Changes Amazon GuardDuty findings now include the OutpostArn if the finding is generated for an AWS Outposts EC2 host.
Changes Add a new finding field for EC2 findings indicating the instance's local IP address involved in the threat.
Changes This release includes new operations related to findings export, including: CreatePublishingDestination, UpdatePublishingDestination, DescribePublishingDestination, DeletePublishingDestination and ListPublishingDestinations.
Changes New "evidence" field in the finding model to provide evidence information explaining why the finding has been triggered. Currently only threat-intelligence findings have this field. Some documentation updates.
Changes Support for tagging functionality in Create and Get operations for Detector, IP Set, Threat Intel Set, and Finding Filter resources and 3 new tagging APIs: ListTagsForResource, TagResource, and UntagResource.
Changes Improve FindingCriteria Condition field names, support long-typed conditions and deprecate old Condition field names.
Changes Support optional FindingPublishingFrequency parameter in CreateDetector and UpdateDetector operations, and ClientToken on Create* operations
Changes Amazon GuardDuty is adding five new API operations for creating and managing filters. For each filter, you can specify a criteria and an action. The action you specify is applied to findings that match the specified criteria.
Changes You can disable the email notification when inviting GuardDuty members using the disableEmailNotification parameter in the InviteMembers operation.
Changes Added PortProbeAction information to the Action section of the port probe-type finding.
Changes Added the missing AccessKeyDetails object to the resource shape.
Changes Enable Amazon GuardDuty to continuously monitor and process AWS data sources to identify threats to your AWS accounts and workloads. You can add customization by uploading additional threat intelligence lists and IP safe lists. You can list security findings, suspend, and disable the service.