lib/aws-sdk-guardduty/client.rb in aws-sdk-guardduty-1.28.0 vs lib/aws-sdk-guardduty/client.rb in aws-sdk-guardduty-1.29.0

- old
+ new

@@ -30,15 +30,15 @@ Aws::Plugins::GlobalConfiguration.add_identifier(:guardduty) module Aws::GuardDuty # An API client for GuardDuty. To construct a client, you need to configure a `:region` and `:credentials`. # - # client = Aws::GuardDuty::Client.new( - # region: region_name, - # credentials: credentials, - # # ... - # ) + # client = Aws::GuardDuty::Client.new( + # region: region_name, + # credentials: credentials, + # # ... + # ) # # For details on configuring region and credentials see # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html). # # See {#initialize} for a full list of supported configuration options. @@ -227,20 +227,24 @@ # used by the default backoff function. This option is only used in the # `legacy` retry mode. # # @option options [String] :retry_mode ("legacy") # Specifies which retry algorithm to use. Values are: - # * `legacy` - The pre-existing retry behavior. This is default value if - # no retry mode is provided. - # * `standard` - A standardized set of retry rules across the AWS SDKs. - # This includes support for retry quotas, which limit the number of - # unsuccessful retries a client can make. - # * `adaptive` - An experimental retry mode that includes all the - # functionality of `standard` mode along with automatic client side - # throttling. This is a provisional mode that may change behavior - # in the future. # + # * `legacy` - The pre-existing retry behavior. This is default value if + # no retry mode is provided. + # + # * `standard` - A standardized set of retry rules across the AWS SDKs. + # This includes support for retry quotas, which limit the number of + # unsuccessful retries a client can make. + # + # * `adaptive` - An experimental retry mode that includes all the + # functionality of `standard` mode along with automatic client side + # throttling. This is a provisional mode that may change behavior + # in the future. + # + # # @option options [String] :secret_access_key # # @option options [String] :session_token # # @option options [Boolean] :stub_responses (false) @@ -263,12 +267,11 @@ # seconds to wait when opening a HTTP session before raising a # `Timeout::Error`. # # @option options [Integer] :http_read_timeout (60) The default # number of seconds to wait for response data. This value can - # safely be set - # per-request on the session yielded by {#session_for}. + # safely be set per-request on the session. # # @option options [Float] :http_idle_timeout (5) The number of # seconds a connection is allowed to sit idle before it is # considered stale. Stale connections are closed and removed # from the pool before making a request. @@ -276,11 +279,11 @@ # @option options [Float] :http_continue_timeout (1) The number of # seconds to wait for a 100-continue response before sending the # request body. This option has no effect unless the request has # "Expect" header set to "100-continue". Defaults to `nil` which # disables this behaviour. This value can safely be set per - # request on the session yielded by {#session_for}. + # request on the session. # # @option options [Boolean] :http_wire_trace (false) When `true`, # HTTP debug output will be sent to the `:logger`. # # @option options [Boolean] :ssl_verify_peer (true) When `true`, @@ -313,11 +316,11 @@ # @option params [required, String] :master_id # The account ID of the master GuardDuty account whose invitation # you're accepting. # # @option params [required, String] :invitation_id - # This value is used to validate the master account to the member + # The value that is used to validate the master account to the member # account. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values @@ -335,23 +338,24 @@ def accept_invitation(params = {}, options = {}) req = build_request(:accept_invitation, params) req.send_request(options) end - # Archives GuardDuty findings specified by the list of finding IDs. + # Archives GuardDuty findings that are specified by the list of finding + # IDs. # - # <note markdown="1"> Only the master account can archive findings. Member accounts do not + # <note markdown="1"> Only the master account can archive findings. Member accounts don't # have permission to archive findings from their accounts. # # </note> # # @option params [required, String] :detector_id # The ID of the detector that specifies the GuardDuty service whose # findings you want to archive. # # @option params [required, Array<String>] :finding_ids - # IDs of the findings that you want to archive. + # The IDs of the findings that you want to archive. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # @@ -369,25 +373,25 @@ req.send_request(options) end # Creates a single Amazon GuardDuty detector. A detector is a resource # that represents the GuardDuty service. To start using GuardDuty, you - # must create a detector in each region that you enable the service. You - # can have only one detector per account per region. + # must create a detector in each Region where you enable the service. + # You can have only one detector per account per Region. # # @option params [required, Boolean] :enable - # A boolean value that specifies whether the detector is to be enabled. + # A Boolean value that specifies whether the detector is to be enabled. # # @option params [String] :client_token # The idempotency token for the create request. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option.** # # @option params [String] :finding_publishing_frequency - # A enum value that specifies how frequently customer got Finding - # updates published. + # An enum value that specifies how frequently updated findings are + # exported. # # @option params [Hash<String,String>] :tags # The tags to be added to a new detector resource. # # @return [Types::CreateDetectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: @@ -419,12 +423,12 @@ end # Creates a filter using the specified finding criteria. # # @option params [required, String] :detector_id - # The unique ID of the detector of the GuardDuty account for which you - # want to create a filter. + # The unique ID of the detector of the GuardDuty account that you want + # to create a filter for. # # @option params [required, String] :name # The name of the filter. # # @option params [String] :description @@ -441,10 +445,119 @@ # # @option params [required, Types::FindingCriteria] :finding_criteria # Represents the criteria to be used in the filter for querying # findings. # + # You can only use the following attributes to query findings: + # + # * accountId + # + # * region + # + # * confidence + # + # * id + # + # * resource.accessKeyDetails.accessKeyId + # + # * resource.accessKeyDetails.principalId + # + # * resource.accessKeyDetails.userName + # + # * resource.accessKeyDetails.userType + # + # * resource.instanceDetails.iamInstanceProfile.id + # + # * resource.instanceDetails.imageId + # + # * resource.instanceDetails.instanceId + # + # * resource.instanceDetails.outpostArn + # + # * resource.instanceDetails.networkInterfaces.ipv6Addresses + # + # * resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress + # + # * resource.instanceDetails.networkInterfaces.publicDnsName + # + # * resource.instanceDetails.networkInterfaces.publicIp + # + # * resource.instanceDetails.networkInterfaces.securityGroups.groupId + # + # * resource.instanceDetails.networkInterfaces.securityGroups.groupName + # + # * resource.instanceDetails.networkInterfaces.subnetId + # + # * resource.instanceDetails.networkInterfaces.vpcId + # + # * resource.instanceDetails.tags.key + # + # * resource.instanceDetails.tags.value + # + # * resource.resourceType + # + # * service.action.actionType + # + # * service.action.awsApiCallAction.api + # + # * service.action.awsApiCallAction.callerType + # + # * service.action.awsApiCallAction.remoteIpDetails.city.cityName + # + # * service.action.awsApiCallAction.remoteIpDetails.country.countryName + # + # * service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 + # + # * service.action.awsApiCallAction.remoteIpDetails.organization.asn + # + # * service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg + # + # * service.action.awsApiCallAction.serviceName + # + # * service.action.dnsRequestAction.domain + # + # * service.action.networkConnectionAction.blocked + # + # * service.action.networkConnectionAction.connectionDirection + # + # * service.action.networkConnectionAction.localPortDetails.port + # + # * service.action.networkConnectionAction.protocol + # + # * service.action.networkConnectionAction.remoteIpDetails.city.cityName + # + # * service.action.networkConnectionAction.remoteIpDetails.country.countryName + # + # * service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 + # + # * service.action.networkConnectionAction.remoteIpDetails.organization.asn + # + # * service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg + # + # * service.action.networkConnectionAction.remotePortDetails.port + # + # * service.additionalInfo.threatListName + # + # * service.archived + # + # When this attribute is set to TRUE, only archived findings are + # listed. When it's set to FALSE, only unarchived findings are + # listed. When this attribute is not set, all existing findings are + # listed. + # + # * service.resourceRole + # + # * severity + # + # * type + # + # * updatedAt + # + # Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or + # YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains + # milliseconds. + # # @option params [String] :client_token # The idempotency token for the create request. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option.** @@ -499,34 +612,36 @@ def create_filter(params = {}, options = {}) req = build_request(:create_filter, params) req.send_request(options) end - # Creates a new IPSet, called Trusted IP list in the consoler user - # interface. An IPSet is a list IP addresses trusted for secure - # communication with AWS infrastructure and applications. GuardDuty does - # not generate findings for IP addresses included in IPSets. Only users - # from the master account can use this operation. + # Creates a new IPSet, which is called a trusted IP list in the console + # user interface. An IPSet is a list of IP addresses that are trusted + # for secure communication with AWS infrastructure and applications. + # GuardDuty doesn't generate findings for IP addresses that are + # included in IPSets. Only users from the master account can use this + # operation. # # @option params [required, String] :detector_id - # The unique ID of the detector of the GuardDuty account for which you - # want to create an IPSet. + # The unique ID of the detector of the GuardDuty account that you want + # to create an IPSet for. # # @option params [required, String] :name - # The user friendly name to identify the IPSet. This name is displayed - # in all findings that are triggered by activity that involves IP - # addresses included in this IPSet. + # The user-friendly name to identify the IPSet. # + # Allowed characters are alphanumerics, spaces, hyphens (-), and + # underscores (\_). + # # @option params [required, String] :format # The format of the file that contains the IPSet. # # @option params [required, String] :location - # The URI of the file that contains the IPSet. For example - # (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key) + # The URI of the file that contains the IPSet. For example: + # https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. # # @option params [required, Boolean] :activate - # A boolean value that indicates whether GuardDuty is to start using the + # A Boolean value that indicates whether GuardDuty is to start using the # uploaded IPSet. # # @option params [String] :client_token # The idempotency token for the create request. # @@ -570,12 +685,12 @@ # Creates member accounts of the current AWS account by specifying a # list of AWS account IDs. The current AWS account can then invite these # members to manage GuardDuty in their accounts. # # @option params [required, String] :detector_id - # The unique ID of the detector of the GuardDuty account with which you - # want to associate member accounts. + # The unique ID of the detector of the GuardDuty account that you want + # to associate member accounts with. # # @option params [required, Array<Types::AccountDetail>] :account_details # A list of account ID and email address pairs of the accounts that you # want to associate with the master GuardDuty account. # @@ -608,24 +723,24 @@ def create_members(params = {}, options = {}) req = build_request(:create_members, params) req.send_request(options) end - # Creates a publishing destination to send findings to. The resource to - # send findings to must exist before you use this operation. + # Creates a publishing destination to export findings to. The resource + # to export findings to must exist before you use this operation. # # @option params [required, String] :detector_id # The ID of the GuardDuty detector associated with the publishing # destination. # # @option params [required, String] :destination_type - # The type of resource for the publishing destination. Currently only S3 - # is supported. + # The type of resource for the publishing destination. Currently only + # Amazon S3 buckets are supported. # # @option params [required, Types::DestinationProperties] :destination_properties - # Properties of the publishing destination, including the ARNs for the - # destination and the KMS key used for encryption. + # The properties of the publishing destination, including the ARNs for + # the destination and the KMS key used for encryption. # # @option params [String] :client_token # The idempotency token for the request. # # **A suitable default value is auto-generated.** You should normally @@ -666,11 +781,11 @@ # # @option params [required, String] :detector_id # The ID of the detector to create sample findings for. # # @option params [Array<String>] :finding_types - # Types of sample findings to generate. + # The types of sample findings to generate. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # @@ -686,43 +801,43 @@ def create_sample_findings(params = {}, options = {}) req = build_request(:create_sample_findings, params) req.send_request(options) end - # Create a new ThreatIntelSet. ThreatIntelSets consist of known + # Creates a new ThreatIntelSet. ThreatIntelSets consist of known # malicious IP addresses. GuardDuty generates findings based on # ThreatIntelSets. Only users of the master account can use this # operation. # # @option params [required, String] :detector_id - # The unique ID of the detector of the GuardDuty account for which you - # want to create a threatIntelSet. + # The unique ID of the detector of the GuardDuty account that you want + # to create a threatIntelSet for. # # @option params [required, String] :name - # A user-friendly ThreatIntelSet name that is displayed in all finding + # A user-friendly ThreatIntelSet name displayed in all findings that are # generated by activity that involves IP addresses included in this # ThreatIntelSet. # # @option params [required, String] :format # The format of the file that contains the ThreatIntelSet. # # @option params [required, String] :location - # The URI of the file that contains the ThreatIntelSet. For example - # (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key). + # The URI of the file that contains the ThreatIntelSet. For example: + # https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. # # @option params [required, Boolean] :activate - # A boolean value that indicates whether GuardDuty is to start using the + # A Boolean value that indicates whether GuardDuty is to start using the # uploaded ThreatIntelSet. # # @option params [String] :client_token # The idempotency token for the create request. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option.** # # @option params [Hash<String,String>] :tags - # The tags to be added to a new Threat List resource. + # The tags to be added to a new threat list resource. # # @return [Types::CreateThreatIntelSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CreateThreatIntelSetResponse#threat_intel_set_id #threat_intel_set_id} => String # @@ -751,12 +866,12 @@ def create_threat_intel_set(params = {}, options = {}) req = build_request(:create_threat_intel_set, params) req.send_request(options) end - # Declines invitations sent to the current member account by AWS account - # specified by their account IDs. + # Declines invitations sent to the current member account by AWS + # accounts specified by their account IDs. # # @option params [required, Array<String>] :account_ids # A list of account IDs of the AWS accounts that sent invitations to the # current member account that you want to decline invitations from. # @@ -783,11 +898,12 @@ def decline_invitations(params = {}, options = {}) req = build_request(:decline_invitations, params) req.send_request(options) end - # Deletes a Amazon GuardDuty detector specified by the detector ID. + # Deletes an Amazon GuardDuty detector that is specified by the detector + # ID. # # @option params [required, String] :detector_id # The unique ID of the detector that you want to delete. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. @@ -808,14 +924,14 @@ end # Deletes the filter specified by the filter name. # # @option params [required, String] :detector_id - # The unique ID of the detector the filter is associated with. + # The unique ID of the detector that the filter is associated with. # # @option params [required, String] :filter_name - # The name of the filter you want to delete. + # The name of the filter that you want to delete. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # @@ -832,11 +948,11 @@ req = build_request(:delete_filter, params) req.send_request(options) end # Deletes the IPSet specified by the `ipSetId`. IPSets are called - # Trusted IP lists in the console user interface. + # trusted IP lists in the console user interface. # # @option params [required, String] :detector_id # The unique ID of the detector associated with the IPSet. # # @option params [required, String] :ip_set_id @@ -954,17 +1070,18 @@ def delete_publishing_destination(params = {}, options = {}) req = build_request(:delete_publishing_destination, params) req.send_request(options) end - # Deletes ThreatIntelSet specified by the ThreatIntelSet ID. + # Deletes the ThreatIntelSet specified by the ThreatIntelSet ID. # # @option params [required, String] :detector_id - # The unique ID of the detector the threatIntelSet is associated with. + # The unique ID of the detector that the threatIntelSet is associated + # with. # # @option params [required, String] :threat_intel_set_id - # The unique ID of the threatIntelSet you want to delete. + # The unique ID of the threatIntelSet that you want to delete. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # @@ -980,10 +1097,42 @@ def delete_threat_intel_set(params = {}, options = {}) req = build_request(:delete_threat_intel_set, params) req.send_request(options) end + # Returns information about the account selected as the delegated + # administrator for GuardDuty. + # + # @option params [required, String] :detector_id + # The ID of the detector to retrieve information about the delegated + # administrator from. + # + # @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean + # * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean + # + # @example Request syntax with placeholder values + # + # resp = client.describe_organization_configuration({ + # detector_id: "DetectorId", # required + # }) + # + # @example Response structure + # + # resp.auto_enable #=> Boolean + # resp.member_account_limit_reached #=> Boolean + # + # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeOrganizationConfiguration AWS API Documentation + # + # @overload describe_organization_configuration(params = {}) + # @param [Hash] params ({}) + def describe_organization_configuration(params = {}, options = {}) + req = build_request(:describe_organization_configuration, params) + req.send_request(options) + end + # Returns information about the publishing destination specified by the # provided `destinationId`. # # @option params [required, String] :detector_id # The unique ID of the detector associated with the publishing @@ -1023,10 +1172,34 @@ def describe_publishing_destination(params = {}, options = {}) req = build_request(:describe_publishing_destination, params) req.send_request(options) end + # Disables GuardDuty administrator permissions for an AWS account within + # the Organization. + # + # @option params [required, String] :admin_account_id + # The AWS Account ID for the Organizations account to be disabled as a + # GuardDuty delegated administrator. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.disable_organization_admin_account({ + # admin_account_id: "String", # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DisableOrganizationAdminAccount AWS API Documentation + # + # @overload disable_organization_admin_account(params = {}) + # @param [Hash] params ({}) + def disable_organization_admin_account(params = {}, options = {}) + req = build_request(:disable_organization_admin_account, params) + req.send_request(options) + end + # Disassociates the current GuardDuty member account from its master # account. # # @option params [required, String] :detector_id # The unique ID of the detector of the GuardDuty member account. @@ -1051,15 +1224,15 @@ # Disassociates GuardDuty member accounts (to the current GuardDuty # master account) specified by the account IDs. # # @option params [required, String] :detector_id # The unique ID of the detector of the GuardDuty account whose members - # you want to disassociate from master. + # you want to disassociate from the master account. # # @option params [required, Array<String>] :account_ids # A list of account IDs of the GuardDuty member accounts that you want - # to disassociate from master. + # to disassociate from the master account. # # @return [Types::DisassociateMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::DisassociateMembersResponse#unprocessed_accounts #unprocessed_accounts} => Array&lt;Types::UnprocessedAccount&gt; # @@ -1083,10 +1256,34 @@ def disassociate_members(params = {}, options = {}) req = build_request(:disassociate_members, params) req.send_request(options) end + # Enables GuardDuty administrator permissions for an AWS account within + # the organization. + # + # @option params [required, String] :admin_account_id + # The AWS Account ID for the Organizations account to be enabled as a + # GuardDuty delegated administrator. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.enable_organization_admin_account({ + # admin_account_id: "String", # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/EnableOrganizationAdminAccount AWS API Documentation + # + # @overload enable_organization_admin_account(params = {}) + # @param [Hash] params ({}) + def enable_organization_admin_account(params = {}, options = {}) + req = build_request(:enable_organization_admin_account, params) + req.send_request(options) + end + # Retrieves an Amazon GuardDuty detector specified by the detectorId. # # @option params [required, String] :detector_id # The unique ID of the detector that you want to get. # @@ -1125,11 +1322,11 @@ end # Returns the details of the filter specified by the filter name. # # @option params [required, String] :detector_id - # The unique ID of the detector the filter is associated with. + # The unique ID of the detector that the filter is associated with. # # @option params [required, String] :filter_name # The name of the filter you want to get. # # @return [Types::GetFilterResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: @@ -1188,11 +1385,11 @@ # @option params [required, String] :detector_id # The ID of the detector that specifies the GuardDuty service whose # findings you want to retrieve. # # @option params [required, Array<String>] :finding_ids - # IDs of the findings that you want to retrieve. + # The IDs of the findings that you want to retrieve. # # @option params [Types::SortCriteria] :sort_criteria # Represents the criteria used for sorting findings. # # @return [Types::GetFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: @@ -1333,22 +1530,22 @@ def get_findings(params = {}, options = {}) req = build_request(:get_findings, params) req.send_request(options) end - # Lists Amazon GuardDuty findings' statistics for the specified - # detector ID. + # Lists Amazon GuardDuty findings statistics for the specified detector + # ID. # # @option params [required, String] :detector_id # The ID of the detector that specifies the GuardDuty service whose # findings' statistics you want to retrieve. # # @option params [required, Array<String>] :finding_statistic_types - # Types of finding statistics to retrieve. + # The types of finding statistics to retrieve. # # @option params [Types::FindingCriteria] :finding_criteria - # Represents the criteria used for querying findings. + # Represents the criteria that is used for querying findings. # # @return [Types::GetFindingsStatisticsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetFindingsStatisticsResponse#finding_statistics #finding_statistics} => Types::FindingStatistics # @@ -1392,11 +1589,11 @@ end # Retrieves the IPSet specified by the `ipSetId`. # # @option params [required, String] :detector_id - # The unique ID of the detector the ipSet is associated with. + # The unique ID of the detector that the IPSet is associated with. # # @option params [required, String] :ip_set_id # The unique ID of the IPSet to retrieve. # # @return [Types::GetIPSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: @@ -1533,14 +1730,15 @@ # Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet # ID. # # @option params [required, String] :detector_id - # The unique ID of the detector the threatIntelSet is associated with. + # The unique ID of the detector that the threatIntelSet is associated + # with. # # @option params [required, String] :threat_intel_set_id - # The unique ID of the threatIntelSet you want to get. + # The unique ID of the threatIntelSet that you want to get. # # @return [Types::GetThreatIntelSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetThreatIntelSetResponse#name #name} => String # * {Types::GetThreatIntelSetResponse#format #format} => String @@ -1572,24 +1770,24 @@ req = build_request(:get_threat_intel_set, params) req.send_request(options) end # Invites other AWS accounts (created as members of the current AWS - # account by CreateMembers) to enable GuardDuty and allow the current + # account by CreateMembers) to enable GuardDuty, and allow the current # AWS account to view and manage these accounts' GuardDuty findings on # their behalf as the master account. # # @option params [required, String] :detector_id - # The unique ID of the detector of the GuardDuty account with which you - # want to invite members. + # The unique ID of the detector of the GuardDuty account that you want + # to invite members with. # # @option params [required, Array<String>] :account_ids # A list of account IDs of the accounts that you want to invite to # GuardDuty as members. # # @option params [Boolean] :disable_email_notification - # A boolean value that specifies whether you want to disable email + # A Boolean value that specifies whether you want to disable email # notification to the accounts that you’re inviting to GuardDuty as # members. # # @option params [String] :message # The invitation message that you want to send to the accounts that @@ -1625,26 +1823,28 @@ # Lists detectorIds of all the existing Amazon GuardDuty detector # resources. # # @option params [Integer] :max_results - # You can use this parameter to indicate the maximum number of items you - # want in the response. The default value is 50. The maximum value is - # 50. + # You can use this parameter to indicate the maximum number of items + # that you want in the response. The default value is 50. The maximum + # value is 50. # # @option params [String] :next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For - # subsequent calls to the action fill nextToken in the request with the + # subsequent calls to the action, fill nextToken in the request with the # value of NextToken from the previous response to continue listing # data. # # @return [Types::ListDetectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListDetectorsResponse#detector_ids #detector_ids} => Array&lt;String&gt; # * {Types::ListDetectorsResponse#next_token #next_token} => String # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # # @example Request syntax with placeholder values # # resp = client.list_detectors({ # max_results: 1, # next_token: "String", @@ -1666,29 +1866,31 @@ end # Returns a paginated list of the current filters. # # @option params [required, String] :detector_id - # The unique ID of the detector the filter is associated with. + # The unique ID of the detector that the filter is associated with. # # @option params [Integer] :max_results - # You can use this parameter to indicate the maximum number of items you - # want in the response. The default value is 50. The maximum value is - # 50. + # You can use this parameter to indicate the maximum number of items + # that you want in the response. The default value is 50. The maximum + # value is 50. # # @option params [String] :next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For - # subsequent calls to the action fill nextToken in the request with the + # subsequent calls to the action, fill nextToken in the request with the # value of NextToken from the previous response to continue listing # data. # # @return [Types::ListFiltersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListFiltersResponse#filter_names #filter_names} => Array&lt;String&gt; # * {Types::ListFiltersResponse#next_token #next_token} => String # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # # @example Request syntax with placeholder values # # resp = client.list_filters({ # detector_id: "DetectorId", # required # max_results: 1, @@ -1742,12 +1944,10 @@ # # * resource.instanceDetails.imageId # # * resource.instanceDetails.instanceId # - # * resource.instanceDetails.outpostArn - # # * resource.instanceDetails.networkInterfaces.ipv6Addresses # # * resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress # # * resource.instanceDetails.networkInterfaces.publicDnsName @@ -1794,12 +1994,10 @@ # # * service.action.networkConnectionAction.localPortDetails.port # # * service.action.networkConnectionAction.protocol # - # * service.action.networkConnectionAction.localIpDetails.ipAddressV4 - # # * service.action.networkConnectionAction.remoteIpDetails.city.cityName # # * service.action.networkConnectionAction.remoteIpDetails.country.countryName # # * service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 @@ -1838,19 +2036,21 @@ # 50. # # @option params [String] :next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For - # subsequent calls to the action fill nextToken in the request with the + # subsequent calls to the action, fill nextToken in the request with the # value of NextToken from the previous response to continue listing # data. # # @return [Types::ListFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListFindingsResponse#finding_ids #finding_ids} => Array&lt;String&gt; # * {Types::ListFindingsResponse#next_token #next_token} => String # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # # @example Request syntax with placeholder values # # resp = client.list_findings({ # detector_id: "DetectorId", # required # finding_criteria: { @@ -1897,29 +2097,31 @@ # Lists the IPSets of the GuardDuty service specified by the detector # ID. If you use this operation from a member account, the IPSets # returned are the IPSets from the associated master account. # # @option params [required, String] :detector_id - # The unique ID of the detector the ipSet is associated with. + # The unique ID of the detector that the IPSet is associated with. # # @option params [Integer] :max_results # You can use this parameter to indicate the maximum number of items you # want in the response. The default value is 50. The maximum value is # 50. # # @option params [String] :next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For - # subsequent calls to the action fill nextToken in the request with the + # subsequent calls to the action, fill nextToken in the request with the # value of NextToken from the previous response to continue listing # data. # # @return [Types::ListIPSetsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListIPSetsResponse#ip_set_ids #ip_set_ids} => Array&lt;String&gt; # * {Types::ListIPSetsResponse#next_token #next_token} => String # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # # @example Request syntax with placeholder values # # resp = client.list_ip_sets({ # detector_id: "DetectorId", # required # max_results: 1, @@ -1943,26 +2145,28 @@ # Lists all GuardDuty membership invitations that were sent to the # current AWS account. # # @option params [Integer] :max_results - # You can use this parameter to indicate the maximum number of items you - # want in the response. The default value is 50. The maximum value is - # 50. + # You can use this parameter to indicate the maximum number of items + # that you want in the response. The default value is 50. The maximum + # value is 50. # # @option params [String] :next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For - # subsequent calls to the action fill nextToken in the request with the + # subsequent calls to the action, fill nextToken in the request with the # value of NextToken from the previous response to continue listing # data. # # @return [Types::ListInvitationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListInvitationsResponse#invitations #invitations} => Array&lt;Types::Invitation&gt; # * {Types::ListInvitationsResponse#next_token #next_token} => String # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # # @example Request syntax with placeholder values # # resp = client.list_invitations({ # max_results: 1, # next_token: "String", @@ -1984,12 +2188,12 @@ def list_invitations(params = {}, options = {}) req = build_request(:list_invitations, params) req.send_request(options) end - # Lists details about all member accounts for the current GuardDuty - # master account. + # Lists details about associated member accounts for the current + # GuardDuty master account. # # @option params [required, String] :detector_id # The unique ID of the detector the member is associated with. # # @option params [Integer] :max_results @@ -1998,24 +2202,28 @@ # 50. # # @option params [String] :next_token # You can use this parameter when paginating results. Set the value of # this parameter to null on your first call to the list action. For - # subsequent calls to the action fill nextToken in the request with the + # subsequent calls to the action, fill nextToken in the request with the # value of NextToken from the previous response to continue listing # data. # # @option params [String] :only_associated - # Specifies whether to only return associated members or to return all - # members (including members which haven't been invited yet or have - # been disassociated). + # Specifies what member accounts the response includes based on their + # relationship status with the master account. The default value is + # "true". If set to "false" the response includes all existing + # member accounts (including members who haven't been invited yet or + # have been disassociated). # # @return [Types::ListMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListMembersResponse#members #members} => Array&lt;Types::Member&gt; # * {Types::ListMembersResponse#next_token #next_token} => String # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # # @example Request syntax with placeholder values # # resp = client.list_members({ # detector_id: "DetectorId", # required # max_results: 1, @@ -2042,30 +2250,76 @@ def list_members(params = {}, options = {}) req = build_request(:list_members, params) req.send_request(options) end + # Lists the accounts configured as AWS Organization delegated + # administrators. + # + # @option params [Integer] :max_results + # The maximum number of results to return in the response. + # + # @option params [String] :next_token + # A token to use for paginating results that are returned in the + # response. Set the value of this parameter to null for the first + # request to a list action. For subsequent calls, use the `NextToken` + # value returned from the previous request to continue listing results + # after the first page. + # + # @return [Types::ListOrganizationAdminAccountsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: + # + # * {Types::ListOrganizationAdminAccountsResponse#admin_accounts #admin_accounts} => Array&lt;Types::AdminAccount&gt; + # * {Types::ListOrganizationAdminAccountsResponse#next_token #next_token} => String + # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # + # @example Request syntax with placeholder values + # + # resp = client.list_organization_admin_accounts({ + # max_results: 1, + # next_token: "String", + # }) + # + # @example Response structure + # + # resp.admin_accounts #=> Array + # resp.admin_accounts[0].admin_account_id #=> String + # resp.admin_accounts[0].admin_status #=> String, one of "ENABLED", "DISABLE_IN_PROGRESS" + # resp.next_token #=> String + # + # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListOrganizationAdminAccounts AWS API Documentation + # + # @overload list_organization_admin_accounts(params = {}) + # @param [Hash] params ({}) + def list_organization_admin_accounts(params = {}, options = {}) + req = build_request(:list_organization_admin_accounts, params) + req.send_request(options) + end + # Returns a list of publishing destinations associated with the # specified `dectectorId`. # # @option params [required, String] :detector_id # The ID of the detector to retrieve publishing destinations for. # # @option params [Integer] :max_results # The maximum number of results to return in the response. # # @option params [String] :next_token - # A token to use for paginating results returned in the repsonse. Set - # the value of this parameter to null for the first request to a list - # action. For subsequent calls, use the `NextToken` value returned from - # the previous request to continue listing results after the first page. + # A token to use for paginating results that are returned in the + # response. Set the value of this parameter to null for the first + # request to a list action. For subsequent calls, use the `NextToken` + # value returned from the previous request to continue listing results + # after the first page. # # @return [Types::ListPublishingDestinationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListPublishingDestinationsResponse#destinations #destinations} => Array&lt;Types::Destination&gt; # * {Types::ListPublishingDestinationsResponse#next_token #next_token} => String # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # # @example Request syntax with placeholder values # # resp = client.list_publishing_destinations({ # detector_id: "DetectorId", # required # max_results: 1, @@ -2088,16 +2342,16 @@ req = build_request(:list_publishing_destinations, params) req.send_request(options) end # Lists tags for a resource. Tagging is currently supported for - # detectors, finding filters, IP sets, and Threat Intel sets, with a + # detectors, finding filters, IP sets, and threat intel sets, with a # limit of 50 tags per resource. When invoked, this operation returns - # all assigned tags for a given resource.. + # all assigned tags for a given resource. # # @option params [required, String] :resource_arn - # The Amazon Resource Name (ARN) for the given GuardDuty resource + # The Amazon Resource Name (ARN) for the given GuardDuty resource. # # @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListTagsForResourceResponse#tags #tags} => Hash&lt;String,String&gt; # @@ -2124,29 +2378,32 @@ # Lists the ThreatIntelSets of the GuardDuty service specified by the # detector ID. If you use this operation from a member account, the # ThreatIntelSets associated with the master account are returned. # # @option params [required, String] :detector_id - # The unique ID of the detector the threatIntelSet is associated with. + # The unique ID of the detector that the threatIntelSet is associated + # with. # # @option params [Integer] :max_results - # You can use this parameter to indicate the maximum number of items you - # want in the response. The default value is 50. The maximum value is - # 50. + # You can use this parameter to indicate the maximum number of items + # that you want in the response. The default value is 50. The maximum + # value is 50. # # @option params [String] :next_token # You can use this parameter to paginate results in the response. Set # the value of this parameter to null on your first call to the list - # action. For subsequent calls to the action fill nextToken in the + # action. For subsequent calls to the action, fill nextToken in the # request with the value of NextToken from the previous response to # continue listing data. # # @return [Types::ListThreatIntelSetsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::ListThreatIntelSetsResponse#threat_intel_set_ids #threat_intel_set_ids} => Array&lt;String&gt; # * {Types::ListThreatIntelSetsResponse#next_token #next_token} => String # + # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}. + # # @example Request syntax with placeholder values # # resp = client.list_threat_intel_sets({ # detector_id: "DetectorId", # required # max_results: 1, @@ -2204,20 +2461,20 @@ def start_monitoring_members(params = {}, options = {}) req = build_request(:start_monitoring_members, params) req.send_request(options) end - # Stops GuardDuty monitoring for the specified member accounnts. Use the - # `StartMonitoringMembers` to restart monitoring for those accounts. + # Stops GuardDuty monitoring for the specified member accounts. Use the + # `StartMonitoringMembers` operation to restart monitoring for those + # accounts. # # @option params [required, String] :detector_id - # The unique ID of the detector of the GuardDuty account that you want - # to stop from monitor members' findings. + # The unique ID of the detector associated with the GuardDuty master + # account that is monitoring member accounts. # # @option params [required, Array<String>] :account_ids - # A list of account IDs of the GuardDuty member accounts whose findings - # you want the master account to stop monitoring. + # A list of account IDs for the member accounts to stop monitoring. # # @return [Types::StopMonitoringMembersResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::StopMonitoringMembersResponse#unprocessed_accounts #unprocessed_accounts} => Array&lt;Types::UnprocessedAccount&gt; # @@ -2276,11 +2533,11 @@ # # @option params [required, String] :detector_id # The ID of the detector associated with the findings to unarchive. # # @option params [required, Array<String>] :finding_ids - # IDs of the findings to unarchive. + # The IDs of the findings to unarchive. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # @@ -2331,12 +2588,12 @@ # # @option params [Boolean] :enable # Specifies whether the detector is enabled or not enabled. # # @option params [String] :finding_publishing_frequency - # A enum value that specifies how frequently findings are exported, such - # as to CloudWatch Events. + # An enum value that specifies how frequently findings are exported, + # such as to CloudWatch Events. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values # @@ -2430,11 +2687,11 @@ # @option params [required, String] :detector_id # The ID of the detector associated with the findings to update feedback # for. # # @option params [required, Array<String>] :finding_ids - # IDs of the findings that you want to mark as useful or not useful. + # The IDs of the findings that you want to mark as useful or not useful. # # @option params [required, String] :feedback # The feedback for the finding. # # @option params [String] :comments @@ -2471,15 +2728,15 @@ # # @option params [String] :name # The unique ID that specifies the IPSet that you want to update. # # @option params [String] :location - # The updated URI of the file that contains the IPSet. For example - # (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key). + # The updated URI of the file that contains the IPSet. For example: + # https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. # # @option params [Boolean] :activate - # The updated boolean value that specifies whether the IPSet is active + # The updated Boolean value that specifies whether the IPSet is active # or not. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values @@ -2499,20 +2756,47 @@ def update_ip_set(params = {}, options = {}) req = build_request(:update_ip_set, params) req.send_request(options) end + # Updates the delegated administrator account with the values provided. + # + # @option params [required, String] :detector_id + # The ID of the detector to update the delegated administrator for. + # + # @option params [required, Boolean] :auto_enable + # Indicates whether to automatically enable member accounts in the + # organization. + # + # @return [Struct] Returns an empty {Seahorse::Client::Response response}. + # + # @example Request syntax with placeholder values + # + # resp = client.update_organization_configuration({ + # detector_id: "DetectorId", # required + # auto_enable: false, # required + # }) + # + # @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateOrganizationConfiguration AWS API Documentation + # + # @overload update_organization_configuration(params = {}) + # @param [Hash] params ({}) + def update_organization_configuration(params = {}, options = {}) + req = build_request(:update_organization_configuration, params) + req.send_request(options) + end + # Updates information about the publishing destination specified by the # `destinationId`. # # @option params [required, String] :detector_id - # The ID of the - # - # @option params [required, String] :destination_id # The ID of the detector associated with the publishing destinations to # update. # + # @option params [required, String] :destination_id + # The ID of the publishing destination to update. + # # @option params [Types::DestinationProperties] :destination_properties # A `DestinationProperties` object that includes the `DestinationArn` # and `KmsKeyArn` of the publishing destination. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. @@ -2535,11 +2819,11 @@ def update_publishing_destination(params = {}, options = {}) req = build_request(:update_publishing_destination, params) req.send_request(options) end - # Updates the ThreatIntelSet specified by ThreatIntelSet ID. + # Updates the ThreatIntelSet specified by the ThreatIntelSet ID. # # @option params [required, String] :detector_id # The detectorID that specifies the GuardDuty service whose # ThreatIntelSet you want to update. # @@ -2551,14 +2835,14 @@ # The unique ID that specifies the ThreatIntelSet that you want to # update. # # @option params [String] :location # The updated URI of the file that contains the ThreateIntelSet. For - # example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key) + # example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. # # @option params [Boolean] :activate - # The updated boolean value that specifies whether the ThreateIntelSet + # The updated Boolean value that specifies whether the ThreateIntelSet # is active or not. # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # @example Request syntax with placeholder values @@ -2591,10 +2875,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-guardduty' - context[:gem_version] = '1.28.0' + context[:gem_version] = '1.29.0' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated