lib/aws-sdk-guardduty/client.rb in aws-sdk-guardduty-1.64.0 vs lib/aws-sdk-guardduty/client.rb in aws-sdk-guardduty-1.65.0
- old
+ new
@@ -507,10 +507,13 @@
# [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
#
# @option params [Hash<String,String>] :tags
# The tags to be added to a new detector resource.
#
+ # @option params [Array<Types::DetectorFeatureConfiguration>] :features
+ # A list of features that will be configured for the detector.
+ #
# @return [Types::CreateDetectorResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::CreateDetectorResponse#detector_id #detector_id} => String
# * {Types::CreateDetectorResponse#unprocessed_data_sources #unprocessed_data_sources} => Types::UnprocessedDataSourcesResult
#
@@ -536,10 +539,16 @@
# },
# },
# tags: {
# "TagKey" => "TagValue",
# },
+ # features: [
+ # {
+ # name: "S3_DATA_EVENTS", # accepts S3_DATA_EVENTS, EKS_AUDIT_LOGS, EBS_MALWARE_PROTECTION, RDS_LOGIN_EVENTS
+ # status: "ENABLED", # accepts ENABLED, DISABLED
+ # },
+ # ],
# })
#
# @example Response structure
#
# resp.detector_id #=> String
@@ -554,12 +563,18 @@
def create_detector(params = {}, options = {})
req = build_request(:create_detector, params)
req.send_request(options)
end
- # Creates a filter using the specified finding criteria.
+ # Creates a filter using the specified finding criteria. The maximum
+ # number of saved filters per Amazon Web Services account per Region is
+ # 100. For more information, see [Quotas for GuardDuty][1].
#
+ #
+ #
+ # [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_limits.html
+ #
# @option params [required, String] :detector_id
# The ID of the detector belonging to the GuardDuty account that you
# want to create a filter for.
#
# @option params [required, String] :name
@@ -567,12 +582,14 @@
# underscore (\_), dash (-), and alphanumeric characters. A whitespace
# is considered to be an invalid character.
#
# @option params [String] :description
# The description of the filter. Valid characters include alphanumeric
- # characters, and special characters such as `-`, `.`, `:`, `\{ \}`, `[
- # ]`, `( )`, `/`, `\t`, `\n`, `\x0B`, `\f`, `\r`, `_`, and whitespace.
+ # characters, and special characters such as hyphen, period, colon,
+ # underscore, parentheses (`\{ \}`, `[ ]`, and `( )`), forward slash,
+ # horizontal tab, vertical tab, newline, form feed, return, and
+ # whitespace.
#
# @option params [String] :action
# Specifies the action that is to be applied to the findings that match
# the filter.
#
@@ -1380,29 +1397,50 @@
#
# @option params [required, String] :detector_id
# The ID of the detector to retrieve information about the delegated
# administrator from.
#
+ # @option params [Integer] :max_results
+ # You can use this parameter to indicate the maximum number of items
+ # that you want in the response.
+ #
+ # @option params [String] :next_token
+ # You can use this parameter when paginating results. Set the value of
+ # this parameter to null on your first call to the list action. For
+ # subsequent calls to the action, fill `nextToken` in the request with
+ # the value of `NextToken` from the previous response to continue
+ # listing data.
+ #
# @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
# * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
# * {Types::DescribeOrganizationConfigurationResponse#data_sources #data_sources} => Types::OrganizationDataSourceConfigurationsResult
+ # * {Types::DescribeOrganizationConfigurationResponse#features #features} => Array<Types::OrganizationFeatureConfigurationResult>
+ # * {Types::DescribeOrganizationConfigurationResponse#next_token #next_token} => String
#
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+ #
# @example Request syntax with placeholder values
#
# resp = client.describe_organization_configuration({
# detector_id: "DetectorId", # required
+ # max_results: 1,
+ # next_token: "String",
# })
#
# @example Response structure
#
# resp.auto_enable #=> Boolean
# resp.member_account_limit_reached #=> Boolean
# resp.data_sources.s3_logs.auto_enable #=> Boolean
# resp.data_sources.kubernetes.audit_logs.auto_enable #=> Boolean
# resp.data_sources.malware_protection.scan_ec2_instance_with_findings.ebs_volumes.auto_enable #=> Boolean
+ # resp.features #=> Array
+ # resp.features[0].name #=> String, one of "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS"
+ # resp.features[0].auto_enable #=> String, one of "NEW", "NONE"
+ # resp.next_token #=> String
#
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DescribeOrganizationConfiguration AWS API Documentation
#
# @overload describe_organization_configuration(params = {})
# @param [Hash] params ({})
@@ -1638,10 +1676,11 @@
# * {Types::GetDetectorResponse#service_role #service_role} => String
# * {Types::GetDetectorResponse#status #status} => String
# * {Types::GetDetectorResponse#updated_at #updated_at} => String
# * {Types::GetDetectorResponse#data_sources #data_sources} => Types::DataSourceConfigurationsResult
# * {Types::GetDetectorResponse#tags #tags} => Hash<String,String>
+ # * {Types::GetDetectorResponse#features #features} => Array<Types::DetectorFeatureConfigurationResult>
#
# @example Request syntax with placeholder values
#
# resp = client.get_detector({
# detector_id: "DetectorId", # required
@@ -1662,10 +1701,14 @@
# resp.data_sources.malware_protection.scan_ec2_instance_with_findings.ebs_volumes.status #=> String, one of "ENABLED", "DISABLED"
# resp.data_sources.malware_protection.scan_ec2_instance_with_findings.ebs_volumes.reason #=> String
# resp.data_sources.malware_protection.service_role #=> String
# resp.tags #=> Hash
# resp.tags["TagKey"] #=> String
+ # resp.features #=> Array
+ # resp.features[0].name #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS"
+ # resp.features[0].status #=> String, one of "ENABLED", "DISABLED"
+ # resp.features[0].updated_at #=> Time
#
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetDetector AWS API Documentation
#
# @overload get_detector(params = {})
# @param [Hash] params ({})
@@ -1918,10 +1961,23 @@
# resp.findings[0].resource.container_details.image_prefix #=> String
# resp.findings[0].resource.container_details.volume_mounts #=> Array
# resp.findings[0].resource.container_details.volume_mounts[0].name #=> String
# resp.findings[0].resource.container_details.volume_mounts[0].mount_path #=> String
# resp.findings[0].resource.container_details.security_context.privileged #=> Boolean
+ # resp.findings[0].resource.rds_db_instance_details.db_instance_identifier #=> String
+ # resp.findings[0].resource.rds_db_instance_details.engine #=> String
+ # resp.findings[0].resource.rds_db_instance_details.engine_version #=> String
+ # resp.findings[0].resource.rds_db_instance_details.db_cluster_identifier #=> String
+ # resp.findings[0].resource.rds_db_instance_details.db_instance_arn #=> String
+ # resp.findings[0].resource.rds_db_instance_details.tags #=> Array
+ # resp.findings[0].resource.rds_db_instance_details.tags[0].key #=> String
+ # resp.findings[0].resource.rds_db_instance_details.tags[0].value #=> String
+ # resp.findings[0].resource.rds_db_user_details.user #=> String
+ # resp.findings[0].resource.rds_db_user_details.application #=> String
+ # resp.findings[0].resource.rds_db_user_details.database #=> String
+ # resp.findings[0].resource.rds_db_user_details.ssl #=> String
+ # resp.findings[0].resource.rds_db_user_details.auth_method #=> String
# resp.findings[0].schema_version #=> String
# resp.findings[0].service.action.action_type #=> String
# resp.findings[0].service.action.aws_api_call_action.api #=> String
# resp.findings[0].service.action.aws_api_call_action.caller_type #=> String
# resp.findings[0].service.action.aws_api_call_action.domain_details.domain #=> String
@@ -1993,10 +2049,25 @@
# resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.asn_org #=> String
# resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.isp #=> String
# resp.findings[0].service.action.kubernetes_api_call_action.remote_ip_details.organization.org #=> String
# resp.findings[0].service.action.kubernetes_api_call_action.status_code #=> Integer
# resp.findings[0].service.action.kubernetes_api_call_action.parameters #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.city.city_name #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.country.country_code #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.country.country_name #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.geo_location.lat #=> Float
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.geo_location.lon #=> Float
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.ip_address_v4 #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.organization.asn #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.organization.asn_org #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.organization.isp #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.remote_ip_details.organization.org #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.login_attributes #=> Array
+ # resp.findings[0].service.action.rds_login_attempt_action.login_attributes[0].user #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.login_attributes[0].application #=> String
+ # resp.findings[0].service.action.rds_login_attempt_action.login_attributes[0].failed_login_attempts #=> Integer
+ # resp.findings[0].service.action.rds_login_attempt_action.login_attributes[0].successful_login_attempts #=> Integer
# resp.findings[0].service.evidence.threat_intelligence_details #=> Array
# resp.findings[0].service.evidence.threat_intelligence_details[0].threat_list_name #=> String
# resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names #=> Array
# resp.findings[0].service.evidence.threat_intelligence_details[0].threat_names[0] #=> String
# resp.findings[0].service.archived #=> Boolean
@@ -2286,10 +2357,14 @@
# resp.member_data_source_configurations[0].data_sources.s3_logs.status #=> String, one of "ENABLED", "DISABLED"
# resp.member_data_source_configurations[0].data_sources.kubernetes.audit_logs.status #=> String, one of "ENABLED", "DISABLED"
# resp.member_data_source_configurations[0].data_sources.malware_protection.scan_ec2_instance_with_findings.ebs_volumes.status #=> String, one of "ENABLED", "DISABLED"
# resp.member_data_source_configurations[0].data_sources.malware_protection.scan_ec2_instance_with_findings.ebs_volumes.reason #=> String
# resp.member_data_source_configurations[0].data_sources.malware_protection.service_role #=> String
+ # resp.member_data_source_configurations[0].features #=> Array
+ # resp.member_data_source_configurations[0].features[0].name #=> String, one of "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS"
+ # resp.member_data_source_configurations[0].features[0].status #=> String, one of "ENABLED", "DISABLED"
+ # resp.member_data_source_configurations[0].features[0].updated_at #=> Time
# resp.unprocessed_accounts #=> Array
# resp.unprocessed_accounts[0].account_id #=> String
# resp.unprocessed_accounts[0].result #=> String
#
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMemberDetectors AWS API Documentation
@@ -2377,10 +2452,13 @@
# resp.accounts[0].data_sources.dns_logs.free_trial_days_remaining #=> Integer
# resp.accounts[0].data_sources.flow_logs.free_trial_days_remaining #=> Integer
# resp.accounts[0].data_sources.s3_logs.free_trial_days_remaining #=> Integer
# resp.accounts[0].data_sources.kubernetes.audit_logs.free_trial_days_remaining #=> Integer
# resp.accounts[0].data_sources.malware_protection.scan_ec2_instance_with_findings.free_trial_days_remaining #=> Integer
+ # resp.accounts[0].features #=> Array
+ # resp.accounts[0].features[0].name #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS"
+ # resp.accounts[0].features[0].free_trial_days_remaining #=> Integer
# resp.unprocessed_accounts #=> Array
# resp.unprocessed_accounts[0].account_id #=> String
# resp.unprocessed_accounts[0].result #=> String
#
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetRemainingFreeTrialDays AWS API Documentation
@@ -2479,15 +2557,16 @@
#
# @example Request syntax with placeholder values
#
# resp = client.get_usage_statistics({
# detector_id: "DetectorId", # required
- # usage_statistic_type: "SUM_BY_ACCOUNT", # required, accepts SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES
+ # usage_statistic_type: "SUM_BY_ACCOUNT", # required, accepts SUM_BY_ACCOUNT, SUM_BY_DATA_SOURCE, SUM_BY_RESOURCE, TOP_RESOURCES, SUM_BY_FEATURES
# usage_criteria: { # required
# account_ids: ["AccountId"],
- # data_sources: ["FLOW_LOGS"], # required, accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS, EC2_MALWARE_SCAN
+ # data_sources: ["FLOW_LOGS"], # accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_LOGS, KUBERNETES_AUDIT_LOGS, EC2_MALWARE_SCAN
# resources: ["String"],
+ # features: ["FLOW_LOGS"], # accepts FLOW_LOGS, CLOUD_TRAIL, DNS_LOGS, S3_DATA_EVENTS, EKS_AUDIT_LOGS, EBS_MALWARE_PROTECTION, RDS_LOGIN_EVENTS, LAMBDA_NETWORK_LOGS, EKS_RUNTIME_MONITORING
# },
# unit: "String",
# max_results: 1,
# next_token: "String",
# })
@@ -2508,10 +2587,14 @@
# resp.usage_statistics.sum_by_resource[0].total.unit #=> String
# resp.usage_statistics.top_resources #=> Array
# resp.usage_statistics.top_resources[0].resource #=> String
# resp.usage_statistics.top_resources[0].total.amount #=> String
# resp.usage_statistics.top_resources[0].total.unit #=> String
+ # resp.usage_statistics.sum_by_feature #=> Array
+ # resp.usage_statistics.sum_by_feature[0].feature #=> String, one of "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "LAMBDA_NETWORK_LOGS", "EKS_RUNTIME_MONITORING"
+ # resp.usage_statistics.sum_by_feature[0].total.amount #=> String
+ # resp.usage_statistics.sum_by_feature[0].total.unit #=> String
# resp.next_token #=> String
#
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetUsageStatistics AWS API Documentation
#
# @overload get_usage_statistics(params = {})
@@ -3366,10 +3449,13 @@
#
#
#
# [1]: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html
#
+ # @option params [Array<Types::DetectorFeatureConfiguration>] :features
+ # Provides the features that will be updated for the detector.
+ #
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
# @example Request syntax with placeholder values
#
# resp = client.update_detector({
@@ -3389,10 +3475,16 @@
# scan_ec2_instance_with_findings: {
# ebs_volumes: false,
# },
# },
# },
+ # features: [
+ # {
+ # name: "S3_DATA_EVENTS", # accepts S3_DATA_EVENTS, EKS_AUDIT_LOGS, EBS_MALWARE_PROTECTION, RDS_LOGIN_EVENTS
+ # status: "ENABLED", # accepts ENABLED, DISABLED
+ # },
+ # ],
# })
#
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateDetector AWS API Documentation
#
# @overload update_detector(params = {})
@@ -3631,10 +3723,14 @@
# A list of member account IDs to be updated.
#
# @option params [Types::DataSourceConfigurations] :data_sources
# Describes which data sources will be updated.
#
+ # @option params [Array<Types::MemberFeaturesConfiguration>] :features
+ # A list of features that will be updated for the specified member
+ # accounts.
+ #
# @return [Types::UpdateMemberDetectorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
#
# * {Types::UpdateMemberDetectorsResponse#unprocessed_accounts #unprocessed_accounts} => Array<Types::UnprocessedAccount>
#
# @example Request syntax with placeholder values
@@ -3655,10 +3751,16 @@
# scan_ec2_instance_with_findings: {
# ebs_volumes: false,
# },
# },
# },
+ # features: [
+ # {
+ # name: "S3_DATA_EVENTS", # accepts S3_DATA_EVENTS, EKS_AUDIT_LOGS, EBS_MALWARE_PROTECTION, RDS_LOGIN_EVENTS
+ # status: "ENABLED", # accepts ENABLED, DISABLED
+ # },
+ # ],
# })
#
# @example Response structure
#
# resp.unprocessed_accounts #=> Array
@@ -3693,10 +3795,13 @@
# organization.
#
# @option params [Types::OrganizationDataSourceConfigurations] :data_sources
# Describes which data sources will be updated.
#
+ # @option params [Array<Types::OrganizationFeatureConfiguration>] :features
+ # A list of features that will be configured for the organization.
+ #
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
#
# @example Request syntax with placeholder values
#
# resp = client.update_organization_configuration({
@@ -3717,10 +3822,16 @@
# auto_enable: false,
# },
# },
# },
# },
+ # features: [
+ # {
+ # name: "S3_DATA_EVENTS", # accepts S3_DATA_EVENTS, EKS_AUDIT_LOGS, EBS_MALWARE_PROTECTION, RDS_LOGIN_EVENTS
+ # auto_enable: "NEW", # accepts NEW, NONE
+ # },
+ # ],
# })
#
# @see http://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateOrganizationConfiguration AWS API Documentation
#
# @overload update_organization_configuration(params = {})
@@ -3819,10 +3930,10 @@
operation: config.api.operation(operation_name),
client: self,
params: params,
config: config)
context[:gem_name] = 'aws-sdk-guardduty'
- context[:gem_version] = '1.64.0'
+ context[:gem_version] = '1.65.0'
Seahorse::Client::Request.new(handlers, context)
end
# @api private
# @deprecated