"documentation":"Archives Amazon GuardDuty findings specified by the list of finding IDs."
},
"CreateDetector":{
"name":"CreateDetector",
"http":{
"method":"POST",
"requestUri":"/detector",
"responseCode":200
},
"input":{
"shape":"CreateDetectorRequest"
},
"output":{
"shape":"CreateDetectorResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Creates a single Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector must be created in order for GuardDuty to become operational."
},
"CreateIPSet":{
"name":"CreateIPSet",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/ipset",
"responseCode":200
},
"input":{
"shape":"CreateIPSetRequest"
},
"output":{
"shape":"CreateIPSetResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications."
},
"CreateMembers":{
"name":"CreateMembers",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/member",
"responseCode":200
},
"input":{
"shape":"CreateMembersRequest"
},
"output":{
"shape":"CreateMembersResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts."
"documentation":"Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types."
"documentation":"Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets."
},
"DeclineInvitations":{
"name":"DeclineInvitations",
"http":{
"method":"POST",
"requestUri":"/invitation/decline",
"responseCode":200
},
"input":{
"shape":"DeclineInvitationsRequest"
},
"output":{
"shape":"DeclineInvitationsResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Declines invitations sent to the current member account by AWS account specified by their account IDs."
},
"DeleteDetector":{
"name":"DeleteDetector",
"http":{
"method":"DELETE",
"requestUri":"/detector/{detectorId}",
"responseCode":200
},
"input":{
"shape":"DeleteDetectorRequest"
},
"output":{
"shape":"DeleteDetectorResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Deletes a Amazon GuardDuty detector specified by the detector ID."
"documentation":"Retrieves the IPSet specified by the IPSet ID."
},
"GetInvitationsCount":{
"name":"GetInvitationsCount",
"http":{
"method":"GET",
"requestUri":"/invitation/count",
"responseCode":200
},
"input":{
"shape":"GetInvitationsCountRequest"
},
"output":{
"shape":"GetInvitationsCountResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation."
},
"GetMasterAccount":{
"name":"GetMasterAccount",
"http":{
"method":"GET",
"requestUri":"/detector/{detectorId}/master",
"responseCode":200
},
"input":{
"shape":"GetMasterAccountRequest"
},
"output":{
"shape":"GetMasterAccountResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Provides the details for the GuardDuty master account to the current GuardDuty member account."
},
"GetMembers":{
"name":"GetMembers",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/member/get",
"responseCode":200
},
"input":{
"shape":"GetMembersRequest"
},
"output":{
"shape":"GetMembersResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs."
"documentation":"Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account."
},
"ListDetectors":{
"name":"ListDetectors",
"http":{
"method":"GET",
"requestUri":"/detector",
"responseCode":200
},
"input":{
"shape":"ListDetectorsRequest"
},
"output":{
"shape":"ListDetectorsResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Lists detectorIds of all the existing Amazon GuardDuty detector resources."
},
"ListFindings":{
"name":"ListFindings",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/findings",
"responseCode":200
},
"input":{
"shape":"ListFindingsRequest"
},
"output":{
"shape":"ListFindingsResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Lists Amazon GuardDuty findings for the specified detector ID."
},
"ListIPSets":{
"name":"ListIPSets",
"http":{
"method":"GET",
"requestUri":"/detector/{detectorId}/ipset",
"responseCode":200
},
"input":{
"shape":"ListIPSetsRequest"
},
"output":{
"shape":"ListIPSetsResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Lists the IPSets of the GuardDuty service specified by the detector ID."
},
"ListInvitations":{
"name":"ListInvitations",
"http":{
"method":"GET",
"requestUri":"/invitation",
"responseCode":200
},
"input":{
"shape":"ListInvitationsRequest"
},
"output":{
"shape":"ListInvitationsResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Lists all GuardDuty membership invitations that were sent to the current AWS account."
},
"ListMembers":{
"name":"ListMembers",
"http":{
"method":"GET",
"requestUri":"/detector/{detectorId}/member",
"responseCode":200
},
"input":{
"shape":"ListMembersRequest"
},
"output":{
"shape":"ListMembersResponse",
"documentation":"200 response"
},
"errors":[{
"shape":"BadRequestException",
"documentation":"400 response"
},{
"shape":"InternalServerErrorException",
"documentation":"500 response"
}],
"documentation":"Lists details about all member accounts for the current GuardDuty master account."
"documentation":"Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers."
"documentation":"Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members' findings."
"documentation":"The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding."
"documentation":"Information about the activity described in a finding."
},
"Activate":{
"type":"boolean",
"documentation":"Whether we should start processing the list immediately or not."
},
"ArchiveFindingsRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The ID of the detector that specifies the GuardDuty service whose findings you want to archive."
},
"FindingIds":{
"shape":"FindingIds",
"locationName":"findingIds",
"documentation":"IDs of the findings that you want to archive."
}
},
"documentation":"ArchiveFindings request body.",
"required":["DetectorId"]
},
"ArchiveFindingsResponse":{
"type":"structure",
"members":{}
},
"AwsApiCallAction":{
"type":"structure",
"members":{
"Api":{
"shape":"__string",
"locationName":"api",
"documentation":"AWS API name."
},
"CallerType":{
"shape":"__string",
"locationName":"callerType",
"documentation":"AWS API caller type."
},
"DomainDetails":{
"shape":"DomainDetails",
"locationName":"domainDetails",
"documentation":"Domain information for the AWS API call."
},
"RemoteIpDetails":{
"shape":"RemoteIpDetails",
"locationName":"remoteIpDetails",
"documentation":"Remote IP information of the connection."
},
"ServiceName":{
"shape":"__string",
"locationName":"serviceName",
"documentation":"AWS service name whose API was invoked."
}
},
"documentation":"Information about the AWS_API_CALL action described in this finding."
},
"BadRequestException":{
"type":"structure",
"members":{
"Message":{
"shape":"__string",
"locationName":"message",
"documentation":"The error message."
},
"Type":{
"shape":"__string",
"locationName":"__type",
"documentation":"The error type."
}
},
"documentation":"Error response object.",
"exception":true,
"error":{
"httpStatusCode":400
}
},
"City":{
"type":"structure",
"members":{
"CityName":{
"shape":"__string",
"locationName":"cityName",
"documentation":"City name of the remote IP address."
}
},
"documentation":"City information of the remote IP address."
},
"Comments":{
"type":"string",
"documentation":"Additional feedback about the GuardDuty findings."
},
"Condition":{
"type":"structure",
"members":{
"Eq":{
"shape":"Eq",
"locationName":"eq",
"documentation":"Represents the equal condition to be applied to a single field when querying for findings."
},
"Gt":{
"shape":"__integer",
"locationName":"gt",
"documentation":"Represents the greater than condition to be applied to a single field when querying for findings."
},
"Gte":{
"shape":"__integer",
"locationName":"gte",
"documentation":"Represents the greater than equal condition to be applied to a single field when querying for findings."
},
"Lt":{
"shape":"__integer",
"locationName":"lt",
"documentation":"Represents the less than condition to be applied to a single field when querying for findings."
},
"Lte":{
"shape":"__integer",
"locationName":"lte",
"documentation":"Represents the less than equal condition to be applied to a single field when querying for findings."
},
"Neq":{
"shape":"Neq",
"locationName":"neq",
"documentation":"Represents the not equal condition to be applied to a single field when querying for findings."
}
},
"documentation":"Finding attribute (for example, accountId) for which conditions and values must be specified when querying findings."
},
"CountBySeverityFindingStatistic":{
"type":"integer",
"documentation":"The count of findings for the given severity."
},
"Country":{
"type":"structure",
"members":{
"CountryCode":{
"shape":"__string",
"locationName":"countryCode",
"documentation":"Country code of the remote IP address."
},
"CountryName":{
"shape":"__string",
"locationName":"countryName",
"documentation":"Country name of the remote IP address."
}
},
"documentation":"Country information of the remote IP address."
},
"CreateDetectorRequest":{
"type":"structure",
"members":{
"Enable":{
"shape":"Enable",
"locationName":"enable",
"documentation":"A boolean value that specifies whether the detector is to be enabled."
}
},
"documentation":"CreateDetector request body."
},
"CreateDetectorResponse":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"DetectorId",
"locationName":"detectorId",
"documentation":"The unique ID of the created detector."
}
}
},
"CreateIPSetRequest":{
"type":"structure",
"members":{
"Activate":{
"shape":"Activate",
"locationName":"activate",
"documentation":"A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector that you want to update."
},
"Format":{
"shape":"IpSetFormat",
"locationName":"format",
"documentation":"The format of the file that contains the IPSet."
},
"Location":{
"shape":"Location",
"locationName":"location",
"documentation":"The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)"
},
"Name":{
"shape":"Name",
"locationName":"name",
"documentation":"The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet."
}
},
"documentation":"CreateIPSet request body.",
"required":["DetectorId"]
},
"CreateIPSetResponse":{
"type":"structure",
"members":{
"IpSetId":{
"shape":"IpSetId",
"locationName":"ipSetId"
}
}
},
"CreateMembersRequest":{
"type":"structure",
"members":{
"AccountDetails":{
"shape":"AccountDetails",
"locationName":"accountDetails",
"documentation":"A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector of the GuardDuty account with which you want to associate member accounts."
}
},
"documentation":"CreateMembers request body.",
"required":["DetectorId"]
},
"CreateMembersResponse":{
"type":"structure",
"members":{
"UnprocessedAccounts":{
"shape":"UnprocessedAccounts",
"locationName":"unprocessedAccounts",
"documentation":"A list of objects containing the unprocessed account and a result string explaining why it was unprocessed."
}
}
},
"CreateSampleFindingsRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The ID of the detector to create sample findings for."
},
"FindingTypes":{
"shape":"FindingTypes",
"locationName":"findingTypes",
"documentation":"Types of sample findings that you want to generate."
"documentation":"A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector that you want to update."
},
"Format":{
"shape":"ThreatIntelSetFormat",
"locationName":"format",
"documentation":"The format of the file that contains the ThreatIntelSet."
},
"Location":{
"shape":"Location",
"locationName":"location",
"documentation":"The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)."
},
"Name":{
"shape":"Name",
"locationName":"name",
"documentation":"A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet."
"documentation":"The first time a resource was created. The format will be ISO-8601."
},
"DeclineInvitationsRequest":{
"type":"structure",
"members":{
"AccountIds":{
"shape":"AccountIds",
"locationName":"accountIds",
"documentation":"A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from."
"documentation":"A list of objects containing the unprocessed account and a result string explaining why it was unprocessed."
}
}
},
"DeleteDetectorRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID that specifies the detector that you want to delete."
}
},
"required":["DetectorId"]
},
"DeleteDetectorResponse":{
"type":"structure",
"members":{}
},
"DeleteIPSetRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The detectorID that specifies the GuardDuty service whose IPSet you want to delete."
},
"IpSetId":{
"shape":"__string",
"location":"uri",
"locationName":"ipSetId",
"documentation":"The unique ID that specifies the IPSet that you want to delete."
}
},
"required":["DetectorId","IpSetId"]
},
"DeleteIPSetResponse":{
"type":"structure",
"members":{}
},
"DeleteInvitationsRequest":{
"type":"structure",
"members":{
"AccountIds":{
"shape":"AccountIds",
"locationName":"accountIds",
"documentation":"A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from."
}
},
"documentation":"DeleteInvitations request body."
},
"DeleteInvitationsResponse":{
"type":"structure",
"members":{
"UnprocessedAccounts":{
"shape":"UnprocessedAccounts",
"locationName":"unprocessedAccounts",
"documentation":"A list of objects containing the unprocessed account and a result string explaining why it was unprocessed."
}
}
},
"DeleteMembersRequest":{
"type":"structure",
"members":{
"AccountIds":{
"shape":"AccountIds",
"locationName":"accountIds",
"documentation":"A list of account IDs of the GuardDuty member accounts that you want to delete."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector of the GuardDuty account whose members you want to delete."
}
},
"documentation":"DeleteMembers request body.",
"required":["DetectorId"]
},
"DeleteMembersResponse":{
"type":"structure",
"members":{
"UnprocessedAccounts":{
"shape":"UnprocessedAccounts",
"locationName":"unprocessedAccounts",
"documentation":"A list of objects containing the unprocessed account and a result string explaining why it was unprocessed."
}
}
},
"DeleteThreatIntelSetRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to delete."
},
"ThreatIntelSetId":{
"shape":"__string",
"location":"uri",
"locationName":"threatIntelSetId",
"documentation":"The unique ID that specifies the ThreatIntelSet that you want to delete."
}
},
"required":["ThreatIntelSetId","DetectorId"]
},
"DeleteThreatIntelSetResponse":{
"type":"structure",
"members":{}
},
"DetectorId":{
"type":"string",
"documentation":"The unique identifier for a detector."
},
"DetectorIds":{
"type":"list",
"documentation":"A list of detector Ids.",
"member":{
"shape":"DetectorId"
}
},
"DetectorStatus":{
"type":"string",
"documentation":"The status of detector.",
"enum":["ENABLED","DISABLED"]
},
"DisassociateFromMasterAccountRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector of the GuardDuty member account."
}
},
"required":["DetectorId"]
},
"DisassociateFromMasterAccountResponse":{
"type":"structure",
"members":{}
},
"DisassociateMembersRequest":{
"type":"structure",
"members":{
"AccountIds":{
"shape":"AccountIds",
"locationName":"accountIds",
"documentation":"A list of account IDs of the GuardDuty member accounts that you want to disassociate from master."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector of the GuardDuty account whose members you want to disassociate from master."
"documentation":"The detectorID that specifies the GuardDuty service whose IPSet you want to retrieve."
},
"IpSetId":{
"shape":"__string",
"location":"uri",
"locationName":"ipSetId",
"documentation":"The unique ID that specifies the IPSet that you want to describe."
}
},
"required":["DetectorId","IpSetId"]
},
"GetIPSetResponse":{
"type":"structure",
"members":{
"Format":{
"shape":"IpSetFormat",
"locationName":"format",
"documentation":"The format of the file that contains the IPSet."
},
"Location":{
"shape":"Location",
"locationName":"location",
"documentation":"The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)"
},
"Name":{
"shape":"Name",
"locationName":"name",
"documentation":"The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet."
},
"Status":{
"shape":"IpSetStatus",
"locationName":"status",
"documentation":"The status of ipSet file uploaded."
}
}
},
"GetInvitationsCountRequest":{
"type":"structure",
"members":{}
},
"GetInvitationsCountResponse":{
"type":"structure",
"members":{
"InvitationsCount":{
"shape":"__integer",
"locationName":"invitationsCount",
"documentation":"The number of received invitations."
}
}
},
"GetMasterAccountRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector of the GuardDuty member account."
}
},
"required":["DetectorId"]
},
"GetMasterAccountResponse":{
"type":"structure",
"members":{
"Master":{
"shape":"Master",
"locationName":"master"
}
}
},
"GetMembersRequest":{
"type":"structure",
"members":{
"AccountIds":{
"shape":"AccountIds",
"locationName":"accountIds",
"documentation":"A list of account IDs of the GuardDuty member accounts that you want to describe."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector of the GuardDuty account whose members you want to retrieve."
}
},
"documentation":"GetMembers request body.",
"required":["DetectorId"]
},
"GetMembersResponse":{
"type":"structure",
"members":{
"Members":{
"shape":"Members",
"locationName":"members"
},
"UnprocessedAccounts":{
"shape":"UnprocessedAccounts",
"locationName":"unprocessedAccounts",
"documentation":"A list of objects containing the unprocessed account and a result string explaining why it was unprocessed."
}
}
},
"GetThreatIntelSetRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to describe."
},
"ThreatIntelSetId":{
"shape":"__string",
"location":"uri",
"locationName":"threatIntelSetId",
"documentation":"The unique ID that specifies the ThreatIntelSet that you want to describe."
}
},
"required":["ThreatIntelSetId","DetectorId"]
},
"GetThreatIntelSetResponse":{
"type":"structure",
"members":{
"Format":{
"shape":"ThreatIntelSetFormat",
"locationName":"format",
"documentation":"The format of the threatIntelSet."
},
"Location":{
"shape":"Location",
"locationName":"location",
"documentation":"The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)."
},
"Name":{
"shape":"Name",
"locationName":"name",
"documentation":"A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet."
},
"Status":{
"shape":"ThreatIntelSetStatus",
"locationName":"status",
"documentation":"The status of threatIntelSet file uploaded."
}
}
},
"IamInstanceProfile":{
"type":"structure",
"members":{
"Arn":{
"shape":"__string",
"locationName":"arn",
"documentation":"AWS EC2 instance profile ARN."
},
"Id":{
"shape":"__string",
"locationName":"id",
"documentation":"AWS EC2 instance profile ID."
}
},
"documentation":"The profile information of the EC2 instance."
},
"InstanceDetails":{
"type":"structure",
"members":{
"AvailabilityZone":{
"shape":"__string",
"locationName":"availabilityZone",
"documentation":"The availability zone of the EC2 instance."
},
"IamInstanceProfile":{
"shape":"IamInstanceProfile",
"locationName":"iamInstanceProfile"
},
"ImageId":{
"shape":"__string",
"locationName":"imageId",
"documentation":"The image ID of the EC2 instance."
},
"InstanceId":{
"shape":"__string",
"locationName":"instanceId",
"documentation":"The ID of the EC2 instance."
},
"InstanceState":{
"shape":"__string",
"locationName":"instanceState",
"documentation":"The state of the EC2 instance."
},
"InstanceType":{
"shape":"__string",
"locationName":"instanceType",
"documentation":"The type of the EC2 instance."
},
"LaunchTime":{
"shape":"__string",
"locationName":"launchTime",
"documentation":"The launch time of the EC2 instance."
},
"NetworkInterfaces":{
"shape":"NetworkInterfaces",
"locationName":"networkInterfaces",
"documentation":"The network interface information of the EC2 instance."
},
"Platform":{
"shape":"__string",
"locationName":"platform",
"documentation":"The platform of the EC2 instance."
},
"ProductCodes":{
"shape":"ProductCodes",
"locationName":"productCodes",
"documentation":"The product code of the EC2 instance."
},
"Tags":{
"shape":"Tags",
"locationName":"tags",
"documentation":"The tags of the EC2 instance."
}
},
"documentation":"The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding."
},
"InternalServerErrorException":{
"type":"structure",
"members":{
"Message":{
"shape":"__string",
"locationName":"message",
"documentation":"The error message."
},
"Type":{
"shape":"__string",
"locationName":"__type",
"documentation":"The error type."
}
},
"documentation":"Error response object.",
"exception":true,
"error":{
"httpStatusCode":500
}
},
"Invitation":{
"type":"structure",
"members":{
"AccountId":{
"shape":"__string",
"locationName":"accountId",
"documentation":"Inviter account ID"
},
"InvitationId":{
"shape":"InvitationId",
"locationName":"invitationId",
"documentation":"This value is used to validate the inviter account to the member account."
},
"InvitedAt":{
"shape":"InvitedAt",
"locationName":"invitedAt",
"documentation":"Timestamp at which the invitation was sent"
},
"RelationshipStatus":{
"shape":"__string",
"locationName":"relationshipStatus",
"documentation":"The status of the relationship between the inviter and invitee accounts."
}
},
"documentation":"Invitation from an AWS account to become the current account's master."
},
"InvitationId":{
"type":"string",
"documentation":"This value is used to validate the master account to the member account."
},
"Invitations":{
"type":"list",
"documentation":"A list of invitation descriptions.",
"member":{
"shape":"Invitation"
}
},
"InviteMembersRequest":{
"type":"structure",
"members":{
"AccountIds":{
"shape":"AccountIds",
"locationName":"accountIds",
"documentation":"A list of account IDs of the accounts that you want to invite to GuardDuty as members."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector of the GuardDuty account with which you want to invite members."
},
"Message":{
"shape":"Message",
"locationName":"message",
"documentation":"The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members."
}
},
"documentation":"InviteMembers request body.",
"required":["DetectorId"]
},
"InviteMembersResponse":{
"type":"structure",
"members":{
"UnprocessedAccounts":{
"shape":"UnprocessedAccounts",
"locationName":"unprocessedAccounts",
"documentation":"A list of objects containing the unprocessed account and a result string explaining why it was unprocessed."
}
}
},
"InvitedAt":{
"type":"string",
"documentation":"Timestamp at which a member has been invited. The format will be ISO-8601."
"documentation":"IpV6 address of the EC2 instance."
},
"Ipv6Addresses":{
"type":"list",
"documentation":"A list of EC2 instance IPv6 address information.",
"member":{
"shape":"Ipv6Address"
}
},
"ListDetectorsRequest":{
"type":"structure",
"members":{
"MaxResults":{
"shape":"MaxResults",
"location":"querystring",
"locationName":"maxResults",
"documentation":"You can use this parameter to indicate the maximum number of detectors that you want in the response."
},
"NextToken":{
"shape":"__string",
"location":"querystring",
"locationName":"nextToken",
"documentation":"You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListDetectors action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data."
}
}
},
"ListDetectorsResponse":{
"type":"structure",
"members":{
"DetectorIds":{
"shape":"DetectorIds",
"locationName":"detectorIds"
},
"NextToken":{
"shape":"NextToken",
"locationName":"nextToken"
}
}
},
"ListFindingsRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The ID of the detector that specifies the GuardDuty service whose findings you want to list."
},
"FindingCriteria":{
"shape":"FindingCriteria",
"locationName":"findingCriteria",
"documentation":"Represents the criteria used for querying findings."
},
"MaxResults":{
"shape":"MaxResults",
"locationName":"maxResults",
"documentation":"You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50."
},
"NextToken":{
"shape":"NextToken",
"locationName":"nextToken",
"documentation":"You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListFindings action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data."
},
"SortCriteria":{
"shape":"SortCriteria",
"locationName":"sortCriteria",
"documentation":"Represents the criteria used for sorting findings."
}
},
"documentation":"ListFindings request body.",
"required":["DetectorId"]
},
"ListFindingsResponse":{
"type":"structure",
"members":{
"FindingIds":{
"shape":"FindingIds",
"locationName":"findingIds"
},
"NextToken":{
"shape":"NextToken",
"locationName":"nextToken"
}
}
},
"ListIPSetsRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector that you want to retrieve."
},
"MaxResults":{
"shape":"MaxResults",
"location":"querystring",
"locationName":"maxResults",
"documentation":"You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 7. The maximum value is 7."
},
"NextToken":{
"shape":"__string",
"location":"querystring",
"locationName":"nextToken",
"documentation":"You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListIPSet action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data."
}
},
"required":["DetectorId"]
},
"ListIPSetsResponse":{
"type":"structure",
"members":{
"IpSetIds":{
"shape":"IpSetIds",
"locationName":"ipSetIds"
},
"NextToken":{
"shape":"NextToken",
"locationName":"nextToken"
}
}
},
"ListInvitationsRequest":{
"type":"structure",
"members":{
"MaxResults":{
"shape":"MaxResults",
"location":"querystring",
"locationName":"maxResults",
"documentation":"You can use this parameter to indicate the maximum number of invitations you want in the response. The default value is 50. The maximum value is 50."
},
"NextToken":{
"shape":"__string",
"location":"querystring",
"locationName":"nextToken",
"documentation":"You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListInvitations action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data."
}
}
},
"ListInvitationsResponse":{
"type":"structure",
"members":{
"Invitations":{
"shape":"Invitations",
"locationName":"invitations"
},
"NextToken":{
"shape":"NextToken",
"locationName":"nextToken"
}
}
},
"ListMembersRequest":{
"type":"structure",
"members":{
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The unique ID of the detector of the GuardDuty account whose members you want to list."
},
"MaxResults":{
"shape":"MaxResults",
"location":"querystring",
"locationName":"maxResults",
"documentation":"You can use this parameter to indicate the maximum number of items you want in the response. The default value is 1. The maximum value is 50."
},
"NextToken":{
"shape":"__string",
"location":"querystring",
"locationName":"nextToken",
"documentation":"You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListMembers action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data."
},
"OnlyAssociated":{
"shape":"__string",
"location":"querystring",
"locationName":"onlyAssociated",
"documentation":"Specifies what member accounts the response is to include based on their relationship status with the master account. The default value is TRUE. If onlyAssociated is set to TRUE, the response will include member accounts whose relationship status with the master is set to Enabled, Disabled. If onlyAssociated is set to FALSE, the response will include all existing member accounts."
"documentation":"The detectorID that specifies the GuardDuty service whose ThreatIntelSets you want to list."
},
"MaxResults":{
"shape":"MaxResults",
"location":"querystring",
"locationName":"maxResults",
"documentation":"You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 7. The maximum value is 7."
},
"NextToken":{
"shape":"__string",
"location":"querystring",
"locationName":"nextToken",
"documentation":"Pagination token to start retrieving threat intel sets from."
}
},
"required":["DetectorId"]
},
"ListThreatIntelSetsResponse":{
"type":"structure",
"members":{
"NextToken":{
"shape":"NextToken",
"locationName":"nextToken"
},
"ThreatIntelSetIds":{
"shape":"ThreatIntelSetIds",
"locationName":"threatIntelSetIds"
}
}
},
"LocalPortDetails":{
"type":"structure",
"members":{
"Port":{
"shape":"__integer",
"locationName":"port",
"documentation":"Port number of the local connection."
},
"PortName":{
"shape":"__string",
"locationName":"portName",
"documentation":"Port name of the local connection."
}
},
"documentation":"Local port information of the connection."
},
"Location":{
"type":"string",
"documentation":"The location of the S3 bucket where the list resides. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)"
},
"MapOfCondition":{
"type":"map",
"key":{
"shape":"__string"
},
"value":{
"shape":"Condition"
}
},
"MapOfCountBySeverityFindingStatistic":{
"type":"map",
"key":{
"shape":"__string"
},
"value":{
"shape":"CountBySeverityFindingStatistic"
}
},
"Master":{
"type":"structure",
"members":{
"AccountId":{
"shape":"__string",
"locationName":"accountId",
"documentation":"Master account ID"
},
"InvitationId":{
"shape":"InvitationId",
"locationName":"invitationId",
"documentation":"This value is used to validate the master account to the member account."
},
"InvitedAt":{
"shape":"InvitedAt",
"locationName":"invitedAt",
"documentation":"Timestamp at which the invitation was sent"
},
"RelationshipStatus":{
"shape":"__string",
"locationName":"relationshipStatus",
"documentation":"The status of the relationship between the master and member accounts."
}
},
"documentation":"Contains details about the master account."
},
"MasterId":{
"type":"string",
"documentation":"The master account ID."
},
"MaxResults":{
"type":"integer",
"min":1,
"max":50
},
"Member":{
"type":"structure",
"members":{
"AccountId":{
"shape":"AccountId",
"locationName":"accountId"
},
"DetectorId":{
"shape":"DetectorId",
"locationName":"detectorId"
},
"Email":{
"shape":"Email",
"locationName":"email",
"documentation":"Member account's email address."
},
"InvitedAt":{
"shape":"InvitedAt",
"locationName":"invitedAt",
"documentation":"Timestamp at which the invitation was sent"
},
"MasterId":{
"shape":"MasterId",
"locationName":"masterId"
},
"RelationshipStatus":{
"shape":"__string",
"locationName":"relationshipStatus",
"documentation":"The status of the relationship between the member and the master."
},
"UpdatedAt":{
"shape":"UpdatedAt",
"locationName":"updatedAt"
}
},
"documentation":"Contains details about the member account."
},
"Members":{
"type":"list",
"documentation":"A list of member descriptions.",
"member":{
"shape":"Member"
}
},
"Message":{
"type":"string",
"documentation":"The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members."
},
"Name":{
"type":"string",
"documentation":"The user-friendly name to identify the list."
},
"Neq":{
"type":"list",
"documentation":"Represents the not equal condition to be applied to a single field when querying for findings.",
"documentation":"Local port information of the connection."
},
"Protocol":{
"shape":"__string",
"locationName":"protocol",
"documentation":"Network connection protocol."
},
"RemoteIpDetails":{
"shape":"RemoteIpDetails",
"locationName":"remoteIpDetails",
"documentation":"Remote IP information of the connection."
},
"RemotePortDetails":{
"shape":"RemotePortDetails",
"locationName":"remotePortDetails",
"documentation":"Remote port information of the connection."
}
},
"documentation":"Information about the NETWORK_CONNECTION action described in this finding."
},
"NetworkInterface":{
"type":"structure",
"members":{
"Ipv6Addresses":{
"shape":"Ipv6Addresses",
"locationName":"ipv6Addresses",
"documentation":"A list of EC2 instance IPv6 address information."
},
"PrivateDnsName":{
"shape":"PrivateDnsName",
"locationName":"privateDnsName",
"documentation":"Private DNS name of the EC2 instance."
},
"PrivateIpAddress":{
"shape":"PrivateIpAddress",
"locationName":"privateIpAddress",
"documentation":"Private IP address of the EC2 instance."
},
"PrivateIpAddresses":{
"shape":"PrivateIpAddresses",
"locationName":"privateIpAddresses",
"documentation":"Other private IP address information of the EC2 instance."
},
"PublicDnsName":{
"shape":"__string",
"locationName":"publicDnsName",
"documentation":"Public DNS name of the EC2 instance."
},
"PublicIp":{
"shape":"__string",
"locationName":"publicIp",
"documentation":"Public IP address of the EC2 instance."
},
"SecurityGroups":{
"shape":"SecurityGroups",
"locationName":"securityGroups",
"documentation":"Security groups associated with the EC2 instance."
},
"SubnetId":{
"shape":"__string",
"locationName":"subnetId",
"documentation":"The subnet ID of the EC2 instance."
},
"VpcId":{
"shape":"__string",
"locationName":"vpcId",
"documentation":"The VPC ID of the EC2 instance."
}
},
"documentation":"The network interface information of the EC2 instance."
},
"NetworkInterfaces":{
"type":"list",
"documentation":"The network interface information of the EC2 instance.",
"member":{
"shape":"NetworkInterface"
}
},
"NextToken":{
"type":"string",
"documentation":"You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data."
},
"OrderBy":{
"type":"string",
"enum":["ASC","DESC"]
},
"Organization":{
"type":"structure",
"members":{
"Asn":{
"shape":"__string",
"locationName":"asn",
"documentation":"Autonomous system number of the internet provider of the remote IP address."
},
"AsnOrg":{
"shape":"__string",
"locationName":"asnOrg",
"documentation":"Organization that registered this ASN."
},
"Isp":{
"shape":"__string",
"locationName":"isp",
"documentation":"ISP information for the internet provider."
},
"Org":{
"shape":"__string",
"locationName":"org",
"documentation":"Name of the internet provider."
}
},
"documentation":"ISP Organization information of the remote IP address."
"documentation":"The updated boolean value that specifies whether the IPSet is active or not."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The detectorID that specifies the GuardDuty service whose IPSet you want to update."
},
"IpSetId":{
"shape":"__string",
"location":"uri",
"locationName":"ipSetId",
"documentation":"The unique ID that specifies the IPSet that you want to update."
},
"Location":{
"shape":"Location",
"locationName":"location",
"documentation":"The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)."
},
"Name":{
"shape":"Name",
"locationName":"name",
"documentation":"The unique ID that specifies the IPSet that you want to update."
}
},
"documentation":"UpdateIPSet request body.",
"required":["DetectorId","IpSetId"]
},
"UpdateIPSetResponse":{
"type":"structure",
"members":{}
},
"UpdateThreatIntelSetRequest":{
"type":"structure",
"members":{
"Activate":{
"shape":"Activate",
"locationName":"activate",
"documentation":"The updated boolean value that specifies whether the ThreateIntelSet is active or not."
},
"DetectorId":{
"shape":"__string",
"location":"uri",
"locationName":"detectorId",
"documentation":"The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update."
},
"Location":{
"shape":"Location",
"locationName":"location",
"documentation":"The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)"
},
"Name":{
"shape":"Name",
"locationName":"name",
"documentation":"The unique ID that specifies the ThreatIntelSet that you want to update."
},
"ThreatIntelSetId":{
"shape":"__string",
"location":"uri",
"locationName":"threatIntelSetId",
"documentation":"The unique ID that specifies the ThreatIntelSet that you want to update."