# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::GuardDuty module Types # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty member account. # @return [String] # # @!attribute [rw] administrator_id # The account ID of the GuardDuty administrator account whose # invitation you're accepting. # @return [String] # # @!attribute [rw] invitation_id # The value that is used to validate the administrator account to the # member account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AcceptAdministratorInvitationRequest AWS API Documentation # class AcceptAdministratorInvitationRequest < Struct.new( :detector_id, :administrator_id, :invitation_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AcceptAdministratorInvitationResponse AWS API Documentation # class AcceptAdministratorInvitationResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty member account. # @return [String] # # @!attribute [rw] master_id # The account ID of the GuardDuty administrator account whose # invitation you're accepting. # @return [String] # # @!attribute [rw] invitation_id # The value that is used to validate the administrator account to the # member account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AcceptInvitationRequest AWS API Documentation # class AcceptInvitationRequest < Struct.new( :detector_id, :master_id, :invitation_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AcceptInvitationResponse AWS API Documentation # class AcceptInvitationResponse < Aws::EmptyStructure; end # Contains information on the current access control policies for the # bucket. # # @!attribute [rw] allows_public_read_access # A value that indicates whether public read access for the bucket is # enabled through an Access Control List (ACL). # @return [Boolean] # # @!attribute [rw] allows_public_write_access # A value that indicates whether public write access for the bucket is # enabled through an Access Control List (ACL). # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AccessControlList AWS API Documentation # class AccessControlList < Struct.new( :allows_public_read_access, :allows_public_write_access) SENSITIVE = [] include Aws::Structure end # Contains information about the access keys. # # @!attribute [rw] access_key_id # The access key ID of the user. # @return [String] # # @!attribute [rw] principal_id # The principal ID of the user. # @return [String] # # @!attribute [rw] user_name # The name of the user. # @return [String] # # @!attribute [rw] user_type # The type of the user. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AccessKeyDetails AWS API Documentation # class AccessKeyDetails < Struct.new( :access_key_id, :principal_id, :user_name, :user_type) SENSITIVE = [] include Aws::Structure end # Contains information about the account. # # @!attribute [rw] account_id # The member account ID. # @return [String] # # @!attribute [rw] email # The email address of the member account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AccountDetail AWS API Documentation # class AccountDetail < Struct.new( :account_id, :email) SENSITIVE = [] include Aws::Structure end # Provides details of the GuardDuty member account that uses a free # trial service. # # @!attribute [rw] account_id # The account identifier of the GuardDuty member account. # @return [String] # # @!attribute [rw] data_sources # Describes the data source enabled for the GuardDuty member account. # @return [Types::DataSourcesFreeTrial] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AccountFreeTrialInfo AWS API Documentation # class AccountFreeTrialInfo < Struct.new( :account_id, :data_sources) SENSITIVE = [] include Aws::Structure end # Contains information about the account level permissions on the S3 # bucket. # # @!attribute [rw] block_public_access # Describes the S3 Block Public Access settings of the bucket's # parent account. # @return [Types::BlockPublicAccess] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AccountLevelPermissions AWS API Documentation # class AccountLevelPermissions < Struct.new( :block_public_access) SENSITIVE = [] include Aws::Structure end # Contains information about actions. # # @!attribute [rw] action_type # The GuardDuty finding activity type. # @return [String] # # @!attribute [rw] aws_api_call_action # Information about the AWS\_API\_CALL action described in this # finding. # @return [Types::AwsApiCallAction] # # @!attribute [rw] dns_request_action # Information about the DNS\_REQUEST action described in this finding. # @return [Types::DnsRequestAction] # # @!attribute [rw] network_connection_action # Information about the NETWORK\_CONNECTION action described in this # finding. # @return [Types::NetworkConnectionAction] # # @!attribute [rw] port_probe_action # Information about the PORT\_PROBE action described in this finding. # @return [Types::PortProbeAction] # # @!attribute [rw] kubernetes_api_call_action # Information about the Kubernetes API call action described in this # finding. # @return [Types::KubernetesApiCallAction] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Action AWS API Documentation # class Action < Struct.new( :action_type, :aws_api_call_action, :dns_request_action, :network_connection_action, :port_probe_action, :kubernetes_api_call_action) SENSITIVE = [] include Aws::Structure end # The account within the organization specified as the GuardDuty # delegated administrator. # # @!attribute [rw] admin_account_id # The Amazon Web Services account ID for the account. # @return [String] # # @!attribute [rw] admin_status # Indicates whether the account is enabled as the delegated # administrator. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AdminAccount AWS API Documentation # class AdminAccount < Struct.new( :admin_account_id, :admin_status) SENSITIVE = [] include Aws::Structure end # Contains information about the administrator account and invitation. # # @!attribute [rw] account_id # The ID of the account used as the administrator account. # @return [String] # # @!attribute [rw] invitation_id # The value that is used to validate the administrator account to the # member account. # @return [String] # # @!attribute [rw] relationship_status # The status of the relationship between the administrator and member # accounts. # @return [String] # # @!attribute [rw] invited_at # The timestamp when the invitation was sent. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Administrator AWS API Documentation # class Administrator < Struct.new( :account_id, :invitation_id, :relationship_status, :invited_at) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector that specifies the GuardDuty service whose # findings you want to archive. # @return [String] # # @!attribute [rw] finding_ids # The IDs of the findings that you want to archive. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ArchiveFindingsRequest AWS API Documentation # class ArchiveFindingsRequest < Struct.new( :detector_id, :finding_ids) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ArchiveFindingsResponse AWS API Documentation # class ArchiveFindingsResponse < Aws::EmptyStructure; end # Contains information about the API action. # # @!attribute [rw] api # The Amazon Web Services API name. # @return [String] # # @!attribute [rw] caller_type # The Amazon Web Services API caller type. # @return [String] # # @!attribute [rw] domain_details # The domain information for the Amazon Web Services API call. # @return [Types::DomainDetails] # # @!attribute [rw] error_code # The error code of the failed Amazon Web Services API action. # @return [String] # # @!attribute [rw] user_agent # The agent through which the API request was made. # @return [String] # # @!attribute [rw] remote_ip_details # The remote IP information of the connection that initiated the # Amazon Web Services API call. # @return [Types::RemoteIpDetails] # # @!attribute [rw] service_name # The Amazon Web Services service name whose API was invoked. # @return [String] # # @!attribute [rw] remote_account_details # The details of the Amazon Web Services account that made the API # call. This field appears if the call was made from outside your # account. # @return [Types::RemoteAccountDetails] # # @!attribute [rw] affected_resources # The details of the Amazon Web Services account that made the API # call. This field identifies the resources that were affected by this # API call. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/AwsApiCallAction AWS API Documentation # class AwsApiCallAction < Struct.new( :api, :caller_type, :domain_details, :error_code, :user_agent, :remote_ip_details, :service_name, :remote_account_details, :affected_resources) SENSITIVE = [] include Aws::Structure end # A bad request exception object. # # @!attribute [rw] message # The error message. # @return [String] # # @!attribute [rw] type # The error type. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/BadRequestException AWS API Documentation # class BadRequestException < Struct.new( :message, :type) SENSITIVE = [] include Aws::Structure end # Contains information on how the bucker owner's S3 Block Public Access # settings are being applied to the S3 bucket. See [S3 Block Public # Access][1] for more information. # # # # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html # # @!attribute [rw] ignore_public_acls # Indicates if S3 Block Public Access is set to `IgnorePublicAcls`. # @return [Boolean] # # @!attribute [rw] restrict_public_buckets # Indicates if S3 Block Public Access is set to # `RestrictPublicBuckets`. # @return [Boolean] # # @!attribute [rw] block_public_acls # Indicates if S3 Block Public Access is set to `BlockPublicAcls`. # @return [Boolean] # # @!attribute [rw] block_public_policy # Indicates if S3 Block Public Access is set to `BlockPublicPolicy`. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/BlockPublicAccess AWS API Documentation # class BlockPublicAccess < Struct.new( :ignore_public_acls, :restrict_public_buckets, :block_public_acls, :block_public_policy) SENSITIVE = [] include Aws::Structure end # Contains information about the bucket level permissions for the S3 # bucket. # # @!attribute [rw] access_control_list # Contains information on how Access Control Policies are applied to # the bucket. # @return [Types::AccessControlList] # # @!attribute [rw] bucket_policy # Contains information on the bucket policies for the S3 bucket. # @return [Types::BucketPolicy] # # @!attribute [rw] block_public_access # Contains information on which account level S3 Block Public Access # settings are applied to the S3 bucket. # @return [Types::BlockPublicAccess] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/BucketLevelPermissions AWS API Documentation # class BucketLevelPermissions < Struct.new( :access_control_list, :bucket_policy, :block_public_access) SENSITIVE = [] include Aws::Structure end # Contains information on the current bucket policies for the S3 bucket. # # @!attribute [rw] allows_public_read_access # A value that indicates whether public read access for the bucket is # enabled through a bucket policy. # @return [Boolean] # # @!attribute [rw] allows_public_write_access # A value that indicates whether public write access for the bucket is # enabled through a bucket policy. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/BucketPolicy AWS API Documentation # class BucketPolicy < Struct.new( :allows_public_read_access, :allows_public_write_access) SENSITIVE = [] include Aws::Structure end # Contains information about the city associated with the IP address. # # @!attribute [rw] city_name # The city name of the remote IP address. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/City AWS API Documentation # class City < Struct.new( :city_name) SENSITIVE = [] include Aws::Structure end # Contains information on the status of CloudTrail as a data source for # the detector. # # @!attribute [rw] status # Describes whether CloudTrail is enabled as a data source for the # detector. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CloudTrailConfigurationResult AWS API Documentation # class CloudTrailConfigurationResult < Struct.new( :status) SENSITIVE = [] include Aws::Structure end # Contains information about the condition. # # @!attribute [rw] eq # Represents the *equal* condition to be applied to a single field # when querying for findings. # @return [Array] # # @!attribute [rw] neq # Represents the *not equal* condition to be applied to a single field # when querying for findings. # @return [Array] # # @!attribute [rw] gt # Represents a *greater than* condition to be applied to a single # field when querying for findings. # @return [Integer] # # @!attribute [rw] gte # Represents a *greater than or equal* condition to be applied to a # single field when querying for findings. # @return [Integer] # # @!attribute [rw] lt # Represents a *less than* condition to be applied to a single field # when querying for findings. # @return [Integer] # # @!attribute [rw] lte # Represents a *less than or equal* condition to be applied to a # single field when querying for findings. # @return [Integer] # # @!attribute [rw] equals # Represents an *equal* **** condition to be applied to a single field # when querying for findings. # @return [Array] # # @!attribute [rw] not_equals # Represents a *not equal* **** condition to be applied to a single # field when querying for findings. # @return [Array] # # @!attribute [rw] greater_than # Represents a *greater than* condition to be applied to a single # field when querying for findings. # @return [Integer] # # @!attribute [rw] greater_than_or_equal # Represents a *greater than or equal* condition to be applied to a # single field when querying for findings. # @return [Integer] # # @!attribute [rw] less_than # Represents a *less than* condition to be applied to a single field # when querying for findings. # @return [Integer] # # @!attribute [rw] less_than_or_equal # Represents a *less than or equal* condition to be applied to a # single field when querying for findings. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Condition AWS API Documentation # class Condition < Struct.new( :eq, :neq, :gt, :gte, :lt, :lte, :equals, :not_equals, :greater_than, :greater_than_or_equal, :less_than, :less_than_or_equal) SENSITIVE = [] include Aws::Structure end # Details of a container. # # @!attribute [rw] container_runtime # The container runtime (such as, Docker or containerd) used to run # the container. # @return [String] # # @!attribute [rw] id # Container ID. # @return [String] # # @!attribute [rw] name # Container name. # @return [String] # # @!attribute [rw] image # Container image. # @return [String] # # @!attribute [rw] image_prefix # Part of the image name before the last slash. For example, # imagePrefix for public.ecr.aws/amazonlinux/amazonlinux:latest would # be public.ecr.aws/amazonlinux. If the image name is relative and # does not have a slash, this field is empty. # @return [String] # # @!attribute [rw] volume_mounts # Container volume mounts. # @return [Array] # # @!attribute [rw] security_context # Container security context. # @return [Types::SecurityContext] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Container AWS API Documentation # class Container < Struct.new( :container_runtime, :id, :name, :image, :image_prefix, :volume_mounts, :security_context) SENSITIVE = [] include Aws::Structure end # Contains information about the country where the remote IP address is # located. # # @!attribute [rw] country_code # The country code of the remote IP address. # @return [String] # # @!attribute [rw] country_name # The country name of the remote IP address. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Country AWS API Documentation # class Country < Struct.new( :country_code, :country_name) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] enable # A Boolean value that specifies whether the detector is to be # enabled. # @return [Boolean] # # @!attribute [rw] client_token # The idempotency token for the create request. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # @return [String] # # @!attribute [rw] finding_publishing_frequency # A value that specifies how frequently updated findings are exported. # @return [String] # # @!attribute [rw] data_sources # Describes which data sources will be enabled for the detector. # @return [Types::DataSourceConfigurations] # # @!attribute [rw] tags # The tags to be added to a new detector resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateDetectorRequest AWS API Documentation # class CreateDetectorRequest < Struct.new( :enable, :client_token, :finding_publishing_frequency, :data_sources, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the created detector. # @return [String] # # @!attribute [rw] unprocessed_data_sources # Specifies the data sources that couldn't be enabled when GuardDuty # was enabled for the first time. # @return [Types::UnprocessedDataSourcesResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateDetectorResponse AWS API Documentation # class CreateDetectorResponse < Struct.new( :detector_id, :unprocessed_data_sources) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector belonging to the GuardDuty account that you # want to create a filter for. # @return [String] # # @!attribute [rw] name # The name of the filter. Valid characters include period (.), # underscore (\_), dash (-), and alphanumeric characters. A whitespace # is considered to be an invalid character. # @return [String] # # @!attribute [rw] description # The description of the filter. Valid special characters include # period (.), underscore (\_), dash (-), and whitespace. The new line # character is considered to be an invalid input for description. # @return [String] # # @!attribute [rw] action # Specifies the action that is to be applied to the findings that # match the filter. # @return [String] # # @!attribute [rw] rank # Specifies the position of the filter in the list of current filters. # Also specifies the order in which this filter is applied to the # findings. # @return [Integer] # # @!attribute [rw] finding_criteria # Represents the criteria to be used in the filter for querying # findings. # # You can only use the following attributes to query findings: # # * accountId # # * region # # * confidence # # * id # # * resource.accessKeyDetails.accessKeyId # # * resource.accessKeyDetails.principalId # # * resource.accessKeyDetails.userName # # * resource.accessKeyDetails.userType # # * resource.instanceDetails.iamInstanceProfile.id # # * resource.instanceDetails.imageId # # * resource.instanceDetails.instanceId # # * resource.instanceDetails.outpostArn # # * resource.instanceDetails.networkInterfaces.ipv6Addresses # # * resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress # # * resource.instanceDetails.networkInterfaces.publicDnsName # # * resource.instanceDetails.networkInterfaces.publicIp # # * resource.instanceDetails.networkInterfaces.securityGroups.groupId # # * resource.instanceDetails.networkInterfaces.securityGroups.groupName # # * resource.instanceDetails.networkInterfaces.subnetId # # * resource.instanceDetails.networkInterfaces.vpcId # # * resource.instanceDetails.tags.key # # * resource.instanceDetails.tags.value # # * resource.resourceType # # * service.action.actionType # # * service.action.awsApiCallAction.api # # * service.action.awsApiCallAction.callerType # # * service.action.awsApiCallAction.errorCode # # * service.action.awsApiCallAction.userAgent # # * service.action.awsApiCallAction.remoteIpDetails.city.cityName # # * service.action.awsApiCallAction.remoteIpDetails.country.countryName # # * service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 # # * service.action.awsApiCallAction.remoteIpDetails.organization.asn # # * service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg # # * service.action.awsApiCallAction.serviceName # # * service.action.dnsRequestAction.domain # # * service.action.networkConnectionAction.blocked # # * service.action.networkConnectionAction.connectionDirection # # * service.action.networkConnectionAction.localPortDetails.port # # * service.action.networkConnectionAction.protocol # # * service.action.networkConnectionAction.localIpDetails.ipAddressV4 # # * service.action.networkConnectionAction.remoteIpDetails.city.cityName # # * service.action.networkConnectionAction.remoteIpDetails.country.countryName # # * service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 # # * service.action.networkConnectionAction.remoteIpDetails.organization.asn # # * service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg # # * service.action.networkConnectionAction.remotePortDetails.port # # * service.additionalInfo.threatListName # # * resource.s3BucketDetails.publicAccess.effectivePermissions # # * resource.s3BucketDetails.name # # * resource.s3BucketDetails.tags.key # # * resource.s3BucketDetails.tags.value # # * resource.s3BucketDetails.type # # * service.archived # # When this attribute is set to TRUE, only archived findings are # listed. When it's set to FALSE, only unarchived findings are # listed. When this attribute is not set, all existing findings are # listed. # # * service.resourceRole # # * severity # # * type # # * updatedAt # # Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or # YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains # milliseconds. # @return [Types::FindingCriteria] # # @!attribute [rw] client_token # The idempotency token for the create request. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # @return [String] # # @!attribute [rw] tags # The tags to be added to a new filter resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateFilterRequest AWS API Documentation # class CreateFilterRequest < Struct.new( :detector_id, :name, :description, :action, :rank, :finding_criteria, :client_token, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the successfully created filter. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateFilterResponse AWS API Documentation # class CreateFilterResponse < Struct.new( :name) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty account that you want # to create an IPSet for. # @return [String] # # @!attribute [rw] name # The user-friendly name to identify the IPSet. # # Allowed characters are alphanumerics, spaces, hyphens (-), and # underscores (\_). # @return [String] # # @!attribute [rw] format # The format of the file that contains the IPSet. # @return [String] # # @!attribute [rw] location # The URI of the file that contains the IPSet. # @return [String] # # @!attribute [rw] activate # A Boolean value that indicates whether GuardDuty is to start using # the uploaded IPSet. # @return [Boolean] # # @!attribute [rw] client_token # The idempotency token for the create request. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # @return [String] # # @!attribute [rw] tags # The tags to be added to a new IP set resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateIPSetRequest AWS API Documentation # class CreateIPSetRequest < Struct.new( :detector_id, :name, :format, :location, :activate, :client_token, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] ip_set_id # The ID of the IPSet resource. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateIPSetResponse AWS API Documentation # class CreateIPSetResponse < Struct.new( :ip_set_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty account that you want # to associate member accounts with. # @return [String] # # @!attribute [rw] account_details # A list of account ID and email address pairs of the accounts that # you want to associate with the GuardDuty administrator account. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateMembersRequest AWS API Documentation # class CreateMembersRequest < Struct.new( :detector_id, :account_details) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # A list of objects that include the `accountIds` of the unprocessed # accounts and a result string that explains why each was unprocessed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateMembersResponse AWS API Documentation # class CreateMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the GuardDuty detector associated with the publishing # destination. # @return [String] # # @!attribute [rw] destination_type # The type of resource for the publishing destination. Currently only # Amazon S3 buckets are supported. # @return [String] # # @!attribute [rw] destination_properties # The properties of the publishing destination, including the ARNs for # the destination and the KMS key used for encryption. # @return [Types::DestinationProperties] # # @!attribute [rw] client_token # The idempotency token for the request. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreatePublishingDestinationRequest AWS API Documentation # class CreatePublishingDestinationRequest < Struct.new( :detector_id, :destination_type, :destination_properties, :client_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] destination_id # The ID of the publishing destination that is created. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreatePublishingDestinationResponse AWS API Documentation # class CreatePublishingDestinationResponse < Struct.new( :destination_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector to create sample findings for. # @return [String] # # @!attribute [rw] finding_types # The types of sample findings to generate. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateSampleFindingsRequest AWS API Documentation # class CreateSampleFindingsRequest < Struct.new( :detector_id, :finding_types) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateSampleFindingsResponse AWS API Documentation # class CreateSampleFindingsResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty account that you want # to create a threatIntelSet for. # @return [String] # # @!attribute [rw] name # A user-friendly ThreatIntelSet name displayed in all findings that # are generated by activity that involves IP addresses included in # this ThreatIntelSet. # @return [String] # # @!attribute [rw] format # The format of the file that contains the ThreatIntelSet. # @return [String] # # @!attribute [rw] location # The URI of the file that contains the ThreatIntelSet. # @return [String] # # @!attribute [rw] activate # A Boolean value that indicates whether GuardDuty is to start using # the uploaded ThreatIntelSet. # @return [Boolean] # # @!attribute [rw] client_token # The idempotency token for the create request. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # @return [String] # # @!attribute [rw] tags # The tags to be added to a new threat list resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateThreatIntelSetRequest AWS API Documentation # class CreateThreatIntelSetRequest < Struct.new( :detector_id, :name, :format, :location, :activate, :client_token, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] threat_intel_set_id # The ID of the ThreatIntelSet resource. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateThreatIntelSetResponse AWS API Documentation # class CreateThreatIntelSetResponse < Struct.new( :threat_intel_set_id) SENSITIVE = [] include Aws::Structure end # Contains information on the status of DNS logs as a data source. # # @!attribute [rw] status # Denotes whether DNS logs is enabled as a data source. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DNSLogsConfigurationResult AWS API Documentation # class DNSLogsConfigurationResult < Struct.new( :status) SENSITIVE = [] include Aws::Structure end # Contains information about which data sources are enabled. # # @!attribute [rw] s3_logs # Describes whether S3 data event logs are enabled as a data source. # @return [Types::S3LogsConfiguration] # # @!attribute [rw] kubernetes # Describes whether any Kubernetes logs are enabled as data sources. # @return [Types::KubernetesConfiguration] # # @!attribute [rw] malware_protection # Describes whether Malware Protection is enabled as a data source. # @return [Types::MalwareProtectionConfiguration] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurations AWS API Documentation # class DataSourceConfigurations < Struct.new( :s3_logs, :kubernetes, :malware_protection) SENSITIVE = [] include Aws::Structure end # Contains information on the status of data sources for the detector. # # @!attribute [rw] cloud_trail # An object that contains information on the status of CloudTrail as a # data source. # @return [Types::CloudTrailConfigurationResult] # # @!attribute [rw] dns_logs # An object that contains information on the status of DNS logs as a # data source. # @return [Types::DNSLogsConfigurationResult] # # @!attribute [rw] flow_logs # An object that contains information on the status of VPC flow logs # as a data source. # @return [Types::FlowLogsConfigurationResult] # # @!attribute [rw] s3_logs # An object that contains information on the status of S3 Data event # logs as a data source. # @return [Types::S3LogsConfigurationResult] # # @!attribute [rw] kubernetes # An object that contains information on the status of all Kubernetes # data sources. # @return [Types::KubernetesConfigurationResult] # # @!attribute [rw] malware_protection # Describes the configuration of Malware Protection data sources. # @return [Types::MalwareProtectionConfigurationResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceConfigurationsResult AWS API Documentation # class DataSourceConfigurationsResult < Struct.new( :cloud_trail, :dns_logs, :flow_logs, :s3_logs, :kubernetes, :malware_protection) SENSITIVE = [] include Aws::Structure end # Contains information about which data sources are enabled for the # GuardDuty member account. # # @!attribute [rw] free_trial_days_remaining # A value that specifies the number of days left to use each enabled # data source. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourceFreeTrial AWS API Documentation # class DataSourceFreeTrial < Struct.new( :free_trial_days_remaining) SENSITIVE = [] include Aws::Structure end # Contains information about which data sources are enabled for the # GuardDuty member account. # # @!attribute [rw] cloud_trail # Describes whether any Amazon Web Services CloudTrail management # event logs are enabled as data sources. # @return [Types::DataSourceFreeTrial] # # @!attribute [rw] dns_logs # Describes whether any DNS logs are enabled as data sources. # @return [Types::DataSourceFreeTrial] # # @!attribute [rw] flow_logs # Describes whether any VPC Flow logs are enabled as data sources. # @return [Types::DataSourceFreeTrial] # # @!attribute [rw] s3_logs # Describes whether any S3 data event logs are enabled as data # sources. # @return [Types::DataSourceFreeTrial] # # @!attribute [rw] kubernetes # Describes whether any Kubernetes logs are enabled as data sources. # @return [Types::KubernetesDataSourceFreeTrial] # # @!attribute [rw] malware_protection # Describes whether Malware Protection is enabled as a data source. # @return [Types::MalwareProtectionDataSourceFreeTrial] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DataSourcesFreeTrial AWS API Documentation # class DataSourcesFreeTrial < Struct.new( :cloud_trail, :dns_logs, :flow_logs, :s3_logs, :kubernetes, :malware_protection) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] account_ids # A list of account IDs of the Amazon Web Services accounts that sent # invitations to the current member account that you want to decline # invitations from. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeclineInvitationsRequest AWS API Documentation # class DeclineInvitationsRequest < Struct.new( :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # A list of objects that contain the unprocessed account and a result # string that explains why it was unprocessed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeclineInvitationsResponse AWS API Documentation # class DeclineInvitationsResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # Contains information on the server side encryption method used in the # S3 bucket. See [S3 Server-Side Encryption][1] for more information. # # # # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html # # @!attribute [rw] encryption_type # The type of encryption used for objects within the S3 bucket. # @return [String] # # @!attribute [rw] kms_master_key_arn # The Amazon Resource Name (ARN) of the KMS encryption key. Only # available if the bucket `EncryptionType` is `aws:kms`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DefaultServerSideEncryption AWS API Documentation # class DefaultServerSideEncryption < Struct.new( :encryption_type, :kms_master_key_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that you want to delete. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteDetectorRequest AWS API Documentation # class DeleteDetectorRequest < Struct.new( :detector_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteDetectorResponse AWS API Documentation # class DeleteDetectorResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector that the filter is associated with. # @return [String] # # @!attribute [rw] filter_name # The name of the filter that you want to delete. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteFilterRequest AWS API Documentation # class DeleteFilterRequest < Struct.new( :detector_id, :filter_name) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteFilterResponse AWS API Documentation # class DeleteFilterResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector associated with the IPSet. # @return [String] # # @!attribute [rw] ip_set_id # The unique ID of the IPSet to delete. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteIPSetRequest AWS API Documentation # class DeleteIPSetRequest < Struct.new( :detector_id, :ip_set_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteIPSetResponse AWS API Documentation # class DeleteIPSetResponse < Aws::EmptyStructure; end # @!attribute [rw] account_ids # A list of account IDs of the Amazon Web Services accounts that sent # invitations to the current member account that you want to delete # invitations from. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteInvitationsRequest AWS API Documentation # class DeleteInvitationsRequest < Struct.new( :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # A list of objects that contain the unprocessed account and a result # string that explains why it was unprocessed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteInvitationsResponse AWS API Documentation # class DeleteInvitationsResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty account whose members # you want to delete. # @return [String] # # @!attribute [rw] account_ids # A list of account IDs of the GuardDuty member accounts that you want # to delete. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteMembersRequest AWS API Documentation # class DeleteMembersRequest < Struct.new( :detector_id, :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # The accounts that could not be processed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteMembersResponse AWS API Documentation # class DeleteMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector associated with the publishing # destination to delete. # @return [String] # # @!attribute [rw] destination_id # The ID of the publishing destination to delete. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeletePublishingDestinationRequest AWS API Documentation # class DeletePublishingDestinationRequest < Struct.new( :detector_id, :destination_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeletePublishingDestinationResponse AWS API Documentation # class DeletePublishingDestinationResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector that the threatIntelSet is associated # with. # @return [String] # # @!attribute [rw] threat_intel_set_id # The unique ID of the threatIntelSet that you want to delete. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteThreatIntelSetRequest AWS API Documentation # class DeleteThreatIntelSetRequest < Struct.new( :detector_id, :threat_intel_set_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteThreatIntelSetResponse AWS API Documentation # class DeleteThreatIntelSetResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector that the request is associated with. # @return [String] # # @!attribute [rw] next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For # subsequent calls to the action, fill nextToken in the request with # the value of NextToken from the previous response to continue # listing data. # @return [String] # # @!attribute [rw] max_results # You can use this parameter to indicate the maximum number of items # that you want in the response. The default value is 50. The maximum # value is 50. # @return [Integer] # # @!attribute [rw] filter_criteria # Represents the criteria to be used in the filter for describing scan # entries. # @return [Types::FilterCriteria] # # @!attribute [rw] sort_criteria # Represents the criteria used for sorting scan entries. # @return [Types::SortCriteria] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeMalwareScansRequest AWS API Documentation # class DescribeMalwareScansRequest < Struct.new( :detector_id, :next_token, :max_results, :filter_criteria, :sort_criteria) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] scans # Contains information about malware scans. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeMalwareScansResponse AWS API Documentation # class DescribeMalwareScansResponse < Struct.new( :scans, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector to retrieve information about the delegated # administrator from. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeOrganizationConfigurationRequest AWS API Documentation # class DescribeOrganizationConfigurationRequest < Struct.new( :detector_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] auto_enable # Indicates whether GuardDuty is automatically enabled for accounts # added to the organization. # @return [Boolean] # # @!attribute [rw] member_account_limit_reached # Indicates whether the maximum number of allowed member accounts are # already associated with the delegated administrator account for your # organization. # @return [Boolean] # # @!attribute [rw] data_sources # Describes which data sources are enabled automatically for member # accounts. # @return [Types::OrganizationDataSourceConfigurationsResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeOrganizationConfigurationResponse AWS API Documentation # class DescribeOrganizationConfigurationResponse < Struct.new( :auto_enable, :member_account_limit_reached, :data_sources) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector associated with the publishing # destination to retrieve. # @return [String] # # @!attribute [rw] destination_id # The ID of the publishing destination to retrieve. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribePublishingDestinationRequest AWS API Documentation # class DescribePublishingDestinationRequest < Struct.new( :detector_id, :destination_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] destination_id # The ID of the publishing destination. # @return [String] # # @!attribute [rw] destination_type # The type of publishing destination. Currently, only Amazon S3 # buckets are supported. # @return [String] # # @!attribute [rw] status # The status of the publishing destination. # @return [String] # # @!attribute [rw] publishing_failure_start_timestamp # The time, in epoch millisecond format, at which GuardDuty was first # unable to publish findings to the destination. # @return [Integer] # # @!attribute [rw] destination_properties # A `DestinationProperties` object that includes the `DestinationArn` # and `KmsKeyArn` of the publishing destination. # @return [Types::DestinationProperties] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribePublishingDestinationResponse AWS API Documentation # class DescribePublishingDestinationResponse < Struct.new( :destination_id, :destination_type, :status, :publishing_failure_start_timestamp, :destination_properties) SENSITIVE = [] include Aws::Structure end # Contains information about the publishing destination, including the # ID, type, and status. # # @!attribute [rw] destination_id # The unique ID of the publishing destination. # @return [String] # # @!attribute [rw] destination_type # The type of resource used for the publishing destination. Currently, # only Amazon S3 buckets are supported. # @return [String] # # @!attribute [rw] status # The status of the publishing destination. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Destination AWS API Documentation # class Destination < Struct.new( :destination_id, :destination_type, :status) SENSITIVE = [] include Aws::Structure end # Contains the Amazon Resource Name (ARN) of the resource to publish to, # such as an S3 bucket, and the ARN of the KMS key to use to encrypt # published findings. # # @!attribute [rw] destination_arn # The ARN of the resource to publish to. # # To specify an S3 bucket folder use the following format: # `arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/` # @return [String] # # @!attribute [rw] kms_key_arn # The ARN of the KMS key to use for encryption. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DestinationProperties AWS API Documentation # class DestinationProperties < Struct.new( :destination_arn, :kms_key_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] admin_account_id # The Amazon Web Services Account ID for the organizations account to # be disabled as a GuardDuty delegated administrator. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisableOrganizationAdminAccountRequest AWS API Documentation # class DisableOrganizationAdminAccountRequest < Struct.new( :admin_account_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisableOrganizationAdminAccountResponse AWS API Documentation # class DisableOrganizationAdminAccountResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty member account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisassociateFromAdministratorAccountRequest AWS API Documentation # class DisassociateFromAdministratorAccountRequest < Struct.new( :detector_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisassociateFromAdministratorAccountResponse AWS API Documentation # class DisassociateFromAdministratorAccountResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty member account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisassociateFromMasterAccountRequest AWS API Documentation # class DisassociateFromMasterAccountRequest < Struct.new( :detector_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisassociateFromMasterAccountResponse AWS API Documentation # class DisassociateFromMasterAccountResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty account whose members # you want to disassociate from the administrator account. # @return [String] # # @!attribute [rw] account_ids # A list of account IDs of the GuardDuty member accounts that you want # to disassociate from the administrator account. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisassociateMembersRequest AWS API Documentation # class DisassociateMembersRequest < Struct.new( :detector_id, :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # A list of objects that contain the unprocessed account and a result # string that explains why it was unprocessed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisassociateMembersResponse AWS API Documentation # class DisassociateMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # Contains information about the DNS\_REQUEST action described in this # finding. # # @!attribute [rw] domain # The domain information for the API request. # @return [String] # # @!attribute [rw] protocol # The network connection protocol observed in the activity that # prompted GuardDuty to generate the finding. # @return [String] # # @!attribute [rw] blocked # Indicates whether the targeted port is blocked. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DnsRequestAction AWS API Documentation # class DnsRequestAction < Struct.new( :domain, :protocol, :blocked) SENSITIVE = [] include Aws::Structure end # Contains information about the domain. # # @!attribute [rw] domain # The domain information for the Amazon Web Services API call. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DomainDetails AWS API Documentation # class DomainDetails < Struct.new( :domain) SENSITIVE = [] include Aws::Structure end # Contains list of scanned and skipped EBS volumes with details. # # @!attribute [rw] scanned_volume_details # List of EBS volumes that were scanned. # @return [Array] # # @!attribute [rw] skipped_volume_details # List of EBS volumes that were skipped from the malware scan. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumeDetails AWS API Documentation # class EbsVolumeDetails < Struct.new( :scanned_volume_details, :skipped_volume_details) SENSITIVE = [] include Aws::Structure end # Contains details from the malware scan that created a finding. # # @!attribute [rw] scan_id # Unique Id of the malware scan that generated the finding. # @return [String] # # @!attribute [rw] scan_started_at # Returns the start date and time of the malware scan. # @return [Time] # # @!attribute [rw] scan_completed_at # Returns the completion date and time of the malware scan. # @return [Time] # # @!attribute [rw] trigger_finding_id # GuardDuty finding ID that triggered a malware scan. # @return [String] # # @!attribute [rw] sources # Contains list of threat intelligence sources used to detect threats. # @return [Array] # # @!attribute [rw] scan_detections # Contains a complete view providing malware scan result details. # @return [Types::ScanDetections] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumeScanDetails AWS API Documentation # class EbsVolumeScanDetails < Struct.new( :scan_id, :scan_started_at, :scan_completed_at, :trigger_finding_id, :sources, :scan_detections) SENSITIVE = [] include Aws::Structure end # Describes the configuration of scanning EBS volumes as a data source. # # @!attribute [rw] status # Describes whether scanning EBS volumes is enabled as a data source. # @return [String] # # @!attribute [rw] reason # Specifies the reason why scanning EBS volumes (Malware Protection) # was not enabled as a data source. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EbsVolumesResult AWS API Documentation # class EbsVolumesResult < Struct.new( :status, :reason) SENSITIVE = [] include Aws::Structure end # Contains information about the details of the ECS Cluster. # # @!attribute [rw] name # The name of the ECS Cluster. # @return [String] # # @!attribute [rw] arn # The Amazon Resource Name (ARN) that identifies the cluster. # @return [String] # # @!attribute [rw] status # The status of the ECS cluster. # @return [String] # # @!attribute [rw] active_services_count # The number of services that are running on the cluster in an ACTIVE # state. # @return [Integer] # # @!attribute [rw] registered_container_instances_count # The number of container instances registered into the cluster. # @return [Integer] # # @!attribute [rw] running_tasks_count # The number of tasks in the cluster that are in the RUNNING state. # @return [Integer] # # @!attribute [rw] tags # The tags of the ECS Cluster. # @return [Array] # # @!attribute [rw] task_details # Contains information about the details of the ECS Task. # @return [Types::EcsTaskDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EcsClusterDetails AWS API Documentation # class EcsClusterDetails < Struct.new( :name, :arn, :status, :active_services_count, :registered_container_instances_count, :running_tasks_count, :tags, :task_details) SENSITIVE = [] include Aws::Structure end # Contains information about the task in an ECS cluster. # # @!attribute [rw] arn # The Amazon Resource Name (ARN) of the task. # @return [String] # # @!attribute [rw] definition_arn # The ARN of the task definition that creates the task. # @return [String] # # @!attribute [rw] version # The version counter for the task. # @return [String] # # @!attribute [rw] task_created_at # The Unix timestamp for the time when the task was created. # @return [Time] # # @!attribute [rw] started_at # The Unix timestamp for the time when the task started. # @return [Time] # # @!attribute [rw] started_by # Contains the tag specified when a task is started. # @return [String] # # @!attribute [rw] tags # The tags of the ECS Task. # @return [Array] # # @!attribute [rw] volumes # The list of data volume definitions for the task. # @return [Array] # # @!attribute [rw] containers # The containers that's associated with the task. # @return [Array] # # @!attribute [rw] group # The name of the task group that's associated with the task. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EcsTaskDetails AWS API Documentation # class EcsTaskDetails < Struct.new( :arn, :definition_arn, :version, :task_created_at, :started_at, :started_by, :tags, :volumes, :containers, :group) SENSITIVE = [] include Aws::Structure end # Details about the EKS cluster involved in a Kubernetes finding. # # @!attribute [rw] name # EKS cluster name. # @return [String] # # @!attribute [rw] arn # EKS cluster ARN. # @return [String] # # @!attribute [rw] vpc_id # The VPC ID to which the EKS cluster is attached. # @return [String] # # @!attribute [rw] status # The EKS cluster status. # @return [String] # # @!attribute [rw] tags # The EKS cluster tags. # @return [Array] # # @!attribute [rw] created_at # The timestamp when the EKS cluster was created. # @return [Time] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EksClusterDetails AWS API Documentation # class EksClusterDetails < Struct.new( :name, :arn, :vpc_id, :status, :tags, :created_at) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] admin_account_id # The Amazon Web Services Account ID for the organization account to # be enabled as a GuardDuty delegated administrator. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EnableOrganizationAdminAccountRequest AWS API Documentation # class EnableOrganizationAdminAccountRequest < Struct.new( :admin_account_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EnableOrganizationAdminAccountResponse AWS API Documentation # class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end # Contains information about the reason that the finding was generated. # # @!attribute [rw] threat_intelligence_details # A list of threat intelligence details related to the evidence. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Evidence AWS API Documentation # class Evidence < Struct.new( :threat_intelligence_details) SENSITIVE = [] include Aws::Structure end # Contains information about the condition. # # @!attribute [rw] equals_value # Represents an *equal* **** condition to be applied to a single field # when querying for scan entries. # @return [String] # # @!attribute [rw] greater_than # Represents a *greater than* condition to be applied to a single # field when querying for scan entries. # @return [Integer] # # @!attribute [rw] less_than # Represents a *less than* condition to be applied to a single field # when querying for scan entries. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCondition AWS API Documentation # class FilterCondition < Struct.new( :equals_value, :greater_than, :less_than) SENSITIVE = [] include Aws::Structure end # Represents the criteria to be used in the filter for describing scan # entries. # # @!attribute [rw] filter_criterion # Represents a condition that when matched will be added to the # response of the operation. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCriteria AWS API Documentation # class FilterCriteria < Struct.new( :filter_criterion) SENSITIVE = [] include Aws::Structure end # Represents a condition that when matched will be added to the response # of the operation. Irrespective of using any filter criteria, an # administrator account can view the scan entries for all of its member # accounts. However, each member account can view the scan entries only # for their own account. # # @!attribute [rw] criterion_key # An enum value representing possible scan properties to match with # given scan entries. # @return [String] # # @!attribute [rw] filter_condition # Contains information about the condition. # @return [Types::FilterCondition] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FilterCriterion AWS API Documentation # class FilterCriterion < Struct.new( :criterion_key, :filter_condition) SENSITIVE = [] include Aws::Structure end # Contains information about the finding, which is generated when # abnormal or suspicious activity is detected. # # @!attribute [rw] account_id # The ID of the account in which the finding was generated. # @return [String] # # @!attribute [rw] arn # The ARN of the finding. # @return [String] # # @!attribute [rw] confidence # The confidence score for the finding. # @return [Float] # # @!attribute [rw] created_at # The time and date when the finding was created. # @return [String] # # @!attribute [rw] description # The description of the finding. # @return [String] # # @!attribute [rw] id # The ID of the finding. # @return [String] # # @!attribute [rw] partition # The partition associated with the finding. # @return [String] # # @!attribute [rw] region # The Region where the finding was generated. # @return [String] # # @!attribute [rw] resource # Contains information about the Amazon Web Services resource # associated with the activity that prompted GuardDuty to generate a # finding. # @return [Types::Resource] # # @!attribute [rw] schema_version # The version of the schema used for the finding. # @return [String] # # @!attribute [rw] service # Contains additional information about the generated finding. # @return [Types::Service] # # @!attribute [rw] severity # The severity of the finding. # @return [Float] # # @!attribute [rw] title # The title of the finding. # @return [String] # # @!attribute [rw] type # The type of finding. # @return [String] # # @!attribute [rw] updated_at # The time and date when the finding was last updated. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Finding AWS API Documentation # class Finding < Struct.new( :account_id, :arn, :confidence, :created_at, :description, :id, :partition, :region, :resource, :schema_version, :service, :severity, :title, :type, :updated_at) SENSITIVE = [] include Aws::Structure end # Contains information about the criteria used for querying findings. # # @!attribute [rw] criterion # Represents a map of finding properties that match specified # conditions and values when querying findings. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FindingCriteria AWS API Documentation # class FindingCriteria < Struct.new( :criterion) SENSITIVE = [] include Aws::Structure end # Contains information about finding statistics. # # @!attribute [rw] count_by_severity # Represents a map of severity to count statistics for a set of # findings. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FindingStatistics AWS API Documentation # class FindingStatistics < Struct.new( :count_by_severity) SENSITIVE = [] include Aws::Structure end # Contains information on the status of VPC flow logs as a data source. # # @!attribute [rw] status # Denotes whether VPC flow logs is enabled as a data source. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/FlowLogsConfigurationResult AWS API Documentation # class FlowLogsConfigurationResult < Struct.new( :status) SENSITIVE = [] include Aws::Structure end # Contains information about the location of the remote IP address. # # @!attribute [rw] lat # The latitude information of the remote IP address. # @return [Float] # # @!attribute [rw] lon # The longitude information of the remote IP address. # @return [Float] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GeoLocation AWS API Documentation # class GeoLocation < Struct.new( :lat, :lon) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty member account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetAdministratorAccountRequest AWS API Documentation # class GetAdministratorAccountRequest < Struct.new( :detector_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] administrator # The administrator account details. # @return [Types::Administrator] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetAdministratorAccountResponse AWS API Documentation # class GetAdministratorAccountResponse < Struct.new( :administrator) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that you want to get. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetDetectorRequest AWS API Documentation # class GetDetectorRequest < Struct.new( :detector_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] created_at # The timestamp of when the detector was created. # @return [String] # # @!attribute [rw] finding_publishing_frequency # The publishing frequency of the finding. # @return [String] # # @!attribute [rw] service_role # The GuardDuty service role. # @return [String] # # @!attribute [rw] status # The detector status. # @return [String] # # @!attribute [rw] updated_at # The last-updated timestamp for the detector. # @return [String] # # @!attribute [rw] data_sources # Describes which data sources are enabled for the detector. # @return [Types::DataSourceConfigurationsResult] # # @!attribute [rw] tags # The tags of the detector resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetDetectorResponse AWS API Documentation # class GetDetectorResponse < Struct.new( :created_at, :finding_publishing_frequency, :service_role, :status, :updated_at, :data_sources, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that the filter is associated with. # @return [String] # # @!attribute [rw] filter_name # The name of the filter you want to get. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetFilterRequest AWS API Documentation # class GetFilterRequest < Struct.new( :detector_id, :filter_name) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the filter. # @return [String] # # @!attribute [rw] description # The description of the filter. # @return [String] # # @!attribute [rw] action # Specifies the action that is to be applied to the findings that # match the filter. # @return [String] # # @!attribute [rw] rank # Specifies the position of the filter in the list of current filters. # Also specifies the order in which this filter is applied to the # findings. # @return [Integer] # # @!attribute [rw] finding_criteria # Represents the criteria to be used in the filter for querying # findings. # @return [Types::FindingCriteria] # # @!attribute [rw] tags # The tags of the filter resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetFilterResponse AWS API Documentation # class GetFilterResponse < Struct.new( :name, :description, :action, :rank, :finding_criteria, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector that specifies the GuardDuty service whose # findings you want to retrieve. # @return [String] # # @!attribute [rw] finding_ids # The IDs of the findings that you want to retrieve. # @return [Array] # # @!attribute [rw] sort_criteria # Represents the criteria used for sorting findings. # @return [Types::SortCriteria] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetFindingsRequest AWS API Documentation # class GetFindingsRequest < Struct.new( :detector_id, :finding_ids, :sort_criteria) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] findings # A list of findings. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetFindingsResponse AWS API Documentation # class GetFindingsResponse < Struct.new( :findings) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector that specifies the GuardDuty service whose # findings' statistics you want to retrieve. # @return [String] # # @!attribute [rw] finding_statistic_types # The types of finding statistics to retrieve. # @return [Array] # # @!attribute [rw] finding_criteria # Represents the criteria that is used for querying findings. # @return [Types::FindingCriteria] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetFindingsStatisticsRequest AWS API Documentation # class GetFindingsStatisticsRequest < Struct.new( :detector_id, :finding_statistic_types, :finding_criteria) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] finding_statistics # The finding statistics object. # @return [Types::FindingStatistics] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetFindingsStatisticsResponse AWS API Documentation # class GetFindingsStatisticsResponse < Struct.new( :finding_statistics) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that the IPSet is associated with. # @return [String] # # @!attribute [rw] ip_set_id # The unique ID of the IPSet to retrieve. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetIPSetRequest AWS API Documentation # class GetIPSetRequest < Struct.new( :detector_id, :ip_set_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The user-friendly name for the IPSet. # @return [String] # # @!attribute [rw] format # The format of the file that contains the IPSet. # @return [String] # # @!attribute [rw] location # The URI of the file that contains the IPSet. # @return [String] # # @!attribute [rw] status # The status of IPSet file that was uploaded. # @return [String] # # @!attribute [rw] tags # The tags of the IPSet resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetIPSetResponse AWS API Documentation # class GetIPSetResponse < Struct.new( :name, :format, :location, :status, :tags) SENSITIVE = [] include Aws::Structure end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetInvitationsCountRequest AWS API Documentation # class GetInvitationsCountRequest < Aws::EmptyStructure; end # @!attribute [rw] invitations_count # The number of received invitations. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetInvitationsCountResponse AWS API Documentation # class GetInvitationsCountResponse < Struct.new( :invitations_count) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that the scan setting is associated # with. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareScanSettingsRequest AWS API Documentation # class GetMalwareScanSettingsRequest < Struct.new( :detector_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] scan_resource_criteria # Represents the criteria to be used in the filter for scanning # resources. # @return [Types::ScanResourceCriteria] # # @!attribute [rw] ebs_snapshot_preservation # An enum value representing possible snapshot preservation settings. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareScanSettingsResponse AWS API Documentation # class GetMalwareScanSettingsResponse < Struct.new( :scan_resource_criteria, :ebs_snapshot_preservation) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty member account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMasterAccountRequest AWS API Documentation # class GetMasterAccountRequest < Struct.new( :detector_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] master # The administrator account details. # @return [Types::Master] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMasterAccountResponse AWS API Documentation # class GetMasterAccountResponse < Struct.new( :master) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The detector ID for the administrator account. # @return [String] # # @!attribute [rw] account_ids # The account ID of the member account. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMemberDetectorsRequest AWS API Documentation # class GetMemberDetectorsRequest < Struct.new( :detector_id, :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] member_data_source_configurations # An object that describes which data sources are enabled for a member # account. # @return [Array] # # @!attribute [rw] unprocessed_accounts # A list of member account IDs that were unable to be processed along # with an explanation for why they were not processed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMemberDetectorsResponse AWS API Documentation # class GetMemberDetectorsResponse < Struct.new( :member_data_source_configurations, :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty account whose members # you want to retrieve. # @return [String] # # @!attribute [rw] account_ids # A list of account IDs of the GuardDuty member accounts that you want # to describe. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMembersRequest AWS API Documentation # class GetMembersRequest < Struct.new( :detector_id, :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] members # A list of members. # @return [Array] # # @!attribute [rw] unprocessed_accounts # A list of objects that contain the unprocessed account and a result # string that explains why it was unprocessed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMembersResponse AWS API Documentation # class GetMembersResponse < Struct.new( :members, :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty member account. # @return [String] # # @!attribute [rw] account_ids # A list of account identifiers of the GuardDuty member account. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetRemainingFreeTrialDaysRequest AWS API Documentation # class GetRemainingFreeTrialDaysRequest < Struct.new( :detector_id, :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] accounts # The member accounts which were included in a request and were # processed successfully. # @return [Array] # # @!attribute [rw] unprocessed_accounts # The member account that was included in a request but for which the # request could not be processed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetRemainingFreeTrialDaysResponse AWS API Documentation # class GetRemainingFreeTrialDaysResponse < Struct.new( :accounts, :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that the threatIntelSet is associated # with. # @return [String] # # @!attribute [rw] threat_intel_set_id # The unique ID of the threatIntelSet that you want to get. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetThreatIntelSetRequest AWS API Documentation # class GetThreatIntelSetRequest < Struct.new( :detector_id, :threat_intel_set_id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # A user-friendly ThreatIntelSet name displayed in all findings that # are generated by activity that involves IP addresses included in # this ThreatIntelSet. # @return [String] # # @!attribute [rw] format # The format of the threatIntelSet. # @return [String] # # @!attribute [rw] location # The URI of the file that contains the ThreatIntelSet. # @return [String] # # @!attribute [rw] status # The status of threatIntelSet file uploaded. # @return [String] # # @!attribute [rw] tags # The tags of the threat list resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetThreatIntelSetResponse AWS API Documentation # class GetThreatIntelSetResponse < Struct.new( :name, :format, :location, :status, :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector that specifies the GuardDuty service whose # usage statistics you want to retrieve. # @return [String] # # @!attribute [rw] usage_statistic_type # The type of usage statistics to retrieve. # @return [String] # # @!attribute [rw] usage_criteria # Represents the criteria used for querying usage. # @return [Types::UsageCriteria] # # @!attribute [rw] unit # The currency unit you would like to view your usage statistics in. # Current valid values are USD. # @return [String] # # @!attribute [rw] max_results # The maximum number of results to return in the response. # @return [Integer] # # @!attribute [rw] next_token # A token to use for paginating results that are returned in the # response. Set the value of this parameter to null for the first # request to a list action. For subsequent calls, use the NextToken # value returned from the previous request to continue listing results # after the first page. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetUsageStatisticsRequest AWS API Documentation # class GetUsageStatisticsRequest < Struct.new( :detector_id, :usage_statistic_type, :usage_criteria, :unit, :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] usage_statistics # The usage statistics object. If a UsageStatisticType was provided, # the objects representing other types will be null. # @return [Types::UsageStatistics] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetUsageStatisticsResponse AWS API Documentation # class GetUsageStatisticsResponse < Struct.new( :usage_statistics, :next_token) SENSITIVE = [] include Aws::Structure end # Contains details of the highest severity threat detected during scan # and number of infected files. # # @!attribute [rw] severity # Severity level of the highest severity threat detected. # @return [String] # # @!attribute [rw] threat_name # Threat name of the highest severity threat detected as part of the # malware scan. # @return [String] # # @!attribute [rw] count # Total number of infected files with the highest severity threat # detected. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HighestSeverityThreatDetails AWS API Documentation # class HighestSeverityThreatDetails < Struct.new( :severity, :threat_name, :count) SENSITIVE = [] include Aws::Structure end # Represents a pre-existing file or directory on the host machine that # the volume maps to. # # @!attribute [rw] path # Path of the file or directory on the host that the volume maps to. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/HostPath AWS API Documentation # class HostPath < Struct.new( :path) SENSITIVE = [] include Aws::Structure end # Contains information about the EC2 instance profile. # # @!attribute [rw] arn # The profile ARN of the EC2 instance. # @return [String] # # @!attribute [rw] id # The profile ID of the EC2 instance. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/IamInstanceProfile AWS API Documentation # class IamInstanceProfile < Struct.new( :arn, :id) SENSITIVE = [] include Aws::Structure end # Contains information about the details of an instance. # # @!attribute [rw] availability_zone # The Availability Zone of the EC2 instance. # @return [String] # # @!attribute [rw] iam_instance_profile # The profile information of the EC2 instance. # @return [Types::IamInstanceProfile] # # @!attribute [rw] image_description # The image description of the EC2 instance. # @return [String] # # @!attribute [rw] image_id # The image ID of the EC2 instance. # @return [String] # # @!attribute [rw] instance_id # The ID of the EC2 instance. # @return [String] # # @!attribute [rw] instance_state # The state of the EC2 instance. # @return [String] # # @!attribute [rw] instance_type # The type of the EC2 instance. # @return [String] # # @!attribute [rw] outpost_arn # The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. # Only applicable to Amazon Web Services Outposts instances. # @return [String] # # @!attribute [rw] launch_time # The launch time of the EC2 instance. # @return [String] # # @!attribute [rw] network_interfaces # The elastic network interface information of the EC2 instance. # @return [Array] # # @!attribute [rw] platform # The platform of the EC2 instance. # @return [String] # # @!attribute [rw] product_codes # The product code of the EC2 instance. # @return [Array] # # @!attribute [rw] tags # The tags of the EC2 instance. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/InstanceDetails AWS API Documentation # class InstanceDetails < Struct.new( :availability_zone, :iam_instance_profile, :image_description, :image_id, :instance_id, :instance_state, :instance_type, :outpost_arn, :launch_time, :network_interfaces, :platform, :product_codes, :tags) SENSITIVE = [] include Aws::Structure end # An internal server error exception object. # # @!attribute [rw] message # The error message. # @return [String] # # @!attribute [rw] type # The error type. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/InternalServerErrorException AWS API Documentation # class InternalServerErrorException < Struct.new( :message, :type) SENSITIVE = [] include Aws::Structure end # Contains information about the invitation to become a member account. # # @!attribute [rw] account_id # The ID of the account that the invitation was sent from. # @return [String] # # @!attribute [rw] invitation_id # The ID of the invitation. This value is used to validate the inviter # account to the member account. # @return [String] # # @!attribute [rw] relationship_status # The status of the relationship between the inviter and invitee # accounts. # @return [String] # # @!attribute [rw] invited_at # The timestamp when the invitation was sent. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Invitation AWS API Documentation # class Invitation < Struct.new( :account_id, :invitation_id, :relationship_status, :invited_at) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty account that you want # to invite members with. # @return [String] # # @!attribute [rw] account_ids # A list of account IDs of the accounts that you want to invite to # GuardDuty as members. # @return [Array] # # @!attribute [rw] disable_email_notification # A Boolean value that specifies whether you want to disable email # notification to the accounts that you are inviting to GuardDuty as # members. # @return [Boolean] # # @!attribute [rw] message # The invitation message that you want to send to the accounts that # you're inviting to GuardDuty as members. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/InviteMembersRequest AWS API Documentation # class InviteMembersRequest < Struct.new( :detector_id, :account_ids, :disable_email_notification, :message) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # A list of objects that contain the unprocessed account and a result # string that explains why it was unprocessed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/InviteMembersResponse AWS API Documentation # class InviteMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # Information about the Kubernetes API call action described in this # finding. # # @!attribute [rw] request_uri # The Kubernetes API request URI. # @return [String] # # @!attribute [rw] verb # The Kubernetes API request HTTP verb. # @return [String] # # @!attribute [rw] source_ips # The IP of the Kubernetes API caller and the IPs of any proxies or # load balancers between the caller and the API endpoint. # @return [Array] # # @!attribute [rw] user_agent # The user agent of the caller of the Kubernetes API. # @return [String] # # @!attribute [rw] remote_ip_details # Contains information about the remote IP address of the connection. # @return [Types::RemoteIpDetails] # # @!attribute [rw] status_code # The resulting HTTP response code of the Kubernetes API call action. # @return [Integer] # # @!attribute [rw] parameters # Parameters related to the Kubernetes API call action. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesApiCallAction AWS API Documentation # class KubernetesApiCallAction < Struct.new( :request_uri, :verb, :source_ips, :user_agent, :remote_ip_details, :status_code, :parameters) SENSITIVE = [] include Aws::Structure end # Describes whether Kubernetes audit logs are enabled as a data source. # # @!attribute [rw] enable # The status of Kubernetes audit logs as a data source. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesAuditLogsConfiguration AWS API Documentation # class KubernetesAuditLogsConfiguration < Struct.new( :enable) SENSITIVE = [] include Aws::Structure end # Describes whether Kubernetes audit logs are enabled as a data source. # # @!attribute [rw] status # A value that describes whether Kubernetes audit logs are enabled as # a data source. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesAuditLogsConfigurationResult AWS API Documentation # class KubernetesAuditLogsConfigurationResult < Struct.new( :status) SENSITIVE = [] include Aws::Structure end # Describes whether any Kubernetes data sources are enabled. # # @!attribute [rw] audit_logs # The status of Kubernetes audit logs as a data source. # @return [Types::KubernetesAuditLogsConfiguration] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesConfiguration AWS API Documentation # class KubernetesConfiguration < Struct.new( :audit_logs) SENSITIVE = [] include Aws::Structure end # Describes whether any Kubernetes logs will be enabled as a data # source. # # @!attribute [rw] audit_logs # Describes whether Kubernetes audit logs are enabled as a data # source. # @return [Types::KubernetesAuditLogsConfigurationResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesConfigurationResult AWS API Documentation # class KubernetesConfigurationResult < Struct.new( :audit_logs) SENSITIVE = [] include Aws::Structure end # Provides details about the Kubernetes resources when it is enabled as # a data source. # # @!attribute [rw] audit_logs # Describes whether Kubernetes audit logs are enabled as a data # source. # @return [Types::DataSourceFreeTrial] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesDataSourceFreeTrial AWS API Documentation # class KubernetesDataSourceFreeTrial < Struct.new( :audit_logs) SENSITIVE = [] include Aws::Structure end # Details about Kubernetes resources such as a Kubernetes user or # workload resource involved in a Kubernetes finding. # # @!attribute [rw] kubernetes_user_details # Details about the Kubernetes user involved in a Kubernetes finding. # @return [Types::KubernetesUserDetails] # # @!attribute [rw] kubernetes_workload_details # Details about the Kubernetes workload involved in a Kubernetes # finding. # @return [Types::KubernetesWorkloadDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesDetails AWS API Documentation # class KubernetesDetails < Struct.new( :kubernetes_user_details, :kubernetes_workload_details) SENSITIVE = [] include Aws::Structure end # Details about the Kubernetes user involved in a Kubernetes finding. # # @!attribute [rw] username # The username of the user who called the Kubernetes API. # @return [String] # # @!attribute [rw] uid # The user ID of the user who called the Kubernetes API. # @return [String] # # @!attribute [rw] groups # The groups that include the user who called the Kubernetes API. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesUserDetails AWS API Documentation # class KubernetesUserDetails < Struct.new( :username, :uid, :groups) SENSITIVE = [] include Aws::Structure end # Details about the Kubernetes workload involved in a Kubernetes # finding. # # @!attribute [rw] name # Kubernetes workload name. # @return [String] # # @!attribute [rw] type # Kubernetes workload type (e.g. Pod, Deployment, etc.). # @return [String] # # @!attribute [rw] uid # Kubernetes workload ID. # @return [String] # # @!attribute [rw] namespace # Kubernetes namespace that the workload is part of. # @return [String] # # @!attribute [rw] host_network # Whether the hostNetwork flag is enabled for the pods included in the # workload. # @return [Boolean] # # @!attribute [rw] containers # Containers running as part of the Kubernetes workload. # @return [Array] # # @!attribute [rw] volumes # Volumes used by the Kubernetes workload. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/KubernetesWorkloadDetails AWS API Documentation # class KubernetesWorkloadDetails < Struct.new( :name, :type, :uid, :namespace, :host_network, :containers, :volumes) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] max_results # You can use this parameter to indicate the maximum number of items # that you want in the response. The default value is 50. The maximum # value is 50. # @return [Integer] # # @!attribute [rw] next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For # subsequent calls to the action, fill nextToken in the request with # the value of NextToken from the previous response to continue # listing data. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListDetectorsRequest AWS API Documentation # class ListDetectorsRequest < Struct.new( :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_ids # A list of detector IDs. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListDetectorsResponse AWS API Documentation # class ListDetectorsResponse < Struct.new( :detector_ids, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that the filter is associated with. # @return [String] # # @!attribute [rw] max_results # You can use this parameter to indicate the maximum number of items # that you want in the response. The default value is 50. The maximum # value is 50. # @return [Integer] # # @!attribute [rw] next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For # subsequent calls to the action, fill nextToken in the request with # the value of NextToken from the previous response to continue # listing data. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListFiltersRequest AWS API Documentation # class ListFiltersRequest < Struct.new( :detector_id, :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] filter_names # A list of filter names. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListFiltersResponse AWS API Documentation # class ListFiltersResponse < Struct.new( :filter_names, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector that specifies the GuardDuty service whose # findings you want to list. # @return [String] # # @!attribute [rw] finding_criteria # Represents the criteria used for querying findings. Valid values # include: # # * JSON field name # # * accountId # # * region # # * confidence # # * id # # * resource.accessKeyDetails.accessKeyId # # * resource.accessKeyDetails.principalId # # * resource.accessKeyDetails.userName # # * resource.accessKeyDetails.userType # # * resource.instanceDetails.iamInstanceProfile.id # # * resource.instanceDetails.imageId # # * resource.instanceDetails.instanceId # # * resource.instanceDetails.networkInterfaces.ipv6Addresses # # * resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress # # * resource.instanceDetails.networkInterfaces.publicDnsName # # * resource.instanceDetails.networkInterfaces.publicIp # # * resource.instanceDetails.networkInterfaces.securityGroups.groupId # # * resource.instanceDetails.networkInterfaces.securityGroups.groupName # # * resource.instanceDetails.networkInterfaces.subnetId # # * resource.instanceDetails.networkInterfaces.vpcId # # * resource.instanceDetails.tags.key # # * resource.instanceDetails.tags.value # # * resource.resourceType # # * service.action.actionType # # * service.action.awsApiCallAction.api # # * service.action.awsApiCallAction.callerType # # * service.action.awsApiCallAction.remoteIpDetails.city.cityName # # * service.action.awsApiCallAction.remoteIpDetails.country.countryName # # * service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 # # * service.action.awsApiCallAction.remoteIpDetails.organization.asn # # * service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg # # * service.action.awsApiCallAction.serviceName # # * service.action.dnsRequestAction.domain # # * service.action.networkConnectionAction.blocked # # * service.action.networkConnectionAction.connectionDirection # # * service.action.networkConnectionAction.localPortDetails.port # # * service.action.networkConnectionAction.protocol # # * service.action.networkConnectionAction.remoteIpDetails.country.countryName # # * service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 # # * service.action.networkConnectionAction.remoteIpDetails.organization.asn # # * service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg # # * service.action.networkConnectionAction.remotePortDetails.port # # * service.additionalInfo.threatListName # # * service.archived # # When this attribute is set to 'true', only archived findings are # listed. When it's set to 'false', only unarchived findings are # listed. When this attribute is not set, all existing findings are # listed. # # * service.resourceRole # # * severity # # * type # # * updatedAt # # Type: Timestamp in Unix Epoch millisecond format: 1486685375000 # @return [Types::FindingCriteria] # # @!attribute [rw] sort_criteria # Represents the criteria used for sorting findings. # @return [Types::SortCriteria] # # @!attribute [rw] max_results # You can use this parameter to indicate the maximum number of items # you want in the response. The default value is 50. The maximum value # is 50. # @return [Integer] # # @!attribute [rw] next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For # subsequent calls to the action, fill nextToken in the request with # the value of NextToken from the previous response to continue # listing data. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListFindingsRequest AWS API Documentation # class ListFindingsRequest < Struct.new( :detector_id, :finding_criteria, :sort_criteria, :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] finding_ids # The IDs of the findings that you're listing. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListFindingsResponse AWS API Documentation # class ListFindingsResponse < Struct.new( :finding_ids, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that the IPSet is associated with. # @return [String] # # @!attribute [rw] max_results # You can use this parameter to indicate the maximum number of items # you want in the response. The default value is 50. The maximum value # is 50. # @return [Integer] # # @!attribute [rw] next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For # subsequent calls to the action, fill nextToken in the request with # the value of NextToken from the previous response to continue # listing data. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListIPSetsRequest AWS API Documentation # class ListIPSetsRequest < Struct.new( :detector_id, :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] ip_set_ids # The IDs of the IPSet resources. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListIPSetsResponse AWS API Documentation # class ListIPSetsResponse < Struct.new( :ip_set_ids, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] max_results # You can use this parameter to indicate the maximum number of items # that you want in the response. The default value is 50. The maximum # value is 50. # @return [Integer] # # @!attribute [rw] next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For # subsequent calls to the action, fill nextToken in the request with # the value of NextToken from the previous response to continue # listing data. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListInvitationsRequest AWS API Documentation # class ListInvitationsRequest < Struct.new( :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] invitations # A list of invitation descriptions. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListInvitationsResponse AWS API Documentation # class ListInvitationsResponse < Struct.new( :invitations, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector the member is associated with. # @return [String] # # @!attribute [rw] max_results # You can use this parameter to indicate the maximum number of items # you want in the response. The default value is 50. The maximum value # is 50. # @return [Integer] # # @!attribute [rw] next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For # subsequent calls to the action, fill nextToken in the request with # the value of NextToken from the previous response to continue # listing data. # @return [String] # # @!attribute [rw] only_associated # Specifies whether to only return associated members or to return all # members (including members who haven't been invited yet or have # been disassociated). Member accounts must have been previously # associated with the GuardDuty administrator account using [ `Create # Members` ][1]. # # # # [1]: https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListMembersRequest AWS API Documentation # class ListMembersRequest < Struct.new( :detector_id, :max_results, :next_token, :only_associated) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] members # A list of members. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListMembersResponse AWS API Documentation # class ListMembersResponse < Struct.new( :members, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] max_results # The maximum number of results to return in the response. # @return [Integer] # # @!attribute [rw] next_token # A token to use for paginating results that are returned in the # response. Set the value of this parameter to null for the first # request to a list action. For subsequent calls, use the `NextToken` # value returned from the previous request to continue listing results # after the first page. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListOrganizationAdminAccountsRequest AWS API Documentation # class ListOrganizationAdminAccountsRequest < Struct.new( :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] admin_accounts # A list of accounts configured as GuardDuty delegated administrators. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListOrganizationAdminAccountsResponse AWS API Documentation # class ListOrganizationAdminAccountsResponse < Struct.new( :admin_accounts, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector to retrieve publishing destinations for. # @return [String] # # @!attribute [rw] max_results # The maximum number of results to return in the response. # @return [Integer] # # @!attribute [rw] next_token # A token to use for paginating results that are returned in the # response. Set the value of this parameter to null for the first # request to a list action. For subsequent calls, use the `NextToken` # value returned from the previous request to continue listing results # after the first page. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListPublishingDestinationsRequest AWS API Documentation # class ListPublishingDestinationsRequest < Struct.new( :detector_id, :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] destinations # A `Destinations` object that includes information about each # publishing destination returned. # @return [Array] # # @!attribute [rw] next_token # A token to use for paginating results that are returned in the # response. Set the value of this parameter to null for the first # request to a list action. For subsequent calls, use the `NextToken` # value returned from the previous request to continue listing results # after the first page. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListPublishingDestinationsResponse AWS API Documentation # class ListPublishingDestinationsResponse < Struct.new( :destinations, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] resource_arn # The Amazon Resource Name (ARN) for the given GuardDuty resource. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListTagsForResourceRequest AWS API Documentation # class ListTagsForResourceRequest < Struct.new( :resource_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] tags # The tags associated with the resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListTagsForResourceResponse AWS API Documentation # class ListTagsForResourceResponse < Struct.new( :tags) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector that the threatIntelSet is associated # with. # @return [String] # # @!attribute [rw] max_results # You can use this parameter to indicate the maximum number of items # that you want in the response. The default value is 50. The maximum # value is 50. # @return [Integer] # # @!attribute [rw] next_token # You can use this parameter to paginate results in the response. Set # the value of this parameter to null on your first call to the list # action. For subsequent calls to the action, fill nextToken in the # request with the value of NextToken from the previous response to # continue listing data. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListThreatIntelSetsRequest AWS API Documentation # class ListThreatIntelSetsRequest < Struct.new( :detector_id, :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] threat_intel_set_ids # The IDs of the ThreatIntelSet resources. # @return [Array] # # @!attribute [rw] next_token # The pagination parameter to be used on the next list operation to # retrieve more items. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListThreatIntelSetsResponse AWS API Documentation # class ListThreatIntelSetsResponse < Struct.new( :threat_intel_set_ids, :next_token) SENSITIVE = [] include Aws::Structure end # Contains information about the local IP address of the connection. # # @!attribute [rw] ip_address_v4 # The IPv4 local address of the connection. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/LocalIpDetails AWS API Documentation # class LocalIpDetails < Struct.new( :ip_address_v4) SENSITIVE = [] include Aws::Structure end # Contains information about the port for the local connection. # # @!attribute [rw] port # The port number of the local connection. # @return [Integer] # # @!attribute [rw] port_name # The port name of the local connection. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/LocalPortDetails AWS API Documentation # class LocalPortDetails < Struct.new( :port, :port_name) SENSITIVE = [] include Aws::Structure end # Describes whether Malware Protection will be enabled as a data source. # # @!attribute [rw] scan_ec2_instance_with_findings # Describes the configuration of Malware Protection for EC2 instances # with findings. # @return [Types::ScanEc2InstanceWithFindings] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionConfiguration AWS API Documentation # class MalwareProtectionConfiguration < Struct.new( :scan_ec2_instance_with_findings) SENSITIVE = [] include Aws::Structure end # An object that contains information on the status of all Malware # Protection data sources. # # @!attribute [rw] scan_ec2_instance_with_findings # Describes the configuration of Malware Protection for EC2 instances # with findings. # @return [Types::ScanEc2InstanceWithFindingsResult] # # @!attribute [rw] service_role # The GuardDuty Malware Protection service role. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionConfigurationResult AWS API Documentation # class MalwareProtectionConfigurationResult < Struct.new( :scan_ec2_instance_with_findings, :service_role) SENSITIVE = [] include Aws::Structure end # Provides details about Malware Protection when it is enabled as a data # source. # # @!attribute [rw] scan_ec2_instance_with_findings # Describes whether Malware Protection for EC2 instances with findings # is enabled as a data source. # @return [Types::DataSourceFreeTrial] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MalwareProtectionDataSourceFreeTrial AWS API Documentation # class MalwareProtectionDataSourceFreeTrial < Struct.new( :scan_ec2_instance_with_findings) SENSITIVE = [] include Aws::Structure end # Contains information about the administrator account and invitation. # # @!attribute [rw] account_id # The ID of the account used as the administrator account. # @return [String] # # @!attribute [rw] invitation_id # The value used to validate the administrator account to the member # account. # @return [String] # # @!attribute [rw] relationship_status # The status of the relationship between the administrator and member # accounts. # @return [String] # # @!attribute [rw] invited_at # The timestamp when the invitation was sent. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Master AWS API Documentation # class Master < Struct.new( :account_id, :invitation_id, :relationship_status, :invited_at) SENSITIVE = [] include Aws::Structure end # Contains information about the member account. # # @!attribute [rw] account_id # The ID of the member account. # @return [String] # # @!attribute [rw] detector_id # The detector ID of the member account. # @return [String] # # @!attribute [rw] master_id # The administrator account ID. # @return [String] # # @!attribute [rw] email # The email address of the member account. # @return [String] # # @!attribute [rw] relationship_status # The status of the relationship between the member and the # administrator. # @return [String] # # @!attribute [rw] invited_at # The timestamp when the invitation was sent. # @return [String] # # @!attribute [rw] updated_at # The last-updated timestamp of the member. # @return [String] # # @!attribute [rw] administrator_id # The administrator account ID. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Member AWS API Documentation # class Member < Struct.new( :account_id, :detector_id, :master_id, :email, :relationship_status, :invited_at, :updated_at, :administrator_id) SENSITIVE = [] include Aws::Structure end # Contains information on which data sources are enabled for a member # account. # # @!attribute [rw] account_id # The account ID for the member account. # @return [String] # # @!attribute [rw] data_sources # Contains information on the status of data sources for the account. # @return [Types::DataSourceConfigurationsResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/MemberDataSourceConfiguration AWS API Documentation # class MemberDataSourceConfiguration < Struct.new( :account_id, :data_sources) SENSITIVE = [] include Aws::Structure end # Contains information about the NETWORK\_CONNECTION action described in # the finding. # # @!attribute [rw] blocked # Indicates whether EC2 blocked the network connection to your # instance. # @return [Boolean] # # @!attribute [rw] connection_direction # The network connection direction. # @return [String] # # @!attribute [rw] local_port_details # The local port information of the connection. # @return [Types::LocalPortDetails] # # @!attribute [rw] protocol # The network connection protocol. # @return [String] # # @!attribute [rw] local_ip_details # The local IP information of the connection. # @return [Types::LocalIpDetails] # # @!attribute [rw] remote_ip_details # The remote IP information of the connection. # @return [Types::RemoteIpDetails] # # @!attribute [rw] remote_port_details # The remote port information of the connection. # @return [Types::RemotePortDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/NetworkConnectionAction AWS API Documentation # class NetworkConnectionAction < Struct.new( :blocked, :connection_direction, :local_port_details, :protocol, :local_ip_details, :remote_ip_details, :remote_port_details) SENSITIVE = [] include Aws::Structure end # Contains information about the elastic network interface of the EC2 # instance. # # @!attribute [rw] ipv_6_addresses # A list of IPv6 addresses for the EC2 instance. # @return [Array] # # @!attribute [rw] network_interface_id # The ID of the network interface. # @return [String] # # @!attribute [rw] private_dns_name # The private DNS name of the EC2 instance. # @return [String] # # @!attribute [rw] private_ip_address # The private IP address of the EC2 instance. # @return [String] # # @!attribute [rw] private_ip_addresses # Other private IP address information of the EC2 instance. # @return [Array] # # @!attribute [rw] public_dns_name # The public DNS name of the EC2 instance. # @return [String] # # @!attribute [rw] public_ip # The public IP address of the EC2 instance. # @return [String] # # @!attribute [rw] security_groups # The security groups associated with the EC2 instance. # @return [Array] # # @!attribute [rw] subnet_id # The subnet ID of the EC2 instance. # @return [String] # # @!attribute [rw] vpc_id # The VPC ID of the EC2 instance. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/NetworkInterface AWS API Documentation # class NetworkInterface < Struct.new( :ipv_6_addresses, :network_interface_id, :private_dns_name, :private_ip_address, :private_ip_addresses, :public_dns_name, :public_ip, :security_groups, :subnet_id, :vpc_id) SENSITIVE = [] include Aws::Structure end # Contains information about the ISP organization of the remote IP # address. # # @!attribute [rw] asn # The Autonomous System Number (ASN) of the internet provider of the # remote IP address. # @return [String] # # @!attribute [rw] asn_org # The organization that registered this ASN. # @return [String] # # @!attribute [rw] isp # The ISP information for the internet provider. # @return [String] # # @!attribute [rw] org # The name of the internet provider. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Organization AWS API Documentation # class Organization < Struct.new( :asn, :asn_org, :isp, :org) SENSITIVE = [] include Aws::Structure end # An object that contains information on which data sources will be # configured to be automatically enabled for new members within the # organization. # # @!attribute [rw] s3_logs # Describes whether S3 data event logs are enabled for new members of # the organization. # @return [Types::OrganizationS3LogsConfiguration] # # @!attribute [rw] kubernetes # Describes the configuration of Kubernetes data sources for new # members of the organization. # @return [Types::OrganizationKubernetesConfiguration] # # @!attribute [rw] malware_protection # Describes the configuration of Malware Protection for new members of # the organization. # @return [Types::OrganizationMalwareProtectionConfiguration] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurations AWS API Documentation # class OrganizationDataSourceConfigurations < Struct.new( :s3_logs, :kubernetes, :malware_protection) SENSITIVE = [] include Aws::Structure end # An object that contains information on which data sources are # automatically enabled for new members within the organization. # # @!attribute [rw] s3_logs # Describes whether S3 data event logs are enabled as a data source. # @return [Types::OrganizationS3LogsConfigurationResult] # # @!attribute [rw] kubernetes # Describes the configuration of Kubernetes data sources. # @return [Types::OrganizationKubernetesConfigurationResult] # # @!attribute [rw] malware_protection # Describes the configuration of Malware Protection data source for an # organization. # @return [Types::OrganizationMalwareProtectionConfigurationResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationDataSourceConfigurationsResult AWS API Documentation # class OrganizationDataSourceConfigurationsResult < Struct.new( :s3_logs, :kubernetes, :malware_protection) SENSITIVE = [] include Aws::Structure end # Organization-wide EBS volumes scan configuration. # # @!attribute [rw] auto_enable # Whether scanning EBS volumes should be auto-enabled for new members # joining the organization. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationEbsVolumes AWS API Documentation # class OrganizationEbsVolumes < Struct.new( :auto_enable) SENSITIVE = [] include Aws::Structure end # An object that contains information on the status of whether EBS # volumes scanning will be enabled as a data source for an organization. # # @!attribute [rw] auto_enable # An object that contains the status of whether scanning EBS volumes # should be auto-enabled for new members joining the organization. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationEbsVolumesResult AWS API Documentation # class OrganizationEbsVolumesResult < Struct.new( :auto_enable) SENSITIVE = [] include Aws::Structure end # Organization-wide Kubernetes audit logs configuration. # # @!attribute [rw] auto_enable # A value that contains information on whether Kubernetes audit logs # should be enabled automatically as a data source for the # organization. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesAuditLogsConfiguration AWS API Documentation # class OrganizationKubernetesAuditLogsConfiguration < Struct.new( :auto_enable) SENSITIVE = [] include Aws::Structure end # The current configuration of Kubernetes audit logs as a data source # for the organization. # # @!attribute [rw] auto_enable # Whether Kubernetes audit logs data source should be auto-enabled for # new members joining the organization. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesAuditLogsConfigurationResult AWS API Documentation # class OrganizationKubernetesAuditLogsConfigurationResult < Struct.new( :auto_enable) SENSITIVE = [] include Aws::Structure end # Organization-wide Kubernetes data sources configurations. # # @!attribute [rw] audit_logs # Whether Kubernetes audit logs data source should be auto-enabled for # new members joining the organization. # @return [Types::OrganizationKubernetesAuditLogsConfiguration] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesConfiguration AWS API Documentation # class OrganizationKubernetesConfiguration < Struct.new( :audit_logs) SENSITIVE = [] include Aws::Structure end # The current configuration of all Kubernetes data sources for the # organization. # # @!attribute [rw] audit_logs # The current configuration of Kubernetes audit logs as a data source # for the organization. # @return [Types::OrganizationKubernetesAuditLogsConfigurationResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationKubernetesConfigurationResult AWS API Documentation # class OrganizationKubernetesConfigurationResult < Struct.new( :audit_logs) SENSITIVE = [] include Aws::Structure end # Organization-wide Malware Protection configurations. # # @!attribute [rw] scan_ec2_instance_with_findings # Whether Malware Protection for EC2 instances with findings should be # auto-enabled for new members joining the organization. # @return [Types::OrganizationScanEc2InstanceWithFindings] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationMalwareProtectionConfiguration AWS API Documentation # class OrganizationMalwareProtectionConfiguration < Struct.new( :scan_ec2_instance_with_findings) SENSITIVE = [] include Aws::Structure end # An object that contains information on the status of all Malware # Protection data source for an organization. # # @!attribute [rw] scan_ec2_instance_with_findings # Describes the configuration for scanning EC2 instances with findings # for an organization. # @return [Types::OrganizationScanEc2InstanceWithFindingsResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationMalwareProtectionConfigurationResult AWS API Documentation # class OrganizationMalwareProtectionConfigurationResult < Struct.new( :scan_ec2_instance_with_findings) SENSITIVE = [] include Aws::Structure end # Describes whether S3 data event logs will be automatically enabled for # new members of the organization. # # @!attribute [rw] auto_enable # A value that contains information on whether S3 data event logs will # be enabled automatically as a data source for the organization. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationS3LogsConfiguration AWS API Documentation # class OrganizationS3LogsConfiguration < Struct.new( :auto_enable) SENSITIVE = [] include Aws::Structure end # The current configuration of S3 data event logs as a data source for # the organization. # # @!attribute [rw] auto_enable # A value that describes whether S3 data event logs are automatically # enabled for new members of the organization. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationS3LogsConfigurationResult AWS API Documentation # class OrganizationS3LogsConfigurationResult < Struct.new( :auto_enable) SENSITIVE = [] include Aws::Structure end # Organization-wide EC2 instances with findings scan configuration. # # @!attribute [rw] ebs_volumes # Whether scanning EBS volumes should be auto-enabled for new members # joining the organization. # @return [Types::OrganizationEbsVolumes] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationScanEc2InstanceWithFindings AWS API Documentation # class OrganizationScanEc2InstanceWithFindings < Struct.new( :ebs_volumes) SENSITIVE = [] include Aws::Structure end # An object that contains information on the status of scanning EC2 # instances with findings for an organization. # # @!attribute [rw] ebs_volumes # Describes the configuration for scanning EBS volumes for an # organization. # @return [Types::OrganizationEbsVolumesResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/OrganizationScanEc2InstanceWithFindingsResult AWS API Documentation # class OrganizationScanEc2InstanceWithFindingsResult < Struct.new( :ebs_volumes) SENSITIVE = [] include Aws::Structure end # Contains information on the owner of the bucket. # # @!attribute [rw] id # The canonical user ID of the bucket owner. For information about # locating your canonical user ID see [Finding Your Account Canonical # User ID.][1] # # # # [1]: https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Owner AWS API Documentation # class Owner < Struct.new( :id) SENSITIVE = [] include Aws::Structure end # Contains information about how permissions are configured for the S3 # bucket. # # @!attribute [rw] bucket_level_permissions # Contains information about the bucket level permissions for the S3 # bucket. # @return [Types::BucketLevelPermissions] # # @!attribute [rw] account_level_permissions # Contains information about the account level permissions on the S3 # bucket. # @return [Types::AccountLevelPermissions] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/PermissionConfiguration AWS API Documentation # class PermissionConfiguration < Struct.new( :bucket_level_permissions, :account_level_permissions) SENSITIVE = [] include Aws::Structure end # Contains information about the PORT\_PROBE action described in the # finding. # # @!attribute [rw] blocked # Indicates whether EC2 blocked the port probe to the instance, such # as with an ACL. # @return [Boolean] # # @!attribute [rw] port_probe_details # A list of objects related to port probe details. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/PortProbeAction AWS API Documentation # class PortProbeAction < Struct.new( :blocked, :port_probe_details) SENSITIVE = [] include Aws::Structure end # Contains information about the port probe details. # # @!attribute [rw] local_port_details # The local port information of the connection. # @return [Types::LocalPortDetails] # # @!attribute [rw] local_ip_details # The local IP information of the connection. # @return [Types::LocalIpDetails] # # @!attribute [rw] remote_ip_details # The remote IP information of the connection. # @return [Types::RemoteIpDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/PortProbeDetail AWS API Documentation # class PortProbeDetail < Struct.new( :local_port_details, :local_ip_details, :remote_ip_details) SENSITIVE = [] include Aws::Structure end # Contains other private IP address information of the EC2 instance. # # @!attribute [rw] private_dns_name # The private DNS name of the EC2 instance. # @return [String] # # @!attribute [rw] private_ip_address # The private IP address of the EC2 instance. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/PrivateIpAddressDetails AWS API Documentation # class PrivateIpAddressDetails < Struct.new( :private_dns_name, :private_ip_address) SENSITIVE = [] include Aws::Structure end # Contains information about the product code for the EC2 instance. # # @!attribute [rw] code # The product code information. # @return [String] # # @!attribute [rw] product_type # The product code type. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ProductCode AWS API Documentation # class ProductCode < Struct.new( :code, :product_type) SENSITIVE = [] include Aws::Structure end # Describes the public access policies that apply to the S3 bucket. # # @!attribute [rw] permission_configuration # Contains information about how permissions are configured for the S3 # bucket. # @return [Types::PermissionConfiguration] # # @!attribute [rw] effective_permission # Describes the effective permission on this bucket after factoring # all attached policies. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/PublicAccess AWS API Documentation # class PublicAccess < Struct.new( :permission_configuration, :effective_permission) SENSITIVE = [] include Aws::Structure end # Contains details about the remote Amazon Web Services account that # made the API call. # # @!attribute [rw] account_id # The Amazon Web Services account ID of the remote API caller. # @return [String] # # @!attribute [rw] affiliated # Details on whether the Amazon Web Services account of the remote API # caller is related to your GuardDuty environment. If this value is # `True` the API caller is affiliated to your account in some way. If # it is `False` the API caller is from outside your environment. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/RemoteAccountDetails AWS API Documentation # class RemoteAccountDetails < Struct.new( :account_id, :affiliated) SENSITIVE = [] include Aws::Structure end # Contains information about the remote IP address of the connection. # # @!attribute [rw] city # The city information of the remote IP address. # @return [Types::City] # # @!attribute [rw] country # The country code of the remote IP address. # @return [Types::Country] # # @!attribute [rw] geo_location # The location information of the remote IP address. # @return [Types::GeoLocation] # # @!attribute [rw] ip_address_v4 # The IPv4 remote address of the connection. # @return [String] # # @!attribute [rw] organization # The ISP organization information of the remote IP address. # @return [Types::Organization] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/RemoteIpDetails AWS API Documentation # class RemoteIpDetails < Struct.new( :city, :country, :geo_location, :ip_address_v4, :organization) SENSITIVE = [] include Aws::Structure end # Contains information about the remote port. # # @!attribute [rw] port # The port number of the remote connection. # @return [Integer] # # @!attribute [rw] port_name # The port name of the remote connection. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/RemotePortDetails AWS API Documentation # class RemotePortDetails < Struct.new( :port, :port_name) SENSITIVE = [] include Aws::Structure end # Contains information about the Amazon Web Services resource associated # with the activity that prompted GuardDuty to generate a finding. # # @!attribute [rw] access_key_details # The IAM access key details (IAM user information) of a user that # engaged in the activity that prompted GuardDuty to generate a # finding. # @return [Types::AccessKeyDetails] # # @!attribute [rw] s3_bucket_details # Contains information on the S3 bucket. # @return [Array] # # @!attribute [rw] instance_details # The information about the EC2 instance associated with the activity # that prompted GuardDuty to generate a finding. # @return [Types::InstanceDetails] # # @!attribute [rw] eks_cluster_details # Details about the EKS cluster involved in a Kubernetes finding. # @return [Types::EksClusterDetails] # # @!attribute [rw] kubernetes_details # Details about the Kubernetes user and workload involved in a # Kubernetes finding. # @return [Types::KubernetesDetails] # # @!attribute [rw] resource_type # The type of Amazon Web Services resource. # @return [String] # # @!attribute [rw] ebs_volume_details # Contains list of scanned and skipped EBS volumes with details. # @return [Types::EbsVolumeDetails] # # @!attribute [rw] ecs_cluster_details # Contains information about the details of the ECS Cluster. # @return [Types::EcsClusterDetails] # # @!attribute [rw] container_details # Details of a container. # @return [Types::Container] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Resource AWS API Documentation # class Resource < Struct.new( :access_key_details, :s3_bucket_details, :instance_details, :eks_cluster_details, :kubernetes_details, :resource_type, :ebs_volume_details, :ecs_cluster_details, :container_details) SENSITIVE = [] include Aws::Structure end # Represents the resources that were scanned in the scan entry. # # @!attribute [rw] instance_arn # InstanceArn that was scanned in the scan entry. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ResourceDetails AWS API Documentation # class ResourceDetails < Struct.new( :instance_arn) SENSITIVE = [] include Aws::Structure end # Contains information on the S3 bucket. # # @!attribute [rw] arn # The Amazon Resource Name (ARN) of the S3 bucket. # @return [String] # # @!attribute [rw] name # The name of the S3 bucket. # @return [String] # # @!attribute [rw] type # Describes whether the bucket is a source or destination bucket. # @return [String] # # @!attribute [rw] created_at # The date and time the bucket was created at. # @return [Time] # # @!attribute [rw] owner # The owner of the S3 bucket. # @return [Types::Owner] # # @!attribute [rw] tags # All tags attached to the S3 bucket # @return [Array] # # @!attribute [rw] default_server_side_encryption # Describes the server side encryption method used in the S3 bucket. # @return [Types::DefaultServerSideEncryption] # # @!attribute [rw] public_access # Describes the public access policies that apply to the S3 bucket. # @return [Types::PublicAccess] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/S3BucketDetail AWS API Documentation # class S3BucketDetail < Struct.new( :arn, :name, :type, :created_at, :owner, :tags, :default_server_side_encryption, :public_access) SENSITIVE = [] include Aws::Structure end # Describes whether S3 data event logs will be enabled as a data source. # # @!attribute [rw] enable # The status of S3 data event logs as a data source. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/S3LogsConfiguration AWS API Documentation # class S3LogsConfiguration < Struct.new( :enable) SENSITIVE = [] include Aws::Structure end # Describes whether S3 data event logs will be enabled as a data source. # # @!attribute [rw] status # A value that describes whether S3 data event logs are automatically # enabled for new members of the organization. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/S3LogsConfigurationResult AWS API Documentation # class S3LogsConfigurationResult < Struct.new( :status) SENSITIVE = [] include Aws::Structure end # Contains information about a malware scan. # # @!attribute [rw] detector_id # The unique ID of the detector that the request is associated with. # @return [String] # # @!attribute [rw] admin_detector_id # The unique detector ID of the administrator account that the request # is associated with. Note that this value will be the same as the one # used for `DetectorId` if the account is an administrator. # @return [String] # # @!attribute [rw] scan_id # The unique scan ID associated with a scan entry. # @return [String] # # @!attribute [rw] scan_status # An enum value representing possible scan statuses. # @return [String] # # @!attribute [rw] failure_reason # Represents the reason for FAILED scan status. # @return [String] # # @!attribute [rw] scan_start_time # The timestamp of when the scan was triggered. # @return [Time] # # @!attribute [rw] scan_end_time # The timestamp of when the scan was finished. # @return [Time] # # @!attribute [rw] trigger_details # Specifies the reason why the scan was initiated. # @return [Types::TriggerDetails] # # @!attribute [rw] resource_details # Represents the resources that were scanned in the scan entry. # @return [Types::ResourceDetails] # # @!attribute [rw] scan_result_details # Represents the result of the scan. # @return [Types::ScanResultDetails] # # @!attribute [rw] account_id # The ID for the account that belongs to the scan. # @return [String] # # @!attribute [rw] total_bytes # Represents total bytes that were scanned. # @return [Integer] # # @!attribute [rw] file_count # Represents the number of files that were scanned. # @return [Integer] # # @!attribute [rw] attached_volumes # List of volumes that were attached to the original instance to be # scanned. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Scan AWS API Documentation # class Scan < Struct.new( :detector_id, :admin_detector_id, :scan_id, :scan_status, :failure_reason, :scan_start_time, :scan_end_time, :trigger_details, :resource_details, :scan_result_details, :account_id, :total_bytes, :file_count, :attached_volumes) SENSITIVE = [] include Aws::Structure end # Contains information about the condition. # # @!attribute [rw] map_equals # Represents an *mapEqual* **** condition to be applied to a single # field when triggering for malware scan. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanCondition AWS API Documentation # class ScanCondition < Struct.new( :map_equals) SENSITIVE = [] include Aws::Structure end # Represents key, value pair to be matched against given resource # property. # # @!attribute [rw] key # Represents *key* **** in the map condition. # @return [String] # # @!attribute [rw] value # Represents optional *value* **** in the map condition. If not # specified, only *key* **** will be matched. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanConditionPair AWS API Documentation # class ScanConditionPair < Struct.new( :key, :value) SENSITIVE = [] include Aws::Structure end # Contains a complete view providing malware scan result details. # # @!attribute [rw] scanned_item_count # Total number of scanned files. # @return [Types::ScannedItemCount] # # @!attribute [rw] threats_detected_item_count # Total number of infected files. # @return [Types::ThreatsDetectedItemCount] # # @!attribute [rw] highest_severity_threat_details # Details of the highest severity threat detected during malware scan # and number of infected files. # @return [Types::HighestSeverityThreatDetails] # # @!attribute [rw] threat_detected_by_name # Contains details about identified threats organized by threat name. # @return [Types::ThreatDetectedByName] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanDetections AWS API Documentation # class ScanDetections < Struct.new( :scanned_item_count, :threats_detected_item_count, :highest_severity_threat_details, :threat_detected_by_name) SENSITIVE = [] include Aws::Structure end # Describes whether Malware Protection for EC2 instances with findings # will be enabled as a data source. # # @!attribute [rw] ebs_volumes # Describes the configuration for scanning EBS volumes as data source. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanEc2InstanceWithFindings AWS API Documentation # class ScanEc2InstanceWithFindings < Struct.new( :ebs_volumes) SENSITIVE = [] include Aws::Structure end # An object that contains information on the status of whether Malware # Protection for EC2 instances with findings will be enabled as a data # source. # # @!attribute [rw] ebs_volumes # Describes the configuration of scanning EBS volumes as a data # source. # @return [Types::EbsVolumesResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanEc2InstanceWithFindingsResult AWS API Documentation # class ScanEc2InstanceWithFindingsResult < Struct.new( :ebs_volumes) SENSITIVE = [] include Aws::Structure end # Contains details of infected file including name, file path and hash. # # @!attribute [rw] file_path # The file path of the infected file. # @return [String] # # @!attribute [rw] volume_arn # EBS volume Arn details of the infected file. # @return [String] # # @!attribute [rw] hash # The hash value of the infected file. # @return [String] # # @!attribute [rw] file_name # File name of the infected file. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanFilePath AWS API Documentation # class ScanFilePath < Struct.new( :file_path, :volume_arn, :hash, :file_name) SENSITIVE = [] include Aws::Structure end # Contains information about criteria used to filter resources before # triggering malware scan. # # @!attribute [rw] include # Represents condition that when matched will allow a malware scan for # a certain resource. # @return [Hash] # # @!attribute [rw] exclude # Represents condition that when matched will prevent a malware scan # for a certain resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanResourceCriteria AWS API Documentation # class ScanResourceCriteria < Struct.new( :include, :exclude) SENSITIVE = [] include Aws::Structure end # Represents the result of the scan. # # @!attribute [rw] scan_result # An enum value representing possible scan results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanResultDetails AWS API Documentation # class ScanResultDetails < Struct.new( :scan_result) SENSITIVE = [] include Aws::Structure end # Contains files infected with the given threat providing details of # malware name and severity. # # @!attribute [rw] name # The name of the identified threat. # @return [String] # # @!attribute [rw] severity # Severity of threat identified as part of the malware scan. # @return [String] # # @!attribute [rw] item_count # Total number of files infected with given threat. # @return [Integer] # # @!attribute [rw] file_paths # List of infected files in EBS volume with details. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScanThreatName AWS API Documentation # class ScanThreatName < Struct.new( :name, :severity, :item_count, :file_paths) SENSITIVE = [] include Aws::Structure end # Total number of scanned files. # # @!attribute [rw] total_gb # Total GB of files scanned for malware. # @return [Integer] # # @!attribute [rw] files # Number of files scanned. # @return [Integer] # # @!attribute [rw] volumes # Total number of scanned volumes. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ScannedItemCount AWS API Documentation # class ScannedItemCount < Struct.new( :total_gb, :files, :volumes) SENSITIVE = [] include Aws::Structure end # Container security context. # # @!attribute [rw] privileged # Whether the container is privileged. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/SecurityContext AWS API Documentation # class SecurityContext < Struct.new( :privileged) SENSITIVE = [] include Aws::Structure end # Contains information about the security groups associated with the EC2 # instance. # # @!attribute [rw] group_id # The security group ID of the EC2 instance. # @return [String] # # @!attribute [rw] group_name # The security group name of the EC2 instance. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/SecurityGroup AWS API Documentation # class SecurityGroup < Struct.new( :group_id, :group_name) SENSITIVE = [] include Aws::Structure end # Contains additional information about the generated finding. # # @!attribute [rw] action # Information about the activity that is described in a finding. # @return [Types::Action] # # @!attribute [rw] evidence # An evidence object associated with the service. # @return [Types::Evidence] # # @!attribute [rw] archived # Indicates whether this finding is archived. # @return [Boolean] # # @!attribute [rw] count # The total count of the occurrences of this finding type. # @return [Integer] # # @!attribute [rw] detector_id # The detector ID for the GuardDuty service. # @return [String] # # @!attribute [rw] event_first_seen # The first-seen timestamp of the activity that prompted GuardDuty to # generate this finding. # @return [String] # # @!attribute [rw] event_last_seen # The last-seen timestamp of the activity that prompted GuardDuty to # generate this finding. # @return [String] # # @!attribute [rw] resource_role # The resource role information for this finding. # @return [String] # # @!attribute [rw] service_name # The name of the Amazon Web Services service (GuardDuty) that # generated a finding. # @return [String] # # @!attribute [rw] user_feedback # Feedback that was submitted about the finding. # @return [String] # # @!attribute [rw] additional_info # Contains additional information about the generated finding. # @return [Types::ServiceAdditionalInfo] # # @!attribute [rw] feature_name # The name of the feature that generated a finding. # @return [String] # # @!attribute [rw] ebs_volume_scan_details # Returns details from the malware scan that created a finding. # @return [Types::EbsVolumeScanDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Service AWS API Documentation # class Service < Struct.new( :action, :evidence, :archived, :count, :detector_id, :event_first_seen, :event_last_seen, :resource_role, :service_name, :user_feedback, :additional_info, :feature_name, :ebs_volume_scan_details) SENSITIVE = [] include Aws::Structure end # Additional information about the generated finding. # # @!attribute [rw] value # This field specifies the value of the additional information. # @return [String] # # @!attribute [rw] type # Describes the type of the additional information. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ServiceAdditionalInfo AWS API Documentation # class ServiceAdditionalInfo < Struct.new( :value, :type) SENSITIVE = [] include Aws::Structure end # Contains information about the criteria used for sorting findings. # # @!attribute [rw] attribute_name # Represents the finding attribute (for example, accountId) to sort # findings by. # @return [String] # # @!attribute [rw] order_by # The order by which the sorted findings are to be displayed. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/SortCriteria AWS API Documentation # class SortCriteria < Struct.new( :attribute_name, :order_by) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector of the GuardDuty administrator account # associated with the member accounts to monitor. # @return [String] # # @!attribute [rw] account_ids # A list of account IDs of the GuardDuty member accounts to start # monitoring. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/StartMonitoringMembersRequest AWS API Documentation # class StartMonitoringMembersRequest < Struct.new( :detector_id, :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # A list of objects that contain the unprocessed account and a result # string that explains why it was unprocessed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/StartMonitoringMembersResponse AWS API Documentation # class StartMonitoringMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The unique ID of the detector associated with the GuardDuty # administrator account that is monitoring member accounts. # @return [String] # # @!attribute [rw] account_ids # A list of account IDs for the member accounts to stop monitoring. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/StopMonitoringMembersRequest AWS API Documentation # class StopMonitoringMembersRequest < Struct.new( :detector_id, :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # A list of objects that contain an accountId for each account that # could not be processed, and a result string that indicates why the # account was not processed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/StopMonitoringMembersResponse AWS API Documentation # class StopMonitoringMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # Contains information about a tag associated with the EC2 instance. # # @!attribute [rw] key # The EC2 instance tag key. # @return [String] # # @!attribute [rw] value # The EC2 instance tag value. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Tag AWS API Documentation # class Tag < Struct.new( :key, :value) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] resource_arn # The Amazon Resource Name (ARN) for the GuardDuty resource to apply a # tag to. # @return [String] # # @!attribute [rw] tags # The tags to be added to a resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/TagResourceRequest AWS API Documentation # class TagResourceRequest < Struct.new( :resource_arn, :tags) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/TagResourceResponse AWS API Documentation # class TagResourceResponse < Aws::EmptyStructure; end # Contains details about identified threats organized by threat name. # # @!attribute [rw] item_count # Total number of infected files identified. # @return [Integer] # # @!attribute [rw] unique_threat_name_count # Total number of unique threats by name identified, as part of the # malware scan. # @return [Integer] # # @!attribute [rw] shortened # Flag to determine if the finding contains every single infected # file-path and/or every threat. # @return [Boolean] # # @!attribute [rw] threat_names # List of identified threats with details, organized by threat name. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatDetectedByName AWS API Documentation # class ThreatDetectedByName < Struct.new( :item_count, :unique_threat_name_count, :shortened, :threat_names) SENSITIVE = [] include Aws::Structure end # An instance of a threat intelligence detail that constitutes evidence # for the finding. # # @!attribute [rw] threat_list_name # The name of the threat intelligence list that triggered the finding. # @return [String] # # @!attribute [rw] threat_names # A list of names of the threats in the threat intelligence list that # triggered the finding. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatIntelligenceDetail AWS API Documentation # class ThreatIntelligenceDetail < Struct.new( :threat_list_name, :threat_names) SENSITIVE = [] include Aws::Structure end # Contains total number of infected files. # # @!attribute [rw] files # Total number of infected files. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ThreatsDetectedItemCount AWS API Documentation # class ThreatsDetectedItemCount < Struct.new( :files) SENSITIVE = [] include Aws::Structure end # Contains the total usage with the corresponding currency unit for that # value. # # @!attribute [rw] amount # The total usage. # @return [String] # # @!attribute [rw] unit # The currency unit that the amount is given in. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Total AWS API Documentation # class Total < Struct.new( :amount, :unit) SENSITIVE = [] include Aws::Structure end # Represents the reason the scan was triggered. # # @!attribute [rw] guard_duty_finding_id # The ID of the GuardDuty finding that triggered the BirdDog scan. # @return [String] # # @!attribute [rw] description # The description of the scan trigger. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/TriggerDetails AWS API Documentation # class TriggerDetails < Struct.new( :guard_duty_finding_id, :description) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector associated with the findings to unarchive. # @return [String] # # @!attribute [rw] finding_ids # The IDs of the findings to unarchive. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UnarchiveFindingsRequest AWS API Documentation # class UnarchiveFindingsRequest < Struct.new( :detector_id, :finding_ids) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UnarchiveFindingsResponse AWS API Documentation # class UnarchiveFindingsResponse < Aws::EmptyStructure; end # Contains information about the accounts that weren't processed. # # @!attribute [rw] account_id # The Amazon Web Services account ID. # @return [String] # # @!attribute [rw] result # A reason why the account hasn't been processed. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UnprocessedAccount AWS API Documentation # class UnprocessedAccount < Struct.new( :account_id, :result) SENSITIVE = [] include Aws::Structure end # Specifies the names of the data sources that couldn't be enabled. # # @!attribute [rw] malware_protection # An object that contains information on the status of all Malware # Protection data sources. # @return [Types::MalwareProtectionConfigurationResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UnprocessedDataSourcesResult AWS API Documentation # class UnprocessedDataSourcesResult < Struct.new( :malware_protection) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] resource_arn # The Amazon Resource Name (ARN) for the resource to remove tags from. # @return [String] # # @!attribute [rw] tag_keys # The tag keys to remove from the resource. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UntagResourceRequest AWS API Documentation # class UntagResourceRequest < Struct.new( :resource_arn, :tag_keys) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UntagResourceResponse AWS API Documentation # class UntagResourceResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector to update. # @return [String] # # @!attribute [rw] enable # Specifies whether the detector is enabled or not enabled. # @return [Boolean] # # @!attribute [rw] finding_publishing_frequency # An enum value that specifies how frequently findings are exported, # such as to CloudWatch Events. # @return [String] # # @!attribute [rw] data_sources # Describes which data sources will be updated. # @return [Types::DataSourceConfigurations] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateDetectorRequest AWS API Documentation # class UpdateDetectorRequest < Struct.new( :detector_id, :enable, :finding_publishing_frequency, :data_sources) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateDetectorResponse AWS API Documentation # class UpdateDetectorResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector that specifies the GuardDuty service # where you want to update a filter. # @return [String] # # @!attribute [rw] filter_name # The name of the filter. # @return [String] # # @!attribute [rw] description # The description of the filter. Valid special characters include # period (.), underscore (\_), dash (-), and whitespace. The new line # character is considered to be an invalid input for description. # @return [String] # # @!attribute [rw] action # Specifies the action that is to be applied to the findings that # match the filter. # @return [String] # # @!attribute [rw] rank # Specifies the position of the filter in the list of current filters. # Also specifies the order in which this filter is applied to the # findings. # @return [Integer] # # @!attribute [rw] finding_criteria # Represents the criteria to be used in the filter for querying # findings. # @return [Types::FindingCriteria] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateFilterRequest AWS API Documentation # class UpdateFilterRequest < Struct.new( :detector_id, :filter_name, :description, :action, :rank, :finding_criteria) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] name # The name of the filter. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateFilterResponse AWS API Documentation # class UpdateFilterResponse < Struct.new( :name) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector associated with the findings to update # feedback for. # @return [String] # # @!attribute [rw] finding_ids # The IDs of the findings that you want to mark as useful or not # useful. # @return [Array] # # @!attribute [rw] feedback # The feedback for the finding. # @return [String] # # @!attribute [rw] comments # Additional feedback about the GuardDuty findings. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateFindingsFeedbackRequest AWS API Documentation # class UpdateFindingsFeedbackRequest < Struct.new( :detector_id, :finding_ids, :feedback, :comments) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateFindingsFeedbackResponse AWS API Documentation # class UpdateFindingsFeedbackResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The detectorID that specifies the GuardDuty service whose IPSet you # want to update. # @return [String] # # @!attribute [rw] ip_set_id # The unique ID that specifies the IPSet that you want to update. # @return [String] # # @!attribute [rw] name # The unique ID that specifies the IPSet that you want to update. # @return [String] # # @!attribute [rw] location # The updated URI of the file that contains the IPSet. # @return [String] # # @!attribute [rw] activate # The updated Boolean value that specifies whether the IPSet is active # or not. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateIPSetRequest AWS API Documentation # class UpdateIPSetRequest < Struct.new( :detector_id, :ip_set_id, :name, :location, :activate) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateIPSetResponse AWS API Documentation # class UpdateIPSetResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The unique ID of the detector that specifies the GuardDuty service # where you want to update scan settings. # @return [String] # # @!attribute [rw] scan_resource_criteria # Represents the criteria to be used in the filter for selecting # resources to scan. # @return [Types::ScanResourceCriteria] # # @!attribute [rw] ebs_snapshot_preservation # An enum value representing possible snapshot preservation settings. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMalwareScanSettingsRequest AWS API Documentation # class UpdateMalwareScanSettingsRequest < Struct.new( :detector_id, :scan_resource_criteria, :ebs_snapshot_preservation) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMalwareScanSettingsResponse AWS API Documentation # class UpdateMalwareScanSettingsResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The detector ID of the administrator account. # @return [String] # # @!attribute [rw] account_ids # A list of member account IDs to be updated. # @return [Array] # # @!attribute [rw] data_sources # Describes which data sources will be updated. # @return [Types::DataSourceConfigurations] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMemberDetectorsRequest AWS API Documentation # class UpdateMemberDetectorsRequest < Struct.new( :detector_id, :account_ids, :data_sources) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # A list of member account IDs that were unable to be processed along # with an explanation for why they were not processed. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMemberDetectorsResponse AWS API Documentation # class UpdateMemberDetectorsResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] detector_id # The ID of the detector to update the delegated administrator for. # @return [String] # # @!attribute [rw] auto_enable # Indicates whether to automatically enable member accounts in the # organization. # @return [Boolean] # # @!attribute [rw] data_sources # Describes which data sources will be updated. # @return [Types::OrganizationDataSourceConfigurations] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateOrganizationConfigurationRequest AWS API Documentation # class UpdateOrganizationConfigurationRequest < Struct.new( :detector_id, :auto_enable, :data_sources) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateOrganizationConfigurationResponse AWS API Documentation # class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The ID of the detector associated with the publishing destinations # to update. # @return [String] # # @!attribute [rw] destination_id # The ID of the publishing destination to update. # @return [String] # # @!attribute [rw] destination_properties # A `DestinationProperties` object that includes the `DestinationArn` # and `KmsKeyArn` of the publishing destination. # @return [Types::DestinationProperties] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdatePublishingDestinationRequest AWS API Documentation # class UpdatePublishingDestinationRequest < Struct.new( :detector_id, :destination_id, :destination_properties) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdatePublishingDestinationResponse AWS API Documentation # class UpdatePublishingDestinationResponse < Aws::EmptyStructure; end # @!attribute [rw] detector_id # The detectorID that specifies the GuardDuty service whose # ThreatIntelSet you want to update. # @return [String] # # @!attribute [rw] threat_intel_set_id # The unique ID that specifies the ThreatIntelSet that you want to # update. # @return [String] # # @!attribute [rw] name # The unique ID that specifies the ThreatIntelSet that you want to # update. # @return [String] # # @!attribute [rw] location # The updated URI of the file that contains the ThreateIntelSet. # @return [String] # # @!attribute [rw] activate # The updated Boolean value that specifies whether the ThreateIntelSet # is active or not. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateThreatIntelSetRequest AWS API Documentation # class UpdateThreatIntelSetRequest < Struct.new( :detector_id, :threat_intel_set_id, :name, :location, :activate) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateThreatIntelSetResponse AWS API Documentation # class UpdateThreatIntelSetResponse < Aws::EmptyStructure; end # Contains information on the total of usage based on account IDs. # # @!attribute [rw] account_id # The Account ID that generated usage. # @return [String] # # @!attribute [rw] total # Represents the total of usage for the Account ID. # @return [Types::Total] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UsageAccountResult AWS API Documentation # class UsageAccountResult < Struct.new( :account_id, :total) SENSITIVE = [] include Aws::Structure end # Contains information about the criteria used to query usage # statistics. # # @!attribute [rw] account_ids # The account IDs to aggregate usage statistics from. # @return [Array] # # @!attribute [rw] data_sources # The data sources to aggregate usage statistics from. # @return [Array] # # @!attribute [rw] resources # The resources to aggregate usage statistics from. Only accepts exact # resource names. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UsageCriteria AWS API Documentation # class UsageCriteria < Struct.new( :account_ids, :data_sources, :resources) SENSITIVE = [] include Aws::Structure end # Contains information on the result of usage based on data source type. # # @!attribute [rw] data_source # The data source type that generated usage. # @return [String] # # @!attribute [rw] total # Represents the total of usage for the specified data source. # @return [Types::Total] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UsageDataSourceResult AWS API Documentation # class UsageDataSourceResult < Struct.new( :data_source, :total) SENSITIVE = [] include Aws::Structure end # Contains information on the sum of usage based on an Amazon Web # Services resource. # # @!attribute [rw] resource # The Amazon Web Services resource that generated usage. # @return [String] # # @!attribute [rw] total # Represents the sum total of usage for the specified resource type. # @return [Types::Total] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UsageResourceResult AWS API Documentation # class UsageResourceResult < Struct.new( :resource, :total) SENSITIVE = [] include Aws::Structure end # Contains the result of GuardDuty usage. If a UsageStatisticType is # provided the result for other types will be null. # # @!attribute [rw] sum_by_account # The usage statistic sum organized by account ID. # @return [Array] # # @!attribute [rw] sum_by_data_source # The usage statistic sum organized by on data source. # @return [Array] # # @!attribute [rw] sum_by_resource # The usage statistic sum organized by resource. # @return [Array] # # @!attribute [rw] top_resources # Lists the top 50 resources that have generated the most GuardDuty # usage, in order from most to least expensive. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UsageStatistics AWS API Documentation # class UsageStatistics < Struct.new( :sum_by_account, :sum_by_data_source, :sum_by_resource, :top_resources) SENSITIVE = [] include Aws::Structure end # Volume used by the Kubernetes workload. # # @!attribute [rw] name # Volume name. # @return [String] # # @!attribute [rw] host_path # Represents a pre-existing file or directory on the host machine that # the volume maps to. # @return [Types::HostPath] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/Volume AWS API Documentation # class Volume < Struct.new( :name, :host_path) SENSITIVE = [] include Aws::Structure end # Contains EBS volume details. # # @!attribute [rw] volume_arn # EBS volume Arn information. # @return [String] # # @!attribute [rw] volume_type # The EBS volume type. # @return [String] # # @!attribute [rw] device_name # The device name for the EBS volume. # @return [String] # # @!attribute [rw] volume_size_in_gb # EBS volume size in GB. # @return [Integer] # # @!attribute [rw] encryption_type # EBS volume encryption type. # @return [String] # # @!attribute [rw] snapshot_arn # Snapshot Arn of the EBS volume. # @return [String] # # @!attribute [rw] kms_key_arn # KMS key Arn used to encrypt the EBS volume. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/VolumeDetail AWS API Documentation # class VolumeDetail < Struct.new( :volume_arn, :volume_type, :device_name, :volume_size_in_gb, :encryption_type, :snapshot_arn, :kms_key_arn) SENSITIVE = [] include Aws::Structure end # Container volume mount. # # @!attribute [rw] name # Volume mount name. # @return [String] # # @!attribute [rw] mount_path # Volume mount path. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/VolumeMount AWS API Documentation # class VolumeMount < Struct.new( :name, :mount_path) SENSITIVE = [] include Aws::Structure end end end