Amazon GuardDuty

2020/09/03 - 1 updated api methods

Changes   GuardDuty findings triggered by failed events now include the error code name within the AwsApiCallAction section.

2020/07/30 - 1 new api methods

Changes   GuardDuty can now provide detailed cost metrics broken down by account, data source, and S3 resources, based on the past 30 days of usage. This new feature also supports viewing cost metrics for all member accounts as a GuardDuty master.

2020/07/29 - 2 new 5 updated api methods

Changes   GuardDuty now supports S3 Data Events as a configurable data source type. This feature expands GuardDuty's monitoring scope to include S3 data plane operations, such as GetObject and PutObject. This data source is optional and can be enabled or disabled at anytime. Accounts already using GuardDuty must first enable the new feature to use it; new accounts will be enabled by default. GuardDuty masters can configure this data source for individual member accounts and GuardDuty masters associated through AWS Organizations can automatically enable the data source in member accounts.

2020/06/02 - 1 updated api methods

Changes   Amazon GuardDuty findings now include S3 bucket details under the resource section if an S3 Bucket was one of the affected resources

2020/04/21 - 5 new api methods

Changes   AWS GuardDuty now supports using AWS Organizations delegated administrators to create and manage GuardDuty master and member accounts. The feature also allows GuardDuty to be automatically enabled on associated organization accounts.

2020/03/06 - 1 updated api methods

Changes   Amazon GuardDuty findings now include the OutpostArn if the finding is generated for an AWS Outposts EC2 host.

2020/03/05 - 1 updated api methods

Changes   Add a new finding field for EC2 findings indicating the instance's local IP address involved in the threat.

2019/11/15 - 5 new api methods

Changes   This release includes new operations related to findings export, including: CreatePublishingDestination, UpdatePublishingDestination, DescribePublishingDestination, DeletePublishingDestination and ListPublishingDestinations.

2019/08/09 - 1 updated api methods

Changes   New "evidence" field in the finding model to provide evidence information explaining why the finding has been triggered. Currently only threat-intelligence findings have this field. Some documentation updates.

2019/06/13 - 3 new 8 updated api methods

Changes   Support for tagging functionality in Create and Get operations for Detector, IP Set, Threat Intel Set, and Finding Filter resources and 3 new tagging APIs: ListTagsForResource, TagResource, and UntagResource.

2019/06/06 - 6 updated api methods

Changes   Improve FindingCriteria Condition field names, support long-typed conditions and deprecate old Condition field names.

2018/10/01 - 5 updated api methods

Changes   Support optional FindingPublishingFrequency parameter in CreateDetector and UpdateDetector operations, and ClientToken on Create* operations

2018/05/04 - 5 new 1 updated api methods

Changes   Amazon GuardDuty is adding five new API operations for creating and managing filters. For each filter, you can specify a criteria and an action. The action you specify is applied to findings that match the specified criteria.

2018/04/30 - 1 updated api methods

Changes   You can disable the email notification when inviting GuardDuty members using the disableEmailNotification parameter in the InviteMembers operation.

2018/02/12 - 1 updated api methods

Changes   Added PortProbeAction information to the Action section of the port probe-type finding.

2018/01/25 - 1 updated api methods

Changes   Added the missing AccessKeyDetails object to the resource shape.

2017/11/29 - 37 new api methods

Changes   Enable Amazon GuardDuty to continuously monitor and process AWS data sources to identify threats to your AWS accounts and workloads. You can add customization by uploading additional threat intelligence lists and IP safe lists. You can list security findings, suspend, and disable the service.