Amazon GuardDuty

{'ClientToken': 'string',
 'FindingPublishingFrequency': 'FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS'}

Creates a single Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector must be created in order for GuardDuty to become operational.

See also: AWS API Documentation

Request Syntax

client.create_detector(
    ClientToken='string',
    Enable=True|False,
    FindingPublishingFrequency='FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS'
)

type ClientToken

string

param ClientToken

The idempotency token for the create request.This field is autopopulated if not provided.

type Enable

boolean

param Enable

[REQUIRED] A boolean value that specifies whether the detector is to be enabled.

type FindingPublishingFrequency

string

param FindingPublishingFrequency

A enum value that specifies how frequently customer got Finding updates published.

rtype

dict

returns

Response Syntax

{
    'DetectorId': 'string'
}

Response Structure

• (dict) -- 200 response

  • DetectorId (string) -- The unique ID of the created detector.

{'ClientToken': 'string'}

Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.

See also: AWS API Documentation

Request Syntax

client.create_ip_set(
    Activate=True|False,
    ClientToken='string',
    DetectorId='string',
    Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    Location='string',
    Name='string'
)

type Activate

boolean

param Activate

[REQUIRED] A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

type ClientToken

string

param ClientToken

The idempotency token for the create request.This field is autopopulated if not provided.

type DetectorId

string

param DetectorId

[REQUIRED] The unique ID of the detector that you want to update.

type Format

string

param Format

[REQUIRED] The format of the file that contains the IPSet.

type Location

string

param Location

[REQUIRED] The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)

type Name

string

param Name

[REQUIRED] The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.

rtype

dict

returns

Response Syntax

{
    'IpSetId': 'string'
}

Response Structure

• (dict) -- 200 response

  • IpSetId (string) -- The unique identifier for an IP Set

{'ClientToken': 'string'}

Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.

See also: AWS API Documentation

Request Syntax

client.create_threat_intel_set(
    Activate=True|False,
    ClientToken='string',
    DetectorId='string',
    Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    Location='string',
    Name='string'
)

type Activate

boolean

param Activate

[REQUIRED] A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

type ClientToken

string

param ClientToken

The idempotency token for the create request.This field is autopopulated if not provided.

type DetectorId

string

param DetectorId

[REQUIRED] The unique ID of the detector that you want to update.

type Format

string

param Format

[REQUIRED] The format of the file that contains the ThreatIntelSet.

type Location

string

param Location

[REQUIRED] The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).

type Name

string

param Name

[REQUIRED] A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.

rtype

dict

returns

Response Syntax

{
    'ThreatIntelSetId': 'string'
}

Response Structure

• (dict) -- 200 response

  • ThreatIntelSetId (string) -- The unique identifier for an threat intel set

{'FindingPublishingFrequency': 'FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS'}

Retrieves an Amazon GuardDuty detector specified by the detectorId.

See also: AWS API Documentation

Request Syntax

client.get_detector(
    DetectorId='string'
)

type DetectorId

string

param DetectorId

[REQUIRED] The unique ID of the detector that you want to retrieve.

rtype

dict

returns

Response Syntax

{
    'CreatedAt': 'string',
    'FindingPublishingFrequency': 'FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
    'ServiceRole': 'string',
    'Status': 'ENABLED'|'DISABLED',
    'UpdatedAt': 'string'
}

Response Structure

• (dict) -- 200 response

  • CreatedAt (string) -- The first time a resource was created. The format will be ISO-8601.

  • FindingPublishingFrequency (string) -- A enum value that specifies how frequently customer got Finding updates published.

  • ServiceRole (string) -- Customer serviceRole name or ARN for accessing customer resources

  • Status (string) -- The status of detector.

  • UpdatedAt (string) -- The first time a resource was created. The format will be ISO-8601.

{'FindingPublishingFrequency': 'FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS'}

Updates an Amazon GuardDuty detector specified by the detectorId.

See also: AWS API Documentation

Request Syntax

client.update_detector(
    DetectorId='string',
    Enable=True|False,
    FindingPublishingFrequency='FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS'
)

type DetectorId

string

param DetectorId

[REQUIRED] The unique ID of the detector that you want to update.

type Enable

boolean

param Enable

Updated boolean value for the detector that specifies whether the detector is enabled.

type FindingPublishingFrequency

string

param FindingPublishingFrequency

A enum value that specifies how frequently customer got Finding updates published.

rtype

dict

returns

Response Syntax

{}

Response Structure

• (dict) -- 200 response