aws-sdk-guardduty 1.117.0 → 1.118.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5ef353128a429a6b14944fee695f167014fed82d663f036ab34339f3247fd58b
-  data.tar.gz: 26c4428674f70ae702a0b81e89d1a1a1bf2fc1ba1c76fce424623a0772647af4
+  metadata.gz: 42c68eb381bada3c3c5e0f43c78beb320879927e7493c0efd7e76ae819f3a3c7
+  data.tar.gz: 3eba5cd6dde16d53b39368294ac2996503f4cb47ea78b86e1e992d8e3a102e72
 SHA512:
-  metadata.gz: d8d8057034df00b8fb271c85dfdff398bad04f5f936f4d1bbefb3c7ccd6934cf94956a1e7087b0ea42ca4f486e6f019df371d098d3bdc72da9bdae55ff35fd5f
-  data.tar.gz: 8ed5f5ce7868bffea98e1b04758be3dc0944a1959c040bdf889254e9bead2cb866efd3339b982900501406578748ad0aa3e938b2c1ad485daab84245d8a46e7b
+  metadata.gz: a708c6de3fced4ce33599024f166f5e3309bc0842bf637b4d7a256725c2a13ddfcf395da7e1af610b52f217cf06e374d15262d302d24d8fc4af713804e87d175
+  data.tar.gz: 2ddb863ba1243d224362b6b9505cdc31b0fa55b1d46197c49db634aee5384f5b416566bfe59e74bd5844d60b58e8571b16042eec29d6ba12b56e2ce67bad83f2

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.118.0 (2025-06-17)
+------------------
+
+* Feature - Adding support for extended threat detection for EKS Audit Logs and EKS Runtime Monitoring.
+
 1.117.0 (2025-06-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.117.0
+1.118.0

data/lib/aws-sdk-guardduty/client.rb

@@ -2157,10 +2157,18 @@ module Aws::GuardDuty
     # Provides the details of the GuardDuty administrator account associated
     # with the current GuardDuty member account.
     #
-    # <note markdown="1"> If the organization's management account or a delegated administrator
-    # runs this API, it will return success (`HTTP 200`) but no content.
+    # Based on the type of account that runs this API, the following list
+    # shows how the API behavior varies:
     #
-    #  </note>
+    # * When the GuardDuty administrator account runs this API, it will
+    #   return success (`HTTP 200`) but no content.
+    #
+    # * When a member account runs this API, it will return the details of
+    #   the GuardDuty administrator account that is associated with this
+    #   calling member account.
+    #
+    # * When an individual account (not associated with an organization)
+    #   runs this API, it will return success (`HTTP 200`) but no content.
     #
     # @option params [required, String] :detector_id
     #   The unique ID of the detector of the GuardDuty member account.
@@ -2915,11 +2923,14 @@ module Aws::GuardDuty
     #   resp.findings[0].service.detection.sequence.actors[0].session.mfa_status #=> String, one of "ENABLED", "DISABLED"
     #   resp.findings[0].service.detection.sequence.actors[0].session.created_time #=> Time
     #   resp.findings[0].service.detection.sequence.actors[0].session.issuer #=> String
+    #   resp.findings[0].service.detection.sequence.actors[0].process.name #=> String
+    #   resp.findings[0].service.detection.sequence.actors[0].process.path #=> String
+    #   resp.findings[0].service.detection.sequence.actors[0].process.sha_256 #=> String
     #   resp.findings[0].service.detection.sequence.resources #=> Array
     #   resp.findings[0].service.detection.sequence.resources[0].uid #=> String
     #   resp.findings[0].service.detection.sequence.resources[0].name #=> String
     #   resp.findings[0].service.detection.sequence.resources[0].account_id #=> String
-    #   resp.findings[0].service.detection.sequence.resources[0].resource_type #=> String, one of "EC2_INSTANCE", "EC2_NETWORK_INTERFACE", "S3_BUCKET", "S3_OBJECT", "ACCESS_KEY"
+    #   resp.findings[0].service.detection.sequence.resources[0].resource_type #=> String, one of "EC2_INSTANCE", "EC2_NETWORK_INTERFACE", "S3_BUCKET", "S3_OBJECT", "ACCESS_KEY", "EKS_CLUSTER", "KUBERNETES_WORKLOAD", "CONTAINER"
     #   resp.findings[0].service.detection.sequence.resources[0].region #=> String
     #   resp.findings[0].service.detection.sequence.resources[0].service #=> String
     #   resp.findings[0].service.detection.sequence.resources[0].cloud_partition #=> String
@@ -2973,6 +2984,18 @@ module Aws::GuardDuty
     #   resp.findings[0].service.detection.sequence.resources[0].data.s3_object.etag #=> String
     #   resp.findings[0].service.detection.sequence.resources[0].data.s3_object.key #=> String
     #   resp.findings[0].service.detection.sequence.resources[0].data.s3_object.version_id #=> String
+    #   resp.findings[0].service.detection.sequence.resources[0].data.eks_cluster.arn #=> String
+    #   resp.findings[0].service.detection.sequence.resources[0].data.eks_cluster.created_at #=> Time
+    #   resp.findings[0].service.detection.sequence.resources[0].data.eks_cluster.status #=> String, one of "CREATING", "ACTIVE", "DELETING", "FAILED", "UPDATING", "PENDING"
+    #   resp.findings[0].service.detection.sequence.resources[0].data.eks_cluster.vpc_id #=> String
+    #   resp.findings[0].service.detection.sequence.resources[0].data.eks_cluster.ec2_instance_uids #=> Array
+    #   resp.findings[0].service.detection.sequence.resources[0].data.eks_cluster.ec2_instance_uids[0] #=> String
+    #   resp.findings[0].service.detection.sequence.resources[0].data.kubernetes_workload.container_uids #=> Array
+    #   resp.findings[0].service.detection.sequence.resources[0].data.kubernetes_workload.container_uids[0] #=> String
+    #   resp.findings[0].service.detection.sequence.resources[0].data.kubernetes_workload.namespace #=> String
+    #   resp.findings[0].service.detection.sequence.resources[0].data.kubernetes_workload.kubernetes_resources_types #=> String, one of "PODS", "JOBS", "CRONJOBS", "DEPLOYMENTS", "DAEMONSETS", "STATEFULSETS", "REPLICASETS", "REPLICATIONCONTROLLERS"
+    #   resp.findings[0].service.detection.sequence.resources[0].data.container.image #=> String
+    #   resp.findings[0].service.detection.sequence.resources[0].data.container.image_uid #=> String
     #   resp.findings[0].service.detection.sequence.endpoints #=> Array
     #   resp.findings[0].service.detection.sequence.endpoints[0].id #=> String
     #   resp.findings[0].service.detection.sequence.endpoints[0].ip #=> String
@@ -2987,7 +3010,7 @@ module Aws::GuardDuty
     #   resp.findings[0].service.detection.sequence.endpoints[0].connection.direction #=> String, one of "INBOUND", "OUTBOUND"
     #   resp.findings[0].service.detection.sequence.signals #=> Array
     #   resp.findings[0].service.detection.sequence.signals[0].uid #=> String
-    #   resp.findings[0].service.detection.sequence.signals[0].type #=> String, one of "FINDING", "CLOUD_TRAIL", "S3_DATA_EVENTS"
+    #   resp.findings[0].service.detection.sequence.signals[0].type #=> String, one of "FINDING", "CLOUD_TRAIL", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "FLOW_LOGS", "DNS_LOGS", "RUNTIME_MONITORING"
     #   resp.findings[0].service.detection.sequence.signals[0].description #=> String
     #   resp.findings[0].service.detection.sequence.signals[0].name #=> String
     #   resp.findings[0].service.detection.sequence.signals[0].created_at #=> Time
@@ -3003,15 +3026,17 @@ module Aws::GuardDuty
     #   resp.findings[0].service.detection.sequence.signals[0].endpoint_ids #=> Array
     #   resp.findings[0].service.detection.sequence.signals[0].endpoint_ids[0] #=> String
     #   resp.findings[0].service.detection.sequence.signals[0].signal_indicators #=> Array
-    #   resp.findings[0].service.detection.sequence.signals[0].signal_indicators[0].key #=> String, one of "SUSPICIOUS_USER_AGENT", "SUSPICIOUS_NETWORK", "MALICIOUS_IP", "TOR_IP", "ATTACK_TACTIC", "HIGH_RISK_API", "ATTACK_TECHNIQUE", "UNUSUAL_API_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_USER"
+    #   resp.findings[0].service.detection.sequence.signals[0].signal_indicators[0].key #=> String, one of "SUSPICIOUS_USER_AGENT", "SUSPICIOUS_NETWORK", "MALICIOUS_IP", "TOR_IP", "ATTACK_TACTIC", "HIGH_RISK_API", "ATTACK_TECHNIQUE", "UNUSUAL_API_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_USER", "SUSPICIOUS_PROCESS", "MALICIOUS_DOMAIN", "MALICIOUS_PROCESS", "CRYPTOMINING_IP", "CRYPTOMINING_DOMAIN", "CRYPTOMINING_PROCESS"
     #   resp.findings[0].service.detection.sequence.signals[0].signal_indicators[0].values #=> Array
     #   resp.findings[0].service.detection.sequence.signals[0].signal_indicators[0].values[0] #=> String
     #   resp.findings[0].service.detection.sequence.signals[0].signal_indicators[0].title #=> String
     #   resp.findings[0].service.detection.sequence.sequence_indicators #=> Array
-    #   resp.findings[0].service.detection.sequence.sequence_indicators[0].key #=> String, one of "SUSPICIOUS_USER_AGENT", "SUSPICIOUS_NETWORK", "MALICIOUS_IP", "TOR_IP", "ATTACK_TACTIC", "HIGH_RISK_API", "ATTACK_TECHNIQUE", "UNUSUAL_API_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_USER"
+    #   resp.findings[0].service.detection.sequence.sequence_indicators[0].key #=> String, one of "SUSPICIOUS_USER_AGENT", "SUSPICIOUS_NETWORK", "MALICIOUS_IP", "TOR_IP", "ATTACK_TACTIC", "HIGH_RISK_API", "ATTACK_TECHNIQUE", "UNUSUAL_API_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_ACCOUNT", "UNUSUAL_ASN_FOR_USER", "SUSPICIOUS_PROCESS", "MALICIOUS_DOMAIN", "MALICIOUS_PROCESS", "CRYPTOMINING_IP", "CRYPTOMINING_DOMAIN", "CRYPTOMINING_PROCESS"
     #   resp.findings[0].service.detection.sequence.sequence_indicators[0].values #=> Array
     #   resp.findings[0].service.detection.sequence.sequence_indicators[0].values[0] #=> String
     #   resp.findings[0].service.detection.sequence.sequence_indicators[0].title #=> String
+    #   resp.findings[0].service.detection.sequence.additional_sequence_types #=> Array
+    #   resp.findings[0].service.detection.sequence.additional_sequence_types[0] #=> String
     #   resp.findings[0].service.malware_scan_details.threats #=> Array
     #   resp.findings[0].service.malware_scan_details.threats[0].name #=> String
     #   resp.findings[0].service.malware_scan_details.threats[0].source #=> String
@@ -5556,7 +5581,7 @@ module Aws::GuardDuty
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-guardduty'
-      context[:gem_version] = '1.117.0'
+      context[:gem_version] = '1.118.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-guardduty/client_api.rb

@@ -34,7 +34,9 @@ module Aws::GuardDuty
     Action = Shapes::StructureShape.new(name: 'Action')
     Actor = Shapes::StructureShape.new(name: 'Actor')
     ActorIds = Shapes::ListShape.new(name: 'ActorIds')
+    ActorProcess = Shapes::StructureShape.new(name: 'ActorProcess')
     Actors = Shapes::ListShape.new(name: 'Actors')
+    AdditionalSequenceTypes = Shapes::ListShape.new(name: 'AdditionalSequenceTypes')
     AddonDetails = Shapes::StructureShape.new(name: 'AddonDetails')
     AdminAccount = Shapes::StructureShape.new(name: 'AdminAccount')
     AdminAccounts = Shapes::ListShape.new(name: 'AdminAccounts')
@@ -63,10 +65,15 @@ module Aws::GuardDuty
     City = Shapes::StructureShape.new(name: 'City')
     ClientToken = Shapes::StringShape.new(name: 'ClientToken')
     CloudTrailConfigurationResult = Shapes::StructureShape.new(name: 'CloudTrailConfigurationResult')
+    ClusterStatus = Shapes::StringShape.new(name: 'ClusterStatus')
     Condition = Shapes::StructureShape.new(name: 'Condition')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     Container = Shapes::StructureShape.new(name: 'Container')
+    ContainerFindingResource = Shapes::StructureShape.new(name: 'ContainerFindingResource')
+    ContainerImageUid = Shapes::StringShape.new(name: 'ContainerImageUid')
     ContainerInstanceDetails = Shapes::StructureShape.new(name: 'ContainerInstanceDetails')
+    ContainerUid = Shapes::StringShape.new(name: 'ContainerUid')
+    ContainerUids = Shapes::ListShape.new(name: 'ContainerUids')
     Containers = Shapes::ListShape.new(name: 'Containers')
     CountByCoverageStatus = Shapes::MapShape.new(name: 'CountByCoverageStatus')
     CountByResourceType = Shapes::MapShape.new(name: 'CountByResourceType')
@@ -176,10 +183,13 @@ module Aws::GuardDuty
     EbsVolumeScanDetails = Shapes::StructureShape.new(name: 'EbsVolumeScanDetails')
     EbsVolumesResult = Shapes::StructureShape.new(name: 'EbsVolumesResult')
     Ec2Instance = Shapes::StructureShape.new(name: 'Ec2Instance')
+    Ec2InstanceUid = Shapes::StringShape.new(name: 'Ec2InstanceUid')
+    Ec2InstanceUids = Shapes::ListShape.new(name: 'Ec2InstanceUids')
     Ec2NetworkInterface = Shapes::StructureShape.new(name: 'Ec2NetworkInterface')
     Ec2NetworkInterfaceUids = Shapes::ListShape.new(name: 'Ec2NetworkInterfaceUids')
     EcsClusterDetails = Shapes::StructureShape.new(name: 'EcsClusterDetails')
     EcsTaskDetails = Shapes::StructureShape.new(name: 'EcsTaskDetails')
+    EksCluster = Shapes::StructureShape.new(name: 'EksCluster')
     EksClusterDetails = Shapes::StructureShape.new(name: 'EksClusterDetails')
     Email = Shapes::StringShape.new(name: 'Email')
     EnableOrganizationAdminAccountRequest = Shapes::StructureShape.new(name: 'EnableOrganizationAdminAccountRequest')
@@ -296,9 +306,11 @@ module Aws::GuardDuty
     KubernetesDataSourceFreeTrial = Shapes::StructureShape.new(name: 'KubernetesDataSourceFreeTrial')
     KubernetesDetails = Shapes::StructureShape.new(name: 'KubernetesDetails')
     KubernetesPermissionCheckedDetails = Shapes::StructureShape.new(name: 'KubernetesPermissionCheckedDetails')
+    KubernetesResourcesTypes = Shapes::StringShape.new(name: 'KubernetesResourcesTypes')
     KubernetesRoleBindingDetails = Shapes::StructureShape.new(name: 'KubernetesRoleBindingDetails')
     KubernetesRoleDetails = Shapes::StructureShape.new(name: 'KubernetesRoleDetails')
     KubernetesUserDetails = Shapes::StructureShape.new(name: 'KubernetesUserDetails')
+    KubernetesWorkload = Shapes::StructureShape.new(name: 'KubernetesWorkload')
     KubernetesWorkloadDetails = Shapes::StructureShape.new(name: 'KubernetesWorkloadDetails')
     LambdaDetails = Shapes::StructureShape.new(name: 'LambdaDetails')
     Lineage = Shapes::ListShape.new(name: 'Lineage')
@@ -422,6 +434,9 @@ module Aws::GuardDuty
     PrivateIpAddressDetails = Shapes::StructureShape.new(name: 'PrivateIpAddressDetails')
     PrivateIpAddresses = Shapes::ListShape.new(name: 'PrivateIpAddresses')
     ProcessDetails = Shapes::StructureShape.new(name: 'ProcessDetails')
+    ProcessName = Shapes::StringShape.new(name: 'ProcessName')
+    ProcessPath = Shapes::StringShape.new(name: 'ProcessPath')
+    ProcessSha256 = Shapes::StringShape.new(name: 'ProcessSha256')
     ProductCode = Shapes::StructureShape.new(name: 'ProductCode')
     ProductCodes = Shapes::ListShape.new(name: 'ProductCodes')
     ProfileSubtype = Shapes::StringShape.new(name: 'ProfileSubtype')
@@ -655,12 +670,20 @@ module Aws::GuardDuty
     Actor.add_member(:id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "id"))
     Actor.add_member(:user, Shapes::ShapeRef.new(shape: User, location_name: "user"))
     Actor.add_member(:session, Shapes::ShapeRef.new(shape: Session, location_name: "session"))
+    Actor.add_member(:process, Shapes::ShapeRef.new(shape: ActorProcess, location_name: "process"))
     Actor.struct_class = Types::Actor
 
     ActorIds.member = Shapes::ShapeRef.new(shape: String)
 
+    ActorProcess.add_member(:name, Shapes::ShapeRef.new(shape: ProcessName, required: true, location_name: "name"))
+    ActorProcess.add_member(:path, Shapes::ShapeRef.new(shape: ProcessPath, required: true, location_name: "path"))
+    ActorProcess.add_member(:sha_256, Shapes::ShapeRef.new(shape: ProcessSha256, location_name: "sha256"))
+    ActorProcess.struct_class = Types::ActorProcess
+
     Actors.member = Shapes::ShapeRef.new(shape: Actor)
 
+    AdditionalSequenceTypes.member = Shapes::ShapeRef.new(shape: FindingType)
+
     AddonDetails.add_member(:addon_version, Shapes::ShapeRef.new(shape: String, location_name: "addonVersion"))
     AddonDetails.add_member(:addon_status, Shapes::ShapeRef.new(shape: String, location_name: "addonStatus"))
     AddonDetails.struct_class = Types::AddonDetails
@@ -782,10 +805,16 @@ module Aws::GuardDuty
     Container.add_member(:security_context, Shapes::ShapeRef.new(shape: SecurityContext, location_name: "securityContext"))
     Container.struct_class = Types::Container
 
+    ContainerFindingResource.add_member(:image, Shapes::ShapeRef.new(shape: String, required: true, location_name: "image"))
+    ContainerFindingResource.add_member(:image_uid, Shapes::ShapeRef.new(shape: ContainerImageUid, location_name: "imageUid"))
+    ContainerFindingResource.struct_class = Types::ContainerFindingResource
+
     ContainerInstanceDetails.add_member(:covered_container_instances, Shapes::ShapeRef.new(shape: Long, location_name: "coveredContainerInstances"))
     ContainerInstanceDetails.add_member(:compatible_container_instances, Shapes::ShapeRef.new(shape: Long, location_name: "compatibleContainerInstances"))
     ContainerInstanceDetails.struct_class = Types::ContainerInstanceDetails
 
+    ContainerUids.member = Shapes::ShapeRef.new(shape: ContainerUid)
+
     Containers.member = Shapes::ShapeRef.new(shape: Container)
 
     CountByCoverageStatus.key = Shapes::ShapeRef.new(shape: CoverageStatus)
@@ -1180,6 +1209,8 @@ module Aws::GuardDuty
     Ec2Instance.add_member(:ec2_network_interface_uids, Shapes::ShapeRef.new(shape: Ec2NetworkInterfaceUids, location_name: "ec2NetworkInterfaceUids"))
     Ec2Instance.struct_class = Types::Ec2Instance
 
+    Ec2InstanceUids.member = Shapes::ShapeRef.new(shape: Ec2InstanceUid)
+
     Ec2NetworkInterface.add_member(:ipv_6_addresses, Shapes::ShapeRef.new(shape: Ipv6Addresses, location_name: "ipv6Addresses"))
     Ec2NetworkInterface.add_member(:private_ip_addresses, Shapes::ShapeRef.new(shape: PrivateIpAddresses, location_name: "privateIpAddresses"))
     Ec2NetworkInterface.add_member(:public_ip, Shapes::ShapeRef.new(shape: String, location_name: "publicIp"))
@@ -1213,6 +1244,13 @@ module Aws::GuardDuty
     EcsTaskDetails.add_member(:launch_type, Shapes::ShapeRef.new(shape: String, location_name: "launchType"))
     EcsTaskDetails.struct_class = Types::EcsTaskDetails
 
+    EksCluster.add_member(:arn, Shapes::ShapeRef.new(shape: String, location_name: "arn"))
+    EksCluster.add_member(:created_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "createdAt"))
+    EksCluster.add_member(:status, Shapes::ShapeRef.new(shape: ClusterStatus, location_name: "status"))
+    EksCluster.add_member(:vpc_id, Shapes::ShapeRef.new(shape: String, location_name: "vpcId"))
+    EksCluster.add_member(:ec2_instance_uids, Shapes::ShapeRef.new(shape: Ec2InstanceUids, location_name: "ec2InstanceUids"))
+    EksCluster.struct_class = Types::EksCluster
+
     EksClusterDetails.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
     EksClusterDetails.add_member(:arn, Shapes::ShapeRef.new(shape: String, location_name: "arn"))
     EksClusterDetails.add_member(:vpc_id, Shapes::ShapeRef.new(shape: String, location_name: "vpcId"))
@@ -1607,6 +1645,11 @@ module Aws::GuardDuty
     KubernetesUserDetails.add_member(:impersonated_user, Shapes::ShapeRef.new(shape: ImpersonatedUser, location_name: "impersonatedUser"))
     KubernetesUserDetails.struct_class = Types::KubernetesUserDetails
 
+    KubernetesWorkload.add_member(:container_uids, Shapes::ShapeRef.new(shape: ContainerUids, location_name: "containerUids"))
+    KubernetesWorkload.add_member(:namespace, Shapes::ShapeRef.new(shape: String, location_name: "namespace"))
+    KubernetesWorkload.add_member(:kubernetes_resources_types, Shapes::ShapeRef.new(shape: KubernetesResourcesTypes, location_name: "kubernetesResourcesTypes"))
+    KubernetesWorkload.struct_class = Types::KubernetesWorkload
+
     KubernetesWorkloadDetails.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
     KubernetesWorkloadDetails.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "type"))
     KubernetesWorkloadDetails.add_member(:uid, Shapes::ShapeRef.new(shape: String, location_name: "uid"))
@@ -2127,6 +2170,9 @@ module Aws::GuardDuty
     ResourceData.add_member(:access_key, Shapes::ShapeRef.new(shape: AccessKey, location_name: "accessKey"))
     ResourceData.add_member(:ec2_network_interface, Shapes::ShapeRef.new(shape: Ec2NetworkInterface, location_name: "ec2NetworkInterface"))
     ResourceData.add_member(:s3_object, Shapes::ShapeRef.new(shape: S3Object, location_name: "s3Object"))
+    ResourceData.add_member(:eks_cluster, Shapes::ShapeRef.new(shape: EksCluster, location_name: "eksCluster"))
+    ResourceData.add_member(:kubernetes_workload, Shapes::ShapeRef.new(shape: KubernetesWorkload, location_name: "kubernetesWorkload"))
+    ResourceData.add_member(:container, Shapes::ShapeRef.new(shape: ContainerFindingResource, location_name: "container"))
     ResourceData.struct_class = Types::ResourceData
 
     ResourceDetails.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, location_name: "instanceArn"))
@@ -2322,6 +2368,7 @@ module Aws::GuardDuty
     Sequence.add_member(:endpoints, Shapes::ShapeRef.new(shape: NetworkEndpoints, location_name: "endpoints"))
     Sequence.add_member(:signals, Shapes::ShapeRef.new(shape: Signals, required: true, location_name: "signals"))
     Sequence.add_member(:sequence_indicators, Shapes::ShapeRef.new(shape: Indicators, location_name: "sequenceIndicators"))
+    Sequence.add_member(:additional_sequence_types, Shapes::ShapeRef.new(shape: AdditionalSequenceTypes, location_name: "additionalSequenceTypes"))
     Sequence.struct_class = Types::Sequence
 
     Service.add_member(:action, Shapes::ShapeRef.new(shape: Action, location_name: "action"))

data/lib/aws-sdk-guardduty/types.rb

@@ -194,6 +194,29 @@ module Aws::GuardDuty
     #
     # @!attribute [rw] email
     #   The email address of the member account.
+    #
+    #   The rules for a valid email address:
+    #
+    #   * The email address must be a minimum of 6 and a maximum of 64
+    #     characters long.
+    #
+    #   * All characters must be 7-bit ASCII characters.
+    #
+    #   * There must be one and only one @ symbol, which separates the local
+    #     name from the domain name.
+    #
+    #   * The local name can't contain any of the following characters:
+    #
+    #     whitespace, " ' ( ) < > \[ \] : ' , \\ \| % &
+    #
+    #   * The local name can't begin with a dot (.).
+    #
+    #   * The domain name can consist of only the characters \[a-z\],
+    #     \[A-Z\], \[0-9\], hyphen (-), or dot (.).
+    #
+    #   * The domain name can't begin or end with a dot (.) or hyphen (-).
+    #
+    #   * The domain name must contain at least one dot.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AccountDetail AWS API Documentation
@@ -353,12 +376,47 @@ module Aws::GuardDuty
     #   initiated.
     #   @return [Types::Session]
     #
+    # @!attribute [rw] process
+    #   Contains information about the process associated with the threat
+    #   actor. This includes details such as process name, path, execution
+    #   time, and unique identifiers that help track the actor's activities
+    #   within the system.
+    #   @return [Types::ActorProcess]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Actor AWS API Documentation
     #
     class Actor < Struct.new(
       :id,
       :user,
-      :session)
+      :session,
+      :process)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about a process involved in a GuardDuty finding,
+    # including process identification, execution details, and file
+    # information.
+    #
+    # @!attribute [rw] name
+    #   The name of the process as it appears in the system.
+    #   @return [String]
+    #
+    # @!attribute [rw] path
+    #   The full file path to the process executable on the system.
+    #   @return [String]
+    #
+    # @!attribute [rw] sha_256
+    #   The SHA256 hash of the process executable file, which can be used
+    #   for identification and verification purposes.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ActorProcess AWS API Documentation
+    #
+    class ActorProcess < Struct.new(
+      :name,
+      :path,
+      :sha_256)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -896,6 +954,28 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains information about container resources involved in a GuardDuty
+    # finding. This structure provides details about containers that were
+    # identified as part of suspicious or malicious activity.
+    #
+    # @!attribute [rw] image
+    #   The container image information, including the image name and tag
+    #   used to run the container that was involved in the finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] image_uid
+    #   The unique ID associated with the container image.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ContainerFindingResource AWS API Documentation
+    #
+    class ContainerFindingResource < Struct.new(
+      :image,
+      :image_uid)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about the Amazon EC2 instance that is running the
     # Amazon ECS container.
     #
@@ -3252,6 +3332,46 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains information about the Amazon EKS cluster involved in a
+    # GuardDuty finding, including cluster identification, status, and
+    # network configuration.
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) that uniquely identifies the Amazon
+    #   EKS cluster involved in the finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] created_at
+    #   The timestamp indicating when the Amazon EKS cluster was created, in
+    #   UTC format.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The current status of the Amazon EKS cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   The ID of the Amazon Virtual Private Cloud (Amazon VPC) associated
+    #   with the Amazon EKS cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] ec2_instance_uids
+    #   A list of unique identifiers for the Amazon EC2 instances that serve
+    #   as worker nodes in the Amazon EKS cluster.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EksCluster AWS API Documentation
+    #
+    class EksCluster < Struct.new(
+      :arn,
+      :created_at,
+      :status,
+      :vpc_id,
+      :ec2_instance_uids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details about the EKS cluster involved in a Kubernetes finding.
     #
     # @!attribute [rw] name
@@ -3407,11 +3527,6 @@ module Aws::GuardDuty
     # @!attribute [rw] criterion_key
     #   An enum value representing possible scan properties to match with
     #   given scan entries.
-    #
-    #   <note markdown="1"> Replace the enum value `CLUSTER_NAME` with `EKS_CLUSTER_NAME`.
-    #   `CLUSTER_NAME` has been deprecated.
-    #
-    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] filter_condition
@@ -3459,7 +3574,17 @@ module Aws::GuardDuty
     #   @return [String]
     #
     # @!attribute [rw] region
-    #   The Region where the finding was generated.
+    #   The Region where the finding was generated. For findings generated
+    #   from [Global Service Events][1], the Region value in the finding
+    #   might differ from the Region where GuardDuty identifies the
+    #   potential threat. For more information, see [How GuardDuty handles
+    #   Amazon Web Services CloudTrail global events][2] in the *Amazon
+    #   GuardDuty User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events
+    #   [2]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html#cloudtrail_global
     #   @return [String]
     #
     # @!attribute [rw] resource
@@ -5062,6 +5187,34 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains information about Kubernetes workloads involved in a
+    # GuardDuty finding, including pods, deployments, and other Kubernetes
+    # resources.
+    #
+    # @!attribute [rw] container_uids
+    #   A list of unique identifiers for the containers that are part of the
+    #   Kubernetes workload.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] namespace
+    #   The Kubernetes namespace in which the workload is running, providing
+    #   logical isolation within the cluster.
+    #   @return [String]
+    #
+    # @!attribute [rw] kubernetes_resources_types
+    #   The types of Kubernetes resources involved in the workload.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesWorkload AWS API Documentation
+    #
+    class KubernetesWorkload < Struct.new(
+      :container_uids,
+      :namespace,
+      :kubernetes_resources_types)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details about the Kubernetes workload involved in a Kubernetes
     # finding.
     #
@@ -7718,6 +7871,23 @@ module Aws::GuardDuty
     #   Contains information about the Amazon S3 object.
     #   @return [Types::S3Object]
     #
+    # @!attribute [rw] eks_cluster
+    #   Contains detailed information about the Amazon EKS cluster
+    #   associated with the activity that prompted GuardDuty to generate a
+    #   finding.
+    #   @return [Types::EksCluster]
+    #
+    # @!attribute [rw] kubernetes_workload
+    #   Contains detailed information about the Kubernetes workload
+    #   associated with the activity that prompted GuardDuty to generate a
+    #   finding.
+    #   @return [Types::KubernetesWorkload]
+    #
+    # @!attribute [rw] container
+    #   Contains detailed information about the container associated with
+    #   the activity that prompted GuardDuty to generate a finding.
+    #   @return [Types::ContainerFindingResource]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ResourceData AWS API Documentation
     #
     class ResourceData < Struct.new(
@@ -7725,7 +7895,10 @@ module Aws::GuardDuty
       :ec2_instance,
       :access_key,
       :ec2_network_interface,
-      :s3_object)
+      :s3_object,
+      :eks_cluster,
+      :kubernetes_workload,
+      :container)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8657,6 +8830,12 @@ module Aws::GuardDuty
     #   sequence.
     #   @return [Array<Types::Indicator>]
     #
+    # @!attribute [rw] additional_sequence_types
+    #   Additional types of sequences that may be associated with the attack
+    #   sequence finding, providing further context about the nature of the
+    #   detected threat.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Sequence AWS API Documentation
     #
     class Sequence < Struct.new(
@@ -8666,7 +8845,8 @@ module Aws::GuardDuty
       :resources,
       :endpoints,
       :signals,
-      :sequence_indicators)
+      :sequence_indicators,
+      :additional_sequence_types)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-guardduty.rb

@@ -54,7 +54,7 @@ module Aws::GuardDuty
   autoload :EndpointProvider, 'aws-sdk-guardduty/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-guardduty/endpoints'
 
-  GEM_VERSION = '1.117.0'
+  GEM_VERSION = '1.118.0'
 
 end
 

data/sig/types.rbs

@@ -104,6 +104,14 @@ module Aws::GuardDuty
       attr_accessor id: ::String
       attr_accessor user: Types::User
       attr_accessor session: Types::Session
+      attr_accessor process: Types::ActorProcess
+      SENSITIVE: []
+    end
+
+    class ActorProcess
+      attr_accessor name: ::String
+      attr_accessor path: ::String
+      attr_accessor sha_256: ::String
       SENSITIVE: []
     end
 
@@ -248,6 +256,12 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class ContainerFindingResource
+      attr_accessor image: ::String
+      attr_accessor image_uid: ::String
+      SENSITIVE: []
+    end
+
     class ContainerInstanceDetails
       attr_accessor covered_container_instances: ::Integer
       attr_accessor compatible_container_instances: ::Integer
@@ -802,6 +816,15 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class EksCluster
+      attr_accessor arn: ::String
+      attr_accessor created_at: ::Time
+      attr_accessor status: ("CREATING" | "ACTIVE" | "DELETING" | "FAILED" | "UPDATING" | "PENDING")
+      attr_accessor vpc_id: ::String
+      attr_accessor ec2_instance_uids: ::Array[::String]
+      SENSITIVE: []
+    end
+
     class EksClusterDetails
       attr_accessor name: ::String
       attr_accessor arn: ::String
@@ -1149,7 +1172,7 @@ module Aws::GuardDuty
     end
 
     class Indicator
-      attr_accessor key: ("SUSPICIOUS_USER_AGENT" | "SUSPICIOUS_NETWORK" | "MALICIOUS_IP" | "TOR_IP" | "ATTACK_TACTIC" | "HIGH_RISK_API" | "ATTACK_TECHNIQUE" | "UNUSUAL_API_FOR_ACCOUNT" | "UNUSUAL_ASN_FOR_ACCOUNT" | "UNUSUAL_ASN_FOR_USER")
+      attr_accessor key: ("SUSPICIOUS_USER_AGENT" | "SUSPICIOUS_NETWORK" | "MALICIOUS_IP" | "TOR_IP" | "ATTACK_TACTIC" | "HIGH_RISK_API" | "ATTACK_TECHNIQUE" | "UNUSUAL_API_FOR_ACCOUNT" | "UNUSUAL_ASN_FOR_ACCOUNT" | "UNUSUAL_ASN_FOR_USER" | "SUSPICIOUS_PROCESS" | "MALICIOUS_DOMAIN" | "MALICIOUS_PROCESS" | "CRYPTOMINING_IP" | "CRYPTOMINING_DOMAIN" | "CRYPTOMINING_PROCESS")
       attr_accessor values: ::Array[::String]
       attr_accessor title: ::String
       SENSITIVE: []
@@ -1284,6 +1307,13 @@ module Aws::GuardDuty
       SENSITIVE: []
     end
 
+    class KubernetesWorkload
+      attr_accessor container_uids: ::Array[::String]
+      attr_accessor namespace: ::String
+      attr_accessor kubernetes_resources_types: ("PODS" | "JOBS" | "CRONJOBS" | "DEPLOYMENTS" | "DAEMONSETS" | "STATEFULSETS" | "REPLICASETS" | "REPLICATIONCONTROLLERS")
+      SENSITIVE: []
+    end
+
     class KubernetesWorkloadDetails
       attr_accessor name: ::String
       attr_accessor type: ::String
@@ -1933,6 +1963,9 @@ module Aws::GuardDuty
       attr_accessor access_key: Types::AccessKey
       attr_accessor ec2_network_interface: Types::Ec2NetworkInterface
       attr_accessor s3_object: Types::S3Object
+      attr_accessor eks_cluster: Types::EksCluster
+      attr_accessor kubernetes_workload: Types::KubernetesWorkload
+      attr_accessor container: Types::ContainerFindingResource
       SENSITIVE: []
     end
 
@@ -1960,7 +1993,7 @@ module Aws::GuardDuty
       attr_accessor uid: ::String
       attr_accessor name: ::String
       attr_accessor account_id: ::String
-      attr_accessor resource_type: ("EC2_INSTANCE" | "EC2_NETWORK_INTERFACE" | "S3_BUCKET" | "S3_OBJECT" | "ACCESS_KEY")
+      attr_accessor resource_type: ("EC2_INSTANCE" | "EC2_NETWORK_INTERFACE" | "S3_BUCKET" | "S3_OBJECT" | "ACCESS_KEY" | "EKS_CLUSTER" | "KUBERNETES_WORKLOAD" | "CONTAINER")
       attr_accessor region: ::String
       attr_accessor service: ::String
       attr_accessor cloud_partition: ::String
@@ -2159,6 +2192,7 @@ module Aws::GuardDuty
       attr_accessor endpoints: ::Array[Types::NetworkEndpoint]
       attr_accessor signals: ::Array[Types::Signal]
       attr_accessor sequence_indicators: ::Array[Types::Indicator]
+      attr_accessor additional_sequence_types: ::Array[::String]
       SENSITIVE: []
     end
 
@@ -2205,7 +2239,7 @@ module Aws::GuardDuty
 
     class Signal
       attr_accessor uid: ::String
-      attr_accessor type: ("FINDING" | "CLOUD_TRAIL" | "S3_DATA_EVENTS")
+      attr_accessor type: ("FINDING" | "CLOUD_TRAIL" | "S3_DATA_EVENTS" | "EKS_AUDIT_LOGS" | "FLOW_LOGS" | "DNS_LOGS" | "RUNTIME_MONITORING")
       attr_accessor description: ::String
       attr_accessor name: ::String
       attr_accessor created_at: ::Time

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-guardduty
 version: !ruby/object:Gem::Version
-  version: 1.117.0
+  version: 1.118.0
 platform: ruby
 authors:
 - Amazon Web Services