2025/08/14 - Amazon GuardDuty - 10 new api methods
Changes Added support for entity lists.
Updates the threat entity set associated with the specified threatEntitySetId.
See also: AWS API Documentation
Request Syntax
client.update_threat_entity_set(
DetectorId='string',
ThreatEntitySetId='string',
Name='string',
Location='string',
ExpectedBucketOwner='string',
Activate=True|False
)
string
[REQUIRED]
The unique ID of the GuardDuty detector associated with the threat entity set that you want to update.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
string
[REQUIRED]
The ID returned by GuardDuty after updating the threat entity set resource.
string
A user-friendly name to identify the trusted entity set.
List naming constraints - The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).
string
The URI of the file that contains the trusted entity set.
string
The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.
boolean
A boolean value that indicates whether GuardDuty is to start using this updated threat entity set. After you update an entity set, you will need to activate it again. It might take up to 15 minutes for the updated entity set to be effective.
dict
Response Syntax
{}
Response Structure
(dict) --
Retrieves the threat entity set associated with the specified threatEntitySetId.
See also: AWS API Documentation
Request Syntax
client.get_threat_entity_set(
DetectorId='string',
ThreatEntitySetId='string'
)
string
[REQUIRED]
The unique ID of the detector associated with the threat entity set resource.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
string
[REQUIRED]
The unique ID that helps GuardDuty identify the threat entity set.
dict
Response Syntax
{
'Name': 'string',
'Format': 'TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
'Location': 'string',
'ExpectedBucketOwner': 'string',
'Status': 'INACTIVE'|'ACTIVATING'|'ACTIVE'|'DEACTIVATING'|'ERROR'|'DELETE_PENDING'|'DELETED',
'Tags': {
'string': 'string'
},
'CreatedAt': datetime(2015, 1, 1),
'UpdatedAt': datetime(2015, 1, 1),
'ErrorDetails': 'string'
}
Response Structure
(dict) --
Name (string) --
The name of the threat entity set associated with the specified threatEntitySetId.
Format (string) --
The format of the file that contains the threat entity set.
Location (string) --
The URI of the file that contains the threat entity set.
ExpectedBucketOwner (string) --
The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.
Status (string) --
The status of the associated threat entity set.
Tags (dict) --
The tags associated with the threat entity set resource.
(string) --
(string) --
CreatedAt (datetime) --
The timestamp when the associated threat entity set was created.
UpdatedAt (datetime) --
The timestamp when the associated threat entity set was updated.
ErrorDetails (string) --
The error details when the status is shown as ERROR.
Lists the trusted entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the trusted entity sets that are returned as a response, belong to the administrator account.
See also: AWS API Documentation
Request Syntax
client.list_trusted_entity_sets(
DetectorId='string',
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The unique ID of the GuardDuty detector that is associated with this threat entity set.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50.
string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
dict
Response Syntax
{
'TrustedEntitySetIds': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
TrustedEntitySetIds (list) --
The IDs of the trusted entity set resources.
(string) --
NextToken (string) --
The pagination parameter to be used on the next list operation to retrieve more items.
Deletes the threat entity set that is associated with the specified threatEntitySetId.
See also: AWS API Documentation
Request Syntax
client.delete_threat_entity_set(
DetectorId='string',
ThreatEntitySetId='string'
)
string
[REQUIRED]
The unique ID of the detector associated with the threat entity set resource.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
string
[REQUIRED]
The unique ID that helps GuardDuty identify which threat entity set needs to be deleted.
dict
Response Syntax
{}
Response Structure
(dict) --
Lists the threat entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the threat entity sets that are returned as a response, belong to the administrator account.
See also: AWS API Documentation
Request Syntax
client.list_threat_entity_sets(
DetectorId='string',
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The unique ID of the GuardDuty detector that is associated with this threat entity set.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
integer
You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50.
string
You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
dict
Response Syntax
{
'ThreatEntitySetIds': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
ThreatEntitySetIds (list) --
The IDs of the threat entity set resources.
(string) --
NextToken (string) --
The pagination parameter to be used on the next list operation to retrieve more items.
Updates the trusted entity set associated with the specified trustedEntitySetId.
See also: AWS API Documentation
Request Syntax
client.update_trusted_entity_set(
DetectorId='string',
TrustedEntitySetId='string',
Name='string',
Location='string',
ExpectedBucketOwner='string',
Activate=True|False
)
string
[REQUIRED]
The unique ID of the GuardDuty detector associated with the threat entity set that you want to update.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
string
[REQUIRED]
The ID returned by GuardDuty after updating the trusted entity set resource.
string
A user-friendly name to identify the trusted entity set.
List naming constraints - The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).
string
The URI of the file that contains the trusted entity set.
string
The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.
boolean
A boolean value that indicates whether GuardDuty is to start using this updated trusted entity set. After you update an entity set, you will need to activate it again. It might take up to 15 minutes for the updated entity set to be effective.
dict
Response Syntax
{}
Response Structure
(dict) --
Creates a new threat entity set. In a threat entity set, you can provide known malicious IP addresses and domains for your Amazon Web Services environment. GuardDuty generates findings based on the entries in the threat entity sets. Only users of the administrator account can manage entity sets, which automatically apply to member accounts.
See also: AWS API Documentation
Request Syntax
client.create_threat_entity_set(
DetectorId='string',
Name='string',
Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
Location='string',
ExpectedBucketOwner='string',
Activate=True|False,
ClientToken='string',
Tags={
'string': 'string'
}
)
string
[REQUIRED]
The unique ID of the detector of the GuardDuty account for which you want to create a threat entity set.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
string
[REQUIRED]
A user-friendly name to identify the threat entity set.
List naming constraints - The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).
string
[REQUIRED]
The format of the file that contains the threat entity set.
string
[REQUIRED]
The URI of the file that contains the threat entity set.
string
The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.
boolean
[REQUIRED]
A boolean value that indicates whether GuardDuty should start using the uploaded threat entity set to generate findings.
string
The idempotency token for the create request.
This field is autopopulated if not provided.
dict
The tags to be added to a new threat entity set resource.
(string) --
(string) --
dict
Response Syntax
{
'ThreatEntitySetId': 'string'
}
Response Structure
(dict) --
ThreatEntitySetId (string) --
The ID returned by GuardDuty after creation of the threat entity set resource.
Creates a new trusted entity set. In the trusted entity set, you can provide IP addresses and domains that you believe are secure for communication in your Amazon Web Services environment. GuardDuty will not generate findings for the entries that are specified in a trusted entity set. At any given time, you can have only one trusted entity set.
Only users of the administrator account can manage the entity sets, which automatically apply to member accounts.
See also: AWS API Documentation
Request Syntax
client.create_trusted_entity_set(
DetectorId='string',
Name='string',
Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
Location='string',
ExpectedBucketOwner='string',
Activate=True|False,
ClientToken='string',
Tags={
'string': 'string'
}
)
string
[REQUIRED]
The unique ID of the detector of the GuardDuty account for which you want to create a trusted entity set.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
string
[REQUIRED]
A user-friendly name to identify the trusted entity set.
List naming constraints - The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).
string
[REQUIRED]
The format of the file that contains the trusted entity set.
string
[REQUIRED]
The URI of the file that contains the trusted entity set.
string
The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.
boolean
[REQUIRED]
A boolean value that indicates whether GuardDuty is to start using the uploaded trusted entity set.
string
The idempotency token for the create request.
This field is autopopulated if not provided.
dict
The tags to be added to a new trusted entity set resource.
(string) --
(string) --
dict
Response Syntax
{
'TrustedEntitySetId': 'string'
}
Response Structure
(dict) --
TrustedEntitySetId (string) --
The ID returned by GuardDuty after creation of the trusted entity set resource.
Retrieves the trusted entity set associated with the specified trustedEntitySetId.
See also: AWS API Documentation
Request Syntax
client.get_trusted_entity_set(
DetectorId='string',
TrustedEntitySetId='string'
)
string
[REQUIRED]
The unique ID of the GuardDuty detector associated with this trusted entity set.
string
[REQUIRED]
The unique ID that helps GuardDuty identify the trusted entity set.
dict
Response Syntax
{
'Name': 'string',
'Format': 'TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
'Location': 'string',
'ExpectedBucketOwner': 'string',
'Status': 'INACTIVE'|'ACTIVATING'|'ACTIVE'|'DEACTIVATING'|'ERROR'|'DELETE_PENDING'|'DELETED',
'Tags': {
'string': 'string'
},
'CreatedAt': datetime(2015, 1, 1),
'UpdatedAt': datetime(2015, 1, 1),
'ErrorDetails': 'string'
}
Response Structure
(dict) --
Name (string) --
The name of the threat entity set associated with the specified trustedEntitySetId.
Format (string) --
The format of the file that contains the trusted entity set.
Location (string) --
The URI of the file that contains the trusted entity set.
ExpectedBucketOwner (string) --
The Amazon Web Services account ID that owns the Amazon S3 bucket specified in the location parameter.
Status (string) --
The status of the associated trusted entity set.
Tags (dict) --
The tags associated with trusted entity set resource.
(string) --
(string) --
CreatedAt (datetime) --
The timestamp when the associated trusted entity set was created.
UpdatedAt (datetime) --
The timestamp when the associated trusted entity set was updated.
ErrorDetails (string) --
The error details when the status is shown as ERROR.
Deletes the trusted entity set that is associated with the specified trustedEntitySetId.
See also: AWS API Documentation
Request Syntax
client.delete_trusted_entity_set(
DetectorId='string',
TrustedEntitySetId='string'
)
string
[REQUIRED]
The unique ID of the detector associated with the trusted entity set resource.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
string
[REQUIRED]
The unique ID that helps GuardDuty identify which trusted entity set needs to be deleted.
dict
Response Syntax
{}
Response Structure
(dict) --