@aws-sdk/client-guardduty 3.1072.0 → 3.1074.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/README.md +21 -0
  2. package/dist-cjs/index.js +80 -1
  3. package/dist-cjs/schemas/schemas_0.js +179 -55
  4. package/dist-es/GuardDuty.js +8 -0
  5. package/dist-es/commands/CreateInvestigationCommand.js +16 -0
  6. package/dist-es/commands/GetInvestigationCommand.js +16 -0
  7. package/dist-es/commands/ListInvestigationsCommand.js +16 -0
  8. package/dist-es/commands/index.js +3 -0
  9. package/dist-es/models/enums.js +28 -0
  10. package/dist-es/pagination/ListInvestigationsPaginator.js +4 -0
  11. package/dist-es/pagination/index.js +1 -0
  12. package/dist-es/schemas/schemas_0.js +167 -55
  13. package/dist-types/GuardDuty.d.ts +28 -0
  14. package/dist-types/GuardDutyClient.d.ts +5 -2
  15. package/dist-types/commands/CreateInvestigationCommand.d.ts +87 -0
  16. package/dist-types/commands/GetInvestigationCommand.d.ts +113 -0
  17. package/dist-types/commands/GetMalwareScanCommand.d.ts +2 -1
  18. package/dist-types/commands/GetMalwareScanSettingsCommand.d.ts +1 -1
  19. package/dist-types/commands/GetMasterAccountCommand.d.ts +1 -2
  20. package/dist-types/commands/ListInvestigationsCommand.d.ts +104 -0
  21. package/dist-types/commands/index.d.ts +3 -0
  22. package/dist-types/models/enums.d.ts +68 -0
  23. package/dist-types/models/models_0.d.ts +180 -196
  24. package/dist-types/models/models_1.d.ts +304 -2
  25. package/dist-types/pagination/ListInvestigationsPaginator.d.ts +7 -0
  26. package/dist-types/pagination/index.d.ts +1 -0
  27. package/dist-types/schemas/schemas_0.d.ts +15 -0
  28. package/dist-types/ts3.4/GuardDuty.d.ts +58 -0
  29. package/dist-types/ts3.4/GuardDutyClient.d.ts +18 -0
  30. package/dist-types/ts3.4/commands/CreateInvestigationCommand.d.ts +53 -0
  31. package/dist-types/ts3.4/commands/GetInvestigationCommand.d.ts +52 -0
  32. package/dist-types/ts3.4/commands/GetMalwareScanCommand.d.ts +2 -4
  33. package/dist-types/ts3.4/commands/GetMalwareScanSettingsCommand.d.ts +1 -1
  34. package/dist-types/ts3.4/commands/GetMasterAccountCommand.d.ts +4 -2
  35. package/dist-types/ts3.4/commands/ListInvestigationsCommand.d.ts +53 -0
  36. package/dist-types/ts3.4/commands/index.d.ts +3 -0
  37. package/dist-types/ts3.4/models/enums.d.ts +35 -0
  38. package/dist-types/ts3.4/models/models_0.d.ts +47 -48
  39. package/dist-types/ts3.4/models/models_1.d.ts +82 -2
  40. package/dist-types/ts3.4/pagination/ListInvestigationsPaginator.d.ts +11 -0
  41. package/dist-types/ts3.4/pagination/index.d.ts +1 -0
  42. package/dist-types/ts3.4/schemas/schemas_0.d.ts +15 -0
  43. package/package.json +3 -3
@@ -1,4 +1,4 @@
1
- import type { AdminStatus, AutoEnableMembers, ClusterStatus, CoverageFilterCriterionKey, CoverageSortKey, CoverageStatisticsType, CoverageStatus, CriterionKey, DataSourceStatus, DestinationType, DetectionSource, DetectorFeature, DetectorFeatureResult, DetectorStatus, EbsSnapshotPreservation, EcsClusterStatus, EcsLaunchType, FeatureAdditionalConfiguration, FeatureStatus, FilterAction, FindingPublishingFrequency, FindingResourceType, FindingStatisticType, FreeTrialFeatureResult, GroupByType, IndicatorType, IpSetFormat, IpSetStatus, KubernetesResourcesTypes, MalwareProtectionPlanStatus, MalwareProtectionPlanTaggingActionStatus, MalwareProtectionResourceType, MalwareProtectionScanStatus, MalwareProtectionScanType, ManagementType, MfaStatus, NetworkDirection, OrderBy, OrgFeature, OrgFeatureAdditionalConfiguration, OrgFeatureStatus, ProfileSubtype, ProfileType, PublicAccessStatus, PublicAclIgnoreBehavior, PublicBucketRestrictBehavior, PublishingStatus, ResourceType, ScanCategory, ScanCriterionKey, ScanResult, ScanResultStatus, ScanStatus, ScanStatusReason, ScanType, SignalType, ThreatEntitySetFormat, ThreatIntelSetFormat, TriggerType, TrustedEntitySetFormat } from "./enums";
1
+ import type { AdminStatus, AutoEnableMembers, CloudProvider, ClusterStatus, Confidence, CoverageFilterCriterionKey, CoverageSortKey, CoverageStatisticsType, CoverageStatus, CriterionKey, DataSourceStatus, DestinationType, DetectionSource, DetectorFeature, DetectorFeatureResult, DetectorStatus, EcsClusterStatus, EcsLaunchType, FeatureAdditionalConfiguration, FeatureStatus, FilterAction, FindingPublishingFrequency, FindingResourceType, FindingStatisticType, FreeTrialFeatureResult, GroupByType, IndicatorType, InvestigationStatus, IpSetFormat, IpSetStatus, KubernetesResourcesTypes, MalwareProtectionPlanStatus, MalwareProtectionPlanTaggingActionStatus, MalwareProtectionResourceType, MalwareProtectionScanStatus, MalwareProtectionScanType, ManagementType, MfaStatus, NetworkDirection, OrderBy, OrgFeature, OrgFeatureAdditionalConfiguration, OrgFeatureStatus, ProfileSubtype, ProfileType, PublicAccessStatus, PublicAclIgnoreBehavior, PublicBucketRestrictBehavior, PublishingStatus, ResourceType, RiskLevel, ScanCategory, ScanResult, ScanResultStatus, ScanStatus, ScanStatusReason, ScanType, SignalType, ThreatEntitySetFormat, ThreatIntelSetFormat, TriggerType, TrustedEntitySetFormat } from "./enums";
2
2
  /**
3
3
  * @public
4
4
  */
@@ -1226,6 +1226,27 @@ export interface BucketLevelPermissions {
1226
1226
  */
1227
1227
  BlockPublicAccess?: BlockPublicAccess | undefined;
1228
1228
  }
1229
+ /**
1230
+ * <p>Contains details about the cloud environment associated with an investigation.</p>
1231
+ * @public
1232
+ */
1233
+ export interface CloudDetails {
1234
+ /**
1235
+ * <p>The cloud provider. Currently, only <code>AWS</code> is supported.</p>
1236
+ * @public
1237
+ */
1238
+ Provider: CloudProvider | undefined;
1239
+ /**
1240
+ * <p>The Amazon Web Services Region in which the investigated resource resides.</p>
1241
+ * @public
1242
+ */
1243
+ Region: string | undefined;
1244
+ /**
1245
+ * <p>The Amazon Web Services account ID of the investigated resource.</p>
1246
+ * @public
1247
+ */
1248
+ Account: string | undefined;
1249
+ }
1229
1250
  /**
1230
1251
  * <p>Contains information about the CloudFormation stack involved in a GuardDuty finding, including unique identifiers of the Amazon EC2 instances.</p>
1231
1252
  * @public
@@ -1983,6 +2004,36 @@ export interface CreateFilterResponse {
1983
2004
  */
1984
2005
  Name: string | undefined;
1985
2006
  }
2007
+ /**
2008
+ * @public
2009
+ */
2010
+ export interface CreateInvestigationRequest {
2011
+ /**
2012
+ * <p>The unique ID of the GuardDuty detector for the account in which the investigation is created.</p> <p>To find the <code>detectorId</code> in the current Region, see the Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
2013
+ * @public
2014
+ */
2015
+ DetectorId: string | undefined;
2016
+ /**
2017
+ * <p>A natural-language description of what to investigate. For example:</p> <ul> <li> <p> <code>"Investigate finding 1ab2c3d4e5f6a7b8c9d0e1f2a3b4c5d6 in account 123456789012"</code> </p> </li> <li> <p> <code>"Analyze findings in account with id 123456789012"</code> </p> </li> <li> <p> <code>"Analyze findings in my organization"</code> </p> </li> </ul>
2018
+ * @public
2019
+ */
2020
+ TriggerPrompt: string | undefined;
2021
+ /**
2022
+ * <p>The idempotency token for the create request.</p>
2023
+ * @public
2024
+ */
2025
+ ClientToken?: string | undefined;
2026
+ }
2027
+ /**
2028
+ * @public
2029
+ */
2030
+ export interface CreateInvestigationResponse {
2031
+ /**
2032
+ * <p>The unique identifier of the newly created investigation.</p>
2033
+ * @public
2034
+ */
2035
+ InvestigationId: string | undefined;
2036
+ }
1986
2037
  /**
1987
2038
  * @public
1988
2039
  */
@@ -6271,6 +6322,134 @@ export interface GetFindingsStatisticsResponse {
6271
6322
  */
6272
6323
  NextToken?: string | undefined;
6273
6324
  }
6325
+ /**
6326
+ * @public
6327
+ */
6328
+ export interface GetInvestigationRequest {
6329
+ /**
6330
+ * <p>The unique ID of the GuardDuty detector associated with the investigation.</p> <p>To find the <code>detectorId</code> in the current Region, see the Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
6331
+ * @public
6332
+ */
6333
+ DetectorId: string | undefined;
6334
+ /**
6335
+ * <p>The unique identifier of the investigation to retrieve.</p>
6336
+ * @public
6337
+ */
6338
+ InvestigationId: string | undefined;
6339
+ }
6340
+ /**
6341
+ * <p>Contains information about the product that produced an investigation.</p>
6342
+ * @public
6343
+ */
6344
+ export interface Product {
6345
+ /**
6346
+ * <p>The name of the product.</p>
6347
+ * @public
6348
+ */
6349
+ Name: string | undefined;
6350
+ /**
6351
+ * <p>The specific feature within the product that produced the investigation.</p>
6352
+ * @public
6353
+ */
6354
+ Feature?: string | undefined;
6355
+ }
6356
+ /**
6357
+ * <p>Contains metadata about the product and version that produced an investigation.</p>
6358
+ * @public
6359
+ */
6360
+ export interface InvestigationMetadata {
6361
+ /**
6362
+ * <p>The version of the investigation engine that produced the results.</p>
6363
+ * @public
6364
+ */
6365
+ Version: string | undefined;
6366
+ /**
6367
+ * <p>Information about the product that produced the investigation.</p>
6368
+ * @public
6369
+ */
6370
+ Product: Product | undefined;
6371
+ }
6372
+ /**
6373
+ * <p>Contains the details and results of a GuardDuty investigation.</p>
6374
+ * @public
6375
+ */
6376
+ export interface Investigation {
6377
+ /**
6378
+ * <p>The unique identifier of the investigation.</p>
6379
+ * @public
6380
+ */
6381
+ InvestigationId: string | undefined;
6382
+ /**
6383
+ * <p>The current status of the investigation. Possible values are <code>RUNNING</code>, <code>COMPLETED</code>, and <code>FAILED</code>.</p>
6384
+ * @public
6385
+ */
6386
+ Status: InvestigationStatus | undefined;
6387
+ /**
6388
+ * <p>The natural-language prompt that initiated this investigation.</p>
6389
+ * @public
6390
+ */
6391
+ TriggerPrompt: string | undefined;
6392
+ /**
6393
+ * <p>The account that initiated the investigation.</p>
6394
+ * @public
6395
+ */
6396
+ TriggeredBy: string | undefined;
6397
+ /**
6398
+ * <p>Metadata about the product and version that produced the investigation.</p>
6399
+ * @public
6400
+ */
6401
+ Metadata?: InvestigationMetadata | undefined;
6402
+ /**
6403
+ * <p>Details about the cloud environment in which the investigation was performed, including the provider, region, and account.</p>
6404
+ * @public
6405
+ */
6406
+ Cloud?: CloudDetails | undefined;
6407
+ /**
6408
+ * <p>The assessed risk level of the investigated threat. Possible values are <code>Info</code>, <code>Low</code>, <code>Medium</code>, <code>High</code>, and <code>Critical</code>.</p>
6409
+ * @public
6410
+ */
6411
+ RiskLevel?: RiskLevel | undefined;
6412
+ /**
6413
+ * <p>A human-readable description of the assessed risk.</p>
6414
+ * @public
6415
+ */
6416
+ Risk?: string | undefined;
6417
+ /**
6418
+ * <p>The confidence level of the investigation's assessment. Possible values are <code>Unknown</code>, <code>Low</code>, <code>Medium</code>, and <code>High</code>.</p>
6419
+ * @public
6420
+ */
6421
+ Confidence?: Confidence | undefined;
6422
+ /**
6423
+ * <p>A structured summary of the investigation findings, including affected resources, threat assessment, and recommended remediation steps.</p>
6424
+ * @public
6425
+ */
6426
+ Summary?: string | undefined;
6427
+ /**
6428
+ * <p>The timestamp at which the investigation started.</p>
6429
+ * @public
6430
+ */
6431
+ StartTime?: Date | undefined;
6432
+ /**
6433
+ * <p>The timestamp at which the investigation completed.</p>
6434
+ * @public
6435
+ */
6436
+ EndTime?: Date | undefined;
6437
+ /**
6438
+ * <p>Details about the error if the investigation status is <code>FAILED</code>.</p>
6439
+ * @public
6440
+ */
6441
+ Error?: string | undefined;
6442
+ }
6443
+ /**
6444
+ * @public
6445
+ */
6446
+ export interface GetInvestigationResponse {
6447
+ /**
6448
+ * <p>The details and results of the requested investigation.</p>
6449
+ * @public
6450
+ */
6451
+ Investigation: Investigation | undefined;
6452
+ }
6274
6453
  /**
6275
6454
  * @public
6276
6455
  */
@@ -6599,198 +6778,3 @@ export interface GetMalwareScanResultDetails {
6599
6778
  */
6600
6779
  Threats?: ScanResultThreat[] | undefined;
6601
6780
  }
6602
- /**
6603
- * @public
6604
- */
6605
- export interface GetMalwareScanResponse {
6606
- /**
6607
- * <p>A unique identifier associated with the malware scan. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.</p>
6608
- * @public
6609
- */
6610
- ScanId?: string | undefined;
6611
- /**
6612
- * <p>The unique ID of the detector that is associated with the request, if it belongs to an account which is a GuardDuty customer.</p> <p>To find the <code>detectorId</code> in the current Region, see the Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
6613
- * @public
6614
- */
6615
- DetectorId?: string | undefined;
6616
- /**
6617
- * <p>The unique detector ID of the administrator account that the request is associated with. If the account is an administrator, the <code>AdminDetectorId</code> will be the same as the one used for <code>DetectorId. If the customer is not a GuardDuty customer, this field will not be present.</code>.</p> <p>To find the <code>detectorId</code> in the current Region, see the Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
6618
- * @public
6619
- */
6620
- AdminDetectorId?: string | undefined;
6621
- /**
6622
- * <p>Amazon Resource Name (ARN) of the resource on which a malware scan was invoked.</p>
6623
- * @public
6624
- */
6625
- ResourceArn?: string | undefined;
6626
- /**
6627
- * <p>The type of resource that was scanned for malware.</p>
6628
- * @public
6629
- */
6630
- ResourceType?: MalwareProtectionResourceType | undefined;
6631
- /**
6632
- * <p>The total number of resources that were successfully scanned. This is dependent on the resource type.</p>
6633
- * @public
6634
- */
6635
- ScannedResourcesCount?: number | undefined;
6636
- /**
6637
- * <p>The total number of resources that were skipped during the scan.</p>
6638
- * @public
6639
- */
6640
- SkippedResourcesCount?: number | undefined;
6641
- /**
6642
- * <p>The total number of resources that failed to be scanned.</p>
6643
- * @public
6644
- */
6645
- FailedResourcesCount?: number | undefined;
6646
- /**
6647
- * <p>A list of resources along with their metadata that were scanned as part of the malware scan operation.</p>
6648
- * @public
6649
- */
6650
- ScannedResources?: ScannedResource[] | undefined;
6651
- /**
6652
- * <p>Information about the scan configuration used for the malware scan.</p>
6653
- * @public
6654
- */
6655
- ScanConfiguration?: ScanConfiguration | undefined;
6656
- /**
6657
- * <p>The category of the malware scan, indicating the type of scan performed.</p>
6658
- * @public
6659
- */
6660
- ScanCategory?: ScanCategory | undefined;
6661
- /**
6662
- * <p>A value representing the current status of the malware scan.</p>
6663
- * @public
6664
- */
6665
- ScanStatus?: MalwareProtectionScanStatus | undefined;
6666
- /**
6667
- * <p>Represents the reason for the current scan status, if applicable.</p>
6668
- * @public
6669
- */
6670
- ScanStatusReason?: ScanStatusReason | undefined;
6671
- /**
6672
- * <p>A value representing the initiator of the scan.</p>
6673
- * @public
6674
- */
6675
- ScanType?: MalwareProtectionScanType | undefined;
6676
- /**
6677
- * <p>The timestamp representing when the malware scan was started.</p>
6678
- * @public
6679
- */
6680
- ScanStartedAt?: Date | undefined;
6681
- /**
6682
- * <p>The timestamp representing when the malware scan was completed.</p>
6683
- * @public
6684
- */
6685
- ScanCompletedAt?: Date | undefined;
6686
- /**
6687
- * <p>Detailed information about the results of the malware scan, if the scan completed.</p>
6688
- * @public
6689
- */
6690
- ScanResultDetails?: GetMalwareScanResultDetails | undefined;
6691
- }
6692
- /**
6693
- * @public
6694
- */
6695
- export interface GetMalwareScanSettingsRequest {
6696
- /**
6697
- * <p>The unique ID of the detector that is associated with this scan.</p> <p>To find the <code>detectorId</code> in the current Region, see the Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
6698
- * @public
6699
- */
6700
- DetectorId: string | undefined;
6701
- }
6702
- /**
6703
- * <p>Represents the <code>key:value</code> pair to be matched against given resource property.</p>
6704
- * @public
6705
- */
6706
- export interface ScanConditionPair {
6707
- /**
6708
- * <p>Represents the <b>key</b> in the map condition.</p>
6709
- * @public
6710
- */
6711
- Key: string | undefined;
6712
- /**
6713
- * <p>Represents optional <b>value</b> in the map condition. If not specified, only the <b>key</b> will be matched.</p>
6714
- * @public
6715
- */
6716
- Value?: string | undefined;
6717
- }
6718
- /**
6719
- * <p>Contains information about the condition.</p>
6720
- * @public
6721
- */
6722
- export interface ScanCondition {
6723
- /**
6724
- * <p>Represents an <i>mapEqual</i> <b/> condition to be applied to a single field when triggering for malware scan.</p>
6725
- * @public
6726
- */
6727
- MapEquals: ScanConditionPair[] | undefined;
6728
- }
6729
- /**
6730
- * <p>Contains information about criteria used to filter resources before triggering malware scan.</p>
6731
- * @public
6732
- */
6733
- export interface ScanResourceCriteria {
6734
- /**
6735
- * <p>Represents condition that when matched will allow a malware scan for a certain resource.</p>
6736
- * @public
6737
- */
6738
- Include?: Partial<Record<ScanCriterionKey, ScanCondition>> | undefined;
6739
- /**
6740
- * <p>Represents condition that when matched will prevent a malware scan for a certain resource.</p>
6741
- * @public
6742
- */
6743
- Exclude?: Partial<Record<ScanCriterionKey, ScanCondition>> | undefined;
6744
- }
6745
- /**
6746
- * @public
6747
- */
6748
- export interface GetMalwareScanSettingsResponse {
6749
- /**
6750
- * <p>Represents the criteria to be used in the filter for scanning resources.</p>
6751
- * @public
6752
- */
6753
- ScanResourceCriteria?: ScanResourceCriteria | undefined;
6754
- /**
6755
- * <p>An enum value representing possible snapshot preservation settings.</p>
6756
- * @public
6757
- */
6758
- EbsSnapshotPreservation?: EbsSnapshotPreservation | undefined;
6759
- }
6760
- /**
6761
- * @deprecated This input is deprecated, use GetAdministratorAccountRequest instead.
6762
- * @public
6763
- */
6764
- export interface GetMasterAccountRequest {
6765
- /**
6766
- * <p>The unique ID of the detector of the GuardDuty member account.</p> <p>To find the <code>detectorId</code> in the current Region, see the Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
6767
- * @public
6768
- */
6769
- DetectorId: string | undefined;
6770
- }
6771
- /**
6772
- * <p>Contains information about the administrator account and invitation.</p>
6773
- * @public
6774
- */
6775
- export interface Master {
6776
- /**
6777
- * <p>The ID of the account used as the administrator account.</p>
6778
- * @public
6779
- */
6780
- AccountId?: string | undefined;
6781
- /**
6782
- * <p>The value used to validate the administrator account to the member account.</p>
6783
- * @public
6784
- */
6785
- InvitationId?: string | undefined;
6786
- /**
6787
- * <p>The status of the relationship between the administrator and member accounts.</p>
6788
- * @public
6789
- */
6790
- RelationshipStatus?: string | undefined;
6791
- /**
6792
- * <p>The timestamp when the invitation was sent.</p>
6793
- * @public
6794
- */
6795
- InvitedAt?: string | undefined;
6796
- }