"documentation":"<p>Archives Amazon GuardDuty findings specified by the list of finding IDs.</p>"
},
"CreateDetector":{
"name":"CreateDetector",
"http":{
"method":"POST",
"requestUri":"/detector",
"responseCode":200
},
"input":{"shape":"CreateDetectorRequest"},
"output":{"shape":"CreateDetectorResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Creates a single Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector must be created in order for GuardDuty to become operational.</p>"
},
"CreateFilter":{
"name":"CreateFilter",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/filter",
"responseCode":200
},
"input":{"shape":"CreateFilterRequest"},
"output":{"shape":"CreateFilterResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Creates a filter using the specified finding criteria.</p>"
},
"CreateIPSet":{
"name":"CreateIPSet",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/ipset",
"responseCode":200
},
"input":{"shape":"CreateIPSetRequest"},
"output":{"shape":"CreateIPSetResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.</p>"
},
"CreateMembers":{
"name":"CreateMembers",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/member",
"responseCode":200
},
"input":{"shape":"CreateMembersRequest"},
"output":{"shape":"CreateMembersResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.</p>"
"documentation":"<p>Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.</p>"
"documentation":"<p>Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.</p>"
},
"DeclineInvitations":{
"name":"DeclineInvitations",
"http":{
"method":"POST",
"requestUri":"/invitation/decline",
"responseCode":200
},
"input":{"shape":"DeclineInvitationsRequest"},
"output":{"shape":"DeclineInvitationsResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Declines invitations sent to the current member account by AWS account specified by their account IDs.</p>"
},
"DeleteDetector":{
"name":"DeleteDetector",
"http":{
"method":"DELETE",
"requestUri":"/detector/{detectorId}",
"responseCode":200
},
"input":{"shape":"DeleteDetectorRequest"},
"output":{"shape":"DeleteDetectorResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Deletes a Amazon GuardDuty detector specified by the detector ID.</p>"
"documentation":"<p>Retrieves the IPSet specified by the IPSet ID.</p>"
},
"GetInvitationsCount":{
"name":"GetInvitationsCount",
"http":{
"method":"GET",
"requestUri":"/invitation/count",
"responseCode":200
},
"input":{"shape":"GetInvitationsCountRequest"},
"output":{"shape":"GetInvitationsCountResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.</p>"
},
"GetMasterAccount":{
"name":"GetMasterAccount",
"http":{
"method":"GET",
"requestUri":"/detector/{detectorId}/master",
"responseCode":200
},
"input":{"shape":"GetMasterAccountRequest"},
"output":{"shape":"GetMasterAccountResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Provides the details for the GuardDuty master account to the current GuardDuty member account.</p>"
},
"GetMembers":{
"name":"GetMembers",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/member/get",
"responseCode":200
},
"input":{"shape":"GetMembersRequest"},
"output":{"shape":"GetMembersResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.</p>"
"documentation":"<p>Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.</p>"
},
"ListDetectors":{
"name":"ListDetectors",
"http":{
"method":"GET",
"requestUri":"/detector",
"responseCode":200
},
"input":{"shape":"ListDetectorsRequest"},
"output":{"shape":"ListDetectorsResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Lists detectorIds of all the existing Amazon GuardDuty detector resources.</p>"
},
"ListFilters":{
"name":"ListFilters",
"http":{
"method":"GET",
"requestUri":"/detector/{detectorId}/filter",
"responseCode":200
},
"input":{"shape":"ListFiltersRequest"},
"output":{"shape":"ListFiltersResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Returns a paginated list of the current filters.</p>"
},
"ListFindings":{
"name":"ListFindings",
"http":{
"method":"POST",
"requestUri":"/detector/{detectorId}/findings",
"responseCode":200
},
"input":{"shape":"ListFindingsRequest"},
"output":{"shape":"ListFindingsResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Lists Amazon GuardDuty findings for the specified detector ID.</p>"
},
"ListIPSets":{
"name":"ListIPSets",
"http":{
"method":"GET",
"requestUri":"/detector/{detectorId}/ipset",
"responseCode":200
},
"input":{"shape":"ListIPSetsRequest"},
"output":{"shape":"ListIPSetsResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Lists the IPSets of the GuardDuty service specified by the detector ID.</p>"
},
"ListInvitations":{
"name":"ListInvitations",
"http":{
"method":"GET",
"requestUri":"/invitation",
"responseCode":200
},
"input":{"shape":"ListInvitationsRequest"},
"output":{"shape":"ListInvitationsResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Lists all GuardDuty membership invitations that were sent to the current AWS account.</p>"
},
"ListMembers":{
"name":"ListMembers",
"http":{
"method":"GET",
"requestUri":"/detector/{detectorId}/member",
"responseCode":200
},
"input":{"shape":"ListMembersRequest"},
"output":{"shape":"ListMembersResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Lists details about all member accounts for the current GuardDuty master account.</p>"
},
"ListTagsForResource":{
"name":"ListTagsForResource",
"http":{
"method":"GET",
"requestUri":"/tags/{resourceArn}",
"responseCode":200
},
"input":{"shape":"ListTagsForResourceRequest"},
"output":{"shape":"ListTagsForResourceResponse"},
"errors":[
{"shape":"BadRequestException"},
{"shape":"InternalServerErrorException"}
],
"documentation":"<p>Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and Threat Intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource..</p>"
"documentation":"<p>Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers.</p>"
"documentation":"<p>Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’ findings.</p>"
"documentation":"<p>The unique ID of the detector of the GuardDuty account for which you want to create a filter.</p>",
"location":"uri",
"locationName":"detectorId"
},
"Name":{
"shape":"FilterName",
"documentation":"<p>The name of the filter.</p>",
"locationName":"name"
},
"Description":{
"shape":"FilterDescription",
"documentation":"<p>The description of the filter.</p>",
"locationName":"description"
},
"Action":{
"shape":"FilterAction",
"documentation":"<p>Specifies the action that is to be applied to the findings that match the filter.</p>",
"locationName":"action"
},
"Rank":{
"shape":"FilterRank",
"documentation":"<p>Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.</p>",
"locationName":"rank"
},
"FindingCriteria":{
"shape":"FindingCriteria",
"documentation":"<p>Represents the criteria to be used in the filter for querying findings.</p>",
"locationName":"findingCriteria"
},
"ClientToken":{
"shape":"ClientToken",
"documentation":"<p>The idempotency token for the create request.</p>",
"idempotencyToken":true,
"locationName":"clientToken"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags to be added to a new filter resource.</p>",
"documentation":"<p>The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.</p>",
"location":"uri",
"locationName":"detectorId"
},
"Name":{
"shape":"Name",
"documentation":"<p>The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.</p>",
"locationName":"name"
},
"Format":{
"shape":"IpSetFormat",
"documentation":"<p>The format of the file that contains the IPSet.</p>",
"locationName":"format"
},
"Location":{
"shape":"Location",
"documentation":"<p>The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)</p>",
"locationName":"location"
},
"Activate":{
"shape":"Boolean",
"documentation":"<p>A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.</p>",
"locationName":"activate"
},
"ClientToken":{
"shape":"ClientToken",
"documentation":"<p>The idempotency token for the create request.</p>",
"idempotencyToken":true,
"locationName":"clientToken"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags to be added to a new IP set resource.</p>",
"documentation":"<p>The unique ID of the detector of the GuardDuty account for which you want to create a threatIntelSet.</p>",
"location":"uri",
"locationName":"detectorId"
},
"Name":{
"shape":"Name",
"documentation":"<p>A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.</p>",
"locationName":"name"
},
"Format":{
"shape":"ThreatIntelSetFormat",
"documentation":"<p>The format of the file that contains the ThreatIntelSet.</p>",
"locationName":"format"
},
"Location":{
"shape":"Location",
"documentation":"<p>The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).</p>",
"locationName":"location"
},
"Activate":{
"shape":"Boolean",
"documentation":"<p>A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.</p>",
"locationName":"activate"
},
"ClientToken":{
"shape":"ClientToken",
"documentation":"<p>The idempotency token for the create request.</p>",
"idempotencyToken":true,
"locationName":"clientToken"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags to be added to a new Threat List resource.</p>",
"documentation":"<p>A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.</p>",
"documentation":"<p>A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.</p>",
"documentation":"<p>The description of the filter.</p>",
"locationName":"description"
},
"Action":{
"shape":"FilterAction",
"documentation":"<p>Specifies the action that is to be applied to the findings that match the filter.</p>",
"locationName":"action"
},
"Rank":{
"shape":"FilterRank",
"documentation":"<p>Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.</p>",
"locationName":"rank"
},
"FindingCriteria":{
"shape":"FindingCriteria",
"documentation":"<p>Represents the criteria to be used in the filter for querying findings.</p>",
"locationName":"findingCriteria"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags of the filter resource.</p>",
"documentation":"<p>The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.</p>",
"locationName":"name"
},
"Format":{
"shape":"IpSetFormat",
"documentation":"<p>The format of the file that contains the IPSet.</p>",
"locationName":"format"
},
"Location":{
"shape":"Location",
"documentation":"<p>The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)</p>",
"locationName":"location"
},
"Status":{
"shape":"IpSetStatus",
"documentation":"<p>The status of ipSet file uploaded.</p>",
"locationName":"status"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags of the IP set resource.</p>",
"documentation":"<p>A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.</p>",
"locationName":"name"
},
"Format":{
"shape":"ThreatIntelSetFormat",
"documentation":"<p>The format of the threatIntelSet.</p>",
"locationName":"format"
},
"Location":{
"shape":"Location",
"documentation":"<p>The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).</p>",
"locationName":"location"
},
"Status":{
"shape":"ThreatIntelSetStatus",
"documentation":"<p>The status of threatIntelSet file uploaded.</p>",
"locationName":"status"
},
"Tags":{
"shape":"TagMap",
"documentation":"<p>The tags of the Threat List resource.</p>",
"documentation":"<p>The unique ID of the detector of the GuardDuty account with which you want to invite members.</p>",
"location":"uri",
"locationName":"detectorId"
},
"AccountIds":{
"shape":"AccountIds",
"documentation":"<p>A list of account IDs of the accounts that you want to invite to GuardDuty as members.</p>",
"locationName":"accountIds"
},
"DisableEmailNotification":{
"shape":"Boolean",
"documentation":"<p>A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members.</p>",
"locationName":"disableEmailNotification"
},
"Message":{
"shape":"String",
"documentation":"<p>The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.</p>",
"documentation":"<p>You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.</p>",
"location":"querystring",
"locationName":"maxResults"
},
"NextToken":{
"shape":"String",
"documentation":"<p>You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.</p>",
"documentation":"<p>The unique ID of the detector the filter is associated with.</p>",
"location":"uri",
"locationName":"detectorId"
},
"MaxResults":{
"shape":"MaxResults",
"documentation":"<p>You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.</p>",
"location":"querystring",
"locationName":"maxResults"
},
"NextToken":{
"shape":"String",
"documentation":"<p>You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.</p>",
"documentation":"<p>The ID of the detector that specifies the GuardDuty service whose findings you want to list.</p>",
"location":"uri",
"locationName":"detectorId"
},
"FindingCriteria":{
"shape":"FindingCriteria",
"documentation":"<p>Represents the criteria used for querying findings.</p>",
"locationName":"findingCriteria"
},
"SortCriteria":{
"shape":"SortCriteria",
"documentation":"<p>Represents the criteria used for sorting findings.</p>",
"locationName":"sortCriteria"
},
"MaxResults":{
"shape":"MaxResults",
"documentation":"<p>You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.</p>",
"locationName":"maxResults"
},
"NextToken":{
"shape":"String",
"documentation":"<p>You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.</p>",
"documentation":"<p>The unique ID of the detector the ipSet is associated with.</p>",
"location":"uri",
"locationName":"detectorId"
},
"MaxResults":{
"shape":"MaxResults",
"documentation":"<p>You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.</p>",
"location":"querystring",
"locationName":"maxResults"
},
"NextToken":{
"shape":"String",
"documentation":"<p>You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.</p>",
"documentation":"<p>You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.</p>",
"location":"querystring",
"locationName":"maxResults"
},
"NextToken":{
"shape":"String",
"documentation":"<p>You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.</p>",
"documentation":"<p>The unique ID of the detector the member is associated with.</p>",
"location":"uri",
"locationName":"detectorId"
},
"MaxResults":{
"shape":"MaxResults",
"documentation":"<p>You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.</p>",
"location":"querystring",
"locationName":"maxResults"
},
"NextToken":{
"shape":"String",
"documentation":"<p>You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.</p>",
"location":"querystring",
"locationName":"nextToken"
},
"OnlyAssociated":{
"shape":"String",
"documentation":"<p>Specifies whether to only return associated members or to return all members (including members which haven't been invited yet or have been disassociated).</p>",
"documentation":"<p>The unique ID of the detector the threatIntelSet is associated with.</p>",
"location":"uri",
"locationName":"detectorId"
},
"MaxResults":{
"shape":"MaxResults",
"documentation":"<p>You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.</p>",
"location":"querystring",
"locationName":"maxResults"
},
"NextToken":{
"shape":"String",
"documentation":"<p>You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.</p>",
"documentation":"<p>The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.</p>",
"documentation":"<p>The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.</p>",
"location":"uri",
"locationName":"detectorId"
},
"FilterName":{
"shape":"String",
"documentation":"<p>The name of the filter.</p>",
"location":"uri",
"locationName":"filterName"
},
"Description":{
"shape":"FilterDescription",
"documentation":"<p>The description of the filter.</p>",
"locationName":"description"
},
"Action":{
"shape":"FilterAction",
"documentation":"<p>Specifies the action that is to be applied to the findings that match the filter.</p>",
"locationName":"action"
},
"Rank":{
"shape":"FilterRank",
"documentation":"<p>Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.</p>",
"locationName":"rank"
},
"FindingCriteria":{
"shape":"FindingCriteria",
"documentation":"<p>Represents the criteria to be used in the filter for querying findings.</p>",
"documentation":"<p>The detectorID that specifies the GuardDuty service whose IPSet you want to update.</p>",
"location":"uri",
"locationName":"detectorId"
},
"IpSetId":{
"shape":"String",
"documentation":"<p>The unique ID that specifies the IPSet that you want to update.</p>",
"location":"uri",
"locationName":"ipSetId"
},
"Name":{
"shape":"Name",
"documentation":"<p>The unique ID that specifies the IPSet that you want to update.</p>",
"locationName":"name"
},
"Location":{
"shape":"Location",
"documentation":"<p>The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).</p>",
"locationName":"location"
},
"Activate":{
"shape":"Boolean",
"documentation":"<p>The updated boolean value that specifies whether the IPSet is active or not.</p>",
"documentation":"<p>The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.</p>",
"location":"uri",
"locationName":"detectorId"
},
"ThreatIntelSetId":{
"shape":"String",
"documentation":"<p>The unique ID that specifies the ThreatIntelSet that you want to update.</p>",
"location":"uri",
"locationName":"threatIntelSetId"
},
"Name":{
"shape":"Name",
"documentation":"<p>The unique ID that specifies the ThreatIntelSet that you want to update.</p>",
"locationName":"name"
},
"Location":{
"shape":"Location",
"documentation":"<p>The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)</p>",
"locationName":"location"
},
"Activate":{
"shape":"Boolean",
"documentation":"<p>The updated boolean value that specifies whether the ThreateIntelSet is active or not.</p>",
"documentation":"<p>Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. It also monitors AWS account access behavior for signs of compromise, such as unauthorized infrastructure deployments, like instances deployed in a region that has never been used, or unusual API calls, like a password policy change to reduce password strength. GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see <a href=\"https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html\"> Amazon GuardDuty User Guide</a>. </p>"