aws-sdk-guardduty 1.81.0 → 1.82.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88a9566fc145c2c5b0872dbe421ff96a7749a245d8009941e83b46fec922bff1
-  data.tar.gz: 2f25d9bfc6157dd52f2302276f089c7f4978405b59c34add90d6edceb4ac6c11
+  metadata.gz: 982719be3eed1c9b62f166e2f143c979fd4520bf228fe4e50ee22cc4cfb347c1
+  data.tar.gz: 365d45cef8891107ca10524bbbf214222b9f949cbf0a0be98871ab35a2e37bf2
 SHA512:
-  metadata.gz: d7bb37471115cf35a48736c5bfb100e472f12fc87343c094fbc1cccc1c9c0a99bc03fb285893d36610af38bd25029023e0d9d2d1f0ba873a63c230b88ca7a2c8
-  data.tar.gz: 3a899d477761d3e945d5be8b5c72aa1f97795495a3c130c52509866e271b09e0e4f8123f0294f8c6ded5bd429c401962dd167c5bf313a12d018b8a7e806ffbed
+  metadata.gz: 4efeeec4b2a6625520dbc7cdc94f904570ca09b679d2ff80e7502b1da0d482342d70c0afeb293c2d4d3026a59985d19816b059c981523fc8e93e980254ec8baf
+  data.tar.gz: 9fc50173ee35f046bf90afcfd7e3ef22bc432a55f8913a24ee772c01ea91f1b3019a51262a5133164456b1d8dd14bc31382976e988ac75157404f8770d98c64f

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.82.0 (2023-11-08)
+------------------
+
+* Feature - Added API support for new GuardDuty EKS Audit Log finding types.
+
 1.81.0 (2023-10-17)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.81.0
+1.82.0

data/lib/aws-sdk-guardduty/client.rb

@@ -728,6 +728,8 @@ module Aws::GuardDuty
     #
     #   * service.action.dnsRequestAction.domain
     #
+    #   * service.action.dnsRequestAction.domainWithSuffix
+    #
     #   * service.action.networkConnectionAction.blocked
     #
     #   * service.action.networkConnectionAction.connectionDirection
@@ -752,8 +754,14 @@ module Aws::GuardDuty
     #
     #   * service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
     #
+    #   * service.action.kubernetesApiCallAction.namespace
+    #
+    #   * service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
+    #
     #   * service.action.kubernetesApiCallAction.requestUri
     #
+    #   * service.action.kubernetesApiCallAction.statusCode
+    #
     #   * service.action.networkConnectionAction.localIpDetails.ipAddressV4
     #
     #   * service.action.networkConnectionAction.protocol
@@ -2133,6 +2141,9 @@ module Aws::GuardDuty
     #   resp.findings[0].resource.kubernetes_details.kubernetes_user_details.groups[0] #=> String
     #   resp.findings[0].resource.kubernetes_details.kubernetes_user_details.session_name #=> Array
     #   resp.findings[0].resource.kubernetes_details.kubernetes_user_details.session_name[0] #=> String
+    #   resp.findings[0].resource.kubernetes_details.kubernetes_user_details.impersonated_user.username #=> String
+    #   resp.findings[0].resource.kubernetes_details.kubernetes_user_details.impersonated_user.groups #=> Array
+    #   resp.findings[0].resource.kubernetes_details.kubernetes_user_details.impersonated_user.groups[0] #=> String
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.name #=> String
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.type #=> String
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.uid #=> String
@@ -2148,9 +2159,13 @@ module Aws::GuardDuty
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].volume_mounts[0].name #=> String
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].volume_mounts[0].mount_path #=> String
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].security_context.privileged #=> Boolean
+    #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.containers[0].security_context.allow_privilege_escalation #=> Boolean
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes #=> Array
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes[0].name #=> String
     #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.volumes[0].host_path.path #=> String
+    #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.service_account_name #=> String
+    #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.host_ipc #=> Boolean
+    #   resp.findings[0].resource.kubernetes_details.kubernetes_workload_details.host_pid #=> Boolean
     #   resp.findings[0].resource.resource_type #=> String
     #   resp.findings[0].resource.ebs_volume_details.scanned_volume_details #=> Array
     #   resp.findings[0].resource.ebs_volume_details.scanned_volume_details[0].volume_arn #=> String
@@ -2199,6 +2214,7 @@ module Aws::GuardDuty
     #   resp.findings[0].resource.ecs_cluster_details.task_details.containers[0].volume_mounts[0].name #=> String
     #   resp.findings[0].resource.ecs_cluster_details.task_details.containers[0].volume_mounts[0].mount_path #=> String
     #   resp.findings[0].resource.ecs_cluster_details.task_details.containers[0].security_context.privileged #=> Boolean
+    #   resp.findings[0].resource.ecs_cluster_details.task_details.containers[0].security_context.allow_privilege_escalation #=> Boolean
     #   resp.findings[0].resource.ecs_cluster_details.task_details.group #=> String
     #   resp.findings[0].resource.container_details.container_runtime #=> String
     #   resp.findings[0].resource.container_details.id #=> String
@@ -2209,6 +2225,7 @@ module Aws::GuardDuty
     #   resp.findings[0].resource.container_details.volume_mounts[0].name #=> String
     #   resp.findings[0].resource.container_details.volume_mounts[0].mount_path #=> String
     #   resp.findings[0].resource.container_details.security_context.privileged #=> Boolean
+    #   resp.findings[0].resource.container_details.security_context.allow_privilege_escalation #=> Boolean
     #   resp.findings[0].resource.rds_db_instance_details.db_instance_identifier #=> String
     #   resp.findings[0].resource.rds_db_instance_details.engine #=> String
     #   resp.findings[0].resource.rds_db_instance_details.engine_version #=> String
@@ -2314,6 +2331,10 @@ module Aws::GuardDuty
     #   resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.org #=> String
     #   resp.findings[0].service.action.kubernetes_api_call_action.status_code #=> Integer
     #   resp.findings[0].service.action.kubernetes_api_call_action.parameters #=> String
+    #   resp.findings[0].service.action.kubernetes_api_call_action.resource #=> String
+    #   resp.findings[0].service.action.kubernetes_api_call_action.subresource #=> String
+    #   resp.findings[0].service.action.kubernetes_api_call_action.namespace #=> String
+    #   resp.findings[0].service.action.kubernetes_api_call_action.resource_name #=> String
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.city.city_name #=> String
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.country.country_code #=> String
     #   resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.country.country_name #=> String
@@ -2329,6 +2350,18 @@ module Aws::GuardDuty
     #   resp.findings[0].service.action.rds_login_attempt_action.login_attributes[0].application #=> String
     #   resp.findings[0].service.action.rds_login_attempt_action.login_attributes[0].failed_login_attempts #=> Integer
     #   resp.findings[0].service.action.rds_login_attempt_action.login_attributes[0].successful_login_attempts #=> Integer
+    #   resp.findings[0].service.action.kubernetes_permission_checked_details.verb #=> String
+    #   resp.findings[0].service.action.kubernetes_permission_checked_details.resource #=> String
+    #   resp.findings[0].service.action.kubernetes_permission_checked_details.namespace #=> String
+    #   resp.findings[0].service.action.kubernetes_permission_checked_details.allowed #=> Boolean
+    #   resp.findings[0].service.action.kubernetes_role_binding_details.kind #=> String
+    #   resp.findings[0].service.action.kubernetes_role_binding_details.name #=> String
+    #   resp.findings[0].service.action.kubernetes_role_binding_details.uid #=> String
+    #   resp.findings[0].service.action.kubernetes_role_binding_details.role_ref_name #=> String
+    #   resp.findings[0].service.action.kubernetes_role_binding_details.role_ref_kind #=> String
+    #   resp.findings[0].service.action.kubernetes_role_details.kind #=> String
+    #   resp.findings[0].service.action.kubernetes_role_details.name #=> String
+    #   resp.findings[0].service.action.kubernetes_role_details.uid #=> String
     #   resp.findings[0].service.evidence.threat_intelligence_details #=> Array
     #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_list_name #=> String
     #   resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names #=> Array
@@ -2456,6 +2489,19 @@ module Aws::GuardDuty
     #   resp.findings[0].service.runtime_details.context.iana_protocol_number #=> Integer
     #   resp.findings[0].service.runtime_details.context.memory_regions #=> Array
     #   resp.findings[0].service.runtime_details.context.memory_regions[0] #=> String
+    #   resp.findings[0].service.detection.anomaly.profiles #=> Hash
+    #   resp.findings[0].service.detection.anomaly.profiles["String"] #=> Hash
+    #   resp.findings[0].service.detection.anomaly.profiles["String"]["String"] #=> Array
+    #   resp.findings[0].service.detection.anomaly.profiles["String"]["String"][0].profile_type #=> String, one of "FREQUENCY"
+    #   resp.findings[0].service.detection.anomaly.profiles["String"]["String"][0].profile_subtype #=> String, one of "FREQUENT", "INFREQUENT", "UNSEEN", "RARE"
+    #   resp.findings[0].service.detection.anomaly.profiles["String"]["String"][0].observations.text #=> Array
+    #   resp.findings[0].service.detection.anomaly.profiles["String"]["String"][0].observations.text[0] #=> String
+    #   resp.findings[0].service.detection.anomaly.unusual.behavior #=> Hash
+    #   resp.findings[0].service.detection.anomaly.unusual.behavior["String"] #=> Hash
+    #   resp.findings[0].service.detection.anomaly.unusual.behavior["String"]["String"].profile_type #=> String, one of "FREQUENCY"
+    #   resp.findings[0].service.detection.anomaly.unusual.behavior["String"]["String"].profile_subtype #=> String, one of "FREQUENT", "INFREQUENT", "UNSEEN", "RARE"
+    #   resp.findings[0].service.detection.anomaly.unusual.behavior["String"]["String"].observations.text #=> Array
+    #   resp.findings[0].service.detection.anomaly.unusual.behavior["String"]["String"].observations.text[0] #=> String
     #   resp.findings[0].severity #=> Float
     #   resp.findings[0].title #=> String
     #   resp.findings[0].type #=> String
@@ -4491,7 +4537,7 @@ module Aws::GuardDuty
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-guardduty'
-      context[:gem_version] = '1.81.0'
+      context[:gem_version] = '1.82.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-guardduty/client_api.rb

@@ -34,11 +34,19 @@ module Aws::GuardDuty
     AdminStatus = Shapes::StringShape.new(name: 'AdminStatus')
     Administrator = Shapes::StructureShape.new(name: 'Administrator')
     AffectedResources = Shapes::MapShape.new(name: 'AffectedResources')
+    Anomaly = Shapes::StructureShape.new(name: 'Anomaly')
+    AnomalyObject = Shapes::StructureShape.new(name: 'AnomalyObject')
+    AnomalyProfileFeatureObjects = Shapes::ListShape.new(name: 'AnomalyProfileFeatureObjects')
+    AnomalyProfileFeatures = Shapes::MapShape.new(name: 'AnomalyProfileFeatures')
+    AnomalyProfiles = Shapes::MapShape.new(name: 'AnomalyProfiles')
+    AnomalyUnusual = Shapes::StructureShape.new(name: 'AnomalyUnusual')
+    AnomalyUnusualBehaviorFeature = Shapes::MapShape.new(name: 'AnomalyUnusualBehaviorFeature')
     ArchiveFindingsRequest = Shapes::StructureShape.new(name: 'ArchiveFindingsRequest')
     ArchiveFindingsResponse = Shapes::StructureShape.new(name: 'ArchiveFindingsResponse')
     AutoEnableMembers = Shapes::StringShape.new(name: 'AutoEnableMembers')
     AwsApiCallAction = Shapes::StructureShape.new(name: 'AwsApiCallAction')
     BadRequestException = Shapes::StructureShape.new(name: 'BadRequestException')
+    Behavior = Shapes::MapShape.new(name: 'Behavior')
     BlockPublicAccess = Shapes::StructureShape.new(name: 'BlockPublicAccess')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     BucketLevelPermissions = Shapes::StructureShape.new(name: 'BucketLevelPermissions')
@@ -120,6 +128,7 @@ module Aws::GuardDuty
     DestinationProperties = Shapes::StructureShape.new(name: 'DestinationProperties')
     DestinationType = Shapes::StringShape.new(name: 'DestinationType')
     Destinations = Shapes::ListShape.new(name: 'Destinations')
+    Detection = Shapes::StructureShape.new(name: 'Detection')
     DetectorAdditionalConfiguration = Shapes::StructureShape.new(name: 'DetectorAdditionalConfiguration')
     DetectorAdditionalConfigurationResult = Shapes::StructureShape.new(name: 'DetectorAdditionalConfigurationResult')
     DetectorAdditionalConfigurationResults = Shapes::ListShape.new(name: 'DetectorAdditionalConfigurationResults')
@@ -222,6 +231,7 @@ module Aws::GuardDuty
     HighestSeverityThreatDetails = Shapes::StructureShape.new(name: 'HighestSeverityThreatDetails')
     HostPath = Shapes::StructureShape.new(name: 'HostPath')
     IamInstanceProfile = Shapes::StructureShape.new(name: 'IamInstanceProfile')
+    ImpersonatedUser = Shapes::StructureShape.new(name: 'ImpersonatedUser')
     InstanceArn = Shapes::StringShape.new(name: 'InstanceArn')
     InstanceDetails = Shapes::StructureShape.new(name: 'InstanceDetails')
     Integer = Shapes::IntegerShape.new(name: 'Integer')
@@ -242,6 +252,9 @@ module Aws::GuardDuty
     KubernetesConfigurationResult = Shapes::StructureShape.new(name: 'KubernetesConfigurationResult')
     KubernetesDataSourceFreeTrial = Shapes::StructureShape.new(name: 'KubernetesDataSourceFreeTrial')
     KubernetesDetails = Shapes::StructureShape.new(name: 'KubernetesDetails')
+    KubernetesPermissionCheckedDetails = Shapes::StructureShape.new(name: 'KubernetesPermissionCheckedDetails')
+    KubernetesRoleBindingDetails = Shapes::StructureShape.new(name: 'KubernetesRoleBindingDetails')
+    KubernetesRoleDetails = Shapes::StructureShape.new(name: 'KubernetesRoleDetails')
     KubernetesUserDetails = Shapes::StructureShape.new(name: 'KubernetesUserDetails')
     KubernetesWorkloadDetails = Shapes::StructureShape.new(name: 'KubernetesWorkloadDetails')
     LambdaDetails = Shapes::StructureShape.new(name: 'LambdaDetails')
@@ -303,6 +316,8 @@ module Aws::GuardDuty
     NetworkInterfaces = Shapes::ListShape.new(name: 'NetworkInterfaces')
     NonEmptyString = Shapes::StringShape.new(name: 'NonEmptyString')
     NotEquals = Shapes::ListShape.new(name: 'NotEquals')
+    ObservationTexts = Shapes::ListShape.new(name: 'ObservationTexts')
+    Observations = Shapes::StructureShape.new(name: 'Observations')
     OrderBy = Shapes::StringShape.new(name: 'OrderBy')
     OrgFeature = Shapes::StringShape.new(name: 'OrgFeature')
     OrgFeatureAdditionalConfiguration = Shapes::StringShape.new(name: 'OrgFeatureAdditionalConfiguration')
@@ -341,6 +356,8 @@ module Aws::GuardDuty
     ProcessDetails = Shapes::StructureShape.new(name: 'ProcessDetails')
     ProductCode = Shapes::StructureShape.new(name: 'ProductCode')
     ProductCodes = Shapes::ListShape.new(name: 'ProductCodes')
+    ProfileSubtype = Shapes::StringShape.new(name: 'ProfileSubtype')
+    ProfileType = Shapes::StringShape.new(name: 'ProfileType')
     PublicAccess = Shapes::StructureShape.new(name: 'PublicAccess')
     PublishingStatus = Shapes::StringShape.new(name: 'PublishingStatus')
     RdsDbInstanceDetails = Shapes::StructureShape.new(name: 'RdsDbInstanceDetails')
@@ -513,6 +530,9 @@ module Aws::GuardDuty
     Action.add_member(:port_probe_action, Shapes::ShapeRef.new(shape: PortProbeAction, location_name: "portProbeAction"))
     Action.add_member(:kubernetes_api_call_action, Shapes::ShapeRef.new(shape: KubernetesApiCallAction, location_name: "kubernetesApiCallAction"))
     Action.add_member(:rds_login_attempt_action, Shapes::ShapeRef.new(shape: RdsLoginAttemptAction, location_name: "rdsLoginAttemptAction"))
+    Action.add_member(:kubernetes_permission_checked_details, Shapes::ShapeRef.new(shape: KubernetesPermissionCheckedDetails, location_name: "kubernetesPermissionCheckedDetails"))
+    Action.add_member(:kubernetes_role_binding_details, Shapes::ShapeRef.new(shape: KubernetesRoleBindingDetails, location_name: "kubernetesRoleBindingDetails"))
+    Action.add_member(:kubernetes_role_details, Shapes::ShapeRef.new(shape: KubernetesRoleDetails, location_name: "kubernetesRoleDetails"))
     Action.struct_class = Types::Action
 
     AddonDetails.add_member(:addon_version, Shapes::ShapeRef.new(shape: String, location_name: "addonVersion"))
@@ -534,6 +554,29 @@ module Aws::GuardDuty
     AffectedResources.key = Shapes::ShapeRef.new(shape: String)
     AffectedResources.value = Shapes::ShapeRef.new(shape: String)
 
+    Anomaly.add_member(:profiles, Shapes::ShapeRef.new(shape: AnomalyProfiles, location_name: "profiles"))
+    Anomaly.add_member(:unusual, Shapes::ShapeRef.new(shape: AnomalyUnusual, location_name: "unusual"))
+    Anomaly.struct_class = Types::Anomaly
+
+    AnomalyObject.add_member(:profile_type, Shapes::ShapeRef.new(shape: ProfileType, location_name: "profileType"))
+    AnomalyObject.add_member(:profile_subtype, Shapes::ShapeRef.new(shape: ProfileSubtype, location_name: "profileSubtype"))
+    AnomalyObject.add_member(:observations, Shapes::ShapeRef.new(shape: Observations, location_name: "observations"))
+    AnomalyObject.struct_class = Types::AnomalyObject
+
+    AnomalyProfileFeatureObjects.member = Shapes::ShapeRef.new(shape: AnomalyObject)
+
+    AnomalyProfileFeatures.key = Shapes::ShapeRef.new(shape: String)
+    AnomalyProfileFeatures.value = Shapes::ShapeRef.new(shape: AnomalyProfileFeatureObjects)
+
+    AnomalyProfiles.key = Shapes::ShapeRef.new(shape: String)
+    AnomalyProfiles.value = Shapes::ShapeRef.new(shape: AnomalyProfileFeatures)
+
+    AnomalyUnusual.add_member(:behavior, Shapes::ShapeRef.new(shape: Behavior, location_name: "behavior"))
+    AnomalyUnusual.struct_class = Types::AnomalyUnusual
+
+    AnomalyUnusualBehaviorFeature.key = Shapes::ShapeRef.new(shape: String)
+    AnomalyUnusualBehaviorFeature.value = Shapes::ShapeRef.new(shape: AnomalyObject)
+
     ArchiveFindingsRequest.add_member(:detector_id, Shapes::ShapeRef.new(shape: DetectorId, required: true, location: "uri", location_name: "detectorId"))
     ArchiveFindingsRequest.add_member(:finding_ids, Shapes::ShapeRef.new(shape: FindingIds, required: true, location_name: "findingIds"))
     ArchiveFindingsRequest.struct_class = Types::ArchiveFindingsRequest
@@ -555,6 +598,9 @@ module Aws::GuardDuty
     BadRequestException.add_member(:type, Shapes::ShapeRef.new(shape: String, location_name: "__type"))
     BadRequestException.struct_class = Types::BadRequestException
 
+    Behavior.key = Shapes::ShapeRef.new(shape: String)
+    Behavior.value = Shapes::ShapeRef.new(shape: AnomalyUnusualBehaviorFeature)
+
     BlockPublicAccess.add_member(:ignore_public_acls, Shapes::ShapeRef.new(shape: Boolean, location_name: "ignorePublicAcls"))
     BlockPublicAccess.add_member(:restrict_public_buckets, Shapes::ShapeRef.new(shape: Boolean, location_name: "restrictPublicBuckets"))
     BlockPublicAccess.add_member(:block_public_acls, Shapes::ShapeRef.new(shape: Boolean, location_name: "blockPublicAcls"))
@@ -864,6 +910,9 @@ module Aws::GuardDuty
 
     Destinations.member = Shapes::ShapeRef.new(shape: Destination)
 
+    Detection.add_member(:anomaly, Shapes::ShapeRef.new(shape: Anomaly, location_name: "anomaly"))
+    Detection.struct_class = Types::Detection
+
     DetectorAdditionalConfiguration.add_member(:name, Shapes::ShapeRef.new(shape: FeatureAdditionalConfiguration, location_name: "name"))
     DetectorAdditionalConfiguration.add_member(:status, Shapes::ShapeRef.new(shape: FeatureStatus, location_name: "status"))
     DetectorAdditionalConfiguration.struct_class = Types::DetectorAdditionalConfiguration
@@ -1193,6 +1242,10 @@ module Aws::GuardDuty
     IamInstanceProfile.add_member(:id, Shapes::ShapeRef.new(shape: String, location_name: "id"))
     IamInstanceProfile.struct_class = Types::IamInstanceProfile
 
+    ImpersonatedUser.add_member(:username, Shapes::ShapeRef.new(shape: String, location_name: "username"))
+    ImpersonatedUser.add_member(:groups, Shapes::ShapeRef.new(shape: Groups, location_name: "groups"))
+    ImpersonatedUser.struct_class = Types::ImpersonatedUser
+
     InstanceDetails.add_member(:availability_zone, Shapes::ShapeRef.new(shape: String, location_name: "availabilityZone"))
     InstanceDetails.add_member(:iam_instance_profile, Shapes::ShapeRef.new(shape: IamInstanceProfile, location_name: "iamInstanceProfile"))
     InstanceDetails.add_member(:image_description, Shapes::ShapeRef.new(shape: String, location_name: "imageDescription"))
@@ -1240,6 +1293,10 @@ module Aws::GuardDuty
     KubernetesApiCallAction.add_member(:remote_ip_details, Shapes::ShapeRef.new(shape: RemoteIpDetails, location_name: "remoteIpDetails"))
     KubernetesApiCallAction.add_member(:status_code, Shapes::ShapeRef.new(shape: Integer, location_name: "statusCode"))
     KubernetesApiCallAction.add_member(:parameters, Shapes::ShapeRef.new(shape: String, location_name: "parameters"))
+    KubernetesApiCallAction.add_member(:resource, Shapes::ShapeRef.new(shape: String, location_name: "resource"))
+    KubernetesApiCallAction.add_member(:subresource, Shapes::ShapeRef.new(shape: String, location_name: "subresource"))
+    KubernetesApiCallAction.add_member(:namespace, Shapes::ShapeRef.new(shape: String, location_name: "namespace"))
+    KubernetesApiCallAction.add_member(:resource_name, Shapes::ShapeRef.new(shape: String, location_name: "resourceName"))
     KubernetesApiCallAction.struct_class = Types::KubernetesApiCallAction
 
     KubernetesAuditLogsConfiguration.add_member(:enable, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "enable"))
@@ -1261,10 +1318,29 @@ module Aws::GuardDuty
     KubernetesDetails.add_member(:kubernetes_workload_details, Shapes::ShapeRef.new(shape: KubernetesWorkloadDetails, location_name: "kubernetesWorkloadDetails"))
     KubernetesDetails.struct_class = Types::KubernetesDetails
 
+    KubernetesPermissionCheckedDetails.add_member(:verb, Shapes::ShapeRef.new(shape: String, location_name: "verb"))
+    KubernetesPermissionCheckedDetails.add_member(:resource, Shapes::ShapeRef.new(shape: String, location_name: "resource"))
+    KubernetesPermissionCheckedDetails.add_member(:namespace, Shapes::ShapeRef.new(shape: String, location_name: "namespace"))
+    KubernetesPermissionCheckedDetails.add_member(:allowed, Shapes::ShapeRef.new(shape: Boolean, location_name: "allowed"))
+    KubernetesPermissionCheckedDetails.struct_class = Types::KubernetesPermissionCheckedDetails
+
+    KubernetesRoleBindingDetails.add_member(:kind, Shapes::ShapeRef.new(shape: String, location_name: "kind"))
+    KubernetesRoleBindingDetails.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
+    KubernetesRoleBindingDetails.add_member(:uid, Shapes::ShapeRef.new(shape: String, location_name: "uid"))
+    KubernetesRoleBindingDetails.add_member(:role_ref_name, Shapes::ShapeRef.new(shape: String, location_name: "roleRefName"))
+    KubernetesRoleBindingDetails.add_member(:role_ref_kind, Shapes::ShapeRef.new(shape: String, location_name: "roleRefKind"))
+    KubernetesRoleBindingDetails.struct_class = Types::KubernetesRoleBindingDetails
+
+    KubernetesRoleDetails.add_member(:kind, Shapes::ShapeRef.new(shape: String, location_name: "kind"))
+    KubernetesRoleDetails.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
+    KubernetesRoleDetails.add_member(:uid, Shapes::ShapeRef.new(shape: String, location_name: "uid"))
+    KubernetesRoleDetails.struct_class = Types::KubernetesRoleDetails
+
     KubernetesUserDetails.add_member(:username, Shapes::ShapeRef.new(shape: String, location_name: "username"))
     KubernetesUserDetails.add_member(:uid, Shapes::ShapeRef.new(shape: String, location_name: "uid"))
     KubernetesUserDetails.add_member(:groups, Shapes::ShapeRef.new(shape: Groups, location_name: "groups"))
     KubernetesUserDetails.add_member(:session_name, Shapes::ShapeRef.new(shape: SessionNameList, location_name: "sessionName"))
+    KubernetesUserDetails.add_member(:impersonated_user, Shapes::ShapeRef.new(shape: ImpersonatedUser, location_name: "impersonatedUser"))
     KubernetesUserDetails.struct_class = Types::KubernetesUserDetails
 
     KubernetesWorkloadDetails.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
@@ -1274,6 +1350,9 @@ module Aws::GuardDuty
     KubernetesWorkloadDetails.add_member(:host_network, Shapes::ShapeRef.new(shape: Boolean, location_name: "hostNetwork"))
     KubernetesWorkloadDetails.add_member(:containers, Shapes::ShapeRef.new(shape: Containers, location_name: "containers"))
     KubernetesWorkloadDetails.add_member(:volumes, Shapes::ShapeRef.new(shape: Volumes, location_name: "volumes"))
+    KubernetesWorkloadDetails.add_member(:service_account_name, Shapes::ShapeRef.new(shape: String, location_name: "serviceAccountName"))
+    KubernetesWorkloadDetails.add_member(:host_ipc, Shapes::ShapeRef.new(shape: Boolean, location_name: "hostIPC"))
+    KubernetesWorkloadDetails.add_member(:host_pid, Shapes::ShapeRef.new(shape: Boolean, location_name: "hostPID"))
     KubernetesWorkloadDetails.struct_class = Types::KubernetesWorkloadDetails
 
     LambdaDetails.add_member(:function_arn, Shapes::ShapeRef.new(shape: String, location_name: "functionArn"))
@@ -1507,6 +1586,11 @@ module Aws::GuardDuty
 
     NotEquals.member = Shapes::ShapeRef.new(shape: String)
 
+    ObservationTexts.member = Shapes::ShapeRef.new(shape: String)
+
+    Observations.add_member(:text, Shapes::ShapeRef.new(shape: ObservationTexts, location_name: "text"))
+    Observations.struct_class = Types::Observations
+
     Organization.add_member(:asn, Shapes::ShapeRef.new(shape: String, location_name: "asn"))
     Organization.add_member(:asn_org, Shapes::ShapeRef.new(shape: String, location_name: "asnOrg"))
     Organization.add_member(:isp, Shapes::ShapeRef.new(shape: String, location_name: "isp"))
@@ -1799,6 +1883,7 @@ module Aws::GuardDuty
     Scans.member = Shapes::ShapeRef.new(shape: Scan)
 
     SecurityContext.add_member(:privileged, Shapes::ShapeRef.new(shape: Boolean, location_name: "privileged"))
+    SecurityContext.add_member(:allow_privilege_escalation, Shapes::ShapeRef.new(shape: Boolean, location_name: "allowPrivilegeEscalation"))
     SecurityContext.struct_class = Types::SecurityContext
 
     SecurityGroup.add_member(:group_id, Shapes::ShapeRef.new(shape: String, location_name: "groupId"))
@@ -1821,6 +1906,7 @@ module Aws::GuardDuty
     Service.add_member(:feature_name, Shapes::ShapeRef.new(shape: String, location_name: "featureName"))
     Service.add_member(:ebs_volume_scan_details, Shapes::ShapeRef.new(shape: EbsVolumeScanDetails, location_name: "ebsVolumeScanDetails"))
     Service.add_member(:runtime_details, Shapes::ShapeRef.new(shape: RuntimeDetails, location_name: "runtimeDetails"))
+    Service.add_member(:detection, Shapes::ShapeRef.new(shape: Detection, location_name: "detection"))
     Service.struct_class = Types::Service
 
     ServiceAdditionalInfo.add_member(:value, Shapes::ShapeRef.new(shape: String, location_name: "value"))

data/lib/aws-sdk-guardduty/types.rb

@@ -230,6 +230,20 @@ module Aws::GuardDuty
     #   finding.
     #   @return [Types::RdsLoginAttemptAction]
     #
+    # @!attribute [rw] kubernetes_permission_checked_details
+    #   Information whether the user has the permission to use a specific
+    #   Kubernetes API.
+    #   @return [Types::KubernetesPermissionCheckedDetails]
+    #
+    # @!attribute [rw] kubernetes_role_binding_details
+    #   Information about the role binding that grants the permission
+    #   defined in a Kubernetes role.
+    #   @return [Types::KubernetesRoleBindingDetails]
+    #
+    # @!attribute [rw] kubernetes_role_details
+    #   Information about the Kubernetes role name and role type.
+    #   @return [Types::KubernetesRoleDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Action AWS API Documentation
     #
     class Action < Struct.new(
@@ -239,7 +253,10 @@ module Aws::GuardDuty
       :network_connection_action,
       :port_probe_action,
       :kubernetes_api_call_action,
-      :rds_login_attempt_action)
+      :rds_login_attempt_action,
+      :kubernetes_permission_checked_details,
+      :kubernetes_role_binding_details,
+      :kubernetes_role_details)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -315,6 +332,65 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains information about the anomalies.
+    #
+    # @!attribute [rw] profiles
+    #   Information about the types of profiles.
+    #   @return [Hash<String,Hash<String,Array<Types::AnomalyObject>>>]
+    #
+    # @!attribute [rw] unusual
+    #   Information about the behavior of the anomalies.
+    #   @return [Types::AnomalyUnusual]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Anomaly AWS API Documentation
+    #
+    class Anomaly < Struct.new(
+      :profiles,
+      :unusual)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the unusual anomalies.
+    #
+    # @!attribute [rw] profile_type
+    #   The type of behavior of the profile.
+    #   @return [String]
+    #
+    # @!attribute [rw] profile_subtype
+    #   The frequency of the anomaly.
+    #   @return [String]
+    #
+    # @!attribute [rw] observations
+    #   The recorded value.
+    #   @return [Types::Observations]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AnomalyObject AWS API Documentation
+    #
+    class AnomalyObject < Struct.new(
+      :profile_type,
+      :profile_subtype,
+      :observations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the behavior of the anomaly that is new to
+    # GuardDuty.
+    #
+    # @!attribute [rw] behavior
+    #   The behavior of the anomalous activity that caused GuardDuty to
+    #   generate the finding.
+    #   @return [Hash<String,Hash<String,Types::AnomalyObject>>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AnomalyUnusual AWS API Documentation
+    #
+    class AnomalyUnusual < Struct.new(
+      :behavior)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] detector_id
     #   The ID of the detector that specifies the GuardDuty service whose
     #   findings you want to archive.
@@ -1116,6 +1192,8 @@ module Aws::GuardDuty
     #
     #   * service.action.dnsRequestAction.domain
     #
+    #   * service.action.dnsRequestAction.domainWithSuffix
+    #
     #   * service.action.networkConnectionAction.blocked
     #
     #   * service.action.networkConnectionAction.connectionDirection
@@ -1140,8 +1218,14 @@ module Aws::GuardDuty
     #
     #   * service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
     #
+    #   * service.action.kubernetesApiCallAction.namespace
+    #
+    #   * service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
+    #
     #   * service.action.kubernetesApiCallAction.requestUri
     #
+    #   * service.action.kubernetesApiCallAction.statusCode
+    #
     #   * service.action.networkConnectionAction.localIpDetails.ipAddressV4
     #
     #   * service.action.networkConnectionAction.protocol
@@ -2076,6 +2160,21 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains information about the detected behavior.
+    #
+    # @!attribute [rw] anomaly
+    #   The details about the anomalous activity that caused GuardDuty to
+    #   generate the finding.
+    #   @return [Types::Anomaly]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Detection AWS API Documentation
+    #
+    class Detection < Struct.new(
+      :anomaly)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about the additional configuration for a feature in your
     # GuardDuty account.
     #
@@ -3460,6 +3559,25 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains information about the impersonated user.
+    #
+    # @!attribute [rw] username
+    #   Information about the `username` that was being impersonated.
+    #   @return [String]
+    #
+    # @!attribute [rw] groups
+    #   The `group` to which the user name belongs.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ImpersonatedUser AWS API Documentation
+    #
+    class ImpersonatedUser < Struct.new(
+      :username,
+      :groups)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about the details of an instance.
     #
     # @!attribute [rw] availability_zone
@@ -3662,6 +3780,23 @@ module Aws::GuardDuty
     #   Parameters related to the Kubernetes API call action.
     #   @return [String]
     #
+    # @!attribute [rw] resource
+    #   The resource component in the Kubernetes API call action.
+    #   @return [String]
+    #
+    # @!attribute [rw] subresource
+    #   The name of the sub-resource in the Kubernetes API call action.
+    #   @return [String]
+    #
+    # @!attribute [rw] namespace
+    #   The name of the namespace where the Kubernetes API call action takes
+    #   place.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_name
+    #   The name of the resource in the Kubernetes API call action.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesApiCallAction AWS API Documentation
     #
     class KubernetesApiCallAction < Struct.new(
@@ -3671,7 +3806,11 @@ module Aws::GuardDuty
       :user_agent,
       :remote_ip_details,
       :status_code,
-      :parameters)
+      :parameters,
+      :resource,
+      :subresource,
+      :namespace,
+      :resource_name)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3772,6 +3911,102 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Information about the Kubernetes API for which you check if you have
+    # permission to call.
+    #
+    # @!attribute [rw] verb
+    #   The verb component of the Kubernetes API call. For example, when you
+    #   check whether or not you have the permission to call the `CreatePod`
+    #   API, the verb component will be `Create`.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource
+    #   The Kubernetes resource with which your Kubernetes API call will
+    #   interact.
+    #   @return [String]
+    #
+    # @!attribute [rw] namespace
+    #   The namespace where the Kubernetes API action will take place.
+    #   @return [String]
+    #
+    # @!attribute [rw] allowed
+    #   Information whether the user has the permission to call the
+    #   Kubernetes API.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesPermissionCheckedDetails AWS API Documentation
+    #
+    class KubernetesPermissionCheckedDetails < Struct.new(
+      :verb,
+      :resource,
+      :namespace,
+      :allowed)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the role binding that grants the permission
+    # defined in a Kubernetes role.
+    #
+    # @!attribute [rw] kind
+    #   The kind of the role. For role binding, this value will be
+    #   `RoleBinding`.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the `RoleBinding`.
+    #   @return [String]
+    #
+    # @!attribute [rw] uid
+    #   The unique identifier of the role binding.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_ref_name
+    #   The name of the role being referenced. This must match the name of
+    #   the `Role` or `ClusterRole` that you want to bind to.
+    #   @return [String]
+    #
+    # @!attribute [rw] role_ref_kind
+    #   The type of the role being referenced. This could be either `Role`
+    #   or `ClusterRole`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesRoleBindingDetails AWS API Documentation
+    #
+    class KubernetesRoleBindingDetails < Struct.new(
+      :kind,
+      :name,
+      :uid,
+      :role_ref_name,
+      :role_ref_kind)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the Kubernetes role name and role type.
+    #
+    # @!attribute [rw] kind
+    #   The kind of role. For this API, the value of `kind` will be `Role`.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the Kubernetes role.
+    #   @return [String]
+    #
+    # @!attribute [rw] uid
+    #   The unique identifier of the Kubernetes role name.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesRoleDetails AWS API Documentation
+    #
+    class KubernetesRoleDetails < Struct.new(
+      :kind,
+      :name,
+      :uid)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details about the Kubernetes user involved in a Kubernetes finding.
     #
     # @!attribute [rw] username
@@ -3791,13 +4026,18 @@ module Aws::GuardDuty
     #   are assigned to that role.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] impersonated_user
+    #   Information about the impersonated user.
+    #   @return [Types::ImpersonatedUser]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesUserDetails AWS API Documentation
     #
     class KubernetesUserDetails < Struct.new(
       :username,
       :uid,
       :groups,
-      :session_name)
+      :session_name,
+      :impersonated_user)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3834,6 +4074,19 @@ module Aws::GuardDuty
     #   Volumes used by the Kubernetes workload.
     #   @return [Array<Types::Volume>]
     #
+    # @!attribute [rw] service_account_name
+    #   The service account name that is associated with a Kubernetes
+    #   workload.
+    #   @return [String]
+    #
+    # @!attribute [rw] host_ipc
+    #   Whether the host IPC flag is enabled for the pods in the workload.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] host_pid
+    #   Whether the host PID flag is enabled for the pods in the workload.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesWorkloadDetails AWS API Documentation
     #
     class KubernetesWorkloadDetails < Struct.new(
@@ -3843,7 +4096,10 @@ module Aws::GuardDuty
       :namespace,
       :host_network,
       :containers,
-      :volumes)
+      :volumes,
+      :service_account_name,
+      :host_ipc,
+      :host_pid)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4395,6 +4651,11 @@ module Aws::GuardDuty
 
     # @!attribute [rw] members
     #   A list of members.
+    #
+    #   <note markdown="1"> The values for `email` and `invitedAt` are available only if the
+    #   member accounts are added by invitation.
+    #
+    #    </note>
     #   @return [Array<Types::Member>]
     #
     # @!attribute [rw] next_token
@@ -4999,6 +5260,20 @@ module Aws::GuardDuty
       include Aws::Structure
     end
 
+    # Contains information about the observed behavior.
+    #
+    # @!attribute [rw] text
+    #   The text that was unusual.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Observations AWS API Documentation
+    #
+    class Observations < Struct.new(
+      :text)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about the ISP organization of the remote IP
     # address.
     #
@@ -6448,10 +6723,16 @@ module Aws::GuardDuty
     #   Whether the container is privileged.
     #   @return [Boolean]
     #
+    # @!attribute [rw] allow_privilege_escalation
+    #   Whether or not a container or a Kubernetes pod is allowed to gain
+    #   more privileges than its parent process.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/SecurityContext AWS API Documentation
     #
     class SecurityContext < Struct.new(
-      :privileged)
+      :privileged,
+      :allow_privilege_escalation)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6538,6 +6819,10 @@ module Aws::GuardDuty
     #   specific finding
     #   @return [Types::RuntimeDetails]
     #
+    # @!attribute [rw] detection
+    #   Contains information about the detected unusual behavior.
+    #   @return [Types::Detection]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Service AWS API Documentation
     #
     class Service < Struct.new(
@@ -6554,7 +6839,8 @@ module Aws::GuardDuty
       :additional_info,
       :feature_name,
       :ebs_volume_scan_details,
-      :runtime_details)
+      :runtime_details,
+      :detection)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-guardduty.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-guardduty/customizations'
 # @!group service
 module Aws::GuardDuty
 
-  GEM_VERSION = '1.81.0'
+  GEM_VERSION = '1.82.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-guardduty
 version: !ruby/object:Gem::Version
-  version: 1.81.0
+  version: 1.82.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-10-17 00:00:00.000000000 Z
+date: 2023-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core