Amazon GuardDuty

{'ExpectedBucketOwner': 'string'}

Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.

See also: AWS API Documentation

Request Syntax

client.create_ip_set(
    DetectorId='string',
    Name='string',
    Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    Location='string',
    Activate=True|False,
    ClientToken='string',
    Tags={
        'string': 'string'
    },
    ExpectedBucketOwner='string'
)

type DetectorId:

string

param DetectorId:

[REQUIRED]

The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

type Name:

string

param Name:

[REQUIRED]

The user-friendly name to identify the IPSet.

Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_).

type Format:

string

param Format:

[REQUIRED]

The format of the file that contains the IPSet.

type Location:

string

param Location:

[REQUIRED]

The URI of the file that contains the IPSet.

type Activate:

boolean

param Activate:

[REQUIRED]

A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

type ClientToken:

string

param ClientToken:

The idempotency token for the create request.

This field is autopopulated if not provided.

type Tags:

dict

param Tags:

The tags to be added to a new IP set resource.

• (string) --

  • (string) --

type ExpectedBucketOwner:

string

param ExpectedBucketOwner:

The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

rtype:

dict

returns:

Response Syntax

{
    'IpSetId': 'string'
}

Response Structure

• (dict) --

  • IpSetId (string) --

    The ID of the IPSet resource.

{'ExpectedBucketOwner': 'string'}

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

See also: AWS API Documentation

Request Syntax

client.create_threat_intel_set(
    DetectorId='string',
    Name='string',
    Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    Location='string',
    Activate=True|False,
    ClientToken='string',
    Tags={
        'string': 'string'
    },
    ExpectedBucketOwner='string'
)

type DetectorId:

string

param DetectorId:

[REQUIRED]

The unique ID of the detector of the GuardDuty account for which you want to create a ThreatIntelSet.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

type Name:

string

param Name:

[REQUIRED]

A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

type Format:

string

param Format:

[REQUIRED]

The format of the file that contains the ThreatIntelSet.

type Location:

string

param Location:

[REQUIRED]

The URI of the file that contains the ThreatIntelSet.

type Activate:

boolean

param Activate:

[REQUIRED]

A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

type ClientToken:

string

param ClientToken:

The idempotency token for the create request.

This field is autopopulated if not provided.

type Tags:

dict

param Tags:

The tags to be added to a new threat list resource.

• (string) --

  • (string) --

type ExpectedBucketOwner:

string

param ExpectedBucketOwner:

The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

rtype:

dict

returns:

Response Syntax

{
    'ThreatIntelSetId': 'string'
}

Response Structure

• (dict) --

  • ThreatIntelSetId (string) --

    The ID of the ThreatIntelSet resource.

{'ExpectedBucketOwner': 'string'}

Retrieves the IPSet specified by the ipSetId.

See also: AWS API Documentation

Request Syntax

client.get_ip_set(
    DetectorId='string',
    IpSetId='string'
)

type DetectorId:

string

param DetectorId:

[REQUIRED]

The unique ID of the detector that is associated with the IPSet.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

type IpSetId:

string

param IpSetId:

[REQUIRED]

The unique ID of the IPSet to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'Name': 'string',
    'Format': 'TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    'Location': 'string',
    'Status': 'INACTIVE'|'ACTIVATING'|'ACTIVE'|'DEACTIVATING'|'ERROR'|'DELETE_PENDING'|'DELETED',
    'Tags': {
        'string': 'string'
    },
    'ExpectedBucketOwner': 'string'
}

Response Structure

• (dict) --

  • Name (string) --

    The user-friendly name for the IPSet.

  • Format (string) --

    The format of the file that contains the IPSet.

  • Location (string) --

    The URI of the file that contains the IPSet.

  • Status (string) --

    The status of IPSet file that was uploaded.

  • Tags (dict) --

    The tags of the IPSet resource.

    • (string) --

      • (string) --

  • ExpectedBucketOwner (string) --

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter. This field appears in the response only if it was provided during IPSet creation or update.

{'ExpectedBucketOwner': 'string'}

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

See also: AWS API Documentation

Request Syntax

client.get_threat_intel_set(
    DetectorId='string',
    ThreatIntelSetId='string'
)

type DetectorId:

string

param DetectorId:

[REQUIRED]

The unique ID of the detector that is associated with the threatIntelSet.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

type ThreatIntelSetId:

string

param ThreatIntelSetId:

[REQUIRED]

The unique ID of the threatIntelSet that you want to get.

rtype:

dict

returns:

Response Syntax

{
    'Name': 'string',
    'Format': 'TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    'Location': 'string',
    'Status': 'INACTIVE'|'ACTIVATING'|'ACTIVE'|'DEACTIVATING'|'ERROR'|'DELETE_PENDING'|'DELETED',
    'Tags': {
        'string': 'string'
    },
    'ExpectedBucketOwner': 'string'
}

Response Structure

• (dict) --

  • Name (string) --

    A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

  • Format (string) --

    The format of the threatIntelSet.

  • Location (string) --

    The URI of the file that contains the ThreatIntelSet.

  • Status (string) --

    The status of threatIntelSet file uploaded.

  • Tags (dict) --

    The tags of the threat list resource.

    • (string) --

      • (string) --

  • ExpectedBucketOwner (string) --

    The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter. This field appears in the response only if it was provided during ThreatIntelSet creation or update.

{'ExpectedBucketOwner': 'string'}

Updates the IPSet specified by the IPSet ID.

See also: AWS API Documentation

Request Syntax

client.update_ip_set(
    DetectorId='string',
    IpSetId='string',
    Name='string',
    Location='string',
    Activate=True|False,
    ExpectedBucketOwner='string'
)

type DetectorId:

string

param DetectorId:

[REQUIRED]

The detectorID that specifies the GuardDuty service whose IPSet you want to update.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

type IpSetId:

string

param IpSetId:

[REQUIRED]

The unique ID that specifies the IPSet that you want to update.

type Name:

string

param Name:

The unique ID that specifies the IPSet that you want to update.

type Location:

string

param Location:

The updated URI of the file that contains the IPSet.

type Activate:

boolean

param Activate:

The updated Boolean value that specifies whether the IPSet is active or not.

type ExpectedBucketOwner:

string

param ExpectedBucketOwner:

The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

• (dict) --

{'ExpectedBucketOwner': 'string'}

Updates the ThreatIntelSet specified by the ThreatIntelSet ID.

See also: AWS API Documentation

Request Syntax

client.update_threat_intel_set(
    DetectorId='string',
    ThreatIntelSetId='string',
    Name='string',
    Location='string',
    Activate=True|False,
    ExpectedBucketOwner='string'
)

type DetectorId:

string

param DetectorId:

[REQUIRED]

The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

type ThreatIntelSetId:

string

param ThreatIntelSetId:

[REQUIRED]

The unique ID that specifies the ThreatIntelSet that you want to update.

type Name:

string

param Name:

The unique ID that specifies the ThreatIntelSet that you want to update.

type Location:

string

param Location:

The updated URI of the file that contains the ThreateIntelSet.

type Activate:

boolean

param Activate:

The updated Boolean value that specifies whether the ThreateIntelSet is active or not.

type ExpectedBucketOwner:

string

param ExpectedBucketOwner:

The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

• (dict) --