aws-cdk-lib 2.147.3__py3-none-any.whl → 2.148.1__py3-none-any.whl

aws_cdk/aws_guardduty/__init__.py

@@ -1,4 +1,4 @@
-'''
+r'''
 # Amazon GuardDuty Construct Library
 
 This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
@@ -181,7 +181,8 @@ class CfnDetector(
     @builtins.property
     @jsii.member(jsii_name="attrId")
     def attr_id(self) -> builtins.str:
-        '''
+        '''The unique ID of the detector.
+
         :cloudformationAttribute: Id
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrId"))
@@ -472,7 +473,7 @@ class CfnDetector(
         ) -> None:
             '''Information about the configuration of a feature in your account.
 
-            :param name: Name of the feature.
+            :param name: Name of the feature. For a list of allowed values, see `DetectorFeatureConfiguration <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DetectorFeatureConfiguration.html#guardduty-Type-DetectorFeatureConfiguration-name>`_ in the *GuardDuty API Reference* .
             :param status: Status of the feature configuration.
             :param additional_configuration: Information about the additional configuration of a feature in your account.
 
@@ -512,6 +513,8 @@ class CfnDetector(
         def name(self) -> builtins.str:
             '''Name of the feature.
 
+            For a list of allowed values, see `DetectorFeatureConfiguration <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DetectorFeatureConfiguration.html#guardduty-Type-DetectorFeatureConfiguration-name>`_ in the *GuardDuty API Reference* .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html#cfn-guardduty-detector-cfnfeatureconfiguration-name
             '''
             result = self._values.get("name")
@@ -849,8 +852,8 @@ class CfnDetector(
         def __init__(self, *, key: builtins.str, value: builtins.str) -> None:
             '''Describes a tag.
 
-            :param key: The tag value.
-            :param value: The tag key.
+            :param key: The tag key.
+            :param value: The tag value.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html
             :exampleMetadata: fixture=_generated
@@ -877,7 +880,7 @@ class CfnDetector(
 
         @builtins.property
         def key(self) -> builtins.str:
-            '''The tag value.
+            '''The tag key.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html#cfn-guardduty-detector-tagitem-key
             '''
@@ -887,7 +890,7 @@ class CfnDetector(
 
         @builtins.property
         def value(self) -> builtins.str:
-            '''The tag key.
+            '''The tag value.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html#cfn-guardduty-detector-tagitem-value
             '''
@@ -1089,6 +1092,7 @@ class CfnFilter(
         # criterion: Any
         
         cfn_filter = guardduty.CfnFilter(self, "MyCfnFilter",
+            detector_id="detectorId",
             finding_criteria=guardduty.CfnFilter.FindingCriteriaProperty(
                 criterion=criterion,
                 item_type=guardduty.CfnFilter.ConditionProperty(
@@ -1106,12 +1110,11 @@ class CfnFilter(
                     not_equals=["notEquals"]
                 )
             ),
+            name="name",
         
             # the properties below are optional
             action="action",
             description="description",
-            detector_id="detectorId",
-            name="name",
             rank=123,
             tags=[CfnTag(
                 key="key",
@@ -1125,22 +1128,22 @@ class CfnFilter(
         scope: _constructs_77d1e7e8.Construct,
         id: builtins.str,
         *,
+        detector_id: builtins.str,
         finding_criteria: typing.Union[_IResolvable_da3f097b, typing.Union["CfnFilter.FindingCriteriaProperty", typing.Dict[builtins.str, typing.Any]]],
+        name: builtins.str,
         action: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
-        detector_id: typing.Optional[builtins.str] = None,
-        name: typing.Optional[builtins.str] = None,
         rank: typing.Optional[jsii.Number] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
+        :param detector_id: The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
         :param finding_criteria: Represents the criteria to be used in the filter for querying findings.
+        :param name: The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
         :param action: Specifies the action that is to be applied to the findings that match the filter.
         :param description: The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ( ``{ }`` , ``[ ]`` , and ``( )`` ), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
-        :param detector_id: The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
-        :param name: The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
         :param rank: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100. By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, `DependsOn <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ , with the following syntax: ``"DependsOn":[ "ObjectName" ]`` .
         :param tags: The tags to be added to a new filter resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
         '''
@@ -1149,11 +1152,11 @@ class CfnFilter(
             check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = CfnFilterProps(
+            detector_id=detector_id,
             finding_criteria=finding_criteria,
+            name=name,
             action=action,
             description=description,
-            detector_id=detector_id,
-            name=name,
             rank=rank,
             tags=tags,
         )
@@ -1201,6 +1204,19 @@ class CfnFilter(
         '''Tag Manager which manages the tags for this resource.'''
         return typing.cast(_TagManager_0a598cb3, jsii.get(self, "tags"))
 
+    @builtins.property
+    @jsii.member(jsii_name="detectorId")
+    def detector_id(self) -> builtins.str:
+        '''The ID of the detector belonging to the GuardDuty account that you want to create a filter for.'''
+        return typing.cast(builtins.str, jsii.get(self, "detectorId"))
+
+    @detector_id.setter
+    def detector_id(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2a940342f0dba5155f5628025cb840051cc96e969cc988dd60f36269d57e2ccd)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "detectorId", value)
+
     @builtins.property
     @jsii.member(jsii_name="findingCriteria")
     def finding_criteria(
@@ -1219,6 +1235,19 @@ class CfnFilter(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "findingCriteria", value)
 
+    @builtins.property
+    @jsii.member(jsii_name="name")
+    def name(self) -> builtins.str:
+        '''The name of the filter.'''
+        return typing.cast(builtins.str, jsii.get(self, "name"))
+
+    @name.setter
+    def name(self, value: builtins.str) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__a919e4dbcd673724e15009ab41b3a97b27ecfabae06ad4b152e2793162be4ddc)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "name", value)
+
     @builtins.property
     @jsii.member(jsii_name="action")
     def action(self) -> typing.Optional[builtins.str]:
@@ -1245,32 +1274,6 @@ class CfnFilter(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "description", value)
 
-    @builtins.property
-    @jsii.member(jsii_name="detectorId")
-    def detector_id(self) -> typing.Optional[builtins.str]:
-        '''The ID of the detector belonging to the GuardDuty account that you want to create a filter for.'''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "detectorId"))
-
-    @detector_id.setter
-    def detector_id(self, value: typing.Optional[builtins.str]) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__2a940342f0dba5155f5628025cb840051cc96e969cc988dd60f36269d57e2ccd)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "detectorId", value)
-
-    @builtins.property
-    @jsii.member(jsii_name="name")
-    def name(self) -> typing.Optional[builtins.str]:
-        '''The name of the filter.'''
-        return typing.cast(typing.Optional[builtins.str], jsii.get(self, "name"))
-
-    @name.setter
-    def name(self, value: typing.Optional[builtins.str]) -> None:
-        if __debug__:
-            type_hints = typing.get_type_hints(_typecheckingstub__a919e4dbcd673724e15009ab41b3a97b27ecfabae06ad4b152e2793162be4ddc)
-            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
-        jsii.set(self, "name", value)
-
     @builtins.property
     @jsii.member(jsii_name="rank")
     def rank(self) -> typing.Optional[jsii.Number]:
@@ -1544,7 +1547,7 @@ class CfnFilter(
         ) -> None:
             '''Represents a map of finding properties that match specified conditions and values when querying findings.
 
-            :param criterion: Represents a map of finding properties that match specified conditions and values when querying findings. For information about JSON criterion mapping to their console equivalent, see `Finding criteria <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria>`_ . The following are the available criterion: - accountId - id - region - severity To filter on the basis of severity, API and CFN use the following input list for the condition: - *Low* : ``["1", "2", "3"]`` - *Medium* : ``["4", "5", "6"]`` - *High* : ``["7", "8", "9"]`` For more information, see `Severity levels for GuardDuty findings <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity>`_ . - type - updatedAt Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds. - resource.accessKeyDetails.accessKeyId - resource.accessKeyDetails.principalId - resource.accessKeyDetails.userName - resource.accessKeyDetails.userType - resource.instanceDetails.iamInstanceProfile.id - resource.instanceDetails.imageId - resource.instanceDetails.instanceId - resource.instanceDetails.tags.key - resource.instanceDetails.tags.value - resource.instanceDetails.networkInterfaces.ipv6Addresses - resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress - resource.instanceDetails.networkInterfaces.publicDnsName - resource.instanceDetails.networkInterfaces.publicIp - resource.instanceDetails.networkInterfaces.securityGroups.groupId - resource.instanceDetails.networkInterfaces.securityGroups.groupName - resource.instanceDetails.networkInterfaces.subnetId - resource.instanceDetails.networkInterfaces.vpcId - resource.instanceDetails.outpostArn - resource.resourceType - resource.s3BucketDetails.publicAccess.effectivePermissions - resource.s3BucketDetails.name - resource.s3BucketDetails.tags.key - resource.s3BucketDetails.tags.value - resource.s3BucketDetails.type - service.action.actionType - service.action.awsApiCallAction.api - service.action.awsApiCallAction.callerType - service.action.awsApiCallAction.errorCode - service.action.awsApiCallAction.remoteIpDetails.city.cityName - service.action.awsApiCallAction.remoteIpDetails.country.countryName - service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 - service.action.awsApiCallAction.remoteIpDetails.organization.asn - service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg - service.action.awsApiCallAction.serviceName - service.action.dnsRequestAction.domain - service.action.networkConnectionAction.blocked - service.action.networkConnectionAction.connectionDirection - service.action.networkConnectionAction.localPortDetails.port - service.action.networkConnectionAction.protocol - service.action.networkConnectionAction.remoteIpDetails.city.cityName - service.action.networkConnectionAction.remoteIpDetails.country.countryName - service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 - service.action.networkConnectionAction.remoteIpDetails.organization.asn - service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg - service.action.networkConnectionAction.remotePortDetails.port - service.action.awsApiCallAction.remoteAccountDetails.affiliated - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4 - service.action.kubernetesApiCallAction.requestUri - service.action.networkConnectionAction.localIpDetails.ipAddressV4 - service.action.networkConnectionAction.protocol - service.action.awsApiCallAction.serviceName - service.action.awsApiCallAction.remoteAccountDetails.accountId - service.additionalInfo.threatListName - service.resourceRole - resource.eksClusterDetails.name - resource.kubernetesDetails.kubernetesWorkloadDetails.name - resource.kubernetesDetails.kubernetesWorkloadDetails.namespace - resource.kubernetesDetails.kubernetesUserDetails.username - resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image - resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix - service.ebsVolumeScanDetails.scanId - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash - resource.ecsClusterDetails.name - resource.ecsClusterDetails.taskDetails.containers.image - resource.ecsClusterDetails.taskDetails.definitionArn - resource.containerDetails.image - resource.rdsDbInstanceDetails.dbInstanceIdentifier - resource.rdsDbInstanceDetails.dbClusterIdentifier - resource.rdsDbInstanceDetails.engine - resource.rdsDbUserDetails.user - resource.rdsDbInstanceDetails.tags.key - resource.rdsDbInstanceDetails.tags.value - service.runtimeDetails.process.executableSha256 - service.runtimeDetails.process.name - service.runtimeDetails.process.name - resource.lambdaDetails.functionName - resource.lambdaDetails.functionArn - resource.lambdaDetails.tags.key - resource.lambdaDetails.tags.value
+            :param criterion: Represents a map of finding properties that match specified conditions and values when querying findings. For information about JSON criterion mapping to their console equivalent, see `Finding criteria <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria>`_ . The following are the available criterion: - accountId - id - region - severity To filter on the basis of severity, the API and AWS CLI use the following input list for the ``FindingCriteria`` condition: - *Low* : ``["1", "2", "3"]`` - *Medium* : ``["4", "5", "6"]`` - *High* : ``["7", "8", "9"]`` For more information, see `Severity levels for GuardDuty findings <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity>`_ in the *Amazon GuardDuty User Guide* . - type - updatedAt Type: ISO 8601 string format: ``YYYY-MM-DDTHH:MM:SS.SSSZ`` or ``YYYY-MM-DDTHH:MM:SSZ`` depending on whether the value contains milliseconds. - resource.accessKeyDetails.accessKeyId - resource.accessKeyDetails.principalId - resource.accessKeyDetails.userName - resource.accessKeyDetails.userType - resource.instanceDetails.iamInstanceProfile.id - resource.instanceDetails.imageId - resource.instanceDetails.instanceId - resource.instanceDetails.tags.key - resource.instanceDetails.tags.value - resource.instanceDetails.networkInterfaces.ipv6Addresses - resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress - resource.instanceDetails.networkInterfaces.publicDnsName - resource.instanceDetails.networkInterfaces.publicIp - resource.instanceDetails.networkInterfaces.securityGroups.groupId - resource.instanceDetails.networkInterfaces.securityGroups.groupName - resource.instanceDetails.networkInterfaces.subnetId - resource.instanceDetails.networkInterfaces.vpcId - resource.instanceDetails.outpostArn - resource.resourceType - resource.s3BucketDetails.publicAccess.effectivePermissions - resource.s3BucketDetails.name - resource.s3BucketDetails.tags.key - resource.s3BucketDetails.tags.value - resource.s3BucketDetails.type - service.action.actionType - service.action.awsApiCallAction.api - service.action.awsApiCallAction.callerType - service.action.awsApiCallAction.errorCode - service.action.awsApiCallAction.remoteIpDetails.city.cityName - service.action.awsApiCallAction.remoteIpDetails.country.countryName - service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 - service.action.awsApiCallAction.remoteIpDetails.ipAddressV6 - service.action.awsApiCallAction.remoteIpDetails.organization.asn - service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg - service.action.awsApiCallAction.serviceName - service.action.dnsRequestAction.domain - service.action.dnsRequestAction.domainWithSuffix - service.action.networkConnectionAction.blocked - service.action.networkConnectionAction.connectionDirection - service.action.networkConnectionAction.localPortDetails.port - service.action.networkConnectionAction.protocol - service.action.networkConnectionAction.remoteIpDetails.city.cityName - service.action.networkConnectionAction.remoteIpDetails.country.countryName - service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 - service.action.networkConnectionAction.remoteIpDetails.ipAddressV6 - service.action.networkConnectionAction.remoteIpDetails.organization.asn - service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg - service.action.networkConnectionAction.remotePortDetails.port - service.action.awsApiCallAction.remoteAccountDetails.affiliated - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4 - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6 - service.action.kubernetesApiCallAction.namespace - service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn - service.action.kubernetesApiCallAction.requestUri - service.action.kubernetesApiCallAction.statusCode - service.action.networkConnectionAction.localIpDetails.ipAddressV4 - service.action.networkConnectionAction.localIpDetails.ipAddressV6 - service.action.networkConnectionAction.protocol - service.action.awsApiCallAction.serviceName - service.action.awsApiCallAction.remoteAccountDetails.accountId - service.additionalInfo.threatListName - service.resourceRole - resource.eksClusterDetails.name - resource.kubernetesDetails.kubernetesWorkloadDetails.name - resource.kubernetesDetails.kubernetesWorkloadDetails.namespace - resource.kubernetesDetails.kubernetesUserDetails.username - resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image - resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix - service.ebsVolumeScanDetails.scanId - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash - service.malwareScanDetails.threats.name - resource.ecsClusterDetails.name - resource.ecsClusterDetails.taskDetails.containers.image - resource.ecsClusterDetails.taskDetails.definitionArn - resource.containerDetails.image - resource.rdsDbInstanceDetails.dbInstanceIdentifier - resource.rdsDbInstanceDetails.dbClusterIdentifier - resource.rdsDbInstanceDetails.engine - resource.rdsDbUserDetails.user - resource.rdsDbInstanceDetails.tags.key - resource.rdsDbInstanceDetails.tags.value - service.runtimeDetails.process.executableSha256 - service.runtimeDetails.process.name - service.runtimeDetails.process.name - resource.lambdaDetails.functionName - resource.lambdaDetails.functionArn - resource.lambdaDetails.tags.key - resource.lambdaDetails.tags.value
             :param item_type: 
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html
@@ -1597,18 +1600,18 @@ class CfnFilter(
             - region
             - severity
 
-            To filter on the basis of severity, API and CFN use the following input list for the condition:
+            To filter on the basis of severity, the API and AWS CLI use the following input list for the ``FindingCriteria`` condition:
 
             - *Low* : ``["1", "2", "3"]``
             - *Medium* : ``["4", "5", "6"]``
             - *High* : ``["7", "8", "9"]``
 
-            For more information, see `Severity levels for GuardDuty findings <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity>`_ .
+            For more information, see `Severity levels for GuardDuty findings <https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity>`_ in the *Amazon GuardDuty User Guide* .
 
             - type
             - updatedAt
 
-            Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
+            Type: ISO 8601 string format: ``YYYY-MM-DDTHH:MM:SS.SSSZ`` or ``YYYY-MM-DDTHH:MM:SSZ`` depending on whether the value contains milliseconds.
 
             - resource.accessKeyDetails.accessKeyId
             - resource.accessKeyDetails.principalId
@@ -1641,10 +1644,12 @@ class CfnFilter(
             - service.action.awsApiCallAction.remoteIpDetails.city.cityName
             - service.action.awsApiCallAction.remoteIpDetails.country.countryName
             - service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+            - service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
             - service.action.awsApiCallAction.remoteIpDetails.organization.asn
             - service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
             - service.action.awsApiCallAction.serviceName
             - service.action.dnsRequestAction.domain
+            - service.action.dnsRequestAction.domainWithSuffix
             - service.action.networkConnectionAction.blocked
             - service.action.networkConnectionAction.connectionDirection
             - service.action.networkConnectionAction.localPortDetails.port
@@ -1652,13 +1657,19 @@ class CfnFilter(
             - service.action.networkConnectionAction.remoteIpDetails.city.cityName
             - service.action.networkConnectionAction.remoteIpDetails.country.countryName
             - service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+            - service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
             - service.action.networkConnectionAction.remoteIpDetails.organization.asn
             - service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
             - service.action.networkConnectionAction.remotePortDetails.port
             - service.action.awsApiCallAction.remoteAccountDetails.affiliated
             - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
+            - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
+            - service.action.kubernetesApiCallAction.namespace
+            - service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
             - service.action.kubernetesApiCallAction.requestUri
+            - service.action.kubernetesApiCallAction.statusCode
             - service.action.networkConnectionAction.localIpDetails.ipAddressV4
+            - service.action.networkConnectionAction.localIpDetails.ipAddressV6
             - service.action.networkConnectionAction.protocol
             - service.action.awsApiCallAction.serviceName
             - service.action.awsApiCallAction.remoteAccountDetails.accountId
@@ -1674,6 +1685,7 @@ class CfnFilter(
             - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
             - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
             - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
+            - service.malwareScanDetails.threats.name
             - resource.ecsClusterDetails.name
             - resource.ecsClusterDetails.taskDetails.containers.image
             - resource.ecsClusterDetails.taskDetails.definitionArn
@@ -1723,11 +1735,11 @@ class CfnFilter(
     jsii_type="aws-cdk-lib.aws_guardduty.CfnFilterProps",
     jsii_struct_bases=[],
     name_mapping={
+        "detector_id": "detectorId",
         "finding_criteria": "findingCriteria",
+        "name": "name",
         "action": "action",
         "description": "description",
-        "detector_id": "detectorId",
-        "name": "name",
         "rank": "rank",
         "tags": "tags",
     },
@@ -1736,21 +1748,21 @@ class CfnFilterProps:
     def __init__(
         self,
         *,
+        detector_id: builtins.str,
         finding_criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnFilter.FindingCriteriaProperty, typing.Dict[builtins.str, typing.Any]]],
+        name: builtins.str,
         action: typing.Optional[builtins.str] = None,
         description: typing.Optional[builtins.str] = None,
-        detector_id: typing.Optional[builtins.str] = None,
-        name: typing.Optional[builtins.str] = None,
         rank: typing.Optional[jsii.Number] = None,
         tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
     ) -> None:
         '''Properties for defining a ``CfnFilter``.
 
+        :param detector_id: The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
         :param finding_criteria: Represents the criteria to be used in the filter for querying findings.
+        :param name: The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
         :param action: Specifies the action that is to be applied to the findings that match the filter.
         :param description: The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ( ``{ }`` , ``[ ]`` , and ``( )`` ), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
-        :param detector_id: The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
-        :param name: The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
         :param rank: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100. By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, `DependsOn <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html>`_ , with the following syntax: ``"DependsOn":[ "ObjectName" ]`` .
         :param tags: The tags to be added to a new filter resource. Each tag consists of a key and an optional value, both of which you define. For more information, see `Tag <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html>`_ .
 
@@ -1766,6 +1778,7 @@ class CfnFilterProps:
             # criterion: Any
             
             cfn_filter_props = guardduty.CfnFilterProps(
+                detector_id="detectorId",
                 finding_criteria=guardduty.CfnFilter.FindingCriteriaProperty(
                     criterion=criterion,
                     item_type=guardduty.CfnFilter.ConditionProperty(
@@ -1783,12 +1796,11 @@ class CfnFilterProps:
                         not_equals=["notEquals"]
                     )
                 ),
+                name="name",
             
                 # the properties below are optional
                 action="action",
                 description="description",
-                detector_id="detectorId",
-                name="name",
                 rank=123,
                 tags=[CfnTag(
                     key="key",
@@ -1798,29 +1810,37 @@ class CfnFilterProps:
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__6f44ad794e7dbae18bc70d670d096dac3d980dc5e20e5c9703013ddb79dd0e03)
+            check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
             check_type(argname="argument finding_criteria", value=finding_criteria, expected_type=type_hints["finding_criteria"])
+            check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument action", value=action, expected_type=type_hints["action"])
             check_type(argname="argument description", value=description, expected_type=type_hints["description"])
-            check_type(argname="argument detector_id", value=detector_id, expected_type=type_hints["detector_id"])
-            check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument rank", value=rank, expected_type=type_hints["rank"])
             check_type(argname="argument tags", value=tags, expected_type=type_hints["tags"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
+            "detector_id": detector_id,
             "finding_criteria": finding_criteria,
+            "name": name,
         }
         if action is not None:
             self._values["action"] = action
         if description is not None:
             self._values["description"] = description
-        if detector_id is not None:
-            self._values["detector_id"] = detector_id
-        if name is not None:
-            self._values["name"] = name
         if rank is not None:
             self._values["rank"] = rank
         if tags is not None:
             self._values["tags"] = tags
 
+    @builtins.property
+    def detector_id(self) -> builtins.str:
+        '''The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-detectorid
+        '''
+        result = self._values.get("detector_id")
+        assert result is not None, "Required property 'detector_id' is missing"
+        return typing.cast(builtins.str, result)
+
     @builtins.property
     def finding_criteria(
         self,
@@ -1833,6 +1853,18 @@ class CfnFilterProps:
         assert result is not None, "Required property 'finding_criteria' is missing"
         return typing.cast(typing.Union[_IResolvable_da3f097b, CfnFilter.FindingCriteriaProperty], result)
 
+    @builtins.property
+    def name(self) -> builtins.str:
+        '''The name of the filter.
+
+        Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-name
+        '''
+        result = self._values.get("name")
+        assert result is not None, "Required property 'name' is missing"
+        return typing.cast(builtins.str, result)
+
     @builtins.property
     def action(self) -> typing.Optional[builtins.str]:
         '''Specifies the action that is to be applied to the findings that match the filter.
@@ -1853,26 +1885,6 @@ class CfnFilterProps:
         result = self._values.get("description")
         return typing.cast(typing.Optional[builtins.str], result)
 
-    @builtins.property
-    def detector_id(self) -> typing.Optional[builtins.str]:
-        '''The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-detectorid
-        '''
-        result = self._values.get("detector_id")
-        return typing.cast(typing.Optional[builtins.str], result)
-
-    @builtins.property
-    def name(self) -> typing.Optional[builtins.str]:
-        '''The name of the filter.
-
-        Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
-
-        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-name
-        '''
-        result = self._values.get("name")
-        return typing.cast(typing.Optional[builtins.str], result)
-
     @builtins.property
     def rank(self) -> typing.Optional[jsii.Number]:
         '''Specifies the position of the filter in the list of current filters.
@@ -2274,7 +2286,9 @@ class CfnMalwareProtectionPlan(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_guardduty.CfnMalwareProtectionPlan",
 ):
-    '''Resource Type definition for AWS::GuardDuty::MalwareProtectionPlan.
+    '''Creates a new Malware Protection plan for the protected resource.
+
+    When you create a Malware Protection plan, the `AWS service terms for GuardDuty Malware Protection <https://docs.aws.amazon.com/service-terms/#87._Amazon_GuardDuty>`_ will apply.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-malwareprotectionplan.html
     :cloudformationResource: AWS::GuardDuty::MalwareProtectionPlan
@@ -2321,10 +2335,10 @@ class CfnMalwareProtectionPlan(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param protected_resource: 
-        :param role: IAM role that includes the permissions required to scan and add tags to the associated protected resource.
-        :param actions: 
-        :param tags: 
+        :param protected_resource: Information about the protected resource. Presently, ``S3Bucket`` is the only supported protected resource.
+        :param role: IAM role that includes the permissions required to scan and (optionally) add tags to the associated protected resource.
+        :param actions: Specifies the action that is to be applied to the Malware Protection plan resource.
+        :param tags: The tags to be added to the created Malware Protection plan resource. Each tag consists of a key and an optional value, both of which you need to specify.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__00ef930fce1d868abb00d70b721805e86a6ec1fb82c9df9f9974877a5ec00349)
@@ -2372,7 +2386,7 @@ class CfnMalwareProtectionPlan(
     @builtins.property
     @jsii.member(jsii_name="attrArn")
     def attr_arn(self) -> builtins.str:
-        '''Amazon Resource Name (ARN) of the protected resource.
+        '''Amazon Resource Name (ARN) associated with this Malware Protection plan.
 
         :cloudformationAttribute: Arn
         '''
@@ -2390,7 +2404,7 @@ class CfnMalwareProtectionPlan(
     @builtins.property
     @jsii.member(jsii_name="attrMalwareProtectionPlanId")
     def attr_malware_protection_plan_id(self) -> builtins.str:
-        '''A unique identifier associated with Malware Protection plan resource.
+        '''A unique identifier associated with Malware Protection plan.
 
         :cloudformationAttribute: MalwareProtectionPlanId
         '''
@@ -2399,7 +2413,7 @@ class CfnMalwareProtectionPlan(
     @builtins.property
     @jsii.member(jsii_name="attrStatus")
     def attr_status(self) -> builtins.str:
-        '''Malware Protection plan status.
+        '''Status of the Malware Protection plan resource.
 
         :cloudformationAttribute: Status
         '''
@@ -2408,7 +2422,7 @@ class CfnMalwareProtectionPlan(
     @builtins.property
     @jsii.member(jsii_name="attrStatusReasons")
     def attr_status_reasons(self) -> _IResolvable_da3f097b:
-        '''Information about the issue code and message associated to the status of your Malware Protection plan.
+        '''Status details associated with the Malware Protection plan resource status.
 
         :cloudformationAttribute: StatusReasons
         '''
@@ -2430,6 +2444,7 @@ class CfnMalwareProtectionPlan(
     def protected_resource(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, "CfnMalwareProtectionPlan.CFNProtectedResourceProperty"]:
+        '''Information about the protected resource.'''
         return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnMalwareProtectionPlan.CFNProtectedResourceProperty"], jsii.get(self, "protectedResource"))
 
     @protected_resource.setter
@@ -2445,7 +2460,7 @@ class CfnMalwareProtectionPlan(
     @builtins.property
     @jsii.member(jsii_name="role")
     def role(self) -> builtins.str:
-        '''IAM role that includes the permissions required to scan and add tags to the associated protected resource.'''
+        '''IAM role that includes the permissions required to scan and (optionally) add tags to the associated protected resource.'''
         return typing.cast(builtins.str, jsii.get(self, "role"))
 
     @role.setter
@@ -2460,6 +2475,7 @@ class CfnMalwareProtectionPlan(
     def actions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnMalwareProtectionPlan.CFNActionsProperty"]]:
+        '''Specifies the action that is to be applied to the Malware Protection plan resource.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnMalwareProtectionPlan.CFNActionsProperty"]], jsii.get(self, "actions"))
 
     @actions.setter
@@ -2477,6 +2493,7 @@ class CfnMalwareProtectionPlan(
     def tags(
         self,
     ) -> typing.Optional[typing.List["CfnMalwareProtectionPlan.TagItemProperty"]]:
+        '''The tags to be added to the created Malware Protection plan resource.'''
         return typing.cast(typing.Optional[typing.List["CfnMalwareProtectionPlan.TagItemProperty"]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -2500,8 +2517,9 @@ class CfnMalwareProtectionPlan(
             *,
             tagging: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnMalwareProtectionPlan.CFNTaggingProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''
-            :param tagging: 
+            '''Specifies the action that is to be applied to the Malware Protection plan resource.
+
+            :param tagging: Contains information about tagging status of the Malware Protection plan resource.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-cfnactions.html
             :exampleMetadata: fixture=_generated
@@ -2529,7 +2547,8 @@ class CfnMalwareProtectionPlan(
         def tagging(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnMalwareProtectionPlan.CFNTaggingProperty"]]:
-            '''
+            '''Contains information about tagging status of the Malware Protection plan resource.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-cfnactions.html#cfn-guardduty-malwareprotectionplan-cfnactions-tagging
             '''
             result = self._values.get("tagging")
@@ -2557,7 +2576,10 @@ class CfnMalwareProtectionPlan(
             *,
             s3_bucket: typing.Union[_IResolvable_da3f097b, typing.Union["CfnMalwareProtectionPlan.S3BucketProperty", typing.Dict[builtins.str, typing.Any]]],
         ) -> None:
-            '''
+            '''Information about the protected resource.
+
+            Presently, ``S3Bucket`` is the only supported protected resource.
+
             :param s3_bucket: Information about the protected S3 bucket resource.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-cfnprotectedresource.html
@@ -2618,9 +2640,10 @@ class CfnMalwareProtectionPlan(
             code: typing.Optional[builtins.str] = None,
             message: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''
-            :param code: Issue code.
-            :param message: Issue message that specifies the reason.
+            '''Information about the status code and status details associated with the status of the Malware Protection plan.
+
+            :param code: The status code of the Malware Protection plan. For more information, see `Malware Protection plan resource status <https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection-s3-bucket-status-gdu.html>`_ in the *GuardDuty User Guide* .
+            :param message: Issue message that specifies the reason. For information about potential troubleshooting steps, see `Troubleshooting Malware Protection for S3 status issues <https://docs.aws.amazon.com/guardduty/latest/ug/troubleshoot-s3-malware-protection-status-errors.html>`_ in the *GuardDuty User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-cfnstatusreasons.html
             :exampleMetadata: fixture=_generated
@@ -2648,7 +2671,9 @@ class CfnMalwareProtectionPlan(
 
         @builtins.property
         def code(self) -> typing.Optional[builtins.str]:
-            '''Issue code.
+            '''The status code of the Malware Protection plan.
+
+            For more information, see `Malware Protection plan resource status <https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection-s3-bucket-status-gdu.html>`_ in the *GuardDuty User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-cfnstatusreasons.html#cfn-guardduty-malwareprotectionplan-cfnstatusreasons-code
             '''
@@ -2659,6 +2684,8 @@ class CfnMalwareProtectionPlan(
         def message(self) -> typing.Optional[builtins.str]:
             '''Issue message that specifies the reason.
 
+            For information about potential troubleshooting steps, see `Troubleshooting Malware Protection for S3 status issues <https://docs.aws.amazon.com/guardduty/latest/ug/troubleshoot-s3-malware-protection-status-errors.html>`_ in the *GuardDuty User Guide* .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-cfnstatusreasons.html#cfn-guardduty-malwareprotectionplan-cfnstatusreasons-message
             '''
             result = self._values.get("message")
@@ -2682,8 +2709,9 @@ class CfnMalwareProtectionPlan(
     )
     class CFNTaggingProperty:
         def __init__(self, *, status: typing.Optional[builtins.str] = None) -> None:
-            '''
-            :param status: Indicates whether or not the tags will added.
+            '''Contains information about tagging status of the Malware Protection plan resource.
+
+            :param status: Indicates whether or not you chose GuardDuty to add a predefined tag to the scanned S3 object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-cfntagging.html
             :exampleMetadata: fixture=_generated
@@ -2707,7 +2735,7 @@ class CfnMalwareProtectionPlan(
 
         @builtins.property
         def status(self) -> typing.Optional[builtins.str]:
-            '''Indicates whether or not the tags will added.
+            '''Indicates whether or not you chose GuardDuty to add a predefined tag to the scanned S3 object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-cfntagging.html#cfn-guardduty-malwareprotectionplan-cfntagging-status
             '''
@@ -2743,7 +2771,7 @@ class CfnMalwareProtectionPlan(
             '''Information about the protected S3 bucket resource.
 
             :param bucket_name: Name of the S3 bucket.
-            :param object_prefixes: Information about the specified object prefixes. The S3 object will be scanned only if it belongs to any of the specified object prefixes.
+            :param object_prefixes: Information about the specified object prefixes. An S3 object will be scanned only if it belongs to any of the specified object prefixes.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-s3bucket.html
             :exampleMetadata: fixture=_generated
@@ -2782,7 +2810,7 @@ class CfnMalwareProtectionPlan(
         def object_prefixes(self) -> typing.Optional[typing.List[builtins.str]]:
             '''Information about the specified object prefixes.
 
-            The S3 object will be scanned only if it belongs to any of the specified object prefixes.
+            An S3 object will be scanned only if it belongs to any of the specified object prefixes.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-s3bucket.html#cfn-guardduty-malwareprotectionplan-s3bucket-objectprefixes
             '''
@@ -2807,9 +2835,10 @@ class CfnMalwareProtectionPlan(
     )
     class TagItemProperty:
         def __init__(self, *, key: builtins.str, value: builtins.str) -> None:
-            '''
-            :param key: 
-            :param value: 
+            '''Contains information about a tag.
+
+            :param key: The tag key.
+            :param value: The tag value.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-tagitem.html
             :exampleMetadata: fixture=_generated
@@ -2836,7 +2865,8 @@ class CfnMalwareProtectionPlan(
 
         @builtins.property
         def key(self) -> builtins.str:
-            '''
+            '''The tag key.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-tagitem.html#cfn-guardduty-malwareprotectionplan-tagitem-key
             '''
             result = self._values.get("key")
@@ -2845,7 +2875,8 @@ class CfnMalwareProtectionPlan(
 
         @builtins.property
         def value(self) -> builtins.str:
-            '''
+            '''The tag value.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-malwareprotectionplan-tagitem.html#cfn-guardduty-malwareprotectionplan-tagitem-value
             '''
             result = self._values.get("value")
@@ -2885,10 +2916,10 @@ class CfnMalwareProtectionPlanProps:
     ) -> None:
         '''Properties for defining a ``CfnMalwareProtectionPlan``.
 
-        :param protected_resource: 
-        :param role: IAM role that includes the permissions required to scan and add tags to the associated protected resource.
-        :param actions: 
-        :param tags: 
+        :param protected_resource: Information about the protected resource. Presently, ``S3Bucket`` is the only supported protected resource.
+        :param role: IAM role that includes the permissions required to scan and (optionally) add tags to the associated protected resource.
+        :param actions: Specifies the action that is to be applied to the Malware Protection plan resource.
+        :param tags: The tags to be added to the created Malware Protection plan resource. Each tag consists of a key and an optional value, both of which you need to specify.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-malwareprotectionplan.html
         :exampleMetadata: fixture=_generated
@@ -2939,7 +2970,10 @@ class CfnMalwareProtectionPlanProps:
     def protected_resource(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, CfnMalwareProtectionPlan.CFNProtectedResourceProperty]:
-        '''
+        '''Information about the protected resource.
+
+        Presently, ``S3Bucket`` is the only supported protected resource.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-malwareprotectionplan.html#cfn-guardduty-malwareprotectionplan-protectedresource
         '''
         result = self._values.get("protected_resource")
@@ -2948,7 +2982,7 @@ class CfnMalwareProtectionPlanProps:
 
     @builtins.property
     def role(self) -> builtins.str:
-        '''IAM role that includes the permissions required to scan and add tags to the associated protected resource.
+        '''IAM role that includes the permissions required to scan and (optionally) add tags to the associated protected resource.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-malwareprotectionplan.html#cfn-guardduty-malwareprotectionplan-role
         '''
@@ -2960,7 +2994,8 @@ class CfnMalwareProtectionPlanProps:
     def actions(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnMalwareProtectionPlan.CFNActionsProperty]]:
-        '''
+        '''Specifies the action that is to be applied to the Malware Protection plan resource.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-malwareprotectionplan.html#cfn-guardduty-malwareprotectionplan-actions
         '''
         result = self._values.get("actions")
@@ -2970,7 +3005,10 @@ class CfnMalwareProtectionPlanProps:
     def tags(
         self,
     ) -> typing.Optional[typing.List[CfnMalwareProtectionPlan.TagItemProperty]]:
-        '''
+        '''The tags to be added to the created Malware Protection plan resource.
+
+        Each tag consists of a key and an optional value, both of which you need to specify.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-malwareprotectionplan.html#cfn-guardduty-malwareprotectionplan-tags
         '''
         result = self._values.get("tags")
@@ -3031,7 +3069,7 @@ class CfnMaster(
         :param id: Construct identifier for this resource (unique in its scope).
         :param detector_id: The unique ID of the detector of the GuardDuty member account.
         :param master_id: The AWS account ID of the account designated as the GuardDuty administrator account.
-        :param invitation_id: The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by using the ListInvitation action of the GuardDuty API.
+        :param invitation_id: The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by running the `ListInvitations <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListInvitations.html>`_ in the *GuardDuty API Reference* .
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__d5d03095d03ec71c014c1cfc8e78531e9220fec576d321a24de280815b0d72c0)
@@ -3139,7 +3177,7 @@ class CfnMasterProps:
 
         :param detector_id: The unique ID of the detector of the GuardDuty member account.
         :param master_id: The AWS account ID of the account designated as the GuardDuty administrator account.
-        :param invitation_id: The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by using the ListInvitation action of the GuardDuty API.
+        :param invitation_id: The ID of the invitation that is sent to the account designated as a member account. You can find the invitation ID by running the `ListInvitations <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListInvitations.html>`_ in the *GuardDuty API Reference* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html
         :exampleMetadata: fixture=_generated
@@ -3194,7 +3232,7 @@ class CfnMasterProps:
     def invitation_id(self) -> typing.Optional[builtins.str]:
         '''The ID of the invitation that is sent to the account designated as a member account.
 
-        You can find the invitation ID by using the ListInvitation action of the GuardDuty API.
+        You can find the invitation ID by running the `ListInvitations <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListInvitations.html>`_ in the *GuardDuty API Reference* .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-invitationid
         '''
@@ -3554,7 +3592,7 @@ class CfnThreatIntelSet(
 ):
     '''The ``AWS::GuardDuty::ThreatIntelSet`` resource specifies a new ``ThreatIntelSet`` .
 
-    A ``ThreatIntelSet`` consists of known malicious IP addresses. GuardDuty generates findings based on the ``ThreatIntelSet`` when it is activated.
+    A ``ThreatIntelSet`` consists of known malicious IP addresses. GuardDuty generates findings based on the ``ThreatIntelSet`` after it is activated.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html
     :cloudformationResource: AWS::GuardDuty::ThreatIntelSet
@@ -3651,7 +3689,8 @@ class CfnThreatIntelSet(
     @builtins.property
     @jsii.member(jsii_name="attrId")
     def attr_id(self) -> builtins.str:
-        '''
+        '''The unique ID of the ``threatIntelSet`` .
+
         :cloudformationAttribute: Id
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrId"))
@@ -4059,11 +4098,11 @@ def _typecheckingstub__067e85819bdb865e6337a26c378c0472fa2b9e72f47dfccf0bca60992
     scope: _constructs_77d1e7e8.Construct,
     id: builtins.str,
     *,
+    detector_id: builtins.str,
     finding_criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnFilter.FindingCriteriaProperty, typing.Dict[builtins.str, typing.Any]]],
+    name: builtins.str,
     action: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
-    detector_id: typing.Optional[builtins.str] = None,
-    name: typing.Optional[builtins.str] = None,
     rank: typing.Optional[jsii.Number] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None:
@@ -4082,31 +4121,31 @@ def _typecheckingstub__d00911f9ef1cc2770fa371850c170d11fa5dae6c49195efa6eedf0ecc
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__8fbed2e2e1c4e36b77bef70f5730cf33088965585e081220ea8782f1bc6ec58e(
-    value: typing.Union[_IResolvable_da3f097b, CfnFilter.FindingCriteriaProperty],
+def _typecheckingstub__2a940342f0dba5155f5628025cb840051cc96e969cc988dd60f36269d57e2ccd(
+    value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__48a346a5915bdb2f2af2271886d8088c817fdc4bbf7e9f976a58166a6d451959(
-    value: typing.Optional[builtins.str],
+def _typecheckingstub__8fbed2e2e1c4e36b77bef70f5730cf33088965585e081220ea8782f1bc6ec58e(
+    value: typing.Union[_IResolvable_da3f097b, CfnFilter.FindingCriteriaProperty],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__d76609fcbed2d16e8e3d770136dd8f1d34ef69ecf949487325d62e1df3feba8f(
-    value: typing.Optional[builtins.str],
+def _typecheckingstub__a919e4dbcd673724e15009ab41b3a97b27ecfabae06ad4b152e2793162be4ddc(
+    value: builtins.str,
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__2a940342f0dba5155f5628025cb840051cc96e969cc988dd60f36269d57e2ccd(
+def _typecheckingstub__48a346a5915bdb2f2af2271886d8088c817fdc4bbf7e9f976a58166a6d451959(
     value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
     pass
 
-def _typecheckingstub__a919e4dbcd673724e15009ab41b3a97b27ecfabae06ad4b152e2793162be4ddc(
+def _typecheckingstub__d76609fcbed2d16e8e3d770136dd8f1d34ef69ecf949487325d62e1df3feba8f(
     value: typing.Optional[builtins.str],
 ) -> None:
     """Type checking stubs"""
@@ -4152,11 +4191,11 @@ def _typecheckingstub__4f4804a72c05070a8a25405f065b49dd3914286fabb20ae070705b9bd
 
 def _typecheckingstub__6f44ad794e7dbae18bc70d670d096dac3d980dc5e20e5c9703013ddb79dd0e03(
     *,
+    detector_id: builtins.str,
     finding_criteria: typing.Union[_IResolvable_da3f097b, typing.Union[CfnFilter.FindingCriteriaProperty, typing.Dict[builtins.str, typing.Any]]],
+    name: builtins.str,
     action: typing.Optional[builtins.str] = None,
     description: typing.Optional[builtins.str] = None,
-    detector_id: typing.Optional[builtins.str] = None,
-    name: typing.Optional[builtins.str] = None,
     rank: typing.Optional[jsii.Number] = None,
     tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
 ) -> None: