npm - @aws-sdk/client-guardduty - Versions diffs - 3.696.0 → 3.703.0 - Mend

@aws-sdk/client-guardduty 3.696.0 → 3.703.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist-cjs/index.js +372 -71
package/dist-es/commands/GetMembersCommand.js +1 -1
package/dist-es/models/models_0.js +65 -25
package/dist-es/models/models_1.js +26 -1
package/dist-es/protocols/Aws_restJson1.js +219 -0
package/dist-types/commands/GetFindingsCommand.d.ts +172 -0
package/dist-types/commands/GetIPSetCommand.d.ts +1 -1
package/dist-types/commands/GetMalwareProtectionPlanCommand.d.ts +1 -1
package/dist-types/commands/GetMalwareScanSettingsCommand.d.ts +1 -1
package/dist-types/commands/GetMasterAccountCommand.d.ts +1 -1
package/dist-types/commands/GetMemberDetectorsCommand.d.ts +1 -1
package/dist-types/commands/GetMembersCommand.d.ts +1 -1
package/dist-types/models/models_0.d.ts +1829 -1590
package/dist-types/models/models_1.d.ts +569 -1
package/dist-types/ts3.4/commands/GetIPSetCommand.d.ts +1 -1
package/dist-types/ts3.4/commands/GetMalwareProtectionPlanCommand.d.ts +1 -1
package/dist-types/ts3.4/commands/GetMalwareScanSettingsCommand.d.ts +1 -1
package/dist-types/ts3.4/commands/GetMasterAccountCommand.d.ts +1 -1
package/dist-types/ts3.4/commands/GetMemberDetectorsCommand.d.ts +1 -1
package/dist-types/ts3.4/commands/GetMembersCommand.d.ts +1 -1
package/dist-types/ts3.4/models/models_0.d.ts +225 -164
package/dist-types/ts3.4/models/models_1.d.ts +147 -3
package/package.json +4 -4

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -140,6 +140,27 @@ export declare class AccessDeniedException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<AccessDeniedException, __BaseException>);
 }
+/**
+ * <p>Contains information about the access keys.</p>
+ * @public
+ */
+export interface AccessKey {
+    /**
+     * <p>Principal ID of the user.</p>
+     * @public
+     */
+    PrincipalId?: string | undefined;
+    /**
+     * <p>Name of the user.</p>
+     * @public
+     */
+    UserName?: string | undefined;
+    /**
+     * <p>Type of the user.</p>
+     * @public
+     */
+    UserType?: string | undefined;
+}
 /**
  * <p>Contains information about the access keys.</p>
  * @public
@@ -166,6 +187,22 @@ export interface AccessKeyDetails {
      */
     UserType?: string | undefined;
 }
+/**
+ * <p>Contains information about the account.</p>
+ * @public
+ */
+export interface Account {
+    /**
+     * <p>ID of the member's Amazon Web Services account</p>
+     * @public
+     */
+    Uid: string | undefined;
+    /**
+     * <p>Name of the member's Amazon Web Services account.</p>
+     * @public
+     */
+    Name?: string | undefined;
+}
 /**
  * <p>Contains information about the account.</p>
  * @public
@@ -968,6 +1005,99 @@ export interface Action {
      */
     KubernetesRoleDetails?: KubernetesRoleDetails | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const MfaStatus: {
+    readonly DISABLED: "DISABLED";
+    readonly ENABLED: "ENABLED";
+};
+/**
+ * @public
+ */
+export type MfaStatus = (typeof MfaStatus)[keyof typeof MfaStatus];
+/**
+ * <p>Contains information about the authenticated session.</p>
+ * @public
+ */
+export interface Session {
+    /**
+     * <p>The unique identifier of the session.</p>
+     * @public
+     */
+    Uid?: string | undefined;
+    /**
+     * <p>Indicates whether or not multi-factor authencation (MFA) was used during authentication.</p>
+     *          <p>In Amazon Web Services CloudTrail, you can find this value as <code>userIdentity.sessionContext.attributes.mfaAuthenticated</code>.</p>
+     * @public
+     */
+    MfaStatus?: MfaStatus | undefined;
+    /**
+     * <p>The timestamp for when the session was created.</p>
+     *          <p>In Amazon Web Services CloudTrail, you can find this value as <code>userIdentity.sessionContext.attributes.creationDate</code>.</p>
+     * @public
+     */
+    CreatedTime?: Date | undefined;
+    /**
+     * <p>Identifier of the session issuer.</p>
+     *          <p>In Amazon Web Services CloudTrail, you can find this value as <code>userIdentity.sessionContext.sessionIssuer.arn</code>.</p>
+     * @public
+     */
+    Issuer?: string | undefined;
+}
+/**
+ * <p>Contains information about the user involved in the attack sequence.</p>
+ * @public
+ */
+export interface User {
+    /**
+     * <p>The name of the user.</p>
+     * @public
+     */
+    Name: string | undefined;
+    /**
+     * <p>The unique identifier of the user.</p>
+     * @public
+     */
+    Uid: string | undefined;
+    /**
+     * <p>The type of the user.</p>
+     * @public
+     */
+    Type: string | undefined;
+    /**
+     * <p>The credentials of the user ID.</p>
+     * @public
+     */
+    CredentialUid?: string | undefined;
+    /**
+     * <p>Contains information about the Amazon Web Services account.</p>
+     * @public
+     */
+    Account?: Account | undefined;
+}
+/**
+ * <p>Information about the actors involved in an attack sequence.</p>
+ * @public
+ */
+export interface Actor {
+    /**
+     * <p>ID of the threat actor.</p>
+     * @public
+     */
+    Id: string | undefined;
+    /**
+     * <p>Contains information about the user credentials used by the threat actor.</p>
+     * @public
+     */
+    User?: User | undefined;
+    /**
+     * <p>Contains information about the user session where the activity initiated.</p>
+     * @public
+     */
+    Session?: Session | undefined;
+}
 /**
  * <p>Information about the installed EKS add-on (GuardDuty security agent).</p>
  * @public
@@ -1172,6 +1302,23 @@ export declare const AutoEnableMembers: {
  * @public
  */
 export type AutoEnableMembers = (typeof AutoEnableMembers)[keyof typeof AutoEnableMembers];
+/**
+ * <p>Contains information about the Autonomous System (AS) associated with the network
+ *        endpoints involved in an attack sequence.</p>
+ * @public
+ */
+export interface AutonomousSystem {
+    /**
+     * <p>Name associated with the Autonomous System (AS).</p>
+     * @public
+     */
+    Name: string | undefined;
+    /**
+     * <p>The unique number that identifies the Autonomous System (AS).</p>
+     * @public
+     */
+    Number: number | undefined;
+}
 /**
  * <p>Contains information on the current bucket policies for the S3 bucket.</p>
  * @public
@@ -4047,2903 +4194,2983 @@ export interface Destination {
     Status: PublishingStatus | undefined;
 }
 /**
- * <p>Contains information about the detected behavior.</p>
  * @public
+ * @enum
  */
-export interface Detection {
+export declare const NetworkDirection: {
+    readonly INBOUND: "INBOUND";
+    readonly OUTBOUND: "OUTBOUND";
+};
+/**
+ * @public
+ */
+export type NetworkDirection = (typeof NetworkDirection)[keyof typeof NetworkDirection];
+/**
+ * <p>Contains information about the network connection.</p>
+ * @public
+ */
+export interface NetworkConnection {
     /**
-     * <p>The details about the anomalous activity that caused GuardDuty to
-     *       generate the finding.</p>
+     * <p>The direction in which the network traffic is flowing.</p>
      * @public
      */
-    Anomaly?: Anomaly | undefined;
+    Direction: NetworkDirection | undefined;
 }
 /**
- * <p>Information about the additional configuration.</p>
+ * <p>Contains information about network endpoint location.</p>
  * @public
  */
-export interface DetectorAdditionalConfigurationResult {
+export interface NetworkGeoLocation {
     /**
-     * <p>Name of the additional configuration.</p>
+     * <p>The name of the city.</p>
      * @public
      */
-    Name?: FeatureAdditionalConfiguration | undefined;
+    City: string | undefined;
     /**
-     * <p>Status of the additional configuration.</p>
+     * <p>The name of the country.</p>
      * @public
      */
-    Status?: FeatureStatus | undefined;
+    Country: string | undefined;
     /**
-     * <p>The timestamp at which the additional configuration was last updated. This is in UTC
-     *       format.</p>
+     * <p>The latitude information of the endpoint location.</p>
      * @public
      */
-    UpdatedAt?: Date | undefined;
+    Latitude: number | undefined;
+    /**
+     * <p>The longitude information of the endpoint location.</p>
+     * @public
+     */
+    Longitude: number | undefined;
 }
 /**
- * @public
- * @enum
- */
-export declare const DetectorFeatureResult: {
-    readonly CLOUD_TRAIL: "CLOUD_TRAIL";
-    readonly DNS_LOGS: "DNS_LOGS";
-    readonly EBS_MALWARE_PROTECTION: "EBS_MALWARE_PROTECTION";
-    readonly EKS_AUDIT_LOGS: "EKS_AUDIT_LOGS";
-    readonly EKS_RUNTIME_MONITORING: "EKS_RUNTIME_MONITORING";
-    readonly FLOW_LOGS: "FLOW_LOGS";
-    readonly LAMBDA_NETWORK_LOGS: "LAMBDA_NETWORK_LOGS";
-    readonly RDS_LOGIN_EVENTS: "RDS_LOGIN_EVENTS";
-    readonly RUNTIME_MONITORING: "RUNTIME_MONITORING";
-    readonly S3_DATA_EVENTS: "S3_DATA_EVENTS";
-};
-/**
- * @public
- */
-export type DetectorFeatureResult = (typeof DetectorFeatureResult)[keyof typeof DetectorFeatureResult];
-/**
- * <p>Contains information about a GuardDuty feature.</p>
- *          <p>Specifying both EKS Runtime Monitoring (<code>EKS_RUNTIME_MONITORING</code>)
- *       and Runtime Monitoring (<code>RUNTIME_MONITORING</code>) will cause an error.
- *       You can add only one of these two features because Runtime Monitoring already includes the
- *       threat detection for Amazon EKS resources. For more information, see
- *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html">Runtime Monitoring</a>.</p>
+ * <p>Contains information about network endpoints that were observed in the attack sequence.</p>
  * @public
  */
-export interface DetectorFeatureConfigurationResult {
+export interface NetworkEndpoint {
     /**
-     * <p>Indicates the name of the feature that can be enabled for the detector.</p>
+     * <p>The ID of the network endpoint.</p>
      * @public
      */
-    Name?: DetectorFeatureResult | undefined;
+    Id: string | undefined;
     /**
-     * <p>Indicates the status of the feature that is enabled for the detector.</p>
+     * <p>The IP address associated with the network endpoint.</p>
      * @public
      */
-    Status?: FeatureStatus | undefined;
+    Ip?: string | undefined;
     /**
-     * <p>The timestamp at which the feature object was updated.</p>
+     * <p>The domain information for the network endpoint.</p>
      * @public
      */
-    UpdatedAt?: Date | undefined;
+    Domain?: string | undefined;
     /**
-     * <p>Additional configuration for a resource.</p>
+     * <p>The port number associated with the network endpoint.</p>
      * @public
      */
-    AdditionalConfiguration?: DetectorAdditionalConfigurationResult[] | undefined;
-}
-/**
- * @public
- * @enum
- */
-export declare const DetectorStatus: {
-    readonly DISABLED: "DISABLED";
-    readonly ENABLED: "ENABLED";
-};
-/**
- * @public
- */
-export type DetectorStatus = (typeof DetectorStatus)[keyof typeof DetectorStatus];
-/**
- * @public
- */
-export interface DisableOrganizationAdminAccountRequest {
+    Port?: number | undefined;
     /**
-     * <p>The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated
-     *       administrator.</p>
+     * <p>Information about the location of the network endpoint.</p>
      * @public
      */
-    AdminAccountId: string | undefined;
-}
-/**
- * @public
- */
-export interface DisableOrganizationAdminAccountResponse {
-}
-/**
- * @public
- */
-export interface DisassociateFromAdministratorAccountRequest {
+    Location?: NetworkGeoLocation | undefined;
     /**
-     * <p>The unique ID of the detector of the GuardDuty member account.</p>
+     * <p>The Autonomous System (AS) of the network endpoint.</p>
      * @public
      */
-    DetectorId: string | undefined;
-}
-/**
- * @public
- */
-export interface DisassociateFromAdministratorAccountResponse {
-}
-/**
- * @public
- */
-export interface DisassociateFromMasterAccountRequest {
+    AutonomousSystem?: AutonomousSystem | undefined;
     /**
-     * <p>The unique ID of the detector of the GuardDuty member account.</p>
+     * <p>Information about the network connection.</p>
      * @public
      */
-    DetectorId: string | undefined;
-}
-/**
- * @public
- */
-export interface DisassociateFromMasterAccountResponse {
+    Connection?: NetworkConnection | undefined;
 }
 /**
+ * <p>Contains information about the EC2 instance profile.</p>
  * @public
  */
-export interface DisassociateMembersRequest {
+export interface IamInstanceProfile {
     /**
-     * <p>The unique ID of the detector of the GuardDuty account whose members you want to
-     *       disassociate from the administrator account.</p>
+     * <p>The profile ARN of the EC2 instance.</p>
      * @public
      */
-    DetectorId: string | undefined;
+    Arn?: string | undefined;
     /**
-     * <p>A list of account IDs of the GuardDuty member accounts that you want to disassociate from
-     *       the administrator account.</p>
+     * <p>The profile ID of the EC2 instance.</p>
      * @public
      */
-    AccountIds: string[] | undefined;
+    Id?: string | undefined;
 }
 /**
+ * <p>Contains information about the product code for the EC2 instance.</p>
  * @public
  */
-export interface DisassociateMembersResponse {
+export interface ProductCode {
     /**
-     * <p>A list of objects that contain the unprocessed account and a result string that explains
-     *       why it was unprocessed.</p>
+     * <p>The product code information.</p>
      * @public
      */
-    UnprocessedAccounts: UnprocessedAccount[] | undefined;
+    Code?: string | undefined;
+    /**
+     * <p>The product code type.</p>
+     * @public
+     */
+    ProductType?: string | undefined;
 }
 /**
- * @public
- * @enum
- */
-export declare const EbsSnapshotPreservation: {
-    readonly NO_RETENTION: "NO_RETENTION";
-    readonly RETENTION_WITH_FINDING: "RETENTION_WITH_FINDING";
-};
-/**
- * @public
- */
-export type EbsSnapshotPreservation = (typeof EbsSnapshotPreservation)[keyof typeof EbsSnapshotPreservation];
-/**
- * <p>Contains list of scanned and skipped EBS volumes with details.</p>
+ * <p>Details about the potentially impacted Amazon EC2 instance resource.</p>
  * @public
  */
-export interface EbsVolumeDetails {
+export interface Ec2Instance {
     /**
-     * <p>List of EBS volumes that were scanned.</p>
+     * <p>The availability zone of the Amazon EC2 instance. For more information, see
+     *        <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones">Availability zones</a>
+     *        in the <i>Amazon EC2 User Guide</i>.</p>
      * @public
      */
-    ScannedVolumeDetails?: VolumeDetail[] | undefined;
+    AvailabilityZone?: string | undefined;
     /**
-     * <p>List of EBS volumes that were skipped from the malware scan.</p>
+     * <p>The image description of the Amazon EC2 instance.</p>
      * @public
      */
-    SkippedVolumeDetails?: VolumeDetail[] | undefined;
-}
-/**
- * <p>Contains details of the highest severity threat detected during scan and number of
- *       infected files.</p>
- * @public
- */
-export interface HighestSeverityThreatDetails {
+    ImageDescription?: string | undefined;
     /**
-     * <p>Severity level of the highest severity threat detected.</p>
+     * <p>The state of the Amazon EC2 instance. For more information, see
+     *        <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html">Amazon EC2 instance state changes</a>
+     *        in the <i>Amazon EC2 User Guide</i>.</p>
      * @public
      */
-    Severity?: string | undefined;
+    InstanceState?: string | undefined;
     /**
-     * <p>Threat name of the highest severity threat detected as part of the malware scan.</p>
+     * <p>Contains information about the EC2 instance profile.</p>
      * @public
      */
-    ThreatName?: string | undefined;
+    IamInstanceProfile?: IamInstanceProfile | undefined;
     /**
-     * <p>Total number of infected files with the highest severity threat detected.</p>
+     * <p>Type of the Amazon EC2 instance.</p>
      * @public
      */
-    Count?: number | undefined;
-}
-/**
- * <p>Total number of scanned files.</p>
- * @public
- */
-export interface ScannedItemCount {
+    InstanceType?: string | undefined;
     /**
-     * <p>Total GB of files scanned for malware.</p>
+     * <p>The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. This shows applicable Amazon Web Services Outposts instances.</p>
      * @public
      */
-    TotalGb?: number | undefined;
+    OutpostArn?: string | undefined;
     /**
-     * <p>Number of files scanned.</p>
+     * <p>The platform of the Amazon EC2 instance.</p>
      * @public
      */
-    Files?: number | undefined;
+    Platform?: string | undefined;
     /**
-     * <p>Total number of scanned volumes.</p>
+     * <p>The product code of the Amazon EC2 instance.</p>
      * @public
      */
-    Volumes?: number | undefined;
+    ProductCodes?: ProductCode[] | undefined;
+    /**
+     * <p>The ID of the network interface.</p>
+     * @public
+     */
+    Ec2NetworkInterfaceUids?: string[] | undefined;
 }
 /**
- * <p>Contains details of infected file including name, file path and hash.</p>
+ * <p>Contains other private IP address information of the EC2 instance.</p>
  * @public
  */
-export interface ScanFilePath {
-    /**
-     * <p>The file path of the infected file.</p>
-     * @public
-     */
-    FilePath?: string | undefined;
-    /**
-     * <p>EBS volume ARN details of the infected file.</p>
-     * @public
-     */
-    VolumeArn?: string | undefined;
+export interface PrivateIpAddressDetails {
     /**
-     * <p>The hash value of the infected file.</p>
+     * <p>The private DNS name of the EC2 instance.</p>
      * @public
      */
-    Hash?: string | undefined;
+    PrivateDnsName?: string | undefined;
     /**
-     * <p>File name of the infected file.</p>
+     * <p>The private IP address of the EC2 instance.</p>
      * @public
      */
-    FileName?: string | undefined;
+    PrivateIpAddress?: string | undefined;
 }
 /**
- * <p>Contains files infected with the given threat providing details of malware name and
- *       severity.</p>
+ * <p>Contains information about the security groups associated with the EC2 instance.</p>
  * @public
  */
-export interface ScanThreatName {
+export interface SecurityGroup {
     /**
-     * <p>The name of the identified threat.</p>
+     * <p>The security group ID of the EC2 instance.</p>
      * @public
      */
-    Name?: string | undefined;
+    GroupId?: string | undefined;
     /**
-     * <p>Severity of threat identified as part of the malware scan.</p>
+     * <p>The security group name of the EC2 instance.</p>
      * @public
      */
-    Severity?: string | undefined;
+    GroupName?: string | undefined;
+}
+/**
+ * <p>Contains information about the elastic network interface of the Amazon EC2 instance.</p>
+ * @public
+ */
+export interface Ec2NetworkInterface {
     /**
-     * <p>Total number of files infected with given threat.</p>
+     * <p>A list of IPv6 addresses for the Amazon EC2 instance.</p>
      * @public
      */
-    ItemCount?: number | undefined;
+    Ipv6Addresses?: string[] | undefined;
     /**
-     * <p>List of infected files in EBS volume with details.</p>
+     * <p>Other private IP address information of the Amazon EC2 instance.</p>
      * @public
      */
-    FilePaths?: ScanFilePath[] | undefined;
-}
-/**
- * <p>Contains details about identified threats organized by threat name.</p>
- * @public
- */
-export interface ThreatDetectedByName {
+    PrivateIpAddresses?: PrivateIpAddressDetails[] | undefined;
     /**
-     * <p>Total number of infected files identified.</p>
+     * <p>The public IP address of the Amazon EC2 instance.</p>
      * @public
      */
-    ItemCount?: number | undefined;
+    PublicIp?: string | undefined;
     /**
-     * <p>Total number of unique threats by name identified, as part of the malware scan.</p>
+     * <p>The security groups associated with the Amazon EC2 instance.</p>
      * @public
      */
-    UniqueThreatNameCount?: number | undefined;
+    SecurityGroups?: SecurityGroup[] | undefined;
     /**
-     * <p>Flag to determine if the finding contains every single infected file-path and/or every
-     *       threat.</p>
+     * <p>The subnet ID of the Amazon EC2 instance.</p>
      * @public
      */
-    Shortened?: boolean | undefined;
+    SubNetId?: string | undefined;
     /**
-     * <p>List of identified threats with details, organized by threat name.</p>
+     * <p>The VPC ID of the Amazon EC2 instance.</p>
      * @public
      */
-    ThreatNames?: ScanThreatName[] | undefined;
+    VpcId?: string | undefined;
 }
 /**
- * <p>Contains total number of infected files.</p>
  * @public
+ * @enum
  */
-export interface ThreatsDetectedItemCount {
-    /**
-     * <p>Total number of infected files.</p>
-     * @public
-     */
-    Files?: number | undefined;
-}
+export declare const PublicAccessStatus: {
+    readonly ALLOWED: "ALLOWED";
+    readonly BLOCKED: "BLOCKED";
+};
 /**
- * <p>Contains a complete view providing malware scan result details.</p>
  * @public
  */
-export interface ScanDetections {
+export type PublicAccessStatus = (typeof PublicAccessStatus)[keyof typeof PublicAccessStatus];
+/**
+ * @public
+ * @enum
+ */
+export declare const PublicAclIgnoreBehavior: {
+    readonly IGNORED: "IGNORED";
+    readonly NOT_IGNORED: "NOT_IGNORED";
+};
+/**
+ * @public
+ */
+export type PublicAclIgnoreBehavior = (typeof PublicAclIgnoreBehavior)[keyof typeof PublicAclIgnoreBehavior];
+/**
+ * @public
+ * @enum
+ */
+export declare const PublicBucketRestrictBehavior: {
+    readonly NOT_RESTRICTED: "NOT_RESTRICTED";
+    readonly RESTRICTED: "RESTRICTED";
+};
+/**
+ * @public
+ */
+export type PublicBucketRestrictBehavior = (typeof PublicBucketRestrictBehavior)[keyof typeof PublicBucketRestrictBehavior];
+/**
+ * <p>Describes public access policies that apply to the Amazon S3 bucket.</p>
+ *          <p>For information about each of the following settings, see
+ *        <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html">Blocking public access to your Amazon S3 storage</a> in the <i>Amazon S3 User Guide</i>.</p>
+ * @public
+ */
+export interface PublicAccessConfiguration {
     /**
-     * <p>Total number of scanned files.</p>
+     * <p>Indicates whether or not there is a setting that allows public access to the Amazon S3 buckets through access
+     *        control lists (ACLs).</p>
      * @public
      */
-    ScannedItemCount?: ScannedItemCount | undefined;
+    PublicAclAccess?: PublicAccessStatus | undefined;
     /**
-     * <p>Total number of infected files.</p>
+     * <p>Indicates whether or not there is a setting that allows public access to the Amazon S3 bucket policy.</p>
      * @public
      */
-    ThreatsDetectedItemCount?: ThreatsDetectedItemCount | undefined;
+    PublicPolicyAccess?: PublicAccessStatus | undefined;
     /**
-     * <p>Details of the highest severity threat detected during malware scan and number of infected
-     *       files.</p>
+     * <p>Indicates whether or not there is a setting that ignores all public access control lists (ACLs)
+     *        on the Amazon S3 bucket and the objects that it contains.</p>
      * @public
      */
-    HighestSeverityThreatDetails?: HighestSeverityThreatDetails | undefined;
+    PublicAclIgnoreBehavior?: PublicAclIgnoreBehavior | undefined;
     /**
-     * <p>Contains details about identified threats organized by threat name.</p>
+     * <p>Indicates whether or not there is a setting that restricts access to the bucket with specified policies.</p>
      * @public
      */
-    ThreatDetectedByName?: ThreatDetectedByName | undefined;
+    PublicBucketRestrictBehavior?: PublicBucketRestrictBehavior | undefined;
 }
 /**
- * <p>Contains details from the malware scan that created a finding.</p>
+ * <p>Contains information about the Amazon S3 bucket policies and encryption.</p>
  * @public
  */
-export interface EbsVolumeScanDetails {
+export interface S3Bucket {
     /**
-     * <p>Unique Id of the malware scan that generated the finding.</p>
+     * <p>The owner ID of the associated S3Amazon S3bucket.</p>
      * @public
      */
-    ScanId?: string | undefined;
+    OwnerId?: string | undefined;
     /**
-     * <p>Returns the start date and time of the malware scan.</p>
+     * <p>The timestamp at which the Amazon S3 bucket was created.</p>
      * @public
      */
-    ScanStartedAt?: Date | undefined;
+    CreatedAt?: Date | undefined;
     /**
-     * <p>Returns the completion date and time of the malware scan.</p>
+     * <p>The type of encryption used for the Amazon S3 buckets and its objects. For more information,
+     *        see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html">Protecting data with server-side encryption</a>
+     *        in the <i>Amazon S3 User Guide</i>.</p>
      * @public
      */
-    ScanCompletedAt?: Date | undefined;
+    EncryptionType?: string | undefined;
     /**
-     * <p>GuardDuty finding ID that triggered a malware scan.</p>
+     * <p>The Amazon Resource Name (ARN) of the encryption key that is used to encrypt the Amazon S3 bucket and its objects.</p>
      * @public
      */
-    TriggerFindingId?: string | undefined;
+    EncryptionKeyArn?: string | undefined;
     /**
-     * <p>Contains list of threat intelligence sources used to detect threats.</p>
+     * <p>Describes the effective permissions on this S3 bucket, after factoring all the attached policies.</p>
      * @public
      */
-    Sources?: string[] | undefined;
+    EffectivePermission?: string | undefined;
     /**
-     * <p>Contains a complete view providing malware scan result details.</p>
+     * <p>Indicates whether or not the public read access is allowed for an Amazon S3 bucket.</p>
      * @public
      */
-    ScanDetections?: ScanDetections | undefined;
+    PublicReadAccess?: PublicAccessStatus | undefined;
     /**
-     * <p>Specifies the scan type that invoked the malware scan.</p>
+     * <p>Indicates whether or not the public write access is allowed for an Amazon S3 bucket.</p>
      * @public
      */
-    ScanType?: ScanType | undefined;
-}
-/**
- * <p>Contains information about a tag key-value pair.</p>
- * @public
- */
-export interface Tag {
+    PublicWriteAccess?: PublicAccessStatus | undefined;
     /**
-     * <p>Describes the key associated with the tag.</p>
+     * <p>Contains information about the public access policies that apply to the Amazon S3 bucket at the account level.</p>
      * @public
      */
-    Key?: string | undefined;
+    AccountPublicAccess?: PublicAccessConfiguration | undefined;
     /**
-     * <p>Describes the value associated with the tag key.</p>
+     * <p>Contains information about public access policies that apply to the Amazon S3 bucket.</p>
      * @public
      */
-    Value?: string | undefined;
-}
-/**
- * <p>Represents a pre-existing file or directory on the host machine that the volume maps
- *       to.</p>
- * @public
- */
-export interface HostPath {
+    BucketPublicAccess?: PublicAccessConfiguration | undefined;
     /**
-     * <p>Path of the file or directory on the host that the volume maps to.</p>
+     * <p>Represents a list of Amazon S3 object identifiers.</p>
      * @public
      */
-    Path?: string | undefined;
+    S3ObjectUids?: string[] | undefined;
 }
 /**
- * <p>Volume used by the Kubernetes workload.</p>
+ * <p>Contains information about the Amazon S3 object.</p>
  * @public
  */
-export interface Volume {
+export interface S3Object {
     /**
-     * <p>Volume name.</p>
+     * <p>The entity tag is a hash of the Amazon S3 object. The ETag reflects changes only to the
+     *        contents of an object, and not its metadata.</p>
      * @public
      */
-    Name?: string | undefined;
+    ETag?: string | undefined;
     /**
-     * <p>Represents a pre-existing file or directory on the host machine that the volume maps
-     *       to.</p>
+     * <p>The key of the Amazon S3 object.</p>
      * @public
      */
-    HostPath?: HostPath | undefined;
+    Key?: string | undefined;
+    /**
+     * <p>The version Id of the Amazon S3 object.</p>
+     * @public
+     */
+    VersionId?: string | undefined;
 }
 /**
- * <p>Contains information about the task in an ECS cluster.</p>
+ * <p>Contains information about the Amazon Web Services resource that is associated with the activity that prompted
+ *        GuardDuty to generate a finding.</p>
  * @public
  */
-export interface EcsTaskDetails {
+export interface ResourceData {
     /**
-     * <p>The Amazon Resource Name (ARN) of the task.</p>
+     * <p>Contains information about the Amazon S3 bucket.</p>
      * @public
      */
-    Arn?: string | undefined;
+    S3Bucket?: S3Bucket | undefined;
     /**
-     * <p>The ARN of the task definition that creates the task.</p>
+     * <p>Contains information about the Amazon EC2 instance.</p>
      * @public
      */
-    DefinitionArn?: string | undefined;
+    Ec2Instance?: Ec2Instance | undefined;
     /**
-     * <p>The version counter for the task.</p>
+     * <p>Contains information about the IAM access key details of a user that involved in the GuardDuty finding.</p>
      * @public
      */
-    Version?: string | undefined;
+    AccessKey?: AccessKey | undefined;
     /**
-     * <p>The Unix timestamp for the time when the task was created.</p>
+     * <p>Contains information about the elastic network interface of the Amazon EC2 instance.</p>
      * @public
      */
-    TaskCreatedAt?: Date | undefined;
+    Ec2NetworkInterface?: Ec2NetworkInterface | undefined;
     /**
-     * <p>The Unix timestamp for the time when the task started.</p>
+     * <p>Contains information about the Amazon S3 object.</p>
      * @public
      */
-    StartedAt?: Date | undefined;
+    S3Object?: S3Object | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const FindingResourceType: {
+    readonly ACCESS_KEY: "ACCESS_KEY";
+    readonly EC2_INSTANCE: "EC2_INSTANCE";
+    readonly EC2_NETWORK_INTERFACE: "EC2_NETWORK_INTERFACE";
+    readonly S3_BUCKET: "S3_BUCKET";
+    readonly S3_OBJECT: "S3_OBJECT";
+};
+/**
+ * @public
+ */
+export type FindingResourceType = (typeof FindingResourceType)[keyof typeof FindingResourceType];
+/**
+ * <p>Contains information about a tag key-value pair.</p>
+ * @public
+ */
+export interface Tag {
     /**
-     * <p>Contains the tag specified when a task is started.</p>
+     * <p>Describes the key associated with the tag.</p>
      * @public
      */
-    StartedBy?: string | undefined;
+    Key?: string | undefined;
     /**
-     * <p>The tags of the ECS Task.</p>
+     * <p>Describes the value associated with the tag key.</p>
      * @public
      */
-    Tags?: Tag[] | undefined;
+    Value?: string | undefined;
+}
+/**
+ * <p>Contains information about the Amazon Web Services resource that is associated with the GuardDuty finding.</p>
+ * @public
+ */
+export interface ResourceV2 {
     /**
-     * <p>The list of data volume definitions for the task.</p>
+     * <p>The unique identifier of the resource.</p>
      * @public
      */
-    Volumes?: Volume[] | undefined;
+    Uid: string | undefined;
     /**
-     * <p>The containers that's associated with the task.</p>
+     * <p>The name of the resource.</p>
      * @public
      */
-    Containers?: Container[] | undefined;
+    Name?: string | undefined;
     /**
-     * <p>The name of the task group that's associated with the task.</p>
+     * <p>The Amazon Web Services account ID to which the resource belongs.</p>
      * @public
      */
-    Group?: string | undefined;
+    AccountId?: string | undefined;
     /**
-     * <p>A capacity on which the task is running. For example, <code>Fargate</code> and <code>EC2</code>.</p>
+     * <p>The type of the Amazon Web Services resource.</p>
      * @public
      */
-    LaunchType?: string | undefined;
-}
-/**
- * <p>Contains information about the details of the ECS Cluster.</p>
- * @public
- */
-export interface EcsClusterDetails {
+    ResourceType: FindingResourceType | undefined;
     /**
-     * <p>The name of the ECS Cluster.</p>
+     * <p>The Amazon Web Services Region where the resource belongs.</p>
      * @public
      */
-    Name?: string | undefined;
+    Region?: string | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) that identifies the cluster.</p>
+     * <p>The Amazon Web Services service of the resource.</p>
      * @public
      */
-    Arn?: string | undefined;
+    Service?: string | undefined;
     /**
-     * <p>The status of the ECS cluster.</p>
+     * <p>The cloud partition within the Amazon Web Services Region to which the resource belongs.</p>
      * @public
      */
-    Status?: string | undefined;
+    CloudPartition?: string | undefined;
     /**
-     * <p>The number of services that are running on the cluster in an ACTIVE state.</p>
-     * @public
-     */
-    ActiveServicesCount?: number | undefined;
-    /**
-     * <p>The number of container instances registered into the cluster.</p>
-     * @public
-     */
-    RegisteredContainerInstancesCount?: number | undefined;
-    /**
-     * <p>The number of tasks in the cluster that are in the RUNNING state.</p>
-     * @public
-     */
-    RunningTasksCount?: number | undefined;
-    /**
-     * <p>The tags of the ECS Cluster.</p>
-     * @public
-     */
-    Tags?: Tag[] | undefined;
-    /**
-     * <p>Contains information about the details of the ECS Task.</p>
-     * @public
-     */
-    TaskDetails?: EcsTaskDetails | undefined;
-}
-/**
- * <p>Details about the EKS cluster involved in a Kubernetes finding.</p>
- * @public
- */
-export interface EksClusterDetails {
-    /**
-     * <p>EKS cluster name.</p>
-     * @public
-     */
-    Name?: string | undefined;
-    /**
-     * <p>EKS cluster ARN.</p>
-     * @public
-     */
-    Arn?: string | undefined;
-    /**
-     * <p>The VPC ID to which the EKS cluster is attached.</p>
-     * @public
-     */
-    VpcId?: string | undefined;
-    /**
-     * <p>The EKS cluster status.</p>
-     * @public
-     */
-    Status?: string | undefined;
-    /**
-     * <p>The EKS cluster tags.</p>
+     * <p>Contains information about the tags associated with the resource.</p>
      * @public
      */
     Tags?: Tag[] | undefined;
     /**
-     * <p>The timestamp when the EKS cluster was created.</p>
+     * <p>Contains information about the Amazon Web Services resource associated with the activity that prompted
+     *        GuardDuty to generate a finding.</p>
      * @public
      */
-    CreatedAt?: Date | undefined;
+    Data?: ResourceData | undefined;
 }
 /**
  * @public
+ * @enum
  */
-export interface EnableOrganizationAdminAccountRequest {
-    /**
-     * <p>The Amazon Web Services account ID for the organization account to be enabled as a GuardDuty delegated
-     *       administrator.</p>
-     * @public
-     */
-    AdminAccountId: string | undefined;
-}
+export declare const IndicatorType: {
+    readonly ATTACK_TACTIC: "ATTACK_TACTIC";
+    readonly ATTACK_TECHNIQUE: "ATTACK_TECHNIQUE";
+    readonly HIGH_RISK_API: "HIGH_RISK_API";
+    readonly MALICIOUS_IP: "MALICIOUS_IP";
+    readonly SUSPICIOUS_NETWORK: "SUSPICIOUS_NETWORK";
+    readonly SUSPICIOUS_USER_AGENT: "SUSPICIOUS_USER_AGENT";
+    readonly TOR_IP: "TOR_IP";
+    readonly UNUSUAL_API_FOR_ACCOUNT: "UNUSUAL_API_FOR_ACCOUNT";
+    readonly UNUSUAL_ASN_FOR_ACCOUNT: "UNUSUAL_ASN_FOR_ACCOUNT";
+    readonly UNUSUAL_ASN_FOR_USER: "UNUSUAL_ASN_FOR_USER";
+};
 /**
  * @public
  */
-export interface EnableOrganizationAdminAccountResponse {
-}
+export type IndicatorType = (typeof IndicatorType)[keyof typeof IndicatorType];
 /**
- * <p>An instance of a threat intelligence detail that constitutes evidence for the
- *       finding.</p>
+ * <p>Contains information about the indicators that include a set of
+ *        signals observed in an attack sequence.</p>
  * @public
  */
-export interface ThreatIntelligenceDetail {
-    /**
-     * <p>The name of the threat intelligence list that triggered the finding.</p>
-     * @public
-     */
-    ThreatListName?: string | undefined;
+export interface Indicator {
     /**
-     * <p>A list of names of the threats in the threat intelligence list that triggered the
-     *       finding.</p>
+     * <p>Specific indicator keys observed in the attack sequence.</p>
      * @public
      */
-    ThreatNames?: string[] | undefined;
+    Key: IndicatorType | undefined;
     /**
-     * <p>SHA256 of the file that generated the finding.</p>
+     * <p>Values associated with each indicator key. For example, if the indicator key is
+     *         <code>SUSPICIOUS_NETWORK</code>, then the value will be the name of the network. If
+     *         the indicator key is <code>ATTACK_TACTIC</code>, then the value will be one of the MITRE tactics. </p>
+     *          <p>For more information about the
+     *       values associated with the key, see GuardDuty Extended Threat Detection in the
+     *       <i>GuardDuty User Guide.</i>
+     *          </p>
      * @public
      */
-    ThreatFileSha256?: string | undefined;
-}
-/**
- * <p>Contains information about the reason that the finding was generated.</p>
- * @public
- */
-export interface Evidence {
+    Values?: string[] | undefined;
     /**
-     * <p>A list of threat intelligence details related to the evidence.</p>
+     * <p>Title describing the indicator.</p>
      * @public
      */
-    ThreatIntelligenceDetails?: ThreatIntelligenceDetail[] | undefined;
+    Title?: string | undefined;
 }
 /**
  * @public
  * @enum
  */
-export declare const Feedback: {
-    readonly NOT_USEFUL: "NOT_USEFUL";
-    readonly USEFUL: "USEFUL";
+export declare const SignalType: {
+    readonly CLOUD_TRAIL: "CLOUD_TRAIL";
+    readonly FINDING: "FINDING";
+    readonly S3_DATA_EVENTS: "S3_DATA_EVENTS";
 };
 /**
  * @public
  */
-export type Feedback = (typeof Feedback)[keyof typeof Feedback];
-/**
- * <p>Contains information about the EC2 instance profile.</p>
- * @public
- */
-export interface IamInstanceProfile {
-    /**
-     * <p>The profile ARN of the EC2 instance.</p>
-     * @public
-     */
-    Arn?: string | undefined;
-    /**
-     * <p>The profile ID of the EC2 instance.</p>
-     * @public
-     */
-    Id?: string | undefined;
-}
-/**
- * <p>Contains other private IP address information of the EC2 instance.</p>
- * @public
- */
-export interface PrivateIpAddressDetails {
-    /**
-     * <p>The private DNS name of the EC2 instance.</p>
-     * @public
-     */
-    PrivateDnsName?: string | undefined;
-    /**
-     * <p>The private IP address of the EC2 instance.</p>
-     * @public
-     */
-    PrivateIpAddress?: string | undefined;
-}
+export type SignalType = (typeof SignalType)[keyof typeof SignalType];
 /**
- * <p>Contains information about the security groups associated with the EC2 instance.</p>
+ * <p>Contains information about the signals involved in the attack sequence.</p>
  * @public
  */
-export interface SecurityGroup {
+export interface Signal {
     /**
-     * <p>The security group ID of the EC2 instance.</p>
+     * <p>The unique identifier of the signal.</p>
      * @public
      */
-    GroupId?: string | undefined;
+    Uid: string | undefined;
     /**
-     * <p>The security group name of the EC2 instance.</p>
+     * <p>The type of the signal used to identify an attack sequence.</p>
+     *          <p>Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For
+     *        more information, see
+     *        <a href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_data-sources.html">Foundational data sources</a> in the
+     *      <i>GuardDuty User Guide</i>.</p>
+     *          <p>A signal type can be one of the valid values listed in this API. Here are the related descriptions:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>FINDING</code> - Individually generated GuardDuty finding.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>CLOUD_TRAIL</code> - Activity observed from CloudTrail logs</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>S3_DATA_EVENTS</code> - Activity observed from CloudTrail data events for S3. Activities associated
+     *            with this type will show up only when
+     *            you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and
+     *            steps to enable it, see <a href="https://docs.aws.amazon.com/guardduty/latest/ug/s3-protection.html">S3 Protection</a> in the
+     *            <i>GuardDuty User Guide</i>.</p>
+     *             </li>
+     *          </ul>
      * @public
      */
-    GroupName?: string | undefined;
-}
-/**
- * <p>Contains information about the elastic network interface of the EC2 instance.</p>
- * @public
- */
-export interface NetworkInterface {
+    Type: SignalType | undefined;
     /**
-     * <p>A list of IPv6 addresses for the EC2 instance.</p>
+     * <p>The description of the signal.</p>
      * @public
      */
-    Ipv6Addresses?: string[] | undefined;
+    Description?: string | undefined;
     /**
-     * <p>The ID of the network interface.</p>
+     * <p>The name of the signal. For example, when signal type is <code>FINDING</code>,
+     *        the signal name is the name of the finding.</p>
      * @public
      */
-    NetworkInterfaceId?: string | undefined;
+    Name: string | undefined;
     /**
-     * <p>The private DNS name of the EC2 instance.</p>
+     * <p>The timestamp when the first finding or activity related to this signal was observed.</p>
      * @public
      */
-    PrivateDnsName?: string | undefined;
+    CreatedAt: Date | undefined;
     /**
-     * <p>The private IP address of the EC2 instance.</p>
+     * <p>The timestamp when this signal was last observed.</p>
      * @public
      */
-    PrivateIpAddress?: string | undefined;
+    UpdatedAt: Date | undefined;
     /**
-     * <p>Other private IP address information of the EC2 instance.</p>
+     * <p>The timestamp when the first finding or activity related to this signal was observed.</p>
      * @public
      */
-    PrivateIpAddresses?: PrivateIpAddressDetails[] | undefined;
+    FirstSeenAt: Date | undefined;
     /**
-     * <p>The public DNS name of the EC2 instance.</p>
+     * <p>The timestamp when the last finding or activity related to this signal was observed.</p>
      * @public
      */
-    PublicDnsName?: string | undefined;
+    LastSeenAt: Date | undefined;
     /**
-     * <p>The public IP address of the EC2 instance.</p>
+     * <p>The severity associated with the signal. For more information about severity, see
+     *        <a href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings-severity.html">Findings severity levels</a>
+     *      in the <i>GuardDuty User Guide</i>.</p>
      * @public
      */
-    PublicIp?: string | undefined;
+    Severity?: number | undefined;
     /**
-     * <p>The security groups associated with the EC2 instance.</p>
+     * <p>The number of times this signal was observed.</p>
      * @public
      */
-    SecurityGroups?: SecurityGroup[] | undefined;
+    Count: number | undefined;
     /**
-     * <p>The subnet ID of the EC2 instance.</p>
+     * <p>Information about the unique identifiers of the resources involved in the signal.</p>
      * @public
      */
-    SubnetId?: string | undefined;
+    ResourceUids?: string[] | undefined;
     /**
-     * <p>The VPC ID of the EC2 instance.</p>
+     * <p>Information about the IDs of the threat actors involved in the signal.</p>
      * @public
      */
-    VpcId?: string | undefined;
-}
-/**
- * <p>Contains information about the product code for the EC2 instance.</p>
- * @public
- */
-export interface ProductCode {
+    ActorIds?: string[] | undefined;
     /**
-     * <p>The product code information.</p>
+     * <p>Information about the endpoint IDs associated with this signal.</p>
      * @public
      */
-    Code?: string | undefined;
+    EndpointIds?: string[] | undefined;
     /**
-     * <p>The product code type.</p>
+     * <p>Contains information about the indicators associated with the signals.</p>
      * @public
      */
-    ProductType?: string | undefined;
+    SignalIndicators?: Indicator[] | undefined;
 }
 /**
- * <p>Contains information about the details of an instance.</p>
+ * <p>Contains information about the GuardDuty attack sequence finding.</p>
  * @public
  */
-export interface InstanceDetails {
-    /**
-     * <p>The Availability Zone of the EC2 instance.</p>
-     * @public
-     */
-    AvailabilityZone?: string | undefined;
-    /**
-     * <p>The profile information of the EC2 instance.</p>
-     * @public
-     */
-    IamInstanceProfile?: IamInstanceProfile | undefined;
-    /**
-     * <p>The image description of the EC2 instance.</p>
-     * @public
-     */
-    ImageDescription?: string | undefined;
-    /**
-     * <p>The image ID of the EC2 instance.</p>
-     * @public
-     */
-    ImageId?: string | undefined;
-    /**
-     * <p>The ID of the EC2 instance.</p>
-     * @public
-     */
-    InstanceId?: string | undefined;
-    /**
-     * <p>The state of the EC2 instance.</p>
-     * @public
-     */
-    InstanceState?: string | undefined;
+export interface Sequence {
     /**
-     * <p>The type of the EC2 instance.</p>
+     * <p>Unique identifier of the attack sequence.</p>
      * @public
      */
-    InstanceType?: string | undefined;
+    Uid: string | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only applicable to Amazon Web Services Outposts
-     *       instances.</p>
+     * <p>Description of the attack sequence.</p>
      * @public
      */
-    OutpostArn?: string | undefined;
+    Description: string | undefined;
     /**
-     * <p>The launch time of the EC2 instance.</p>
+     * <p>Contains information about the actors involved in the attack sequence.</p>
      * @public
      */
-    LaunchTime?: string | undefined;
+    Actors?: Actor[] | undefined;
     /**
-     * <p>The elastic network interface information of the EC2 instance.</p>
+     * <p>Contains information about the resources involved in the attack sequence.</p>
      * @public
      */
-    NetworkInterfaces?: NetworkInterface[] | undefined;
+    Resources?: ResourceV2[] | undefined;
     /**
-     * <p>The platform of the EC2 instance.</p>
+     * <p>Contains information about the network endpoints that were used in the attack sequence.</p>
      * @public
      */
-    Platform?: string | undefined;
+    Endpoints?: NetworkEndpoint[] | undefined;
     /**
-     * <p>The product code of the EC2 instance.</p>
+     * <p>Contains information about the signals involved in the attack sequence.</p>
      * @public
      */
-    ProductCodes?: ProductCode[] | undefined;
+    Signals: Signal[] | undefined;
     /**
-     * <p>The tags of the EC2 instance.</p>
+     * <p>Contains information about the indicators observed in the attack sequence.</p>
      * @public
      */
-    Tags?: Tag[] | undefined;
+    SequenceIndicators?: Indicator[] | undefined;
 }
 /**
- * <p>Contains information about the impersonated user.</p>
+ * <p>Contains information about the detected behavior.</p>
  * @public
  */
-export interface ImpersonatedUser {
+export interface Detection {
     /**
-     * <p>Information about the <code>username</code> that was being impersonated.</p>
+     * <p>The details about the anomalous activity that caused GuardDuty to
+     *       generate the finding.</p>
      * @public
      */
-    Username?: string | undefined;
+    Anomaly?: Anomaly | undefined;
     /**
-     * <p>The <code>group</code> to which the user name belongs.</p>
+     * <p>The details about the attack sequence.</p>
      * @public
      */
-    Groups?: string[] | undefined;
+    Sequence?: Sequence | undefined;
 }
 /**
- * <p>Details about the Kubernetes user involved in a Kubernetes finding.</p>
+ * <p>Information about the additional configuration.</p>
  * @public
  */
-export interface KubernetesUserDetails {
+export interface DetectorAdditionalConfigurationResult {
     /**
-     * <p>The username of the user who called the Kubernetes API.</p>
+     * <p>Name of the additional configuration.</p>
      * @public
      */
-    Username?: string | undefined;
+    Name?: FeatureAdditionalConfiguration | undefined;
     /**
-     * <p>The user ID of the user who called the Kubernetes API.</p>
+     * <p>Status of the additional configuration.</p>
      * @public
      */
-    Uid?: string | undefined;
+    Status?: FeatureStatus | undefined;
     /**
-     * <p>The groups that include the user who called the Kubernetes API.</p>
+     * <p>The timestamp at which the additional configuration was last updated. This is in UTC
+     *       format.</p>
      * @public
      */
-    Groups?: string[] | undefined;
+    UpdatedAt?: Date | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const DetectorFeatureResult: {
+    readonly CLOUD_TRAIL: "CLOUD_TRAIL";
+    readonly DNS_LOGS: "DNS_LOGS";
+    readonly EBS_MALWARE_PROTECTION: "EBS_MALWARE_PROTECTION";
+    readonly EKS_AUDIT_LOGS: "EKS_AUDIT_LOGS";
+    readonly EKS_RUNTIME_MONITORING: "EKS_RUNTIME_MONITORING";
+    readonly FLOW_LOGS: "FLOW_LOGS";
+    readonly LAMBDA_NETWORK_LOGS: "LAMBDA_NETWORK_LOGS";
+    readonly RDS_LOGIN_EVENTS: "RDS_LOGIN_EVENTS";
+    readonly RUNTIME_MONITORING: "RUNTIME_MONITORING";
+    readonly S3_DATA_EVENTS: "S3_DATA_EVENTS";
+};
+/**
+ * @public
+ */
+export type DetectorFeatureResult = (typeof DetectorFeatureResult)[keyof typeof DetectorFeatureResult];
+/**
+ * <p>Contains information about a GuardDuty feature.</p>
+ *          <p>Specifying both EKS Runtime Monitoring (<code>EKS_RUNTIME_MONITORING</code>)
+ *       and Runtime Monitoring (<code>RUNTIME_MONITORING</code>) will cause an error.
+ *       You can add only one of these two features because Runtime Monitoring already includes the
+ *       threat detection for Amazon EKS resources. For more information, see
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html">Runtime Monitoring</a>.</p>
+ * @public
+ */
+export interface DetectorFeatureConfigurationResult {
     /**
-     * <p>Entity that assumes the IAM role
-     *       when Kubernetes RBAC permissions are assigned to that role.</p>
+     * <p>Indicates the name of the feature that can be enabled for the detector.</p>
      * @public
      */
-    SessionName?: string[] | undefined;
+    Name?: DetectorFeatureResult | undefined;
     /**
-     * <p>Information about the impersonated user.</p>
+     * <p>Indicates the status of the feature that is enabled for the detector.</p>
      * @public
      */
-    ImpersonatedUser?: ImpersonatedUser | undefined;
+    Status?: FeatureStatus | undefined;
+    /**
+     * <p>The timestamp at which the feature object was updated.</p>
+     * @public
+     */
+    UpdatedAt?: Date | undefined;
+    /**
+     * <p>Additional configuration for a resource.</p>
+     * @public
+     */
+    AdditionalConfiguration?: DetectorAdditionalConfigurationResult[] | undefined;
 }
 /**
- * <p>Details about the Kubernetes workload involved in a Kubernetes finding.</p>
  * @public
+ * @enum
  */
-export interface KubernetesWorkloadDetails {
+export declare const DetectorStatus: {
+    readonly DISABLED: "DISABLED";
+    readonly ENABLED: "ENABLED";
+};
+/**
+ * @public
+ */
+export type DetectorStatus = (typeof DetectorStatus)[keyof typeof DetectorStatus];
+/**
+ * @public
+ */
+export interface DisableOrganizationAdminAccountRequest {
     /**
-     * <p>Kubernetes workload name.</p>
+     * <p>The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated
+     *       administrator.</p>
+     * @public
+     */
+    AdminAccountId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DisableOrganizationAdminAccountResponse {
+}
+/**
+ * @public
+ */
+export interface DisassociateFromAdministratorAccountRequest {
+    /**
+     * <p>The unique ID of the detector of the GuardDuty member account.</p>
+     * @public
+     */
+    DetectorId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DisassociateFromAdministratorAccountResponse {
+}
+/**
+ * @public
+ */
+export interface DisassociateFromMasterAccountRequest {
+    /**
+     * <p>The unique ID of the detector of the GuardDuty member account.</p>
+     * @public
+     */
+    DetectorId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DisassociateFromMasterAccountResponse {
+}
+/**
+ * @public
+ */
+export interface DisassociateMembersRequest {
+    /**
+     * <p>The unique ID of the detector of the GuardDuty account whose members you want to
+     *       disassociate from the administrator account.</p>
+     * @public
+     */
+    DetectorId: string | undefined;
+    /**
+     * <p>A list of account IDs of the GuardDuty member accounts that you want to disassociate from
+     *       the administrator account.</p>
+     * @public
+     */
+    AccountIds: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface DisassociateMembersResponse {
+    /**
+     * <p>A list of objects that contain the unprocessed account and a result string that explains
+     *       why it was unprocessed.</p>
+     * @public
+     */
+    UnprocessedAccounts: UnprocessedAccount[] | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const EbsSnapshotPreservation: {
+    readonly NO_RETENTION: "NO_RETENTION";
+    readonly RETENTION_WITH_FINDING: "RETENTION_WITH_FINDING";
+};
+/**
+ * @public
+ */
+export type EbsSnapshotPreservation = (typeof EbsSnapshotPreservation)[keyof typeof EbsSnapshotPreservation];
+/**
+ * <p>Contains list of scanned and skipped EBS volumes with details.</p>
+ * @public
+ */
+export interface EbsVolumeDetails {
+    /**
+     * <p>List of EBS volumes that were scanned.</p>
+     * @public
+     */
+    ScannedVolumeDetails?: VolumeDetail[] | undefined;
+    /**
+     * <p>List of EBS volumes that were skipped from the malware scan.</p>
+     * @public
+     */
+    SkippedVolumeDetails?: VolumeDetail[] | undefined;
+}
+/**
+ * <p>Contains details of the highest severity threat detected during scan and number of
+ *       infected files.</p>
+ * @public
+ */
+export interface HighestSeverityThreatDetails {
+    /**
+     * <p>Severity level of the highest severity threat detected.</p>
+     * @public
+     */
+    Severity?: string | undefined;
+    /**
+     * <p>Threat name of the highest severity threat detected as part of the malware scan.</p>
+     * @public
+     */
+    ThreatName?: string | undefined;
+    /**
+     * <p>Total number of infected files with the highest severity threat detected.</p>
+     * @public
+     */
+    Count?: number | undefined;
+}
+/**
+ * <p>Total number of scanned files.</p>
+ * @public
+ */
+export interface ScannedItemCount {
+    /**
+     * <p>Total GB of files scanned for malware.</p>
+     * @public
+     */
+    TotalGb?: number | undefined;
+    /**
+     * <p>Number of files scanned.</p>
+     * @public
+     */
+    Files?: number | undefined;
+    /**
+     * <p>Total number of scanned volumes.</p>
+     * @public
+     */
+    Volumes?: number | undefined;
+}
+/**
+ * <p>Contains details of infected file including name, file path and hash.</p>
+ * @public
+ */
+export interface ScanFilePath {
+    /**
+     * <p>The file path of the infected file.</p>
+     * @public
+     */
+    FilePath?: string | undefined;
+    /**
+     * <p>EBS volume ARN details of the infected file.</p>
+     * @public
+     */
+    VolumeArn?: string | undefined;
+    /**
+     * <p>The hash value of the infected file.</p>
+     * @public
+     */
+    Hash?: string | undefined;
+    /**
+     * <p>File name of the infected file.</p>
+     * @public
+     */
+    FileName?: string | undefined;
+}
+/**
+ * <p>Contains files infected with the given threat providing details of malware name and
+ *       severity.</p>
+ * @public
+ */
+export interface ScanThreatName {
+    /**
+     * <p>The name of the identified threat.</p>
      * @public
      */
     Name?: string | undefined;
     /**
-     * <p>Kubernetes workload type (e.g. Pod, Deployment, etc.).</p>
+     * <p>Severity of threat identified as part of the malware scan.</p>
      * @public
      */
-    Type?: string | undefined;
+    Severity?: string | undefined;
     /**
-     * <p>Kubernetes workload ID.</p>
+     * <p>Total number of files infected with given threat.</p>
      * @public
      */
-    Uid?: string | undefined;
+    ItemCount?: number | undefined;
     /**
-     * <p>Kubernetes namespace that the workload is part of.</p>
+     * <p>List of infected files in EBS volume with details.</p>
      * @public
      */
-    Namespace?: string | undefined;
+    FilePaths?: ScanFilePath[] | undefined;
+}
+/**
+ * <p>Contains details about identified threats organized by threat name.</p>
+ * @public
+ */
+export interface ThreatDetectedByName {
     /**
-     * <p>Whether the hostNetwork flag is enabled for the pods included in the workload.</p>
+     * <p>Total number of infected files identified.</p>
      * @public
      */
-    HostNetwork?: boolean | undefined;
+    ItemCount?: number | undefined;
     /**
-     * <p>Containers running as part of the Kubernetes workload.</p>
+     * <p>Total number of unique threats by name identified, as part of the malware scan.</p>
      * @public
      */
-    Containers?: Container[] | undefined;
+    UniqueThreatNameCount?: number | undefined;
     /**
-     * <p>Volumes used by the Kubernetes workload.</p>
+     * <p>Flag to determine if the finding contains every single infected file-path and/or every
+     *       threat.</p>
      * @public
      */
-    Volumes?: Volume[] | undefined;
+    Shortened?: boolean | undefined;
     /**
-     * <p>The service account name that is associated with a Kubernetes workload.</p>
+     * <p>List of identified threats with details, organized by threat name.</p>
      * @public
      */
-    ServiceAccountName?: string | undefined;
+    ThreatNames?: ScanThreatName[] | undefined;
+}
+/**
+ * <p>Contains total number of infected files.</p>
+ * @public
+ */
+export interface ThreatsDetectedItemCount {
     /**
-     * <p>Whether the host IPC flag is enabled for the pods in the workload.</p>
+     * <p>Total number of infected files.</p>
      * @public
      */
-    HostIPC?: boolean | undefined;
+    Files?: number | undefined;
+}
+/**
+ * <p>Contains a complete view providing malware scan result details.</p>
+ * @public
+ */
+export interface ScanDetections {
     /**
-     * <p>Whether the host PID flag is enabled for the pods in the workload. </p>
+     * <p>Total number of scanned files.</p>
      * @public
      */
-    HostPID?: boolean | undefined;
+    ScannedItemCount?: ScannedItemCount | undefined;
+    /**
+     * <p>Total number of infected files.</p>
+     * @public
+     */
+    ThreatsDetectedItemCount?: ThreatsDetectedItemCount | undefined;
+    /**
+     * <p>Details of the highest severity threat detected during malware scan and number of infected
+     *       files.</p>
+     * @public
+     */
+    HighestSeverityThreatDetails?: HighestSeverityThreatDetails | undefined;
+    /**
+     * <p>Contains details about identified threats organized by threat name.</p>
+     * @public
+     */
+    ThreatDetectedByName?: ThreatDetectedByName | undefined;
 }
 /**
- * <p>Details about Kubernetes resources such as a Kubernetes user or workload resource involved
- *       in a Kubernetes finding.</p>
+ * <p>Contains details from the malware scan that created a finding.</p>
  * @public
  */
-export interface KubernetesDetails {
+export interface EbsVolumeScanDetails {
+    /**
+     * <p>Unique Id of the malware scan that generated the finding.</p>
+     * @public
+     */
+    ScanId?: string | undefined;
+    /**
+     * <p>Returns the start date and time of the malware scan.</p>
+     * @public
+     */
+    ScanStartedAt?: Date | undefined;
+    /**
+     * <p>Returns the completion date and time of the malware scan.</p>
+     * @public
+     */
+    ScanCompletedAt?: Date | undefined;
+    /**
+     * <p>GuardDuty finding ID that triggered a malware scan.</p>
+     * @public
+     */
+    TriggerFindingId?: string | undefined;
+    /**
+     * <p>Contains list of threat intelligence sources used to detect threats.</p>
+     * @public
+     */
+    Sources?: string[] | undefined;
+    /**
+     * <p>Contains a complete view providing malware scan result details.</p>
+     * @public
+     */
+    ScanDetections?: ScanDetections | undefined;
+    /**
+     * <p>Specifies the scan type that invoked the malware scan.</p>
+     * @public
+     */
+    ScanType?: ScanType | undefined;
+}
+/**
+ * <p>Represents a pre-existing file or directory on the host machine that the volume maps
+ *       to.</p>
+ * @public
+ */
+export interface HostPath {
+    /**
+     * <p>Path of the file or directory on the host that the volume maps to.</p>
+     * @public
+     */
+    Path?: string | undefined;
+}
+/**
+ * <p>Volume used by the Kubernetes workload.</p>
+ * @public
+ */
+export interface Volume {
+    /**
+     * <p>Volume name.</p>
+     * @public
+     */
+    Name?: string | undefined;
+    /**
+     * <p>Represents a pre-existing file or directory on the host machine that the volume maps
+     *       to.</p>
+     * @public
+     */
+    HostPath?: HostPath | undefined;
+}
+/**
+ * <p>Contains information about the task in an ECS cluster.</p>
+ * @public
+ */
+export interface EcsTaskDetails {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the task.</p>
+     * @public
+     */
+    Arn?: string | undefined;
+    /**
+     * <p>The ARN of the task definition that creates the task.</p>
+     * @public
+     */
+    DefinitionArn?: string | undefined;
+    /**
+     * <p>The version counter for the task.</p>
+     * @public
+     */
+    Version?: string | undefined;
+    /**
+     * <p>The Unix timestamp for the time when the task was created.</p>
+     * @public
+     */
+    TaskCreatedAt?: Date | undefined;
+    /**
+     * <p>The Unix timestamp for the time when the task started.</p>
+     * @public
+     */
+    StartedAt?: Date | undefined;
+    /**
+     * <p>Contains the tag specified when a task is started.</p>
+     * @public
+     */
+    StartedBy?: string | undefined;
     /**
-     * <p>Details about the Kubernetes user involved in a Kubernetes finding.</p>
+     * <p>The tags of the ECS Task.</p>
      * @public
      */
-    KubernetesUserDetails?: KubernetesUserDetails | undefined;
+    Tags?: Tag[] | undefined;
     /**
-     * <p>Details about the Kubernetes workload involved in a Kubernetes finding.</p>
+     * <p>The list of data volume definitions for the task.</p>
      * @public
      */
-    KubernetesWorkloadDetails?: KubernetesWorkloadDetails | undefined;
-}
-/**
- * <p>Amazon Virtual Private Cloud configuration details associated with your Lambda function.</p>
- * @public
- */
-export interface VpcConfig {
+    Volumes?: Volume[] | undefined;
     /**
-     * <p>The identifiers of the subnets that are associated with your Lambda function.</p>
+     * <p>The containers that's associated with the task.</p>
      * @public
      */
-    SubnetIds?: string[] | undefined;
+    Containers?: Container[] | undefined;
     /**
-     * <p>The identifier of the Amazon Virtual Private Cloud.</p>
+     * <p>The name of the task group that's associated with the task.</p>
      * @public
      */
-    VpcId?: string | undefined;
+    Group?: string | undefined;
     /**
-     * <p>The identifier of the security group attached to the Lambda function.</p>
+     * <p>A capacity on which the task is running. For example, <code>Fargate</code> and <code>EC2</code>.</p>
      * @public
      */
-    SecurityGroups?: SecurityGroup[] | undefined;
+    LaunchType?: string | undefined;
 }
 /**
- * <p>Information about the Lambda function involved in the finding.</p>
+ * <p>Contains information about the details of the ECS Cluster.</p>
  * @public
  */
-export interface LambdaDetails {
-    /**
-     * <p>Amazon Resource Name (ARN) of the Lambda function.</p>
-     * @public
-     */
-    FunctionArn?: string | undefined;
+export interface EcsClusterDetails {
     /**
-     * <p>Name of the Lambda function.</p>
+     * <p>The name of the ECS Cluster.</p>
      * @public
      */
-    FunctionName?: string | undefined;
+    Name?: string | undefined;
     /**
-     * <p>Description of the Lambda function.</p>
+     * <p>The Amazon Resource Name (ARN) that identifies the cluster.</p>
      * @public
      */
-    Description?: string | undefined;
+    Arn?: string | undefined;
     /**
-     * <p>The timestamp when the Lambda function was last modified. This field is in the UTC date string
-     *       format <code>(2023-03-22T19:37:20.168Z)</code>.</p>
+     * <p>The status of the ECS cluster.</p>
      * @public
      */
-    LastModifiedAt?: Date | undefined;
+    Status?: string | undefined;
     /**
-     * <p>The revision ID of the Lambda function version.</p>
+     * <p>The number of services that are running on the cluster in an ACTIVE state.</p>
      * @public
      */
-    RevisionId?: string | undefined;
+    ActiveServicesCount?: number | undefined;
     /**
-     * <p>The version of the Lambda function.</p>
+     * <p>The number of container instances registered into the cluster.</p>
      * @public
      */
-    FunctionVersion?: string | undefined;
+    RegisteredContainerInstancesCount?: number | undefined;
     /**
-     * <p>The execution role of the Lambda function.</p>
+     * <p>The number of tasks in the cluster that are in the RUNNING state.</p>
      * @public
      */
-    Role?: string | undefined;
+    RunningTasksCount?: number | undefined;
     /**
-     * <p>Amazon Virtual Private Cloud configuration details associated with your Lambda function.</p>
+     * <p>The tags of the ECS Cluster.</p>
      * @public
      */
-    VpcConfig?: VpcConfig | undefined;
+    Tags?: Tag[] | undefined;
     /**
-     * <p>A list of tags attached to this resource, listed in the format of
-     *       <code>key</code>:<code>value</code> pair.</p>
+     * <p>Contains information about the details of the ECS Task.</p>
      * @public
      */
-    Tags?: Tag[] | undefined;
+    TaskDetails?: EcsTaskDetails | undefined;
 }
 /**
- * <p>Contains information about the resource type <code>RDSDBInstance</code> involved in a
- *       GuardDuty finding.</p>
+ * <p>Details about the EKS cluster involved in a Kubernetes finding.</p>
  * @public
  */
-export interface RdsDbInstanceDetails {
+export interface EksClusterDetails {
     /**
-     * <p>The identifier associated to the database instance that was involved in the
-     *       finding.</p>
+     * <p>EKS cluster name.</p>
      * @public
      */
-    DbInstanceIdentifier?: string | undefined;
+    Name?: string | undefined;
     /**
-     * <p>The database engine of the database instance involved in the finding.</p>
+     * <p>EKS cluster ARN.</p>
      * @public
      */
-    Engine?: string | undefined;
+    Arn?: string | undefined;
     /**
-     * <p>The version of the database engine that was involved in the finding.</p>
+     * <p>The VPC ID to which the EKS cluster is attached.</p>
      * @public
      */
-    EngineVersion?: string | undefined;
+    VpcId?: string | undefined;
     /**
-     * <p>The identifier of the database cluster that contains the database instance ID involved in
-     *       the finding.</p>
+     * <p>The EKS cluster status.</p>
      * @public
      */
-    DbClusterIdentifier?: string | undefined;
+    Status?: string | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) that identifies the database instance involved in the
-     *       finding.</p>
+     * <p>The EKS cluster tags.</p>
      * @public
      */
-    DbInstanceArn?: string | undefined;
+    Tags?: Tag[] | undefined;
     /**
-     * <p>Information about the tag key-value pairs.</p>
+     * <p>The timestamp when the EKS cluster was created.</p>
      * @public
      */
-    Tags?: Tag[] | undefined;
+    CreatedAt?: Date | undefined;
 }
 /**
- * <p>Contains information about the user and authentication details for a database instance
- *       involved in the finding.</p>
  * @public
  */
-export interface RdsDbUserDetails {
+export interface EnableOrganizationAdminAccountRequest {
     /**
-     * <p>The user name used in the anomalous login attempt.</p>
+     * <p>The Amazon Web Services account ID for the organization account to be enabled as a GuardDuty delegated
+     *       administrator.</p>
      * @public
      */
-    User?: string | undefined;
+    AdminAccountId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface EnableOrganizationAdminAccountResponse {
+}
+/**
+ * <p>An instance of a threat intelligence detail that constitutes evidence for the
+ *       finding.</p>
+ * @public
+ */
+export interface ThreatIntelligenceDetail {
     /**
-     * <p>The application name used in the anomalous login attempt.</p>
+     * <p>The name of the threat intelligence list that triggered the finding.</p>
      * @public
      */
-    Application?: string | undefined;
+    ThreatListName?: string | undefined;
     /**
-     * <p>The name of the database instance involved in the anomalous login attempt.</p>
+     * <p>A list of names of the threats in the threat intelligence list that triggered the
+     *       finding.</p>
      * @public
      */
-    Database?: string | undefined;
+    ThreatNames?: string[] | undefined;
     /**
-     * <p>The version of the Secure Socket Layer (SSL) used for the network.</p>
+     * <p>SHA256 of the file that generated the finding.</p>
      * @public
      */
-    Ssl?: string | undefined;
+    ThreatFileSha256?: string | undefined;
+}
+/**
+ * <p>Contains information about the reason that the finding was generated.</p>
+ * @public
+ */
+export interface Evidence {
     /**
-     * <p>The authentication method used by the user involved in the finding.</p>
+     * <p>A list of threat intelligence details related to the evidence.</p>
      * @public
      */
-    AuthMethod?: string | undefined;
+    ThreatIntelligenceDetails?: ThreatIntelligenceDetail[] | undefined;
 }
 /**
- * <p>Contains information about the resource type <code>RDSLimitlessDB</code> that is involved in a GuardDuty
- *     finding.</p>
  * @public
+ * @enum
  */
-export interface RdsLimitlessDbDetails {
+export declare const Feedback: {
+    readonly NOT_USEFUL: "NOT_USEFUL";
+    readonly USEFUL: "USEFUL";
+};
+/**
+ * @public
+ */
+export type Feedback = (typeof Feedback)[keyof typeof Feedback];
+/**
+ * <p>Contains information about the elastic network interface of the EC2 instance.</p>
+ * @public
+ */
+export interface NetworkInterface {
     /**
-     * <p>The name associated with the Limitless DB shard group.</p>
+     * <p>A list of IPv6 addresses for the EC2 instance.</p>
      * @public
      */
-    DbShardGroupIdentifier?: string | undefined;
+    Ipv6Addresses?: string[] | undefined;
     /**
-     * <p>The resource identifier of the DB shard group within the Limitless Database.</p>
+     * <p>The ID of the network interface.</p>
      * @public
      */
-    DbShardGroupResourceId?: string | undefined;
+    NetworkInterfaceId?: string | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) that identifies the DB shard group.</p>
+     * <p>The private DNS name of the EC2 instance.</p>
      * @public
      */
-    DbShardGroupArn?: string | undefined;
+    PrivateDnsName?: string | undefined;
     /**
-     * <p>The database engine of the database instance involved in the finding.</p>
+     * <p>The private IP address of the EC2 instance.</p>
      * @public
      */
-    Engine?: string | undefined;
+    PrivateIpAddress?: string | undefined;
     /**
-     * <p>The version of the database engine.</p>
+     * <p>Other private IP address information of the EC2 instance.</p>
      * @public
      */
-    EngineVersion?: string | undefined;
+    PrivateIpAddresses?: PrivateIpAddressDetails[] | undefined;
     /**
-     * <p>The name of the database cluster that is a part of the Limitless Database.</p>
+     * <p>The public DNS name of the EC2 instance.</p>
      * @public
      */
-    DbClusterIdentifier?: string | undefined;
+    PublicDnsName?: string | undefined;
     /**
-     * <p>Information about the tag-key value pair.</p>
+     * <p>The public IP address of the EC2 instance.</p>
      * @public
      */
-    Tags?: Tag[] | undefined;
-}
-/**
- * <p>Contains information on the owner of the bucket.</p>
- * @public
- */
-export interface Owner {
+    PublicIp?: string | undefined;
     /**
-     * <p>The canonical user ID of the bucket owner. For information about locating your canonical
-     *       user ID see <a href="https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId">Finding Your Account
-     *         Canonical User ID.</a>
-     *          </p>
+     * <p>The security groups associated with the EC2 instance.</p>
      * @public
      */
-    Id?: string | undefined;
-}
-/**
- * <p>Contains information about how permissions are configured for the S3 bucket.</p>
- * @public
- */
-export interface PermissionConfiguration {
+    SecurityGroups?: SecurityGroup[] | undefined;
     /**
-     * <p>Contains information about the bucket level permissions for the S3 bucket.</p>
+     * <p>The subnet ID of the EC2 instance.</p>
      * @public
      */
-    BucketLevelPermissions?: BucketLevelPermissions | undefined;
+    SubnetId?: string | undefined;
     /**
-     * <p>Contains information about the account level permissions on the S3 bucket.</p>
+     * <p>The VPC ID of the EC2 instance.</p>
      * @public
      */
-    AccountLevelPermissions?: AccountLevelPermissions | undefined;
+    VpcId?: string | undefined;
 }
 /**
- * <p>Describes the public access policies that apply to the S3 bucket.</p>
+ * <p>Contains information about the details of an instance.</p>
  * @public
  */
-export interface PublicAccess {
-    /**
-     * <p>Contains information about how permissions are configured for the S3 bucket.</p>
-     * @public
-     */
-    PermissionConfiguration?: PermissionConfiguration | undefined;
+export interface InstanceDetails {
     /**
-     * <p>Describes the effective permission on this bucket after factoring all attached
-     *       policies.</p>
+     * <p>The Availability Zone of the EC2 instance.</p>
      * @public
      */
-    EffectivePermission?: string | undefined;
-}
-/**
- * <p>Information about the S3 object that was scanned</p>
- * @public
- */
-export interface S3ObjectDetail {
+    AvailabilityZone?: string | undefined;
     /**
-     * <p>Amazon Resource Name (ARN) of the S3 object.</p>
+     * <p>The profile information of the EC2 instance.</p>
      * @public
      */
-    ObjectArn?: string | undefined;
+    IamInstanceProfile?: IamInstanceProfile | undefined;
     /**
-     * <p>Key of the S3 object.</p>
+     * <p>The image description of the EC2 instance.</p>
      * @public
      */
-    Key?: string | undefined;
+    ImageDescription?: string | undefined;
     /**
-     * <p>The entity tag is a hash of the S3 object. The ETag reflects changes only to the contents of
-     *     an object, and not its metadata.</p>
+     * <p>The image ID of the EC2 instance.</p>
      * @public
      */
-    ETag?: string | undefined;
+    ImageId?: string | undefined;
     /**
-     * <p>Hash of the threat detected in this finding.</p>
+     * <p>The ID of the EC2 instance.</p>
      * @public
      */
-    Hash?: string | undefined;
+    InstanceId?: string | undefined;
     /**
-     * <p>Version ID of the object.</p>
+     * <p>The state of the EC2 instance.</p>
      * @public
      */
-    VersionId?: string | undefined;
-}
-/**
- * <p>Contains information on the S3 bucket.</p>
- * @public
- */
-export interface S3BucketDetail {
+    InstanceState?: string | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the S3 bucket.</p>
+     * <p>The type of the EC2 instance.</p>
      * @public
      */
-    Arn?: string | undefined;
+    InstanceType?: string | undefined;
     /**
-     * <p>The name of the S3 bucket.</p>
+     * <p>The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only applicable to Amazon Web Services Outposts
+     *       instances.</p>
      * @public
      */
-    Name?: string | undefined;
+    OutpostArn?: string | undefined;
     /**
-     * <p>Describes whether the bucket is a source or destination bucket.</p>
+     * <p>The launch time of the EC2 instance.</p>
      * @public
      */
-    Type?: string | undefined;
+    LaunchTime?: string | undefined;
     /**
-     * <p>The date and time the bucket was created at.</p>
+     * <p>The elastic network interface information of the EC2 instance.</p>
      * @public
      */
-    CreatedAt?: Date | undefined;
+    NetworkInterfaces?: NetworkInterface[] | undefined;
     /**
-     * <p>The owner of the S3 bucket.</p>
+     * <p>The platform of the EC2 instance.</p>
      * @public
      */
-    Owner?: Owner | undefined;
+    Platform?: string | undefined;
     /**
-     * <p>All tags attached to the S3 bucket</p>
+     * <p>The product code of the EC2 instance.</p>
      * @public
      */
-    Tags?: Tag[] | undefined;
+    ProductCodes?: ProductCode[] | undefined;
     /**
-     * <p>Describes the server side encryption method used in the S3 bucket.</p>
+     * <p>The tags of the EC2 instance.</p>
      * @public
      */
-    DefaultServerSideEncryption?: DefaultServerSideEncryption | undefined;
+    Tags?: Tag[] | undefined;
+}
+/**
+ * <p>Contains information about the impersonated user.</p>
+ * @public
+ */
+export interface ImpersonatedUser {
     /**
-     * <p>Describes the public access policies that apply to the S3 bucket.</p>
+     * <p>Information about the <code>username</code> that was being impersonated.</p>
      * @public
      */
-    PublicAccess?: PublicAccess | undefined;
+    Username?: string | undefined;
     /**
-     * <p>Information about the S3 object that was scanned.</p>
+     * <p>The <code>group</code> to which the user name belongs.</p>
      * @public
      */
-    S3ObjectDetails?: S3ObjectDetail[] | undefined;
+    Groups?: string[] | undefined;
 }
 /**
- * <p>Contains information about the Amazon Web Services resource associated with the activity that prompted
- *       GuardDuty to generate a finding.</p>
+ * <p>Details about the Kubernetes user involved in a Kubernetes finding.</p>
  * @public
  */
-export interface Resource {
+export interface KubernetesUserDetails {
     /**
-     * <p>The IAM access key details (user information) of a user that engaged in the activity that
-     *       prompted GuardDuty to generate a finding.</p>
+     * <p>The username of the user who called the Kubernetes API.</p>
      * @public
      */
-    AccessKeyDetails?: AccessKeyDetails | undefined;
+    Username?: string | undefined;
     /**
-     * <p>Contains information on the S3 bucket.</p>
+     * <p>The user ID of the user who called the Kubernetes API.</p>
      * @public
      */
-    S3BucketDetails?: S3BucketDetail[] | undefined;
+    Uid?: string | undefined;
     /**
-     * <p>The information about the EC2 instance associated with the activity that prompted
-     *       GuardDuty to generate a finding.</p>
+     * <p>The groups that include the user who called the Kubernetes API.</p>
      * @public
      */
-    InstanceDetails?: InstanceDetails | undefined;
+    Groups?: string[] | undefined;
     /**
-     * <p>Details about the EKS cluster involved in a Kubernetes finding.</p>
+     * <p>Entity that assumes the IAM role
+     *       when Kubernetes RBAC permissions are assigned to that role.</p>
      * @public
      */
-    EksClusterDetails?: EksClusterDetails | undefined;
+    SessionName?: string[] | undefined;
     /**
-     * <p>Details about the Kubernetes user and workload involved in a Kubernetes finding.</p>
+     * <p>Information about the impersonated user.</p>
      * @public
      */
-    KubernetesDetails?: KubernetesDetails | undefined;
+    ImpersonatedUser?: ImpersonatedUser | undefined;
+}
+/**
+ * <p>Details about the Kubernetes workload involved in a Kubernetes finding.</p>
+ * @public
+ */
+export interface KubernetesWorkloadDetails {
     /**
-     * <p>The type of Amazon Web Services resource.</p>
+     * <p>Kubernetes workload name.</p>
      * @public
      */
-    ResourceType?: string | undefined;
+    Name?: string | undefined;
     /**
-     * <p>Contains list of scanned and skipped EBS volumes with details.</p>
+     * <p>Kubernetes workload type (e.g. Pod, Deployment, etc.).</p>
      * @public
      */
-    EbsVolumeDetails?: EbsVolumeDetails | undefined;
+    Type?: string | undefined;
     /**
-     * <p>Contains information about the details of the ECS Cluster.</p>
+     * <p>Kubernetes workload ID.</p>
      * @public
      */
-    EcsClusterDetails?: EcsClusterDetails | undefined;
+    Uid?: string | undefined;
     /**
-     * <p>Details of a container.</p>
+     * <p>Kubernetes namespace that the workload is part of.</p>
      * @public
      */
-    ContainerDetails?: Container | undefined;
+    Namespace?: string | undefined;
     /**
-     * <p>Contains information about the database instance to which an anomalous login attempt was
-     *       made.</p>
+     * <p>Whether the hostNetwork flag is enabled for the pods included in the workload.</p>
      * @public
      */
-    RdsDbInstanceDetails?: RdsDbInstanceDetails | undefined;
+    HostNetwork?: boolean | undefined;
     /**
-     * <p>Contains information about the RDS Limitless database that was involved in a GuardDuty finding.</p>
+     * <p>Containers running as part of the Kubernetes workload.</p>
      * @public
      */
-    RdsLimitlessDbDetails?: RdsLimitlessDbDetails | undefined;
+    Containers?: Container[] | undefined;
     /**
-     * <p>Contains information about the user details through which anomalous login attempt was
-     *       made.</p>
+     * <p>Volumes used by the Kubernetes workload.</p>
      * @public
      */
-    RdsDbUserDetails?: RdsDbUserDetails | undefined;
+    Volumes?: Volume[] | undefined;
     /**
-     * <p>Contains information about the Lambda function that was involved in a finding.</p>
+     * <p>The service account name that is associated with a Kubernetes workload.</p>
      * @public
      */
-    LambdaDetails?: LambdaDetails | undefined;
-}
-/**
- * <p>Additional information about the generated finding.</p>
- * @public
- */
-export interface ServiceAdditionalInfo {
+    ServiceAccountName?: string | undefined;
     /**
-     * <p>This field specifies the value of the additional information.</p>
+     * <p>Whether the host IPC flag is enabled for the pods in the workload.</p>
      * @public
      */
-    Value?: string | undefined;
+    HostIPC?: boolean | undefined;
     /**
-     * <p>Describes the type of the additional information.</p>
+     * <p>Whether the host PID flag is enabled for the pods in the workload. </p>
      * @public
      */
-    Type?: string | undefined;
+    HostPID?: boolean | undefined;
 }
 /**
- * <p>Information about the nested item path and hash of the protected
- *       resource.</p>
+ * <p>Details about Kubernetes resources such as a Kubernetes user or workload resource involved
+ *       in a Kubernetes finding.</p>
  * @public
  */
-export interface ItemPath {
+export interface KubernetesDetails {
     /**
-     * <p>The nested item path where the infected file was found.</p>
+     * <p>Details about the Kubernetes user involved in a Kubernetes finding.</p>
      * @public
      */
-    NestedItemPath?: string | undefined;
+    KubernetesUserDetails?: KubernetesUserDetails | undefined;
     /**
-     * <p>The hash value of the infected resource.</p>
+     * <p>Details about the Kubernetes workload involved in a Kubernetes finding.</p>
      * @public
      */
-    Hash?: string | undefined;
+    KubernetesWorkloadDetails?: KubernetesWorkloadDetails | undefined;
 }
 /**
- * <p>Information about the detected threats associated with the
- *       generated finding.</p>
+ * <p>Amazon Virtual Private Cloud configuration details associated with your Lambda function.</p>
  * @public
  */
-export interface Threat {
-    /**
-     * <p>Name of the detected threat that caused GuardDuty to generate this finding.</p>
-     * @public
-     */
-    Name?: string | undefined;
+export interface VpcConfig {
     /**
-     * <p>Source of the threat that generated this finding.</p>
+     * <p>The identifiers of the subnets that are associated with your Lambda function.</p>
      * @public
      */
-    Source?: string | undefined;
+    SubnetIds?: string[] | undefined;
     /**
-     * <p>Information about the nested item path and
-     *       hash of the protected resource.</p>
+     * <p>The identifier of the Amazon Virtual Private Cloud.</p>
      * @public
      */
-    ItemPaths?: ItemPath[] | undefined;
-}
-/**
- * <p>Information about the malware scan that generated a GuardDuty finding.</p>
- * @public
- */
-export interface MalwareScanDetails {
+    VpcId?: string | undefined;
     /**
-     * <p>Information about the detected threats associated with the
-     *       generated GuardDuty finding.</p>
+     * <p>The identifier of the security group attached to the Lambda function.</p>
      * @public
      */
-    Threats?: Threat[] | undefined;
+    SecurityGroups?: SecurityGroup[] | undefined;
 }
 /**
- * <p>Information about the runtime process details.</p>
+ * <p>Information about the Lambda function involved in the finding.</p>
  * @public
  */
-export interface LineageObject {
+export interface LambdaDetails {
     /**
-     * <p>The time when the process started. This is in UTC format.</p>
+     * <p>Amazon Resource Name (ARN) of the Lambda function.</p>
      * @public
      */
-    StartTime?: Date | undefined;
+    FunctionArn?: string | undefined;
     /**
-     * <p>The process ID of the child process.</p>
+     * <p>Name of the Lambda function.</p>
      * @public
      */
-    NamespacePid?: number | undefined;
+    FunctionName?: string | undefined;
     /**
-     * <p>The user ID of the user that executed the process.</p>
+     * <p>Description of the Lambda function.</p>
      * @public
      */
-    UserId?: number | undefined;
+    Description?: string | undefined;
     /**
-     * <p>The name of the process.</p>
+     * <p>The timestamp when the Lambda function was last modified. This field is in the UTC date string
+     *       format <code>(2023-03-22T19:37:20.168Z)</code>.</p>
      * @public
      */
-    Name?: string | undefined;
+    LastModifiedAt?: Date | undefined;
     /**
-     * <p>The ID of the process.</p>
+     * <p>The revision ID of the Lambda function version.</p>
      * @public
      */
-    Pid?: number | undefined;
+    RevisionId?: string | undefined;
     /**
-     * <p>The unique ID assigned to the process by GuardDuty.</p>
+     * <p>The version of the Lambda function.</p>
      * @public
      */
-    Uuid?: string | undefined;
+    FunctionVersion?: string | undefined;
     /**
-     * <p>The absolute path of the process executable file.</p>
+     * <p>The execution role of the Lambda function.</p>
      * @public
      */
-    ExecutablePath?: string | undefined;
+    Role?: string | undefined;
     /**
-     * <p>The effective user ID that was used to execute the process.</p>
+     * <p>Amazon Virtual Private Cloud configuration details associated with your Lambda function.</p>
      * @public
      */
-    Euid?: number | undefined;
+    VpcConfig?: VpcConfig | undefined;
     /**
-     * <p>The unique ID of the parent process. This ID is assigned to the parent process by
-     *       GuardDuty.</p>
+     * <p>A list of tags attached to this resource, listed in the format of
+     *       <code>key</code>:<code>value</code> pair.</p>
      * @public
      */
-    ParentUuid?: string | undefined;
+    Tags?: Tag[] | undefined;
 }
 /**
- * <p>Information about the observed process.</p>
+ * <p>Contains information about the resource type <code>RDSDBInstance</code> involved in a
+ *       GuardDuty finding.</p>
  * @public
  */
-export interface ProcessDetails {
-    /**
-     * <p>The name of the process.</p>
-     * @public
-     */
-    Name?: string | undefined;
-    /**
-     * <p>The absolute path of the process executable file.</p>
-     * @public
-     */
-    ExecutablePath?: string | undefined;
+export interface RdsDbInstanceDetails {
     /**
-     * <p>The <code>SHA256</code> hash of the process executable.</p>
+     * <p>The identifier associated to the database instance that was involved in the
+     *       finding.</p>
      * @public
      */
-    ExecutableSha256?: string | undefined;
+    DbInstanceIdentifier?: string | undefined;
     /**
-     * <p>The ID of the child process.</p>
+     * <p>The database engine of the database instance involved in the finding.</p>
      * @public
      */
-    NamespacePid?: number | undefined;
+    Engine?: string | undefined;
     /**
-     * <p>The present working directory of the process.</p>
+     * <p>The version of the database engine that was involved in the finding.</p>
      * @public
      */
-    Pwd?: string | undefined;
+    EngineVersion?: string | undefined;
     /**
-     * <p>The ID of the process.</p>
+     * <p>The identifier of the database cluster that contains the database instance ID involved in
+     *       the finding.</p>
      * @public
      */
-    Pid?: number | undefined;
+    DbClusterIdentifier?: string | undefined;
     /**
-     * <p>The time when the process started. This is in UTC format.</p>
+     * <p>The Amazon Resource Name (ARN) that identifies the database instance involved in the
+     *       finding.</p>
      * @public
      */
-    StartTime?: Date | undefined;
+    DbInstanceArn?: string | undefined;
     /**
-     * <p>The unique ID assigned to the process by GuardDuty.</p>
+     * <p>Information about the tag key-value pairs.</p>
      * @public
      */
-    Uuid?: string | undefined;
+    Tags?: Tag[] | undefined;
+}
+/**
+ * <p>Contains information about the user and authentication details for a database instance
+ *       involved in the finding.</p>
+ * @public
+ */
+export interface RdsDbUserDetails {
     /**
-     * <p>The unique ID of the parent process. This ID is assigned to the parent process by
-     *       GuardDuty.</p>
+     * <p>The user name used in the anomalous login attempt.</p>
      * @public
      */
-    ParentUuid?: string | undefined;
+    User?: string | undefined;
     /**
-     * <p>The user that executed the process.</p>
+     * <p>The application name used in the anomalous login attempt.</p>
      * @public
      */
-    User?: string | undefined;
+    Application?: string | undefined;
     /**
-     * <p>The unique ID of the user that executed the process.</p>
+     * <p>The name of the database instance involved in the anomalous login attempt.</p>
      * @public
      */
-    UserId?: number | undefined;
+    Database?: string | undefined;
     /**
-     * <p>The effective user ID of the user that executed the process.</p>
+     * <p>The version of the Secure Socket Layer (SSL) used for the network.</p>
      * @public
      */
-    Euid?: number | undefined;
+    Ssl?: string | undefined;
     /**
-     * <p>Information about the process's lineage.</p>
+     * <p>The authentication method used by the user involved in the finding.</p>
      * @public
      */
-    Lineage?: LineageObject[] | undefined;
+    AuthMethod?: string | undefined;
 }
 /**
- * <p>Additional information about the suspicious activity.</p>
+ * <p>Contains information about the resource type <code>RDSLimitlessDB</code> that is involved in a GuardDuty
+ *     finding.</p>
  * @public
  */
-export interface RuntimeContext {
+export interface RdsLimitlessDbDetails {
     /**
-     * <p>Information about the process that modified the current process. This is available for
-     *       multiple finding types.</p>
+     * <p>The name associated with the Limitless DB shard group.</p>
      * @public
      */
-    ModifyingProcess?: ProcessDetails | undefined;
+    DbShardGroupIdentifier?: string | undefined;
     /**
-     * <p>The timestamp at which the process modified the current process. The timestamp is in UTC date string
-     *       format.</p>
+     * <p>The resource identifier of the DB shard group within the Limitless Database.</p>
      * @public
      */
-    ModifiedAt?: Date | undefined;
+    DbShardGroupResourceId?: string | undefined;
     /**
-     * <p>The path to the script that was executed.</p>
+     * <p>The Amazon Resource Name (ARN) that identifies the DB shard group.</p>
      * @public
      */
-    ScriptPath?: string | undefined;
+    DbShardGroupArn?: string | undefined;
     /**
-     * <p>The path to the new library that was loaded.</p>
+     * <p>The database engine of the database instance involved in the finding.</p>
      * @public
      */
-    LibraryPath?: string | undefined;
+    Engine?: string | undefined;
     /**
-     * <p>The value of the LD_PRELOAD environment variable.</p>
+     * <p>The version of the database engine.</p>
      * @public
      */
-    LdPreloadValue?: string | undefined;
+    EngineVersion?: string | undefined;
     /**
-     * <p>The path to the docket socket that was accessed.</p>
+     * <p>The name of the database cluster that is a part of the Limitless Database.</p>
      * @public
      */
-    SocketPath?: string | undefined;
+    DbClusterIdentifier?: string | undefined;
     /**
-     * <p>The path to the leveraged <code>runc</code> implementation.</p>
+     * <p>Information about the tag key-value pair.</p>
      * @public
      */
-    RuncBinaryPath?: string | undefined;
+    Tags?: Tag[] | undefined;
+}
+/**
+ * <p>Contains information on the owner of the bucket.</p>
+ * @public
+ */
+export interface Owner {
     /**
-     * <p>The path in the container that modified the release agent file.</p>
+     * <p>The canonical user ID of the bucket owner. For information about locating your canonical
+     *       user ID see <a href="https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId">Finding Your Account
+     *         Canonical User ID.</a>
+     *          </p>
      * @public
      */
-    ReleaseAgentPath?: string | undefined;
+    Id?: string | undefined;
+}
+/**
+ * <p>Contains information about how permissions are configured for the S3 bucket.</p>
+ * @public
+ */
+export interface PermissionConfiguration {
     /**
-     * <p>The path on the host that is mounted by the container.</p>
+     * <p>Contains information about the bucket level permissions for the S3 bucket.</p>
      * @public
      */
-    MountSource?: string | undefined;
+    BucketLevelPermissions?: BucketLevelPermissions | undefined;
     /**
-     * <p>The path in the container that is mapped to the host directory.</p>
+     * <p>Contains information about the account level permissions on the S3 bucket.</p>
      * @public
      */
-    MountTarget?: string | undefined;
+    AccountLevelPermissions?: AccountLevelPermissions | undefined;
+}
+/**
+ * <p>Describes the public access policies that apply to the S3 bucket.</p>
+ * @public
+ */
+export interface PublicAccess {
     /**
-     * <p>Represents the type of mounted fileSystem.</p>
+     * <p>Contains information about how permissions are configured for the S3 bucket.</p>
      * @public
      */
-    FileSystemType?: string | undefined;
+    PermissionConfiguration?: PermissionConfiguration | undefined;
     /**
-     * <p>Represents options that control the behavior of a runtime operation or action. For
-     *       example, a filesystem mount operation may contain a read-only flag.</p>
+     * <p>Describes the effective permission on this bucket after factoring all attached
+     *       policies.</p>
      * @public
      */
-    Flags?: string[] | undefined;
+    EffectivePermission?: string | undefined;
+}
+/**
+ * <p>Information about the S3 object that was scanned</p>
+ * @public
+ */
+export interface S3ObjectDetail {
     /**
-     * <p>The name of the module loaded into the kernel.</p>
+     * <p>Amazon Resource Name (ARN) of the S3 object.</p>
      * @public
      */
-    ModuleName?: string | undefined;
+    ObjectArn?: string | undefined;
     /**
-     * <p>The path to the module loaded into the kernel.</p>
+     * <p>Key of the S3 object.</p>
      * @public
      */
-    ModuleFilePath?: string | undefined;
+    Key?: string | undefined;
     /**
-     * <p>The <code>SHA256</code> hash of the module.</p>
+     * <p>The entity tag is a hash of the S3 object. The ETag reflects changes only to the contents of
+     *     an object, and not its metadata.</p>
      * @public
      */
-    ModuleSha256?: string | undefined;
+    ETag?: string | undefined;
     /**
-     * <p>The path to the modified shell history file.</p>
+     * <p>Hash of the threat detected in this finding.</p>
      * @public
      */
-    ShellHistoryFilePath?: string | undefined;
+    Hash?: string | undefined;
     /**
-     * <p>Information about the process that had its memory overwritten by the current process.</p>
+     * <p>Version ID of the object.</p>
      * @public
      */
-    TargetProcess?: ProcessDetails | undefined;
+    VersionId?: string | undefined;
+}
+/**
+ * <p>Contains information on the S3 bucket.</p>
+ * @public
+ */
+export interface S3BucketDetail {
     /**
-     * <p>Represents the communication protocol associated with the address. For example, the address
-     *       family <code>AF_INET</code> is used for IP version of 4 protocol.</p>
+     * <p>The Amazon Resource Name (ARN) of the S3 bucket.</p>
      * @public
      */
-    AddressFamily?: string | undefined;
+    Arn?: string | undefined;
     /**
-     * <p>Specifies a particular protocol within the address family. Usually there is a single
-     *       protocol in address families. For example, the address family <code>AF_INET</code> only has
-     *       the IP protocol.</p>
+     * <p>The name of the S3 bucket.</p>
      * @public
      */
-    IanaProtocolNumber?: number | undefined;
+    Name?: string | undefined;
     /**
-     * <p>Specifies the Region of a process's address space such as stack and heap.</p>
+     * <p>Describes whether the bucket is a source or destination bucket.</p>
      * @public
      */
-    MemoryRegions?: string[] | undefined;
+    Type?: string | undefined;
     /**
-     * <p>Name of the potentially suspicious tool.</p>
+     * <p>The date and time the bucket was created at.</p>
      * @public
      */
-    ToolName?: string | undefined;
+    CreatedAt?: Date | undefined;
     /**
-     * <p>Category that the tool belongs to. Some of the examples
-     *     are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.</p>
+     * <p>The owner of the S3 bucket.</p>
      * @public
      */
-    ToolCategory?: string | undefined;
+    Owner?: Owner | undefined;
     /**
-     * <p>Name of the security service that has been potentially disabled.</p>
+     * <p>All tags attached to the S3 bucket</p>
      * @public
      */
-    ServiceName?: string | undefined;
+    Tags?: Tag[] | undefined;
     /**
-     * <p>Example of the command line involved in the suspicious activity.</p>
+     * <p>Describes the server side encryption method used in the S3 bucket.</p>
      * @public
      */
-    CommandLineExample?: string | undefined;
+    DefaultServerSideEncryption?: DefaultServerSideEncryption | undefined;
     /**
-     * <p>The suspicious file path for which the threat intelligence details were found.</p>
+     * <p>Describes the public access policies that apply to the S3 bucket.</p>
      * @public
      */
-    ThreatFilePath?: string | undefined;
+    PublicAccess?: PublicAccess | undefined;
+    /**
+     * <p>Information about the S3 object that was scanned.</p>
+     * @public
+     */
+    S3ObjectDetails?: S3ObjectDetail[] | undefined;
 }
 /**
- * <p>Information about the process and any required context values for a specific
- *       finding.</p>
+ * <p>Contains information about the Amazon Web Services resource associated with the activity that prompted
+ *       GuardDuty to generate a finding.</p>
  * @public
  */
-export interface RuntimeDetails {
+export interface Resource {
     /**
-     * <p>Information about the observed process.</p>
+     * <p>The IAM access key details (user information) of a user that engaged in the activity that
+     *       prompted GuardDuty to generate a finding.</p>
      * @public
      */
-    Process?: ProcessDetails | undefined;
+    AccessKeyDetails?: AccessKeyDetails | undefined;
     /**
-     * <p>Additional information about the suspicious activity.</p>
+     * <p>Contains information on the S3 bucket.</p>
      * @public
      */
-    Context?: RuntimeContext | undefined;
-}
-/**
- * <p>Contains additional information about the generated finding.</p>
- * @public
- */
-export interface Service {
+    S3BucketDetails?: S3BucketDetail[] | undefined;
     /**
-     * <p>Information about the activity that is described in a finding.</p>
+     * <p>The information about the EC2 instance associated with the activity that prompted
+     *       GuardDuty to generate a finding.</p>
      * @public
      */
-    Action?: Action | undefined;
+    InstanceDetails?: InstanceDetails | undefined;
     /**
-     * <p>An evidence object associated with the service.</p>
+     * <p>Details about the EKS cluster involved in a Kubernetes finding.</p>
      * @public
      */
-    Evidence?: Evidence | undefined;
+    EksClusterDetails?: EksClusterDetails | undefined;
     /**
-     * <p>Indicates whether this finding is archived.</p>
+     * <p>Details about the Kubernetes user and workload involved in a Kubernetes finding.</p>
      * @public
      */
-    Archived?: boolean | undefined;
+    KubernetesDetails?: KubernetesDetails | undefined;
     /**
-     * <p>The total count of the occurrences of this finding type.</p>
+     * <p>The type of Amazon Web Services resource.</p>
      * @public
      */
-    Count?: number | undefined;
+    ResourceType?: string | undefined;
     /**
-     * <p>The detector ID for the GuardDuty service.</p>
+     * <p>Contains list of scanned and skipped EBS volumes with details.</p>
      * @public
      */
-    DetectorId?: string | undefined;
+    EbsVolumeDetails?: EbsVolumeDetails | undefined;
     /**
-     * <p>The first-seen timestamp of the activity that prompted GuardDuty to generate this
-     *       finding.</p>
+     * <p>Contains information about the details of the ECS Cluster.</p>
      * @public
      */
-    EventFirstSeen?: string | undefined;
+    EcsClusterDetails?: EcsClusterDetails | undefined;
     /**
-     * <p>The last-seen timestamp of the activity that prompted GuardDuty to generate this
-     *       finding.</p>
+     * <p>Details of a container.</p>
      * @public
      */
-    EventLastSeen?: string | undefined;
+    ContainerDetails?: Container | undefined;
     /**
-     * <p>The resource role information for this finding.</p>
+     * <p>Contains information about the database instance to which an anomalous login attempt was
+     *       made.</p>
      * @public
      */
-    ResourceRole?: string | undefined;
+    RdsDbInstanceDetails?: RdsDbInstanceDetails | undefined;
     /**
-     * <p>The name of the Amazon Web Services service (GuardDuty) that generated a finding.</p>
+     * <p>Contains information about the RDS Limitless database that was involved in a GuardDuty finding.</p>
      * @public
      */
-    ServiceName?: string | undefined;
+    RdsLimitlessDbDetails?: RdsLimitlessDbDetails | undefined;
+    /**
+     * <p>Contains information about the user details through which anomalous login attempt was
+     *       made.</p>
+     * @public
+     */
+    RdsDbUserDetails?: RdsDbUserDetails | undefined;
+    /**
+     * <p>Contains information about the Lambda function that was involved in a finding.</p>
+     * @public
+     */
+    LambdaDetails?: LambdaDetails | undefined;
+}
+/**
+ * <p>Additional information about the generated finding.</p>
+ * @public
+ */
+export interface ServiceAdditionalInfo {
     /**
-     * <p>Feedback that was submitted about the finding.</p>
+     * <p>This field specifies the value of the additional information.</p>
      * @public
      */
-    UserFeedback?: string | undefined;
+    Value?: string | undefined;
     /**
-     * <p>Contains additional information about the generated finding.</p>
+     * <p>Describes the type of the additional information.</p>
      * @public
      */
-    AdditionalInfo?: ServiceAdditionalInfo | undefined;
+    Type?: string | undefined;
+}
+/**
+ * <p>Information about the nested item path and hash of the protected
+ *       resource.</p>
+ * @public
+ */
+export interface ItemPath {
     /**
-     * <p>The name of the feature that generated a finding.</p>
+     * <p>The nested item path where the infected file was found.</p>
      * @public
      */
-    FeatureName?: string | undefined;
+    NestedItemPath?: string | undefined;
     /**
-     * <p>Returns details from the malware scan that created a finding.</p>
+     * <p>The hash value of the infected resource.</p>
      * @public
      */
-    EbsVolumeScanDetails?: EbsVolumeScanDetails | undefined;
+    Hash?: string | undefined;
+}
+/**
+ * <p>Information about the detected threats associated with the
+ *       generated finding.</p>
+ * @public
+ */
+export interface Threat {
     /**
-     * <p>Information about the process and any required context values for a specific
-     *       finding</p>
+     * <p>Name of the detected threat that caused GuardDuty to generate this finding.</p>
      * @public
      */
-    RuntimeDetails?: RuntimeDetails | undefined;
+    Name?: string | undefined;
     /**
-     * <p>Contains information about the detected unusual behavior.</p>
+     * <p>Source of the threat that generated this finding.</p>
      * @public
      */
-    Detection?: Detection | undefined;
+    Source?: string | undefined;
     /**
-     * <p>Returns details from the malware scan that generated a GuardDuty finding.</p>
+     * <p>Information about the nested item path and
+     *       hash of the protected resource.</p>
      * @public
      */
-    MalwareScanDetails?: MalwareScanDetails | undefined;
+    ItemPaths?: ItemPath[] | undefined;
 }
 /**
- * <p>Contains information about the finding that is generated when abnormal or suspicious
- *       activity is detected.</p>
+ * <p>Information about the malware scan that generated a GuardDuty finding.</p>
  * @public
  */
-export interface Finding {
+export interface MalwareScanDetails {
     /**
-     * <p>The ID of the account in which the finding was generated.</p>
+     * <p>Information about the detected threats associated with the
+     *       generated GuardDuty finding.</p>
      * @public
      */
-    AccountId: string | undefined;
+    Threats?: Threat[] | undefined;
+}
+/**
+ * <p>Information about the runtime process details.</p>
+ * @public
+ */
+export interface LineageObject {
     /**
-     * <p>The ARN of the finding.</p>
+     * <p>The time when the process started. This is in UTC format.</p>
      * @public
      */
-    Arn: string | undefined;
+    StartTime?: Date | undefined;
     /**
-     * <p>The confidence score for the finding.</p>
+     * <p>The process ID of the child process.</p>
      * @public
      */
-    Confidence?: number | undefined;
+    NamespacePid?: number | undefined;
     /**
-     * <p>The time and date when the finding was created.</p>
+     * <p>The user ID of the user that executed the process.</p>
      * @public
      */
-    CreatedAt: string | undefined;
+    UserId?: number | undefined;
     /**
-     * <p>The description of the finding.</p>
+     * <p>The name of the process.</p>
      * @public
      */
-    Description?: string | undefined;
+    Name?: string | undefined;
     /**
-     * <p>The ID of the finding.</p>
+     * <p>The ID of the process.</p>
      * @public
      */
-    Id: string | undefined;
+    Pid?: number | undefined;
     /**
-     * <p>The partition associated with the finding.</p>
+     * <p>The unique ID assigned to the process by GuardDuty.</p>
      * @public
      */
-    Partition?: string | undefined;
+    Uuid?: string | undefined;
     /**
-     * <p>The Region where the finding was generated.</p>
+     * <p>The absolute path of the process executable file.</p>
      * @public
      */
-    Region: string | undefined;
+    ExecutablePath?: string | undefined;
     /**
-     * <p>Contains information about the Amazon Web Services resource associated with the activity that prompted
-     *       GuardDuty to generate a finding.</p>
+     * <p>The effective user ID that was used to execute the process.</p>
      * @public
      */
-    Resource: Resource | undefined;
+    Euid?: number | undefined;
     /**
-     * <p>The version of the schema used for the finding.</p>
+     * <p>The unique ID of the parent process. This ID is assigned to the parent process by
+     *       GuardDuty.</p>
      * @public
      */
-    SchemaVersion: string | undefined;
+    ParentUuid?: string | undefined;
+}
+/**
+ * <p>Information about the observed process.</p>
+ * @public
+ */
+export interface ProcessDetails {
     /**
-     * <p>Contains additional information about the generated finding.</p>
+     * <p>The name of the process.</p>
      * @public
      */
-    Service?: Service | undefined;
+    Name?: string | undefined;
     /**
-     * <p>The severity of the finding.</p>
+     * <p>The absolute path of the process executable file.</p>
      * @public
      */
-    Severity: number | undefined;
+    ExecutablePath?: string | undefined;
     /**
-     * <p>The title of the finding.</p>
+     * <p>The <code>SHA256</code> hash of the process executable.</p>
      * @public
      */
-    Title?: string | undefined;
+    ExecutableSha256?: string | undefined;
     /**
-     * <p>The type of finding.</p>
+     * <p>The ID of the child process.</p>
      * @public
      */
-    Type: string | undefined;
+    NamespacePid?: number | undefined;
     /**
-     * <p>The time and date when the finding was last updated.</p>
+     * <p>The present working directory of the process.</p>
      * @public
      */
-    UpdatedAt: string | undefined;
-}
-/**
- * <p>Information about each finding type associated with the
- *       <code>groupedByFindingType</code> statistics.</p>
- * @public
- */
-export interface FindingTypeStatistics {
+    Pwd?: string | undefined;
     /**
-     * <p>Name of the finding type.</p>
+     * <p>The ID of the process.</p>
      * @public
      */
-    FindingType?: string | undefined;
+    Pid?: number | undefined;
     /**
-     * <p>The timestamp at which this finding type was last generated in your environment.</p>
+     * <p>The time when the process started. This is in UTC format.</p>
      * @public
      */
-    LastGeneratedAt?: Date | undefined;
+    StartTime?: Date | undefined;
     /**
-     * <p>The total number of findings associated with generated for each distinct finding type.</p>
+     * <p>The unique ID assigned to the process by GuardDuty.</p>
      * @public
      */
-    TotalFindings?: number | undefined;
-}
-/**
- * <p>Information about each resource type associated with the
- *       <code>groupedByResource</code> statistics.</p>
- * @public
- */
-export interface ResourceStatistics {
+    Uuid?: string | undefined;
     /**
-     * <p>The ID of the Amazon Web Services account.</p>
+     * <p>The unique ID of the parent process. This ID is assigned to the parent process by
+     *       GuardDuty.</p>
      * @public
      */
-    AccountId?: string | undefined;
+    ParentUuid?: string | undefined;
     /**
-     * <p>The timestamp at which the statistics for this resource was last generated.</p>
+     * <p>The user that executed the process.</p>
      * @public
      */
-    LastGeneratedAt?: Date | undefined;
+    User?: string | undefined;
     /**
-     * <p>ID associated with each resource. The following list provides the mapping of the resource type
-     *     and resource ID.</p>
-     *          <p class="title">
-     *             <b>Mapping of resource and resource ID</b>
-     *          </p>
-     *          <ul>
-     *             <li>
-     *                <p>AccessKey - <code>resource.accessKeyDetails.accessKeyId</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>Container - <code>resource.containerDetails.id</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>ECSCluster - <code>resource.ecsClusterDetails.name</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>EKSCluster - <code>resource.eksClusterDetails.name</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>Instance - <code>resource.instanceDetails.instanceId</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>KubernetesCluster - <code>resource.kubernetesDetails.kubernetesWorkloadDetails.name</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>Lambda - <code>resource.lambdaDetails.functionName</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>RDSDBInstance - <code>resource.rdsDbInstanceDetails.dbInstanceIdentifier</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>S3Bucket - <code>resource.s3BucketDetails.name</code>
-     *                </p>
-     *             </li>
-     *             <li>
-     *                <p>S3Object - <code>resource.s3BucketDetails.name</code>
-     *                </p>
-     *             </li>
-     *          </ul>
+     * <p>The unique ID of the user that executed the process.</p>
      * @public
      */
-    ResourceId?: string | undefined;
+    UserId?: number | undefined;
     /**
-     * <p>The type of resource.</p>
+     * <p>The effective user ID of the user that executed the process.</p>
      * @public
      */
-    ResourceType?: string | undefined;
+    Euid?: number | undefined;
     /**
-     * <p>The total number of findings associated with this resource.</p>
+     * <p>Information about the process's lineage.</p>
      * @public
      */
-    TotalFindings?: number | undefined;
+    Lineage?: LineageObject[] | undefined;
 }
 /**
- * <p>Information about severity level for each finding type.</p>
+ * <p>Additional information about the suspicious activity.</p>
  * @public
  */
-export interface SeverityStatistics {
+export interface RuntimeContext {
     /**
-     * <p>The timestamp at which a finding type for a specific severity was last generated.</p>
+     * <p>Information about the process that modified the current process. This is available for
+     *       multiple finding types.</p>
      * @public
      */
-    LastGeneratedAt?: Date | undefined;
+    ModifyingProcess?: ProcessDetails | undefined;
     /**
-     * <p>The severity level associated with each finding type.</p>
+     * <p>The timestamp at which the process modified the current process. The timestamp is in UTC date string
+     *       format.</p>
      * @public
      */
-    Severity?: number | undefined;
+    ModifiedAt?: Date | undefined;
     /**
-     * <p>The total number of findings associated with this severity.</p>
+     * <p>The path to the script that was executed.</p>
      * @public
      */
-    TotalFindings?: number | undefined;
-}
-/**
- * <p>Contains information about finding statistics.</p>
- * @public
- */
-export interface FindingStatistics {
+    ScriptPath?: string | undefined;
     /**
-     * @deprecated
-     *
-     * <p>Represents a list of map of severity to count statistics for a set of findings.</p>
+     * <p>The path to the new library that was loaded.</p>
+     * @public
+     */
+    LibraryPath?: string | undefined;
+    /**
+     * <p>The value of the LD_PRELOAD environment variable.</p>
      * @public
      */
-    CountBySeverity?: Record<string, number> | undefined;
+    LdPreloadValue?: string | undefined;
     /**
-     * <p>Represents a list of map of accounts with a findings count associated with each account.</p>
+     * <p>The path to the docket socket that was accessed.</p>
      * @public
      */
-    GroupedByAccount?: AccountStatistics[] | undefined;
+    SocketPath?: string | undefined;
     /**
-     * <p>Represents a list of map of dates with a count of total findings generated on each date per severity level.</p>
+     * <p>The path to the leveraged <code>runc</code> implementation.</p>
      * @public
      */
-    GroupedByDate?: DateStatistics[] | undefined;
+    RuncBinaryPath?: string | undefined;
     /**
-     * <p>Represents a list of map of finding types with a count of total findings generated for each type. </p>
-     *          <p>Based on the <code>orderBy</code>
-     *     parameter, this request returns either the most occurring finding types or the least occurring finding types. If the
-     *     <code>orderBy</code> parameter is <code>ASC</code>, this will represent the least occurring finding types in
-     *     your account; otherwise, this will represent the most occurring finding types. The default
-     *     value of <code>orderBy</code> is <code>DESC</code>.</p>
+     * <p>The path in the container that modified the release agent file.</p>
      * @public
      */
-    GroupedByFindingType?: FindingTypeStatistics[] | undefined;
+    ReleaseAgentPath?: string | undefined;
     /**
-     * <p>Represents a list of map of top resources with a count of total findings.</p>
+     * <p>The path on the host that is mounted by the container.</p>
      * @public
      */
-    GroupedByResource?: ResourceStatistics[] | undefined;
+    MountSource?: string | undefined;
     /**
-     * <p>Represents a list of map of total findings for each severity level.</p>
+     * <p>The path in the container that is mapped to the host directory.</p>
      * @public
      */
-    GroupedBySeverity?: SeverityStatistics[] | undefined;
-}
-/**
- * @public
- * @enum
- */
-export declare const FindingStatisticType: {
-    readonly COUNT_BY_SEVERITY: "COUNT_BY_SEVERITY";
-};
-/**
- * @public
- */
-export type FindingStatisticType = (typeof FindingStatisticType)[keyof typeof FindingStatisticType];
-/**
- * @public
- */
-export interface GetAdministratorAccountRequest {
+    MountTarget?: string | undefined;
     /**
-     * <p>The unique ID of the detector of the GuardDuty member account.</p>
+     * <p>Represents the type of mounted fileSystem.</p>
      * @public
      */
-    DetectorId: string | undefined;
-}
-/**
- * @public
- */
-export interface GetAdministratorAccountResponse {
+    FileSystemType?: string | undefined;
     /**
-     * <p>The administrator account details.</p>
+     * <p>Represents options that control the behavior of a runtime operation or action. For
+     *       example, a filesystem mount operation may contain a read-only flag.</p>
      * @public
      */
-    Administrator: Administrator | undefined;
-}
-/**
- * @public
- */
-export interface GetCoverageStatisticsRequest {
+    Flags?: string[] | undefined;
     /**
-     * <p>The unique ID of the GuardDuty detector.</p>
-     *          <p>To find the <code>detectorId</code> in the current Region, see the
-     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
+     * <p>The name of the module loaded into the kernel.</p>
      * @public
      */
-    DetectorId: string | undefined;
+    ModuleName?: string | undefined;
     /**
-     * <p>Represents the criteria used to filter the coverage statistics.</p>
+     * <p>The path to the module loaded into the kernel.</p>
      * @public
      */
-    FilterCriteria?: CoverageFilterCriteria | undefined;
+    ModuleFilePath?: string | undefined;
     /**
-     * <p>Represents the statistics type used to aggregate the coverage details.</p>
+     * <p>The <code>SHA256</code> hash of the module.</p>
      * @public
      */
-    StatisticsType: CoverageStatisticsType[] | undefined;
-}
-/**
- * @public
- */
-export interface GetCoverageStatisticsResponse {
+    ModuleSha256?: string | undefined;
     /**
-     * <p>Represents the count aggregated by the <code>statusCode</code> and
-     *         <code>resourceType</code>.</p>
+     * <p>The path to the modified shell history file.</p>
      * @public
      */
-    CoverageStatistics?: CoverageStatistics | undefined;
-}
-/**
- * @public
- */
-export interface GetDetectorRequest {
+    ShellHistoryFilePath?: string | undefined;
     /**
-     * <p>The unique ID of the detector that you want to get.</p>
-     *          <p>To find the <code>detectorId</code> in the current Region, see the
-     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
+     * <p>Information about the process that had its memory overwritten by the current process.</p>
      * @public
      */
-    DetectorId: string | undefined;
-}
-/**
- * @public
- */
-export interface GetDetectorResponse {
+    TargetProcess?: ProcessDetails | undefined;
     /**
-     * <p>The timestamp of when the detector was created.</p>
+     * <p>Represents the communication protocol associated with the address. For example, the address
+     *       family <code>AF_INET</code> is used for IP version of 4 protocol.</p>
      * @public
      */
-    CreatedAt?: string | undefined;
+    AddressFamily?: string | undefined;
     /**
-     * <p>The publishing frequency of the finding.</p>
+     * <p>Specifies a particular protocol within the address family. Usually there is a single
+     *       protocol in address families. For example, the address family <code>AF_INET</code> only has
+     *       the IP protocol.</p>
      * @public
      */
-    FindingPublishingFrequency?: FindingPublishingFrequency | undefined;
+    IanaProtocolNumber?: number | undefined;
     /**
-     * <p>The GuardDuty service role.</p>
+     * <p>Specifies the Region of a process's address space such as stack and heap.</p>
      * @public
      */
-    ServiceRole: string | undefined;
+    MemoryRegions?: string[] | undefined;
     /**
-     * <p>The detector status.</p>
+     * <p>Name of the potentially suspicious tool.</p>
      * @public
      */
-    Status: DetectorStatus | undefined;
+    ToolName?: string | undefined;
     /**
-     * <p>The last-updated timestamp for the detector.</p>
+     * <p>Category that the tool belongs to. Some of the examples
+     *     are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.</p>
      * @public
      */
-    UpdatedAt?: string | undefined;
+    ToolCategory?: string | undefined;
     /**
-     * @deprecated
-     *
-     * <p>Describes which data sources are enabled for the detector.</p>
+     * <p>Name of the security service that has been potentially disabled.</p>
      * @public
      */
-    DataSources?: DataSourceConfigurationsResult | undefined;
+    ServiceName?: string | undefined;
     /**
-     * <p>The tags of the detector resource.</p>
+     * <p>Example of the command line involved in the suspicious activity.</p>
      * @public
      */
-    Tags?: Record<string, string> | undefined;
+    CommandLineExample?: string | undefined;
     /**
-     * <p>Describes the features that have been enabled for the detector.</p>
+     * <p>The suspicious file path for which the threat intelligence details were found.</p>
      * @public
      */
-    Features?: DetectorFeatureConfigurationResult[] | undefined;
+    ThreatFilePath?: string | undefined;
 }
 /**
+ * <p>Information about the process and any required context values for a specific
+ *       finding.</p>
  * @public
  */
-export interface GetFilterRequest {
+export interface RuntimeDetails {
     /**
-     * <p>The unique ID of the detector that is associated with this filter.</p>
-     *          <p>To find the <code>detectorId</code> in the current Region, see the
-     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
+     * <p>Information about the observed process.</p>
      * @public
      */
-    DetectorId: string | undefined;
+    Process?: ProcessDetails | undefined;
     /**
-     * <p>The name of the filter you want to get.</p>
+     * <p>Additional information about the suspicious activity.</p>
      * @public
      */
-    FilterName: string | undefined;
+    Context?: RuntimeContext | undefined;
 }
 /**
+ * <p>Contains additional information about the generated finding.</p>
  * @public
  */
-export interface GetFilterResponse {
+export interface Service {
     /**
-     * <p>The name of the filter.</p>
+     * <p>Information about the activity that is described in a finding.</p>
      * @public
      */
-    Name: string | undefined;
+    Action?: Action | undefined;
     /**
-     * <p>The description of the filter.</p>
+     * <p>An evidence object associated with the service.</p>
      * @public
      */
-    Description?: string | undefined;
+    Evidence?: Evidence | undefined;
     /**
-     * <p>Specifies the action that is to be applied to the findings that match the filter.</p>
+     * <p>Indicates whether this finding is archived.</p>
      * @public
      */
-    Action: FilterAction | undefined;
+    Archived?: boolean | undefined;
     /**
-     * <p>Specifies the position of the filter in the list of current filters. Also specifies the
-     *       order in which this filter is applied to the findings.</p>
+     * <p>The total count of the occurrences of this finding type.</p>
      * @public
      */
-    Rank?: number | undefined;
+    Count?: number | undefined;
     /**
-     * <p>Represents the criteria to be used in the filter for querying findings.</p>
+     * <p>The detector ID for the GuardDuty service.</p>
      * @public
      */
-    FindingCriteria: FindingCriteria | undefined;
+    DetectorId?: string | undefined;
     /**
-     * <p>The tags of the filter resource.</p>
+     * <p>The first-seen timestamp of the activity that prompted GuardDuty to generate this
+     *       finding.</p>
      * @public
      */
-    Tags?: Record<string, string> | undefined;
-}
-/**
- * @public
- */
-export interface GetFindingsRequest {
+    EventFirstSeen?: string | undefined;
     /**
-     * <p>The ID of the detector that specifies the GuardDuty service whose findings you want to
-     *       retrieve.</p>
-     *          <p>To find the <code>detectorId</code> in the current Region, see the
-     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
+     * <p>The last-seen timestamp of the activity that prompted GuardDuty to generate this
+     *       finding.</p>
      * @public
      */
-    DetectorId: string | undefined;
+    EventLastSeen?: string | undefined;
     /**
-     * <p>The IDs of the findings that you want to retrieve.</p>
+     * <p>The resource role information for this finding.</p>
      * @public
      */
-    FindingIds: string[] | undefined;
+    ResourceRole?: string | undefined;
     /**
-     * <p>Represents the criteria used for sorting findings.</p>
+     * <p>The name of the Amazon Web Services service (GuardDuty) that generated a finding.</p>
      * @public
      */
-    SortCriteria?: SortCriteria | undefined;
-}
-/**
- * @public
- */
-export interface GetFindingsResponse {
+    ServiceName?: string | undefined;
     /**
-     * <p>A list of findings.</p>
+     * <p>Feedback that was submitted about the finding.</p>
      * @public
      */
-    Findings: Finding[] | undefined;
-}
-/**
- * @public
- * @enum
- */
-export declare const GroupByType: {
-    readonly ACCOUNT: "ACCOUNT";
-    readonly DATE: "DATE";
-    readonly FINDING_TYPE: "FINDING_TYPE";
-    readonly RESOURCE: "RESOURCE";
-    readonly SEVERITY: "SEVERITY";
-};
-/**
- * @public
- */
-export type GroupByType = (typeof GroupByType)[keyof typeof GroupByType];
+    UserFeedback?: string | undefined;
+    /**
+     * <p>Contains additional information about the generated finding.</p>
+     * @public
+     */
+    AdditionalInfo?: ServiceAdditionalInfo | undefined;
+    /**
+     * <p>The name of the feature that generated a finding.</p>
+     * @public
+     */
+    FeatureName?: string | undefined;
+    /**
+     * <p>Returns details from the malware scan that created a finding.</p>
+     * @public
+     */
+    EbsVolumeScanDetails?: EbsVolumeScanDetails | undefined;
+    /**
+     * <p>Information about the process and any required context values for a specific
+     *       finding</p>
+     * @public
+     */
+    RuntimeDetails?: RuntimeDetails | undefined;
+    /**
+     * <p>Contains information about the detected unusual behavior.</p>
+     * @public
+     */
+    Detection?: Detection | undefined;
+    /**
+     * <p>Returns details from the malware scan that generated a GuardDuty finding.</p>
+     * @public
+     */
+    MalwareScanDetails?: MalwareScanDetails | undefined;
+}
 /**
+ * <p>Contains information about the finding that is generated when abnormal or suspicious
+ *       activity is detected.</p>
  * @public
  */
-export interface GetFindingsStatisticsRequest {
+export interface Finding {
     /**
-     * <p>The ID of the detector whose findings statistics you
-     *       want to retrieve.</p>
-     *          <p>To find the <code>detectorId</code> in the current Region, see the
-     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
+     * <p>The ID of the account in which the finding was generated.</p>
      * @public
      */
-    DetectorId: string | undefined;
+    AccountId: string | undefined;
     /**
-     * @deprecated
-     *
-     * <p>The types of finding statistics to retrieve.</p>
+     * <p>The ARN of the finding.</p>
      * @public
      */
-    FindingStatisticTypes?: FindingStatisticType[] | undefined;
+    Arn: string | undefined;
     /**
-     * <p>Represents the criteria that is used for querying findings.</p>
+     * <p>The confidence score for the finding.</p>
      * @public
      */
-    FindingCriteria?: FindingCriteria | undefined;
+    Confidence?: number | undefined;
     /**
-     * <p>Displays the findings statistics grouped by one of the listed valid values.</p>
+     * <p>The time and date when the finding was created.</p>
      * @public
      */
-    GroupBy?: GroupByType | undefined;
+    CreatedAt: string | undefined;
     /**
-     * <p>Displays the sorted findings in the requested order. The default
-     *       value of <code>orderBy</code> is <code>DESC</code>.</p>
-     *          <p>You can use this parameter only with the <code>groupBy</code> parameter.</p>
+     * <p>The description of the finding.</p>
      * @public
      */
-    OrderBy?: OrderBy | undefined;
+    Description?: string | undefined;
     /**
-     * <p>The maximum number of results to be returned in the response. The default value is 25.</p>
-     *          <p>You can use this parameter only with the <code>groupBy</code> parameter.</p>
+     * <p>The ID of the finding.</p>
      * @public
      */
-    MaxResults?: number | undefined;
-}
-/**
- * @public
- */
-export interface GetFindingsStatisticsResponse {
+    Id: string | undefined;
     /**
-     * <p>The finding statistics object.</p>
+     * <p>The partition associated with the finding.</p>
      * @public
      */
-    FindingStatistics: FindingStatistics | undefined;
+    Partition?: string | undefined;
     /**
-     * <p>The pagination parameter to be used on the next list operation to retrieve more items.</p>
-     *          <p>This parameter is currently not supported.</p>
+     * <p>The Region where the finding was generated.</p>
      * @public
      */
-    NextToken?: string | undefined;
-}
-/**
- * @public
- */
-export interface GetInvitationsCountRequest {
-}
-/**
- * @public
- */
-export interface GetInvitationsCountResponse {
+    Region: string | undefined;
     /**
-     * <p>The number of received invitations.</p>
+     * <p>Contains information about the Amazon Web Services resource associated with the activity that prompted
+     *       GuardDuty to generate a finding.</p>
      * @public
      */
-    InvitationsCount?: number | undefined;
-}
-/**
- * @public
- */
-export interface GetIPSetRequest {
+    Resource: Resource | undefined;
     /**
-     * <p>The unique ID of the detector that is associated with the IPSet.</p>
-     *          <p>To find the <code>detectorId</code> in the current Region, see the
-     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
+     * <p>The version of the schema used for the finding.</p>
      * @public
      */
-    DetectorId: string | undefined;
+    SchemaVersion: string | undefined;
     /**
-     * <p>The unique ID of the IPSet to retrieve.</p>
+     * <p>Contains additional information about the generated finding.</p>
      * @public
      */
-    IpSetId: string | undefined;
-}
-/**
- * @public
- * @enum
- */
-export declare const IpSetStatus: {
-    readonly ACTIVATING: "ACTIVATING";
-    readonly ACTIVE: "ACTIVE";
-    readonly DEACTIVATING: "DEACTIVATING";
-    readonly DELETED: "DELETED";
-    readonly DELETE_PENDING: "DELETE_PENDING";
-    readonly ERROR: "ERROR";
-    readonly INACTIVE: "INACTIVE";
-};
-/**
- * @public
- */
-export type IpSetStatus = (typeof IpSetStatus)[keyof typeof IpSetStatus];
-/**
- * @public
- */
-export interface GetIPSetResponse {
+    Service?: Service | undefined;
     /**
-     * <p>The user-friendly name for the IPSet.</p>
+     * <p>The severity of the finding.</p>
      * @public
      */
-    Name: string | undefined;
+    Severity: number | undefined;
     /**
-     * <p>The format of the file that contains the IPSet.</p>
+     * <p>The title of the finding.</p>
      * @public
      */
-    Format: IpSetFormat | undefined;
+    Title?: string | undefined;
     /**
-     * <p>The URI of the file that contains the IPSet.</p>
+     * <p>The type of finding.</p>
      * @public
      */
-    Location: string | undefined;
+    Type: string | undefined;
     /**
-     * <p>The status of IPSet file that was uploaded.</p>
+     * <p>The time and date when the finding was last updated.</p>
      * @public
      */
-    Status: IpSetStatus | undefined;
+    UpdatedAt: string | undefined;
     /**
-     * <p>The tags of the IPSet resource.</p>
+     * <p>Amazon Resource Name (ARN) associated with the attack sequence finding.</p>
      * @public
      */
-    Tags?: Record<string, string> | undefined;
+    AssociatedAttackSequenceArn?: string | undefined;
 }
 /**
+ * <p>Information about each finding type associated with the
+ *       <code>groupedByFindingType</code> statistics.</p>
  * @public
  */
-export interface GetMalwareProtectionPlanRequest {
+export interface FindingTypeStatistics {
     /**
-     * <p>A unique identifier associated with Malware Protection plan resource.</p>
+     * <p>Name of the finding type.</p>
      * @public
      */
-    MalwareProtectionPlanId: string | undefined;
-}
-/**
- * @public
- * @enum
- */
-export declare const MalwareProtectionPlanStatus: {
-    readonly ACTIVE: "ACTIVE";
-    readonly ERROR: "ERROR";
-    readonly WARNING: "WARNING";
-};
-/**
- * @public
- */
-export type MalwareProtectionPlanStatus = (typeof MalwareProtectionPlanStatus)[keyof typeof MalwareProtectionPlanStatus];
-/**
- * <p>Information about the issue code and message associated to the status of
- *       your Malware Protection plan.</p>
- * @public
- */
-export interface MalwareProtectionPlanStatusReason {
+    FindingType?: string | undefined;
     /**
-     * <p>Issue code.</p>
+     * <p>The timestamp at which this finding type was last generated in your environment.</p>
      * @public
      */
-    Code?: string | undefined;
+    LastGeneratedAt?: Date | undefined;
     /**
-     * <p>Issue message that specifies the reason. For information
-     *       about potential troubleshooting steps, see
-     *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/troubleshoot-s3-malware-protection-status-errors.html">Troubleshooting Malware Protection for S3 status issues</a> in the
-     *       <i>GuardDuty User Guide</i>.</p>
+     * <p>The total number of findings associated with generated for each distinct finding type.</p>
      * @public
      */
-    Message?: string | undefined;
+    TotalFindings?: number | undefined;
 }
 /**
+ * <p>Information about each resource type associated with the
+ *       <code>groupedByResource</code> statistics.</p>
  * @public
  */
-export interface GetMalwareProtectionPlanResponse {
+export interface ResourceStatistics {
     /**
-     * <p>Amazon Resource Name (ARN) of the protected resource.</p>
+     * <p>The ID of the Amazon Web Services account.</p>
      * @public
      */
-    Arn?: string | undefined;
+    AccountId?: string | undefined;
     /**
-     * <p>Amazon Resource Name (ARN) of the IAM role that includes the permissions to scan and
-     *       add tags to the associated protected resource.</p>
+     * <p>The timestamp at which the statistics for this resource was last generated.</p>
      * @public
      */
-    Role?: string | undefined;
+    LastGeneratedAt?: Date | undefined;
     /**
-     * <p>Information about the protected resource that is associated with the created
-     *       Malware Protection plan. Presently, <code>S3Bucket</code> is the only supported
-     *       protected resource.</p>
+     * <p>ID associated with each resource. The following list provides the mapping of the resource type
+     *     and resource ID.</p>
+     *          <p class="title">
+     *             <b>Mapping of resource and resource ID</b>
+     *          </p>
+     *          <ul>
+     *             <li>
+     *                <p>AccessKey - <code>resource.accessKeyDetails.accessKeyId</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>Container - <code>resource.containerDetails.id</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>ECSCluster - <code>resource.ecsClusterDetails.name</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>EKSCluster - <code>resource.eksClusterDetails.name</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>Instance - <code>resource.instanceDetails.instanceId</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>KubernetesCluster - <code>resource.kubernetesDetails.kubernetesWorkloadDetails.name</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>Lambda - <code>resource.lambdaDetails.functionName</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>RDSDBInstance - <code>resource.rdsDbInstanceDetails.dbInstanceIdentifier</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>S3Bucket - <code>resource.s3BucketDetails.name</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>S3Object - <code>resource.s3BucketDetails.name</code>
+     *                </p>
+     *             </li>
+     *          </ul>
      * @public
      */
-    ProtectedResource?: CreateProtectedResource | undefined;
+    ResourceId?: string | undefined;
     /**
-     * <p>Information about whether the tags will be added to the S3 object after scanning.</p>
+     * <p>The type of resource.</p>
      * @public
      */
-    Actions?: MalwareProtectionPlanActions | undefined;
+    ResourceType?: string | undefined;
     /**
-     * <p>The timestamp when the Malware Protection plan resource was created.</p>
+     * <p>The total number of findings associated with this resource.</p>
      * @public
      */
-    CreatedAt?: Date | undefined;
+    TotalFindings?: number | undefined;
+}
+/**
+ * <p>Information about severity level for each finding type.</p>
+ * @public
+ */
+export interface SeverityStatistics {
     /**
-     * <p>Malware Protection plan status.</p>
+     * <p>The timestamp at which a finding type for a specific severity was last generated.</p>
      * @public
      */
-    Status?: MalwareProtectionPlanStatus | undefined;
+    LastGeneratedAt?: Date | undefined;
     /**
-     * <p>Information about the issue code and message associated to the status of
-     *     your Malware Protection plan.</p>
+     * <p>The severity level associated with each finding type.</p>
      * @public
      */
-    StatusReasons?: MalwareProtectionPlanStatusReason[] | undefined;
+    Severity?: number | undefined;
     /**
-     * <p>Tags added to the Malware Protection plan resource.</p>
+     * <p>The total number of findings associated with this severity.</p>
      * @public
      */
-    Tags?: Record<string, string> | undefined;
+    TotalFindings?: number | undefined;
 }
 /**
+ * <p>Contains information about finding statistics.</p>
  * @public
  */
-export interface GetMalwareScanSettingsRequest {
+export interface FindingStatistics {
     /**
-     * <p>The unique ID of the detector that is associated with this scan.</p>
-     *          <p>To find the <code>detectorId</code> in the current Region, see the
-     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
+     * @deprecated
+     *
+     * <p>Represents a list of map of severity to count statistics for a set of findings.</p>
      * @public
      */
-    DetectorId: string | undefined;
-}
-/**
- * @public
- * @enum
- */
-export declare const ScanCriterionKey: {
-    readonly EC2_INSTANCE_TAG: "EC2_INSTANCE_TAG";
-};
-/**
- * @public
- */
-export type ScanCriterionKey = (typeof ScanCriterionKey)[keyof typeof ScanCriterionKey];
-/**
- * <p>Represents the <code>key:value</code> pair to be matched against given resource property.</p>
- * @public
- */
-export interface ScanConditionPair {
+    CountBySeverity?: Record<string, number> | undefined;
     /**
-     * <p>Represents the <b>key</b> in the map condition.</p>
+     * <p>Represents a list of map of accounts with a findings count associated with each account.</p>
      * @public
      */
-    Key: string | undefined;
+    GroupedByAccount?: AccountStatistics[] | undefined;
     /**
-     * <p>Represents optional <b>value</b> in the map
-     *       condition. If not specified, only the <b>key</b> will be
-     *       matched.</p>
+     * <p>Represents a list of map of dates with a count of total findings generated on each date per severity level.</p>
      * @public
      */
-    Value?: string | undefined;
-}
-/**
- * <p>Contains information about the condition.</p>
- * @public
- */
-export interface ScanCondition {
+    GroupedByDate?: DateStatistics[] | undefined;
     /**
-     * <p>Represents an <i>mapEqual</i>
-     *             <b></b> condition to be applied
-     *       to a single field when triggering for malware scan.</p>
+     * <p>Represents a list of map of finding types with a count of total findings generated for each type. </p>
+     *          <p>Based on the <code>orderBy</code>
+     *     parameter, this request returns either the most occurring finding types or the least occurring finding types. If the
+     *     <code>orderBy</code> parameter is <code>ASC</code>, this will represent the least occurring finding types in
+     *     your account; otherwise, this will represent the most occurring finding types. The default
+     *     value of <code>orderBy</code> is <code>DESC</code>.</p>
      * @public
      */
-    MapEquals: ScanConditionPair[] | undefined;
-}
-/**
- * <p>Contains information about criteria used to filter resources before triggering malware
- *       scan.</p>
- * @public
- */
-export interface ScanResourceCriteria {
+    GroupedByFindingType?: FindingTypeStatistics[] | undefined;
     /**
-     * <p>Represents condition that when matched will allow a malware scan for a certain
-     *       resource.</p>
+     * <p>Represents a list of map of top resources with a count of total findings.</p>
      * @public
      */
-    Include?: Partial<Record<ScanCriterionKey, ScanCondition>> | undefined;
+    GroupedByResource?: ResourceStatistics[] | undefined;
     /**
-     * <p>Represents condition that when matched will prevent a malware scan for a certain
-     *       resource.</p>
+     * <p>Represents a list of map of total findings for each severity level.</p>
      * @public
      */
-    Exclude?: Partial<Record<ScanCriterionKey, ScanCondition>> | undefined;
+    GroupedBySeverity?: SeverityStatistics[] | undefined;
 }
 /**
  * @public
+ * @enum
  */
-export interface GetMalwareScanSettingsResponse {
-    /**
-     * <p>Represents the criteria to be used in the filter for scanning resources.</p>
-     * @public
-     */
-    ScanResourceCriteria?: ScanResourceCriteria | undefined;
-    /**
-     * <p>An enum value representing possible snapshot preservation settings.</p>
-     * @public
-     */
-    EbsSnapshotPreservation?: EbsSnapshotPreservation | undefined;
-}
+export declare const FindingStatisticType: {
+    readonly COUNT_BY_SEVERITY: "COUNT_BY_SEVERITY";
+};
+/**
+ * @public
+ */
+export type FindingStatisticType = (typeof FindingStatisticType)[keyof typeof FindingStatisticType];
 /**
  * @public
  */
-export interface GetMasterAccountRequest {
+export interface GetAdministratorAccountRequest {
     /**
      * <p>The unique ID of the detector of the GuardDuty member account.</p>
-     *          <p>To find the <code>detectorId</code> in the current Region, see the
-     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
      * @public
      */
     DetectorId: string | undefined;
 }
 /**
- * <p>Contains information about the administrator account and invitation.</p>
  * @public
  */
-export interface Master {
+export interface GetAdministratorAccountResponse {
     /**
-     * <p>The ID of the account used as the administrator account.</p>
+     * <p>The administrator account details.</p>
      * @public
      */
-    AccountId?: string | undefined;
+    Administrator: Administrator | undefined;
+}
+/**
+ * @public
+ */
+export interface GetCoverageStatisticsRequest {
     /**
-     * <p>The value used to validate the administrator account to the member account.</p>
+     * <p>The unique ID of the GuardDuty detector.</p>
+     *          <p>To find the <code>detectorId</code> in the current Region, see the
+     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
      * @public
      */
-    InvitationId?: string | undefined;
+    DetectorId: string | undefined;
     /**
-     * <p>The status of the relationship between the administrator and member accounts.</p>
+     * <p>Represents the criteria used to filter the coverage statistics.</p>
      * @public
      */
-    RelationshipStatus?: string | undefined;
+    FilterCriteria?: CoverageFilterCriteria | undefined;
     /**
-     * <p>The timestamp when the invitation was sent.</p>
+     * <p>Represents the statistics type used to aggregate the coverage details.</p>
      * @public
      */
-    InvitedAt?: string | undefined;
+    StatisticsType: CoverageStatisticsType[] | undefined;
 }
 /**
  * @public
  */
-export interface GetMasterAccountResponse {
+export interface GetCoverageStatisticsResponse {
     /**
-     * <p>The administrator account details.</p>
+     * <p>Represents the count aggregated by the <code>statusCode</code> and
+     *         <code>resourceType</code>.</p>
      * @public
      */
-    Master: Master | undefined;
+    CoverageStatistics?: CoverageStatistics | undefined;
 }
 /**
  * @public
  */
-export interface GetMemberDetectorsRequest {
+export interface GetDetectorRequest {
     /**
-     * <p>The detector ID for the administrator account.</p>
+     * <p>The unique ID of the detector that you want to get.</p>
      *          <p>To find the <code>detectorId</code> in the current Region, see the
      * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
      * @public
      */
     DetectorId: string | undefined;
-    /**
-     * <p>A list of member account IDs.</p>
-     * @public
-     */
-    AccountIds: string[] | undefined;
-}
-/**
- * <p>Information about the additional configuration for the member account.</p>
- * @public
- */
-export interface MemberAdditionalConfigurationResult {
-    /**
-     * <p>Indicates the name of the additional configuration that is set for the member
-     *       account.</p>
-     * @public
-     */
-    Name?: OrgFeatureAdditionalConfiguration | undefined;
-    /**
-     * <p>Indicates the status of the additional configuration that is set for the member
-     *       account.</p>
-     * @public
-     */
-    Status?: FeatureStatus | undefined;
-    /**
-     * <p>The timestamp at which the additional configuration was set for the member account. This
-     *       is in UTC format.</p>
-     * @public
-     */
-    UpdatedAt?: Date | undefined;
 }
 /**
- * <p>Contains information about the features for the member account.</p>
  * @public
  */
-export interface MemberFeaturesConfigurationResult {
+export interface GetDetectorResponse {
     /**
-     * <p>Indicates the name of the feature that is enabled for the detector.</p>
+     * <p>The timestamp of when the detector was created.</p>
      * @public
      */
-    Name?: OrgFeature | undefined;
+    CreatedAt?: string | undefined;
     /**
-     * <p>Indicates the status of the feature that is enabled for the detector.</p>
+     * <p>The publishing frequency of the finding.</p>
      * @public
      */
-    Status?: FeatureStatus | undefined;
+    FindingPublishingFrequency?: FindingPublishingFrequency | undefined;
     /**
-     * <p>The timestamp at which the feature object was updated.</p>
+     * <p>The GuardDuty service role.</p>
      * @public
      */
-    UpdatedAt?: Date | undefined;
+    ServiceRole: string | undefined;
     /**
-     * <p>Indicates the additional configuration of the feature that is configured for the member
-     *       account.</p>
+     * <p>The detector status.</p>
      * @public
      */
-    AdditionalConfiguration?: MemberAdditionalConfigurationResult[] | undefined;
-}
-/**
- * <p>Contains information on which data sources are enabled for a member account.</p>
- * @public
- */
-export interface MemberDataSourceConfiguration {
+    Status: DetectorStatus | undefined;
     /**
-     * <p>The account ID for the member account.</p>
+     * <p>The last-updated timestamp for the detector.</p>
      * @public
      */
-    AccountId: string | undefined;
+    UpdatedAt?: string | undefined;
     /**
      * @deprecated
      *
-     * <p>Contains information on the status of data sources for the account.</p>
+     * <p>Describes which data sources are enabled for the detector.</p>
      * @public
      */
     DataSources?: DataSourceConfigurationsResult | undefined;
     /**
-     * <p>Contains information about the status of the features for the member account.</p>
-     * @public
-     */
-    Features?: MemberFeaturesConfigurationResult[] | undefined;
-}
-/**
- * @public
- */
-export interface GetMemberDetectorsResponse {
-    /**
-     * <p>An object that describes which data sources are enabled for a member account.</p>
+     * <p>The tags of the detector resource.</p>
      * @public
      */
-    MemberDataSourceConfigurations: MemberDataSourceConfiguration[] | undefined;
+    Tags?: Record<string, string> | undefined;
     /**
-     * <p>A list of member account IDs that were unable to be processed along with an explanation
-     *       for why they were not processed.</p>
+     * <p>Describes the features that have been enabled for the detector.</p>
      * @public
      */
-    UnprocessedAccounts: UnprocessedAccount[] | undefined;
+    Features?: DetectorFeatureConfigurationResult[] | undefined;
 }
 /**
  * @public
  */
-export interface GetMembersRequest {
+export interface GetFilterRequest {
     /**
-     * <p>The unique ID of the detector of the GuardDuty account whose members you want to
-     *       retrieve.</p>
+     * <p>The unique ID of the detector that is associated with this filter.</p>
      *          <p>To find the <code>detectorId</code> in the current Region, see the
      * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
      * @public
      */
     DetectorId: string | undefined;
     /**
-     * <p>A list of account IDs of the GuardDuty member accounts that you want to describe.</p>
+     * <p>The name of the filter you want to get.</p>
      * @public
      */
-    AccountIds: string[] | undefined;
+    FilterName: string | undefined;
 }
 /**
- * <p>Contains information about the member account. </p>
  * @public
  */
-export interface Member {
-    /**
-     * <p>The ID of the member account.</p>
-     * @public
-     */
-    AccountId: string | undefined;
-    /**
-     * <p>The detector ID of the member account.</p>
-     * @public
-     */
-    DetectorId?: string | undefined;
+export interface GetFilterResponse {
     /**
-     * <p>The administrator account ID.</p>
+     * <p>The name of the filter.</p>
      * @public
      */
-    MasterId: string | undefined;
+    Name: string | undefined;
     /**
-     * <p>The email address of the member account.</p>
+     * <p>The description of the filter.</p>
      * @public
      */
-    Email: string | undefined;
+    Description?: string | undefined;
     /**
-     * <p>The status of the relationship between the member and the administrator.</p>
+     * <p>Specifies the action that is to be applied to the findings that match the filter.</p>
      * @public
      */
-    RelationshipStatus: string | undefined;
+    Action: FilterAction | undefined;
     /**
-     * <p>The timestamp when the invitation was sent.</p>
+     * <p>Specifies the position of the filter in the list of current filters. Also specifies the
+     *       order in which this filter is applied to the findings.</p>
      * @public
      */
-    InvitedAt?: string | undefined;
+    Rank?: number | undefined;
     /**
-     * <p>The last-updated timestamp of the member.</p>
+     * <p>Represents the criteria to be used in the filter for querying findings.</p>
      * @public
      */
-    UpdatedAt: string | undefined;
+    FindingCriteria: FindingCriteria | undefined;
     /**
-     * <p>The administrator account ID.</p>
+     * <p>The tags of the filter resource.</p>
      * @public
      */
-    AdministratorId?: string | undefined;
+    Tags?: Record<string, string> | undefined;
 }
 /**
  * @public
  */
-export interface GetMembersResponse {
+export interface GetFindingsRequest {
     /**
-     * <p>A list of members.</p>
+     * <p>The ID of the detector that specifies the GuardDuty service whose findings you want to
+     *       retrieve.</p>
+     *          <p>To find the <code>detectorId</code> in the current Region, see the
+     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
      * @public
      */
-    Members: Member[] | undefined;
+    DetectorId: string | undefined;
     /**
-     * <p>A list of objects that contain the unprocessed account and a result string that explains
-     *       why it was unprocessed.</p>
+     * <p>The IDs of the findings that you want to retrieve.</p>
      * @public
      */
-    UnprocessedAccounts: UnprocessedAccount[] | undefined;
+    FindingIds: string[] | undefined;
+    /**
+     * <p>Represents the criteria used for sorting findings.</p>
+     * @public
+     */
+    SortCriteria?: SortCriteria | undefined;
 }
 /**
- * <p>Information about the coverage
- *       statistic for the additional
- *     configuration of the feature.</p>
  * @public
  */
-export interface OrganizationFeatureStatisticsAdditionalConfiguration {
-    /**
-     * <p>Name of the additional configuration within a feature.</p>
-     * @public
-     */
-    Name?: OrgFeatureAdditionalConfiguration | undefined;
+export interface GetFindingsResponse {
     /**
-     * <p>Total number of accounts that have enabled the additional
-     *       configuration.</p>
+     * <p>A list of findings.</p>
      * @public
      */
-    EnabledAccountsCount?: number | undefined;
+    Findings: Finding[] | undefined;
 }
 /**
- * <p>Information about the number of accounts
- *       that have enabled a specific feature.</p>
+ * @public
+ * @enum
+ */
+export declare const GroupByType: {
+    readonly ACCOUNT: "ACCOUNT";
+    readonly DATE: "DATE";
+    readonly FINDING_TYPE: "FINDING_TYPE";
+    readonly RESOURCE: "RESOURCE";
+    readonly SEVERITY: "SEVERITY";
+};
+/**
+ * @public
+ */
+export type GroupByType = (typeof GroupByType)[keyof typeof GroupByType];
+/**
  * @public
  */
-export interface OrganizationFeatureStatistics {
+export interface GetFindingsStatisticsRequest {
     /**
-     * <p>Name of the feature.</p>
+     * <p>The ID of the detector whose findings statistics you
+     *       want to retrieve.</p>
+     *          <p>To find the <code>detectorId</code> in the current Region, see the
+     * Settings page in the GuardDuty console, or run the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html">ListDetectors</a> API.</p>
      * @public
      */
-    Name?: OrgFeature | undefined;
+    DetectorId: string | undefined;
+    /**
+     * @deprecated
+     *
+     * <p>The types of finding statistics to retrieve.</p>
+     * @public
+     */
+    FindingStatisticTypes?: FindingStatisticType[] | undefined;
     /**
-     * <p>Total number of accounts that have enabled a specific
-     *       feature.</p>
+     * <p>Represents the criteria that is used for querying findings.</p>
      * @public
      */
-    EnabledAccountsCount?: number | undefined;
+    FindingCriteria?: FindingCriteria | undefined;
     /**
-     * <p>Name of the additional configuration.</p>
+     * <p>Displays the findings statistics grouped by one of the listed valid values.</p>
      * @public
      */
-    AdditionalConfiguration?: OrganizationFeatureStatisticsAdditionalConfiguration[] | undefined;
-}
-/**
- * <p>Information about the coverage statistics of the
- *       features for the entire
- *       Amazon Web Services organization.</p>
- *          <p>When you create a new Amazon Web Services organization, it might
- *       take up to 24 hours to
- *       generate the statistics summary for this organization.</p>
- * @public
- */
-export interface OrganizationStatistics {
+    GroupBy?: GroupByType | undefined;
     /**
-     * <p>Total number of accounts in your Amazon Web Services organization.</p>
+     * <p>Displays the sorted findings in the requested order. The default
+     *       value of <code>orderBy</code> is <code>DESC</code>.</p>
+     *          <p>You can use this parameter only with the <code>groupBy</code> parameter.</p>
      * @public
      */
-    TotalAccountsCount?: number | undefined;
+    OrderBy?: OrderBy | undefined;
     /**
-     * <p>Total number of accounts in your Amazon Web Services organization
-     *       that are associated with GuardDuty.</p>
+     * <p>The maximum number of results to be returned in the response. The default value is 25.</p>
+     *          <p>You can use this parameter only with the <code>groupBy</code> parameter.</p>
      * @public
      */
-    MemberAccountsCount?: number | undefined;
+    MaxResults?: number | undefined;
+}
+/**
+ * @public
+ */
+export interface GetFindingsStatisticsResponse {
     /**
-     * <p>Total number of active accounts in your Amazon Web Services
-     *       organization that are associated with GuardDuty.</p>
+     * <p>The finding statistics object.</p>
      * @public
      */
-    ActiveAccountsCount?: number | undefined;
+    FindingStatistics: FindingStatistics | undefined;
     /**
-     * <p>Total number of accounts that have enabled GuardDuty.</p>
+     * <p>The pagination parameter to be used on the next list operation to retrieve more items.</p>
+     *          <p>This parameter is currently not supported.</p>
      * @public
      */
-    EnabledAccountsCount?: number | undefined;
+    NextToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetInvitationsCountRequest {
+}
+/**
+ * @public
+ */
+export interface GetInvitationsCountResponse {
     /**
-     * <p>Retrieves the coverage
-     *       statistics for each feature.</p>
+     * <p>The number of received invitations.</p>
      * @public
      */
-    CountByFeature?: OrganizationFeatureStatistics[] | undefined;
+    InvitationsCount?: number | undefined;
 }
 /**
  * @internal
@@ -6996,32 +7223,44 @@ export declare const PrivateIpAddressDetailsFilterSensitiveLog: (obj: PrivateIpA
 /**
  * @internal
  */
-export declare const NetworkInterfaceFilterSensitiveLog: (obj: NetworkInterface) => any;
+export declare const Ec2NetworkInterfaceFilterSensitiveLog: (obj: Ec2NetworkInterface) => any;
 /**
  * @internal
  */
-export declare const InstanceDetailsFilterSensitiveLog: (obj: InstanceDetails) => any;
+export declare const ResourceDataFilterSensitiveLog: (obj: ResourceData) => any;
 /**
  * @internal
  */
-export declare const ResourceFilterSensitiveLog: (obj: Resource) => any;
+export declare const ResourceV2FilterSensitiveLog: (obj: ResourceV2) => any;
 /**
  * @internal
  */
-export declare const ServiceFilterSensitiveLog: (obj: Service) => any;
+export declare const SequenceFilterSensitiveLog: (obj: Sequence) => any;
 /**
  * @internal
  */
-export declare const FindingFilterSensitiveLog: (obj: Finding) => any;
+export declare const DetectionFilterSensitiveLog: (obj: Detection) => any;
 /**
  * @internal
  */
-export declare const GetFindingsResponseFilterSensitiveLog: (obj: GetFindingsResponse) => any;
+export declare const NetworkInterfaceFilterSensitiveLog: (obj: NetworkInterface) => any;
+/**
+ * @internal
+ */
+export declare const InstanceDetailsFilterSensitiveLog: (obj: InstanceDetails) => any;
+/**
+ * @internal
+ */
+export declare const ResourceFilterSensitiveLog: (obj: Resource) => any;
+/**
+ * @internal
+ */
+export declare const ServiceFilterSensitiveLog: (obj: Service) => any;
 /**
  * @internal
  */
-export declare const MemberFilterSensitiveLog: (obj: Member) => any;
+export declare const FindingFilterSensitiveLog: (obj: Finding) => any;
 /**
  * @internal
  */
-export declare const GetMembersResponseFilterSensitiveLog: (obj: GetMembersResponse) => any;
+export declare const GetFindingsResponseFilterSensitiveLog: (obj: GetFindingsResponse) => any;