: "ENABLED", # accepts ENABLED, DISABLED
     #           },
     #         ],
@@ -4328,14 +4405,21 @@ module Aws::GuardDuty
 
     # Contains information on member accounts to be updated.
     #
+    # Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and
+    # Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can
+    # add only one of these two features because Runtime Monitoring already
+    # includes the threat detection for Amazon EKS resources. For more
+    # information, see [Runtime Monitoring][1].
+    #
     # There might be regional differences because some data sources might
     # not be available in all the Amazon Web Services Regions where
     # GuardDuty is presently supported. For more information, see [Regions
-    # and endpoints][1].
+    # and endpoints][2].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html
+    # [2]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
     #
     # @option params [required, String] :detector_id
     #   The detector ID of the administrator account.
@@ -4380,7 +4464,7 @@ module Aws::GuardDuty
     #         status: "ENABLED", # accepts ENABLED, DISABLED
     #         additional_configuration: [
     #           {
-    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT
+    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT, EC2_AGENT_MANAGEMENT
     #             status: "ENABLED", # accepts ENABLED, DISABLED
     #           },
     #         ],
@@ -4407,14 +4491,21 @@ module Aws::GuardDuty
     # values. You must provide a value for either
     # `autoEnableOrganizationMembers` or `autoEnable`, but not both.
     #
+    # Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and
+    # Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can
+    # add only one of these two features because Runtime Monitoring already
+    # includes the threat detection for Amazon EKS resources. For more
+    # information, see [Runtime Monitoring][1].
+    #
     # There might be regional differences because some data sources might
     # not be available in all the Amazon Web Services Regions where
     # GuardDuty is presently supported. For more information, see [Regions
-    # and endpoints][1].
+    # and endpoints][2].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html
+    # [2]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
     #
     # @option params [required, String] :detector_id
     #   The ID of the detector that configures the delegated administrator.
@@ -4457,6 +4548,13 @@ module Aws::GuardDuty
     #     for any account in the organization. The administrator must manage
     #     GuardDuty for each account in the organization individually.
     #
+    #     When you update the auto-enable setting from `ALL` or `NEW` to
+    #     `NONE`, this action doesn't disable the corresponding option for
+    #     your existing accounts. This configuration will apply to the new
+    #     accounts that join the organization. After you update the
+    #     auto-enable settings, no new account will have the corresponding
+    #     option as enabled.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
@@ -4487,7 +4585,7 @@ module Aws::GuardDuty
     #         auto_enable: "NEW", # accepts NEW, NONE, ALL
     #         additional_configuration: [
     #           {
-    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT
+    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT, EC2_AGENT_MANAGEMENT
     #             auto_enable: "NEW", # accepts NEW, NONE, ALL
     #           },
     #         ],
@@ -4596,7 +4694,7 @@ module Aws::GuardDuty
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-guardduty'
-      context[:gem_version] = '1.87.0'
+      context[:gem_version] = '1.89.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-guardduty/client_api.rb

@@ -411,6 +411,7 @@ module Aws::GuardDuty
     SecurityContext = Shapes::StructureShape.new(name: 'SecurityContext')
     SecurityGroup = Shapes::StructureShape.new(name: 'SecurityGroup')
     SecurityGroups = Shapes::ListShape.new(name: 'SecurityGroups')
+    SensitiveString = Shapes::StringShape.new(name: 'SensitiveString')
     Service = Shapes::StructureShape.new(name: 'Service')
     ServiceAdditionalInfo = Shapes::StructureShape.new(name: 'ServiceAdditionalInfo')
     SessionNameList = Shapes::ListShape.new(name: 'SessionNameList')
@@ -1524,7 +1525,7 @@ module Aws::GuardDuty
     ListThreatIntelSetsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
     ListThreatIntelSetsResponse.struct_class = Types::ListThreatIntelSetsResponse
 
-    LocalIpDetails.add_member(:ip_address_v4, Shapes::ShapeRef.new(shape: String, location_name: "ipAddressV4"))
+    LocalIpDetails.add_member(:ip_address_v4, Shapes::ShapeRef.new(shape: SensitiveString, location_name: "ipAddressV4"))
     LocalIpDetails.struct_class = Types::LocalIpDetails
 
     LocalPortDetails.add_member(:port, Shapes::ShapeRef.new(shape: Integer, location_name: "port"))
@@ -1620,7 +1621,7 @@ module Aws::GuardDuty
     NetworkInterface.add_member(:ipv_6_addresses, Shapes::ShapeRef.new(shape: Ipv6Addresses, location_name: "ipv6Addresses"))
     NetworkInterface.add_member(:network_interface_id, Shapes::ShapeRef.new(shape: String, location_name: "networkInterfaceId"))
     NetworkInterface.add_member(:private_dns_name, Shapes::ShapeRef.new(shape: String, location_name: "privateDnsName"))
-    NetworkInterface.add_member(:private_ip_address, Shapes::ShapeRef.new(shape: String, location_name: "privateIpAddress"))
+    NetworkInterface.add_member(:private_ip_address, Shapes::ShapeRef.new(shape: SensitiveString, location_name: "privateIpAddress"))
     NetworkInterface.add_member(:private_ip_addresses, Shapes::ShapeRef.new(shape: PrivateIpAddresses, location_name: "privateIpAddresses"))
     NetworkInterface.add_member(:public_dns_name, Shapes::ShapeRef.new(shape: String, location_name: "publicDnsName"))
     NetworkInterface.add_member(:public_ip, Shapes::ShapeRef.new(shape: String, location_name: "publicIp"))
@@ -1759,7 +1760,7 @@ module Aws::GuardDuty
     PortProbeDetails.member = Shapes::ShapeRef.new(shape: PortProbeDetail)
 
     PrivateIpAddressDetails.add_member(:private_dns_name, Shapes::ShapeRef.new(shape: String, location_name: "privateDnsName"))
-    PrivateIpAddressDetails.add_member(:private_ip_address, Shapes::ShapeRef.new(shape: String, location_name: "privateIpAddress"))
+    PrivateIpAddressDetails.add_member(:private_ip_address, Shapes::ShapeRef.new(shape: SensitiveString, location_name: "privateIpAddress"))
     PrivateIpAddressDetails.struct_class = Types::PrivateIpAddressDetails
 
     PrivateIpAddresses.member = Shapes::ShapeRef.new(shape: PrivateIpAddressDetails)
@@ -1815,7 +1816,7 @@ module Aws::GuardDuty
     RemoteIpDetails.add_member(:city, Shapes::ShapeRef.new(shape: City, location_name: "city"))
     RemoteIpDetails.add_member(:country, Shapes::ShapeRef.new(shape: Country, location_name: "country"))
     RemoteIpDetails.add_member(:geo_location, Shapes::ShapeRef.new(shape: GeoLocation, location_name: "geoLocation"))
-    RemoteIpDetails.add_member(:ip_address_v4, Shapes::ShapeRef.new(shape: String, location_name: "ipAddressV4"))
+    RemoteIpDetails.add_member(:ip_address_v4, Shapes::ShapeRef.new(shape: SensitiveString, location_name: "ipAddressV4"))
     RemoteIpDetails.add_member(:organization, Shapes::ShapeRef.new(shape: Organization, location_name: "organization"))
     RemoteIpDetails.struct_class = Types::RemoteIpDetails
 
@@ -1862,6 +1863,11 @@ module Aws::GuardDuty
     RuntimeContext.add_member(:address_family, Shapes::ShapeRef.new(shape: String, location_name: "addressFamily"))
     RuntimeContext.add_member(:iana_protocol_number, Shapes::ShapeRef.new(shape: Integer, location_name: "ianaProtocolNumber"))
     RuntimeContext.add_member(:memory_regions, Shapes::ShapeRef.new(shape: MemoryRegionsList, location_name: "memoryRegions"))
+    RuntimeContext.add_member(:tool_name, Shapes::ShapeRef.new(shape: String, location_name: "toolName"))
+    RuntimeContext.add_member(:tool_category, Shapes::ShapeRef.new(shape: String, location_name: "toolCategory"))
+    RuntimeContext.add_member(:service_name, Shapes::ShapeRef.new(shape: String, location_name: "serviceName"))
+    RuntimeContext.add_member(:command_line_example, Shapes::ShapeRef.new(shape: String, location_name: "commandLineExample"))
+    RuntimeContext.add_member(:threat_file_path, Shapes::ShapeRef.new(shape: String, location_name: "threatFilePath"))
     RuntimeContext.struct_class = Types::RuntimeContext
 
     RuntimeDetails.add_member(:process, Shapes::ShapeRef.new(shape: ProcessDetails, location_name: "process"))
@@ -2043,6 +2049,7 @@ module Aws::GuardDuty
 
     ThreatIntelligenceDetail.add_member(:threat_list_name, Shapes::ShapeRef.new(shape: String, location_name: "threatListName"))
     ThreatIntelligenceDetail.add_member(:threat_names, Shapes::ShapeRef.new(shape: ThreatNames, location_name: "threatNames"))
+    ThreatIntelligenceDetail.add_member(:threat_file_sha_256, Shapes::ShapeRef.new(shape: String, location_name: "threatFileSha256"))
     ThreatIntelligenceDetail.struct_class = Types::ThreatIntelligenceDetail
 
     ThreatIntelligenceDetails.member = Shapes::ShapeRef.new(shape: ThreatIntelligenceDetail)

data/lib/aws-sdk-guardduty/types.rb

@@ -151,7 +151,7 @@ module Aws::GuardDuty
     class AccountDetail < Struct.new(
       :account_id,
       :email)
-      SENSITIVE = []
+      SENSITIVE = [:email]
       include Aws::Structure
     end
 
@@ -808,20 +808,9 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
-    # <note markdown="1"> This API is also used when you use GuardDuty Runtime Monitoring for
-    # your Amazon EC2 instances (currently in preview release) and is
-    # subject to change. The use of this API is subject to Section 2 of the
-    # [Amazon Web Services Service Terms][1] ("Betas and Previews").
-    #
-    #  </note>
-    #
     # Contains information about the Amazon EC2 instance runtime coverage
     # details.
     #
-    #
-    #
-    # [1]: http://aws.amazon.com/service-terms/
-    #
     # @!attribute [rw] instance_id
     #   The Amazon EC2 instance ID.
     #   @return [String]
@@ -1062,19 +1051,8 @@ module Aws::GuardDuty
     #   @return [Types::CoverageEcsClusterDetails]
     #
     # @!attribute [rw] ec2_instance_details
-    #   <note markdown="1"> This API is also used when you use GuardDuty Runtime Monitoring for
-    #   your Amazon EC2 instances (currently in preview release) and is
-    #   subject to change. The use of this API is subject to Section 2 of
-    #   the [Amazon Web Services Service Terms][1] ("Betas and Previews").
-    #
-    #    </note>
-    #
     #   Information about the Amazon EC2 instance assessed for runtime
     #   coverage.
-    #
-    #
-    #
-    #   [1]: http://aws.amazon.com/service-terms/
     #   @return [Types::CoverageEc2InstanceDetails]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CoverageResourceDetails AWS API Documentation
@@ -2172,20 +2150,31 @@ module Aws::GuardDuty
     #   @return [String]
     #
     # @!attribute [rw] auto_enable_organization_members
-    #   Indicates the auto-enablement configuration of GuardDuty for the
-    #   member accounts in the organization.
+    #   Indicates the auto-enablement configuration of GuardDuty or any of
+    #   the corresponding protection plans for the member accounts in the
+    #   organization.
     #
     #   * `NEW`: Indicates that when a new account joins the organization,
-    #     they will have GuardDuty enabled automatically.
+    #     they will have GuardDuty or any of the corresponding protection
+    #     plans enabled automatically.
     #
     #   * `ALL`: Indicates that all accounts in the organization have
-    #     GuardDuty enabled automatically. This includes `NEW` accounts that
-    #     join the organization and accounts that may have been suspended or
-    #     removed from the organization in GuardDuty.
+    #     GuardDuty and any of the corresponding protection plans enabled
+    #     automatically. This includes `NEW` accounts that join the
+    #     organization and accounts that may have been suspended or removed
+    #     from the organization in GuardDuty.
     #
-    #   * `NONE`: Indicates that GuardDuty will not be automatically enabled
-    #     for any account in the organization. The administrator must manage
-    #     GuardDuty for each account in the organization individually.
+    #   * `NONE`: Indicates that GuardDuty or any of the corresponding
+    #     protection plans will not be automatically enabled for any account
+    #     in the organization. The administrator must manage GuardDuty for
+    #     each account in the organization individually.
+    #
+    #     When you update the auto-enable setting from `ALL` or `NEW` to
+    #     `NONE`, this action doesn't disable the corresponding option for
+    #     your existing accounts. This configuration will apply to the new
+    #     accounts that join the organization. After you update the
+    #     auto-enable settings, no new account will have the corresponding
+    #     option as enabled.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeOrganizationConfigurationResponse AWS API Documentation
@@ -2366,6 +2355,16 @@ module Aws::GuardDuty
 
     # Contains information about a GuardDuty feature.
     #
+    # Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and
+    # Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can
+    # add only one of these two features because Runtime Monitoring already
+    # includes the threat detection for Amazon EKS resources. For more
+    # information, see [Runtime Monitoring][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html
+    #
     # @!attribute [rw] name
     #   The name of the feature.
     #   @return [String]
@@ -2390,6 +2389,16 @@ module Aws::GuardDuty
 
     # Contains information about a GuardDuty feature.
     #
+    # Specifying both EKS Runtime Monitoring (`EKS_RUNTIME_MONITORING`) and
+    # Runtime Monitoring (`RUNTIME_MONITORING`) will cause an error. You can
+    # add only one of these two features because Runtime Monitoring already
+    # includes the threat detection for Amazon EKS resources. For more
+    # information, see [Runtime Monitoring][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html
+    #
     # @!attribute [rw] name
     #   Indicates the name of the feature that can be enabled for the
     #   detector.
@@ -2518,7 +2527,12 @@ module Aws::GuardDuty
     #
     # @!attribute [rw] domain_with_suffix
     #   The second and top level domain involved in the activity that
-    #   prompted GuardDuty to generate this finding.
+    #   potentially prompted GuardDuty to generate this finding. For a list
+    #   of top-level and second-level domains, see [public suffix list][1].
+    #
+    #
+    #
+    #   [1]: https://publicsuffix.org/
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DnsRequestAction AWS API Documentation
@@ -5029,7 +5043,7 @@ module Aws::GuardDuty
     #
     class LocalIpDetails < Struct.new(
       :ip_address_v4)
-      SENSITIVE = []
+      SENSITIVE = [:ip_address_v4]
       include Aws::Structure
     end
 
@@ -5212,7 +5226,7 @@ module Aws::GuardDuty
       :invited_at,
       :updated_at,
       :administrator_id)
-      SENSITIVE = []
+      SENSITIVE = [:email]
       include Aws::Structure
     end
 
@@ -5445,7 +5459,7 @@ module Aws::GuardDuty
       :security_groups,
       :subnet_id,
       :vpc_id)
-      SENSITIVE = []
+      SENSITIVE = [:private_ip_address]
       include Aws::Structure
     end
 
@@ -6108,7 +6122,7 @@ module Aws::GuardDuty
     class PrivateIpAddressDetails < Struct.new(
       :private_dns_name,
       :private_ip_address)
-      SENSITIVE = []
+      SENSITIVE = [:private_ip_address]
       include Aws::Structure
     end
 
@@ -6381,7 +6395,7 @@ module Aws::GuardDuty
       :geo_location,
       :ip_address_v4,
       :organization)
-      SENSITIVE = []
+      SENSITIVE = [:ip_address_v4]
       include Aws::Structure
     end
 
@@ -6586,6 +6600,28 @@ module Aws::GuardDuty
     #   heap.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] tool_name
+    #   Name of the potentially suspicious tool.
+    #   @return [String]
+    #
+    # @!attribute [rw] tool_category
+    #   Category that the tool belongs to. Some of the examples are Backdoor
+    #   Tool, Pentest Tool, Network Scanner, and Network Sniffer.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_name
+    #   Name of the security service that has been potentially disabled.
+    #   @return [String]
+    #
+    # @!attribute [rw] command_line_example
+    #   Example of the command line involved in the suspicious activity.
+    #   @return [String]
+    #
+    # @!attribute [rw] threat_file_path
+    #   The suspicious file path for which the threat intelligence details
+    #   were found.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/RuntimeContext AWS API Documentation
     #
     class RuntimeContext < Struct.new(
@@ -6608,7 +6644,12 @@ module Aws::GuardDuty
       :target_process,
       :address_family,
       :iana_protocol_number,
-      :memory_regions)
+      :memory_regions,
+      :tool_name,
+      :tool_category,
+      :service_name,
+      :command_line_example,
+      :threat_file_path)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7357,11 +7398,16 @@ module Aws::GuardDuty
     #   triggered the finding.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] threat_file_sha_256
+    #   SHA256 of the file that generated the finding.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatIntelligenceDetail AWS API Documentation
     #
     class ThreatIntelligenceDetail < Struct.new(
       :threat_list_name,
-      :threat_names)
+      :threat_names,
+      :threat_file_sha_256)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7783,6 +7829,13 @@ module Aws::GuardDuty
     #   * `NONE`: Indicates that GuardDuty will not be automatically enabled
     #     for any account in the organization. The administrator must manage
     #     GuardDuty for each account in the organization individually.
+    #
+    #     When you update the auto-enable setting from `ALL` or `NEW` to
+    #     `NONE`, this action doesn't disable the corresponding option for
+    #     your existing accounts. This configuration will apply to the new
+    #     accounts that join the organization. After you update the
+    #     auto-enable settings, no new account will have the corresponding
+    #     option as enabled.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateOrganizationConfigurationRequest AWS API Documentation

data/lib/aws-sdk-guardduty.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-guardduty/customizations'
 # @!group service
 module Aws::GuardDuty
 
-  GEM_VERSION = '1.87.0'
+  GEM_VERSION = '1.89.0'
 
 end

data/sig/client.rbs

@@ -136,7 +136,7 @@ module Aws
                                  status: ("ENABLED" | "DISABLED")?,
                                  additional_configuration: Array[
                                    {
-                                     name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")?,
+                                     name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")?,
                                      status: ("ENABLED" | "DISABLED")?
                                    },
                                  ]?
@@ -663,7 +663,7 @@ module Aws
                                     account_ids: Array[::String]?,
                                     data_sources: Array[("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_LOGS" | "KUBERNETES_AUDIT_LOGS" | "EC2_MALWARE_SCAN")]?,
                                     resources: Array[::String]?,
-                                    features: Array[("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "EBS_MALWARE_PROTECTION" | "RDS_LOGIN_EVENTS" | "LAMBDA_NETWORK_LOGS" | "EKS_RUNTIME_MONITORING" | "FARGATE_RUNTIME_MONITORING" | "EC2_RUNTIME_MONITORING")]?
+                                    features: Array[("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "EBS_MALWARE_PROTECTION" | "RDS_LOGIN_EVENTS" | "LAMBDA_NETWORK_LOGS" | "EKS_RUNTIME_MONITORING" | "FARGATE_RUNTIME_MONITORING" | "EC2_RUNTIME_MONITORING" | "RDS_DBI_PROTECTION_PROVISIONED" | "RDS_DBI_PROTECTION_SERVERLESS")]?
                                   },
                                   ?unit: ::String,
                                   ?max_results: ::Integer,
@@ -948,7 +948,7 @@ module Aws
                                  status: ("ENABLED" | "DISABLED")?,
                                  additional_configuration: Array[
                                    {
-                                     name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")?,
+                                     name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")?,
                                      status: ("ENABLED" | "DISABLED")?
                                    },
                                  ]?
@@ -1069,7 +1069,7 @@ module Aws
                                          status: ("ENABLED" | "DISABLED")?,
                                          additional_configuration: Array[
                                            {
-                                             name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")?,
+                                             name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")?,
                                              status: ("ENABLED" | "DISABLED")?
                                            },
                                          ]?
@@ -1108,7 +1108,7 @@ module Aws
                                                    auto_enable: ("NEW" | "NONE" | "ALL")?,
                                                    additional_configuration: Array[
                                                      {
-                                                       name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")?,
+                                                       name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")?,
                                                        auto_enable: ("NEW" | "NONE" | "ALL")?
                                                      },
                                                    ]?

data/sig/types.rbs

@@ -51,7 +51,7 @@ module Aws::GuardDuty
     class AccountDetail
       attr_accessor account_id: ::String
       attr_accessor email: ::String
-      SENSITIVE: []
+      SENSITIVE: [:email]
     end
 
     class AccountFreeTrialInfo
@@ -582,13 +582,13 @@ module Aws::GuardDuty
     end
 
     class DetectorAdditionalConfiguration
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor status: ("ENABLED" | "DISABLED")
       SENSITIVE: []
     end
 
     class DetectorAdditionalConfigurationResult
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor status: ("ENABLED" | "DISABLED")
       attr_accessor updated_at: ::Time
       SENSITIVE: []
@@ -1325,7 +1325,7 @@ module Aws::GuardDuty
 
     class LocalIpDetails
       attr_accessor ip_address_v4: ::String
-      SENSITIVE: []
+      SENSITIVE: [:ip_address_v4]
     end
 
     class LocalPortDetails
@@ -1375,17 +1375,17 @@ module Aws::GuardDuty
       attr_accessor invited_at: ::String
       attr_accessor updated_at: ::String
       attr_accessor administrator_id: ::String
-      SENSITIVE: []
+      SENSITIVE: [:email]
     end
 
     class MemberAdditionalConfiguration
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor status: ("ENABLED" | "DISABLED")
       SENSITIVE: []
     end
 
     class MemberAdditionalConfigurationResult
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor status: ("ENABLED" | "DISABLED")
       attr_accessor updated_at: ::Time
       SENSITIVE: []
@@ -1435,7 +1435,7 @@ module Aws::GuardDuty
       attr_accessor security_groups: ::Array[Types::SecurityGroup]
       attr_accessor subnet_id: ::String
       attr_accessor vpc_id: ::String
-      SENSITIVE: []
+      SENSITIVE: [:private_ip_address]
     end
 
     class Observations
@@ -1452,13 +1452,13 @@ module Aws::GuardDuty
     end
 
     class OrganizationAdditionalConfiguration
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor auto_enable: ("NEW" | "NONE" | "ALL")
       SENSITIVE: []
     end
 
     class OrganizationAdditionalConfigurationResult
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor auto_enable: ("NEW" | "NONE" | "ALL")
       SENSITIVE: []
     end
@@ -1515,7 +1515,7 @@ module Aws::GuardDuty
     end
 
     class OrganizationFeatureStatisticsAdditionalConfiguration
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor enabled_accounts_count: ::Integer
       SENSITIVE: []
     end
@@ -1606,7 +1606,7 @@ module Aws::GuardDuty
     class PrivateIpAddressDetails
       attr_accessor private_dns_name: ::String
       attr_accessor private_ip_address: ::String
-      SENSITIVE: []
+      SENSITIVE: [:private_ip_address]
     end
 
     class ProcessDetails
@@ -1675,7 +1675,7 @@ module Aws::GuardDuty
       attr_accessor geo_location: Types::GeoLocation
       attr_accessor ip_address_v4: ::String
       attr_accessor organization: Types::Organization
-      SENSITIVE: []
+      SENSITIVE: [:ip_address_v4]
     end
 
     class RemotePortDetails
@@ -1726,6 +1726,11 @@ module Aws::GuardDuty
       attr_accessor address_family: ::String
       attr_accessor iana_protocol_number: ::Integer
       attr_accessor memory_regions: ::Array[::String]
+      attr_accessor tool_name: ::String
+      attr_accessor tool_category: ::String
+      attr_accessor service_name: ::String
+      attr_accessor command_line_example: ::String
+      attr_accessor threat_file_path: ::String
       SENSITIVE: []
     end
 
@@ -1940,6 +1945,7 @@ module Aws::GuardDuty
     class ThreatIntelligenceDetail
       attr_accessor threat_list_name: ::String
       attr_accessor threat_names: ::Array[::String]
+      attr_accessor threat_file_sha_256: ::String
       SENSITIVE: []
     end
 
@@ -2106,7 +2112,7 @@ module Aws::GuardDuty
       attr_accessor account_ids: ::Array[::String]
       attr_accessor data_sources: ::Array[("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_LOGS" | "KUBERNETES_AUDIT_LOGS" | "EC2_MALWARE_SCAN")]
       attr_accessor resources: ::Array[::String]
-      attr_accessor features: ::Array[("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "EBS_MALWARE_PROTECTION" | "RDS_LOGIN_EVENTS" | "LAMBDA_NETWORK_LOGS" | "EKS_RUNTIME_MONITORING" | "FARGATE_RUNTIME_MONITORING" | "EC2_RUNTIME_MONITORING")]
+      attr_accessor features: ::Array[("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "EBS_MALWARE_PROTECTION" | "RDS_LOGIN_EVENTS" | "LAMBDA_NETWORK_LOGS" | "EKS_RUNTIME_MONITORING" | "FARGATE_RUNTIME_MONITORING" | "EC2_RUNTIME_MONITORING" | "RDS_DBI_PROTECTION_PROVISIONED" | "RDS_DBI_PROTECTION_SERVERLESS")]
       SENSITIVE: []
     end
 
@@ -2117,7 +2123,7 @@ module Aws::GuardDuty
     end
 
     class UsageFeatureResult
-      attr_accessor feature: ("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "EBS_MALWARE_PROTECTION" | "RDS_LOGIN_EVENTS" | "LAMBDA_NETWORK_LOGS" | "EKS_RUNTIME_MONITORING" | "FARGATE_RUNTIME_MONITORING" | "EC2_RUNTIME_MONITORING")
+      attr_accessor feature: ("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "EBS_MALWARE_PROTECTION" | "RDS_LOGIN_EVENTS" | "LAMBDA_NETWORK_LOGS" | "EKS_RUNTIME_MONITORING" | "FARGATE_RUNTIME_MONITORING" | "EC2_RUNTIME_MONITORING" | "RDS_DBI_PROTECTION_PROVISIONED" | "RDS_DBI_PROTECTION_SERVERLESS")
       attr_accessor total: Types::Total
       SENSITIVE: []
     end
@@ -2145,7 +2151,7 @@ module Aws::GuardDuty
     end
 
     class UsageTopAccountsResult
-      attr_accessor feature: ("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "EBS_MALWARE_PROTECTION" | "RDS_LOGIN_EVENTS" | "LAMBDA_NETWORK_LOGS" | "EKS_RUNTIME_MONITORING" | "FARGATE_RUNTIME_MONITORING" | "EC2_RUNTIME_MONITORING")
+      attr_accessor feature: ("FLOW_LOGS" | "CLOUD_TRAIL" | "DNS_LOGS" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "EBS_MALWARE_PROTECTION" | "RDS_LOGIN_EVENTS" | "LAMBDA_NETWORK_LOGS" | "EKS_RUNTIME_MONITORING" | "FARGATE_RUNTIME_MONITORING" | "EC2_RUNTIME_MONITORING" | "RDS_DBI_PROTECTION_PROVISIONED" | "RDS_DBI_PROTECTION_SERVERLESS")
       attr_accessor accounts: ::Array[Types::UsageTopAccountResult]
       SENSITIVE: []
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-guardduty
 version: !ruby/object:Gem::Version
-  version: 1.87.0
+  version: 1.89.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-26 00:00:00.000000000 Z
+date: 2024-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core