aws-sdk-guardduty 1.88.0 → 1.90.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 28923545ec34a8af51b106dc0fa4c9326ef492d36070cabce028bc8bf14f4a19
-  data.tar.gz: df08c8678d87a34a7b1e04625ca036fa909ca87a34abc8152e1a306a18fd136d
+  metadata.gz: 07402bf7edfab9f177dd02dffdbc46ca4f7c994dd482d4e93ed1a0626e343373
+  data.tar.gz: 4126992953191c97d2e17420fa6a6d5b505ab30ac90cd3b824b3d5bb847f97a8
 SHA512:
-  metadata.gz: 7c5d903c115033a8f8a5525dcbe9ee3efa96812cd12370c3a3ac4470a30100fe1150f487386d2d0d5306a2dc1e616cd54c07c2e0fb0472e612620a7a83ddd3c7
-  data.tar.gz: 51d1132514814621b33667a03d30491d69bfff524922af9ee22a1adcbf1c11f78c191b0d155ccb3db2a58474b1795c26d218543ccdf8d412daa12cd1a015cdaf
+  metadata.gz: f00e87dffb8ad864371b690896cb0571d6fa1bd6f6a1f3a3300328bb4959221ed15d28ce885133dfdfb1ed5363a6a4677263060a79aac873484bc6ad8abc5d01
+  data.tar.gz: 23b7d615533735ac18a0fbb00ef3e61cf74c96474ee8c267e7077bd264ec639ad433ce35e538aec23d3fcfa77ff1d9a923c5d1f5a9352908c645d6ba58cb1dd1

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.90.0 (2024-04-18)
+------------------
+
+* Feature - Added IPv6Address fields for local and remote IP addresses
+
+1.89.0 (2024-03-28)
+------------------
+
+* Feature - Add EC2 support for GuardDuty Runtime Monitoring auto management.
+
 1.88.0 (2024-03-08)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.88.0
+1.90.0

data/lib/aws-sdk-guardduty/client.rb

@@ -582,7 +582,7 @@ module Aws::GuardDuty
     #         status: "ENABLED", # accepts ENABLED, DISABLED
     #         additional_configuration: [
     #           {
-    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT
+    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT, EC2_AGENT_MANAGEMENT
     #             status: "ENABLED", # accepts ENABLED, DISABLED
     #           },
     #         ],
@@ -735,6 +735,8 @@ module Aws::GuardDuty
     #
     #   * service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
     #
+    #   * service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
+    #
     #   * service.action.awsApiCallAction.remoteIpDetails.organization.asn
     #
     #   * service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
@@ -759,6 +761,8 @@ module Aws::GuardDuty
     #
     #   * service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
     #
+    #   * service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
+    #
     #   * service.action.networkConnectionAction.remoteIpDetails.organization.asn
     #
     #   * service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
@@ -769,6 +773,8 @@ module Aws::GuardDuty
     #
     #   * service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
     #
+    #   * service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
+    #
     #   * service.action.kubernetesApiCallAction.namespace
     #
     #   * service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
@@ -779,6 +785,8 @@ module Aws::GuardDuty
     #
     #   * service.action.networkConnectionAction.localIpDetails.ipAddressV4
     #
+    #   * service.action.networkConnectionAction.localIpDetails.ipAddressV6
+    #
     #   * service.action.networkConnectionAction.protocol
     #
     #   * service.action.awsApiCallAction.serviceName
@@ -990,18 +998,19 @@ module Aws::GuardDuty
     # existing auto-enable settings for your organization, see
     # [DescribeOrganizationConfiguration][1].
     #
-    # If you are adding accounts by invitation, before using
-    # [InviteMembers][2], use `CreateMembers` after GuardDuty has been
-    # enabled in potential member accounts.
-    #
-    # If you disassociate a member from a GuardDuty delegated administrator,
-    # the member account details obtained from this API, including the
+    # If you disassociate a member account that was added by invitation, the
+    # member account details obtained from this API, including the
     # associated email addresses, will be retained. This is done so that the
     # delegated administrator can invoke the [InviteMembers][2] API without
     # the need to invoke the CreateMembers API again. To remove the details
     # associated with a member account, the delegated administrator must
     # invoke the [DeleteMembers][3] API.
     #
+    # When the member accounts added through Organizations are later
+    # disassociated, you (administrator) can't invite them by calling the
+    # InviteMembers API. You can create an association with these member
+    # accounts again only by calling the CreateMembers API.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DescribeOrganizationConfiguration.html
@@ -1591,7 +1600,7 @@ module Aws::GuardDuty
     #   resp.features[0].name #=> String, one of "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING"
     #   resp.features[0].auto_enable #=> String, one of "NEW", "NONE", "ALL"
     #   resp.features[0].additional_configuration #=> Array
-    #   resp.features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"
+    #   resp.features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT"
     #   resp.features[0].additional_configuration[0].auto_enable #=> String, one of "NEW", "NONE", "ALL"
     #   resp.next_token #=> String
     #   resp.auto_enable_organization_members #=> String, one of "NEW", "ALL", "NONE"
@@ -1770,6 +1779,19 @@ module Aws::GuardDuty
     # disassociate a member account before removing them from your
     # organization.
     #
+    # If you disassociate a member account that was added by invitation, the
+    # member account details obtained from this API, including the
+    # associated email addresses, will be retained. This is done so that the
+    # delegated administrator can invoke the [InviteMembers][2] API without
+    # the need to invoke the CreateMembers API again. To remove the details
+    # associated with a member account, the delegated administrator must
+    # invoke the [DeleteMembers][3] API.
+    #
+    # When the member accounts added through Organizations are later
+    # disassociated, you (administrator) can't invite them by calling the
+    # InviteMembers API. You can create an association with these member
+    # accounts again only by calling the CreateMembers API.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html
@@ -1979,7 +2001,7 @@ module Aws::GuardDuty
     #   resp.features[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.features[0].updated_at #=> Time
     #   resp.features[0].additional_configuration #=> Array
-    #   resp.features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"
+    #   resp.features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT"
     #   resp.features[0].additional_configuration[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.features[0].additional_configuration[0].updated_at #=> Time
     #
@@ -2291,6 +2313,7 @@ module Aws::GuardDuty
     #   resp.findings[0].service.action.aws_api_call_action.remote_ip_details.geo_location.lat #=> Float
     #   resp.findings[0].service.action.aws_api_call_action.remote_ip_details.geo_location.lon #=> Float
     #   resp.findings[0].service.action.aws_api_call_action.remote_ip_details.ip_address_v4 #=> String
+    #   resp.findings[0].service.action.aws_api_call_action.remote_ip_details.ip_address_v6 #=> String
     #   resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.asn #=> String
     #   resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.asn_org #=> String
     #   resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.isp #=> String
@@ -2310,12 +2333,14 @@ module Aws::GuardDuty
     #   resp.findings[0].service.action.network_connection_action.local_port_details.port_name #=> String
     #   resp.findings[0].service.action.network_connection_action.protocol #=> String
     #   resp.findings[0].service.action.network_connection_action.local_ip_details.ip_address_v4 #=> String
+    #   resp.findings[0].service.action.network_connection_action.local_ip_details.ip_address_v6 #=> String
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.city.city_name #=> String
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.country.country_code #=> String
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.country.country_name #=> String
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.geo_location.lat #=> Float
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.geo_location.lon #=> Float
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.ip_address_v4 #=> String
+    #   resp.findings[0].service.action.network_connection_action.remote_ip_details.ip_address_v6 #=> String
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.asn #=> String
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.asn_org #=> String
     #   resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.isp #=> String
@@ -2327,12 +2352,14 @@ module Aws::GuardDuty
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_port_details.port #=> Integer
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_port_details.port_name #=> String
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_ip_details.ip_address_v4 #=> String
+    #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_ip_details.ip_address_v6 #=> String
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.city.city_name #=> String
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_code #=> String
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_name #=> String
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lat #=> Float
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lon #=> Float
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.ip_address_v4 #=> String
+    #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.ip_address_v6 #=> String
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn #=> String
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn_org #=> String
     #   resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.isp #=> String
@@ -2348,6 +2375,7 @@ module Aws::GuardDuty
     #   resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.geo_location.lat #=> Float
     #   resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.geo_location.lon #=> Float
     #   resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.ip_address_v4 #=> String
+    #   resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.ip_address_v6 #=> String
     #   resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.asn #=> String
     #   resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.asn_org #=> String
     #   resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.isp #=> String
@@ -2364,6 +2392,7 @@ module Aws::GuardDuty
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.geo_location.lat #=> Float
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.geo_location.lon #=> Float
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.ip_address_v4 #=> String
+    #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.ip_address_v6 #=> String
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.organization.asn #=> String
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.organization.asn_org #=> String
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.organization.isp #=> String
@@ -2389,6 +2418,7 @@ module Aws::GuardDuty
     #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_list_name #=> String
     #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names #=> Array
     #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names[0] #=> String
+    #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_file_sha_256 #=> String
     #   resp.findings[0].service.archived #=> Boolean
     #   resp.findings[0].service.count #=> Integer
     #   resp.findings[0].service.detector_id #=> String
@@ -2512,6 +2542,11 @@ module Aws::GuardDuty
     #   resp.findings[0].service.runtime_details.context.iana_protocol_number #=> Integer
     #   resp.findings[0].service.runtime_details.context.memory_regions #=> Array
     #   resp.findings[0].service.runtime_details.context.memory_regions[0] #=> String
+    #   resp.findings[0].service.runtime_details.context.tool_name #=> String
+    #   resp.findings[0].service.runtime_details.context.tool_category #=> String
+    #   resp.findings[0].service.runtime_details.context.service_name #=> String
+    #   resp.findings[0].service.runtime_details.context.command_line_example #=> String
+    #   resp.findings[0].service.runtime_details.context.threat_file_path #=> String
     #   resp.findings[0].service.detection.anomaly.profiles #=> Hash
     #   resp.findings[0].service.detection.anomaly.profiles["String"] #=> Hash
     #   resp.findings[0].service.detection.anomaly.profiles["String"]["String"] #=> Array
@@ -2791,7 +2826,7 @@ module Aws::GuardDuty
     #   resp.member_data_source_configurations[0].features[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.member_data_source_configurations[0].features[0].updated_at #=> Time
     #   resp.member_data_source_configurations[0].features[0].additional_configuration #=> Array
-    #   resp.member_data_source_configurations[0].features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"
+    #   resp.member_data_source_configurations[0].features[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT"
     #   resp.member_data_source_configurations[0].features[0].additional_configuration[0].status #=> String, one of "ENABLED", "DISABLED"
     #   resp.member_data_source_configurations[0].features[0].additional_configuration[0].updated_at #=> Time
     #   resp.unprocessed_accounts #=> Array
@@ -2876,7 +2911,7 @@ module Aws::GuardDuty
     #   resp.organization_details.organization_statistics.count_by_feature[0].name #=> String, one of "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING"
     #   resp.organization_details.organization_statistics.count_by_feature[0].enabled_accounts_count #=> Integer
     #   resp.organization_details.organization_statistics.count_by_feature[0].additional_configuration #=> Array
-    #   resp.organization_details.organization_statistics.count_by_feature[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"
+    #   resp.organization_details.organization_statistics.count_by_feature[0].additional_configuration[0].name #=> String, one of "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT"
     #   resp.organization_details.organization_statistics.count_by_feature[0].additional_configuration[0].enabled_accounts_count #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetOrganizationStatistics AWS API Documentation
@@ -3099,6 +3134,19 @@ module Aws::GuardDuty
     # associated with a member account, you must also invoke
     # [DeleteMembers][5].
     #
+    # If you disassociate a member account that was added by invitation, the
+    # member account details obtained from this API, including the
+    # associated email addresses, will be retained. This is done so that the
+    # delegated administrator can invoke the [InviteMembers][6] API without
+    # the need to invoke the CreateMembers API again. To remove the details
+    # associated with a member account, the delegated administrator must
+    # invoke the [DeleteMembers][5] API.
+    #
+    # When the member accounts added through Organizations are later
+    # disassociated, you (administrator) can't invite them by calling the
+    # InviteMembers API. You can create an association with these member
+    # accounts again only by calling the CreateMembers API.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html
@@ -3106,6 +3154,7 @@ module Aws::GuardDuty
     # [3]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DisassociateMembers.html
     # [4]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html
     # [5]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html
+    # [6]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html
     #
     # @option params [required, String] :detector_id
     #   The unique ID of the detector of the GuardDuty account that you want
@@ -4141,7 +4190,7 @@ module Aws::GuardDuty
     #         status: "ENABLED", # accepts ENABLED, DISABLED
     #         additional_configuration: [
     #           {
-    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT
+    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT, EC2_AGENT_MANAGEMENT
     #             status: "ENABLED", # accepts ENABLED, DISABLED
     #           },
     #         ],
@@ -4430,7 +4479,7 @@ module Aws::GuardDuty
     #         status: "ENABLED", # accepts ENABLED, DISABLED
     #         additional_configuration: [
     #           {
-    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT
+    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT, EC2_AGENT_MANAGEMENT
     #             status: "ENABLED", # accepts ENABLED, DISABLED
     #           },
     #         ],
@@ -4551,7 +4600,7 @@ module Aws::GuardDuty
     #         auto_enable: "NEW", # accepts NEW, NONE, ALL
     #         additional_configuration: [
     #           {
-    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT
+    #             name: "EKS_ADDON_MANAGEMENT", # accepts EKS_ADDON_MANAGEMENT, ECS_FARGATE_AGENT_MANAGEMENT, EC2_AGENT_MANAGEMENT
     #             auto_enable: "NEW", # accepts NEW, NONE, ALL
     #           },
     #         ],
@@ -4660,7 +4709,7 @@ module Aws::GuardDuty
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-guardduty'
-      context[:gem_version] = '1.88.0'
+      context[:gem_version] = '1.90.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-guardduty/client_api.rb

@@ -1526,6 +1526,7 @@ module Aws::GuardDuty
     ListThreatIntelSetsResponse.struct_class = Types::ListThreatIntelSetsResponse
 
     LocalIpDetails.add_member(:ip_address_v4, Shapes::ShapeRef.new(shape: SensitiveString, location_name: "ipAddressV4"))
+    LocalIpDetails.add_member(:ip_address_v6, Shapes::ShapeRef.new(shape: SensitiveString, location_name: "ipAddressV6"))
     LocalIpDetails.struct_class = Types::LocalIpDetails
 
     LocalPortDetails.add_member(:port, Shapes::ShapeRef.new(shape: Integer, location_name: "port"))
@@ -1817,6 +1818,7 @@ module Aws::GuardDuty
     RemoteIpDetails.add_member(:country, Shapes::ShapeRef.new(shape: Country, location_name: "country"))
     RemoteIpDetails.add_member(:geo_location, Shapes::ShapeRef.new(shape: GeoLocation, location_name: "geoLocation"))
     RemoteIpDetails.add_member(:ip_address_v4, Shapes::ShapeRef.new(shape: SensitiveString, location_name: "ipAddressV4"))
+    RemoteIpDetails.add_member(:ip_address_v6, Shapes::ShapeRef.new(shape: SensitiveString, location_name: "ipAddressV6"))
     RemoteIpDetails.add_member(:organization, Shapes::ShapeRef.new(shape: Organization, location_name: "organization"))
     RemoteIpDetails.struct_class = Types::RemoteIpDetails
 
@@ -1863,6 +1865,11 @@ module Aws::GuardDuty
     RuntimeContext.add_member(:address_family, Shapes::ShapeRef.new(shape: String, location_name: "addressFamily"))
     RuntimeContext.add_member(:iana_protocol_number, Shapes::ShapeRef.new(shape: Integer, location_name: "ianaProtocolNumber"))
     RuntimeContext.add_member(:memory_regions, Shapes::ShapeRef.new(shape: MemoryRegionsList, location_name: "memoryRegions"))
+    RuntimeContext.add_member(:tool_name, Shapes::ShapeRef.new(shape: String, location_name: "toolName"))
+    RuntimeContext.add_member(:tool_category, Shapes::ShapeRef.new(shape: String, location_name: "toolCategory"))
+    RuntimeContext.add_member(:service_name, Shapes::ShapeRef.new(shape: String, location_name: "serviceName"))
+    RuntimeContext.add_member(:command_line_example, Shapes::ShapeRef.new(shape: String, location_name: "commandLineExample"))
+    RuntimeContext.add_member(:threat_file_path, Shapes::ShapeRef.new(shape: String, location_name: "threatFilePath"))
     RuntimeContext.struct_class = Types::RuntimeContext
 
     RuntimeDetails.add_member(:process, Shapes::ShapeRef.new(shape: ProcessDetails, location_name: "process"))
@@ -2044,6 +2051,7 @@ module Aws::GuardDuty
 
     ThreatIntelligenceDetail.add_member(:threat_list_name, Shapes::ShapeRef.new(shape: String, location_name: "threatListName"))
     ThreatIntelligenceDetail.add_member(:threat_names, Shapes::ShapeRef.new(shape: ThreatNames, location_name: "threatNames"))
+    ThreatIntelligenceDetail.add_member(:threat_file_sha_256, Shapes::ShapeRef.new(shape: String, location_name: "threatFileSha256"))
     ThreatIntelligenceDetail.struct_class = Types::ThreatIntelligenceDetail
 
     ThreatIntelligenceDetails.member = Shapes::ShapeRef.new(shape: ThreatIntelligenceDetail)

data/lib/aws-sdk-guardduty/types.rb

@@ -808,20 +808,9 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
-    # <note markdown="1"> This API is also used when you use GuardDuty Runtime Monitoring for
-    # your Amazon EC2 instances (currently in preview release) and is
-    # subject to change. The use of this API is subject to Section 2 of the
-    # [Amazon Web Services Service Terms][1] ("Betas and Previews").
-    #
-    #  </note>
-    #
     # Contains information about the Amazon EC2 instance runtime coverage
     # details.
     #
-    #
-    #
-    # [1]: http://aws.amazon.com/service-terms/
-    #
     # @!attribute [rw] instance_id
     #   The Amazon EC2 instance ID.
     #   @return [String]
@@ -1062,19 +1051,8 @@ module Aws::GuardDuty
     #   @return [Types::CoverageEcsClusterDetails]
     #
     # @!attribute [rw] ec2_instance_details
-    #   <note markdown="1"> This API is also used when you use GuardDuty Runtime Monitoring for
-    #   your Amazon EC2 instances (currently in preview release) and is
-    #   subject to change. The use of this API is subject to Section 2 of
-    #   the [Amazon Web Services Service Terms][1] ("Betas and Previews").
-    #
-    #    </note>
-    #
     #   Information about the Amazon EC2 instance assessed for runtime
     #   coverage.
-    #
-    #
-    #
-    #   [1]: http://aws.amazon.com/service-terms/
     #   @return [Types::CoverageEc2InstanceDetails]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CoverageResourceDetails AWS API Documentation
@@ -1328,6 +1306,8 @@ module Aws::GuardDuty
     #
     #   * service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
     #
+    #   * service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
+    #
     #   * service.action.awsApiCallAction.remoteIpDetails.organization.asn
     #
     #   * service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
@@ -1352,6 +1332,8 @@ module Aws::GuardDuty
     #
     #   * service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
     #
+    #   * service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
+    #
     #   * service.action.networkConnectionAction.remoteIpDetails.organization.asn
     #
     #   * service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
@@ -1362,6 +1344,8 @@ module Aws::GuardDuty
     #
     #   * service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
     #
+    #   * service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
+    #
     #   * service.action.kubernetesApiCallAction.namespace
     #
     #   * service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
@@ -1372,6 +1356,8 @@ module Aws::GuardDuty
     #
     #   * service.action.networkConnectionAction.localIpDetails.ipAddressV4
     #
+    #   * service.action.networkConnectionAction.localIpDetails.ipAddressV6
+    #
     #   * service.action.networkConnectionAction.protocol
     #
     #   * service.action.awsApiCallAction.serviceName
@@ -2549,7 +2535,12 @@ module Aws::GuardDuty
     #
     # @!attribute [rw] domain_with_suffix
     #   The second and top level domain involved in the activity that
-    #   prompted GuardDuty to generate this finding.
+    #   potentially prompted GuardDuty to generate this finding. For a list
+    #   of top-level and second-level domains, see [public suffix list][1].
+    #
+    #
+    #
+    #   [1]: https://publicsuffix.org/
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DnsRequestAction AWS API Documentation
@@ -5056,11 +5047,16 @@ module Aws::GuardDuty
     #   The IPv4 local address of the connection.
     #   @return [String]
     #
+    # @!attribute [rw] ip_address_v6
+    #   The IPv6 local address of the connection.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/LocalIpDetails AWS API Documentation
     #
     class LocalIpDetails < Struct.new(
-      :ip_address_v4)
-      SENSITIVE = [:ip_address_v4]
+      :ip_address_v4,
+      :ip_address_v6)
+      SENSITIVE = [:ip_address_v4, :ip_address_v6]
       include Aws::Structure
     end
 
@@ -6400,6 +6396,10 @@ module Aws::GuardDuty
     #   The IPv4 remote address of the connection.
     #   @return [String]
     #
+    # @!attribute [rw] ip_address_v6
+    #   The IPv6 remote address of the connection.
+    #   @return [String]
+    #
     # @!attribute [rw] organization
     #   The ISP organization information of the remote IP address.
     #   @return [Types::Organization]
@@ -6411,8 +6411,9 @@ module Aws::GuardDuty
       :country,
       :geo_location,
       :ip_address_v4,
+      :ip_address_v6,
       :organization)
-      SENSITIVE = [:ip_address_v4]
+      SENSITIVE = [:ip_address_v4, :ip_address_v6]
       include Aws::Structure
     end
 
@@ -6617,6 +6618,28 @@ module Aws::GuardDuty
     #   heap.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] tool_name
+    #   Name of the potentially suspicious tool.
+    #   @return [String]
+    #
+    # @!attribute [rw] tool_category
+    #   Category that the tool belongs to. Some of the examples are Backdoor
+    #   Tool, Pentest Tool, Network Scanner, and Network Sniffer.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_name
+    #   Name of the security service that has been potentially disabled.
+    #   @return [String]
+    #
+    # @!attribute [rw] command_line_example
+    #   Example of the command line involved in the suspicious activity.
+    #   @return [String]
+    #
+    # @!attribute [rw] threat_file_path
+    #   The suspicious file path for which the threat intelligence details
+    #   were found.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/RuntimeContext AWS API Documentation
     #
     class RuntimeContext < Struct.new(
@@ -6639,7 +6662,12 @@ module Aws::GuardDuty
       :target_process,
       :address_family,
       :iana_protocol_number,
-      :memory_regions)
+      :memory_regions,
+      :tool_name,
+      :tool_category,
+      :service_name,
+      :command_line_example,
+      :threat_file_path)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7388,11 +7416,16 @@ module Aws::GuardDuty
     #   triggered the finding.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] threat_file_sha_256
+    #   SHA256 of the file that generated the finding.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatIntelligenceDetail AWS API Documentation
     #
     class ThreatIntelligenceDetail < Struct.new(
       :threat_list_name,
-      :threat_names)
+      :threat_names,
+      :threat_file_sha_256)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-guardduty.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-guardduty/customizations'
 # @!group service
 module Aws::GuardDuty
 
-  GEM_VERSION = '1.88.0'
+  GEM_VERSION = '1.90.0'
 
 end

data/sig/client.rbs

@@ -136,7 +136,7 @@ module Aws
                                  status: ("ENABLED" | "DISABLED")?,
                                  additional_configuration: Array[
                                    {
-                                     name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")?,
+                                     name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")?,
                                      status: ("ENABLED" | "DISABLED")?
                                    },
                                  ]?
@@ -948,7 +948,7 @@ module Aws
                                  status: ("ENABLED" | "DISABLED")?,
                                  additional_configuration: Array[
                                    {
-                                     name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")?,
+                                     name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")?,
                                      status: ("ENABLED" | "DISABLED")?
                                    },
                                  ]?
@@ -1069,7 +1069,7 @@ module Aws
                                          status: ("ENABLED" | "DISABLED")?,
                                          additional_configuration: Array[
                                            {
-                                             name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")?,
+                                             name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")?,
                                              status: ("ENABLED" | "DISABLED")?
                                            },
                                          ]?
@@ -1108,7 +1108,7 @@ module Aws
                                                    auto_enable: ("NEW" | "NONE" | "ALL")?,
                                                    additional_configuration: Array[
                                                      {
-                                                       name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")?,
+                                                       name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")?,
                                                        auto_enable: ("NEW" | "NONE" | "ALL")?
                                                      },
                                                    ]?

data/sig/types.rbs

@@ -582,13 +582,13 @@ module Aws::GuardDuty
     end
 
     class DetectorAdditionalConfiguration
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor status: ("ENABLED" | "DISABLED")
       SENSITIVE: []
     end
 
     class DetectorAdditionalConfigurationResult
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor status: ("ENABLED" | "DISABLED")
       attr_accessor updated_at: ::Time
       SENSITIVE: []
@@ -1325,7 +1325,8 @@ module Aws::GuardDuty
 
     class LocalIpDetails
       attr_accessor ip_address_v4: ::String
-      SENSITIVE: [:ip_address_v4]
+      attr_accessor ip_address_v6: ::String
+      SENSITIVE: [:ip_address_v4, :ip_address_v6]
     end
 
     class LocalPortDetails
@@ -1379,13 +1380,13 @@ module Aws::GuardDuty
     end
 
     class MemberAdditionalConfiguration
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor status: ("ENABLED" | "DISABLED")
       SENSITIVE: []
     end
 
     class MemberAdditionalConfigurationResult
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor status: ("ENABLED" | "DISABLED")
       attr_accessor updated_at: ::Time
       SENSITIVE: []
@@ -1452,13 +1453,13 @@ module Aws::GuardDuty
     end
 
     class OrganizationAdditionalConfiguration
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor auto_enable: ("NEW" | "NONE" | "ALL")
       SENSITIVE: []
     end
 
     class OrganizationAdditionalConfigurationResult
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor auto_enable: ("NEW" | "NONE" | "ALL")
       SENSITIVE: []
     end
@@ -1515,7 +1516,7 @@ module Aws::GuardDuty
     end
 
     class OrganizationFeatureStatisticsAdditionalConfiguration
-      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT")
+      attr_accessor name: ("EKS_ADDON_MANAGEMENT" | "ECS_FARGATE_AGENT_MANAGEMENT" | "EC2_AGENT_MANAGEMENT")
       attr_accessor enabled_accounts_count: ::Integer
       SENSITIVE: []
     end
@@ -1674,8 +1675,9 @@ module Aws::GuardDuty
       attr_accessor country: Types::Country
       attr_accessor geo_location: Types::GeoLocation
       attr_accessor ip_address_v4: ::String
+      attr_accessor ip_address_v6: ::String
       attr_accessor organization: Types::Organization
-      SENSITIVE: [:ip_address_v4]
+      SENSITIVE: [:ip_address_v4, :ip_address_v6]
     end
 
     class RemotePortDetails
@@ -1726,6 +1728,11 @@ module Aws::GuardDuty
       attr_accessor address_family: ::String
       attr_accessor iana_protocol_number: ::Integer
       attr_accessor memory_regions: ::Array[::String]
+      attr_accessor tool_name: ::String
+      attr_accessor tool_category: ::String
+      attr_accessor service_name: ::String
+      attr_accessor command_line_example: ::String
+      attr_accessor threat_file_path: ::String
       SENSITIVE: []
     end
 
@@ -1940,6 +1947,7 @@ module Aws::GuardDuty
     class ThreatIntelligenceDetail
       attr_accessor threat_list_name: ::String
       attr_accessor threat_names: ::Array[::String]
+      attr_accessor threat_file_sha_256: ::String
       SENSITIVE: []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-guardduty
 version: !ruby/object:Gem::Version
-  version: 1.88.0
+  version: 1.90.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-08 00:00:00.000000000 Z
+date: 2024-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core