Class: Aws::GuardDuty::Client

Inherits:

Seahorse::Client::Base

• Object
• Seahorse::Client::Base
• Aws::GuardDuty::Client

Includes:

ClientStubs

Defined in:

lib/aws-sdk-guardduty/client.rb

Class Attribute Summary

• .identifier ⇒ Object readonly private

API Operations

• #accept_invitation(params = {}) ⇒ Struct

  Accepts the invitation to be monitored by a master GuardDuty account.

• #archive_findings(params = {}) ⇒ Struct

  Archives Amazon GuardDuty findings specified by the list of finding IDs.

• #create_detector(params = {}) ⇒ Types::CreateDetectorResponse

  Creates a single Amazon GuardDuty detector.

• #create_filter(params = {}) ⇒ Types::CreateFilterResponse

  Creates a filter using the specified finding criteria.

• #create_ip_set(params = {}) ⇒ Types::CreateIPSetResponse

  Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.

• #create_members(params = {}) ⇒ Types::CreateMembersResponse

  Creates member accounts of the current AWS account by specifying a list of AWS account IDs.

• #create_sample_findings(params = {}) ⇒ Struct

  Generates example findings of types specified by the list of finding types.

• #create_threat_intel_set(params = {}) ⇒ Types::CreateThreatIntelSetResponse

  Create a new ThreatIntelSet.

• #decline_invitations(params = {}) ⇒ Types::DeclineInvitationsResponse

  Declines invitations sent to the current member account by AWS account specified by their account IDs.

• #delete_detector(params = {}) ⇒ Struct

  Deletes a Amazon GuardDuty detector specified by the detector ID.

• #delete_filter(params = {}) ⇒ Struct

  Deletes the filter specified by the filter name.

• #delete_invitations(params = {}) ⇒ Types::DeleteInvitationsResponse

  Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.

• #delete_ip_set(params = {}) ⇒ Struct

  Deletes the IPSet specified by the IPSet ID.

• #delete_members(params = {}) ⇒ Types::DeleteMembersResponse

  Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

• #delete_threat_intel_set(params = {}) ⇒ Struct

  Deletes ThreatIntelSet specified by the ThreatIntelSet ID.

• #disassociate_from_master_account(params = {}) ⇒ Struct

  Disassociates the current GuardDuty member account from its master account.

• #disassociate_members(params = {}) ⇒ Types::DisassociateMembersResponse

  Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

• #get_detector(params = {}) ⇒ Types::GetDetectorResponse

  Retrieves an Amazon GuardDuty detector specified by the detectorId.

• #get_filter(params = {}) ⇒ Types::GetFilterResponse

  Returns the details of the filter specified by the filter name.

• #get_findings(params = {}) ⇒ Types::GetFindingsResponse

  Describes Amazon GuardDuty findings specified by finding IDs.

• #get_findings_statistics(params = {}) ⇒ Types::GetFindingsStatisticsResponse

  Lists Amazon GuardDuty findings’ statistics for the specified detector ID.

• #get_invitations_count(params = {}) ⇒ Types::GetInvitationsCountResponse

  Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

• #get_ip_set(params = {}) ⇒ Types::GetIPSetResponse

  Retrieves the IPSet specified by the IPSet ID.

• #get_master_account(params = {}) ⇒ Types::GetMasterAccountResponse

  Provides the details for the GuardDuty master account to the current GuardDuty member account.

• #get_members(params = {}) ⇒ Types::GetMembersResponse

  Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

• #get_threat_intel_set(params = {}) ⇒ Types::GetThreatIntelSetResponse

  Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

• #invite_members(params = {}) ⇒ Types::InviteMembersResponse

  Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts’ GuardDuty findings on their behalf as the master account.

• #list_detectors(params = {}) ⇒ Types::ListDetectorsResponse

  Lists detectorIds of all the existing Amazon GuardDuty detector resources.

• #list_filters(params = {}) ⇒ Types::ListFiltersResponse

  Returns a paginated list of the current filters.

• #list_findings(params = {}) ⇒ Types::ListFindingsResponse

  Lists Amazon GuardDuty findings for the specified detector ID.

• #list_invitations(params = {}) ⇒ Types::ListInvitationsResponse

  Lists all GuardDuty membership invitations that were sent to the current AWS account.

• #list_ip_sets(params = {}) ⇒ Types::ListIPSetsResponse

  Lists the IPSets of the GuardDuty service specified by the detector ID.

• #list_members(params = {}) ⇒ Types::ListMembersResponse

  Lists details about all member accounts for the current GuardDuty master account.

• #list_threat_intel_sets(params = {}) ⇒ Types::ListThreatIntelSetsResponse

  Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.

• #start_monitoring_members(params = {}) ⇒ Types::StartMonitoringMembersResponse

  Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs.

• #stop_monitoring_members(params = {}) ⇒ Types::StopMonitoringMembersResponse

  Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs.

• #unarchive_findings(params = {}) ⇒ Struct

  Unarchives Amazon GuardDuty findings specified by the list of finding IDs.

• #update_detector(params = {}) ⇒ Struct

  Updates an Amazon GuardDuty detector specified by the detectorId.

• #update_filter(params = {}) ⇒ Types::UpdateFilterResponse

  Updates the filter specified by the filter name.

• #update_findings_feedback(params = {}) ⇒ Struct

  Marks specified Amazon GuardDuty findings as useful or not useful.

• #update_ip_set(params = {}) ⇒ Struct

  Updates the IPSet specified by the IPSet ID.

• #update_threat_intel_set(params = {}) ⇒ Struct

  Updates the ThreatIntelSet specified by ThreatIntelSet ID.

Class Method Summary

• .errors_module ⇒ Object private

Instance Method Summary

• #build_request(operation_name, params = {}) ⇒ Object private
• #initialize(options) ⇒ Client constructor

  A new instance of Client.

• #waiter_names ⇒ Object deprecated private Deprecated.

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

• options (Hash)

Options Hash (options):

• :credentials (required, Aws::CredentialProvider) —

  Your AWS credentials. This can be an instance of any one of the following classes:

  • ‘Aws::Credentials` - Used for configuring static, non-refreshing credentials.

  • ‘Aws::InstanceProfileCredentials` - Used for loading credentials from an EC2 IMDS on an EC2 instance.

  • ‘Aws::SharedCredentials` - Used for loading credentials from a shared file, such as `~/.aws/config`.

  • ‘Aws::AssumeRoleCredentials` - Used when you need to assume a role.

  When ‘:credentials` are not configured directly, the following locations will be searched for credentials:

  • ‘Aws.config`

  • The ‘:access_key_id`, `:secret_access_key`, and `:session_token` options.

  • ENV, ENV

  • ‘~/.aws/credentials`

  • ‘~/.aws/config`

  • EC2 IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of ‘Aws::InstanceProfileCredentails` to enable retries and extended timeouts.

• :region (required, String) —

  The AWS region to connect to. The configured ‘:region` is used to determine the service `:endpoint`. When not passed, a default `:region` is search for in the following locations:

  • ‘Aws.config`

  • ‘ENV`

  • ‘ENV`

  • ‘ENV`

  • ‘~/.aws/credentials`

  • ‘~/.aws/config`

• :access_key_id (String)
• :active_endpoint_cache (Boolean) — default: false —

  When set to ‘true`, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to `false`.

• :client_side_monitoring (Boolean) — default: false —

  When ‘true`, client-side metrics will be collected for all API requests from this client.

• :client_side_monitoring_client_id (String) — default: "" —

  Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

• :client_side_monitoring_port (Integer) — default: 31000 —

  Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

• :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher —

  Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

• :convert_params (Boolean) — default: true —

  When ‘true`, an attempt is made to coerce request parameters into the required types.

• :disable_host_prefix_injection (Boolean) — default: false —

  Set to true to disable SDK automatically adding host prefix to default service endpoint when available.

• :endpoint (String) —

  The client endpoint is normally constructed from the ‘:region` option. You should only configure an `:endpoint` when connecting to test endpoints. This should be avalid HTTP(S) URI.

• :endpoint_cache_max_entries (Integer) — default: 1000 —

  Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

• :endpoint_cache_max_threads (Integer) — default: 10 —

  Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

• :endpoint_cache_poll_interval (Integer) — default: 60 —

  When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

• :endpoint_discovery (Boolean) — default: false —

  When set to ‘true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.

• :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default —

  The log formatter.

• :log_level (Symbol) — default: :info —

  The log level to send messages to the ‘:logger` at.

• :logger (Logger) —

  The Logger instance to send log messages to. If this option is not set, logging will be disabled.

• :profile (String) — default: "default" —

  Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, ‘default’ is used.

• :retry_base_delay (Float) — default: 0.3 —

  The base delay in seconds used by the default backoff function.

• :retry_jitter (Symbol) — default: :none —

  A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number.

  @see www.awsarchitectureblog.com/2015/03/backoff.html

• :retry_limit (Integer) — default: 3 —

  The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors and auth errors from expired credentials.

• :retry_max_delay (Integer) — default: 0 —

  The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function.

• :secret_access_key (String)
• :session_token (String)
• :stub_responses (Boolean) — default: false —

  Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

  ** Please note ** When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

• :validate_params (Boolean) — default: true —

  When ‘true`, request parameters are validated before sending the request.

# File 'lib/aws-sdk-guardduty/client.rb', line 202

def initialize(*args)
  super
end

Class Attribute Details

.identifier ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-guardduty/client.rb', line 1918

def identifier
  @identifier
end

Class Method Details

.errors_module ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/aws-sdk-guardduty/client.rb', line 1921

def errors_module
  Errors
end

Instance Method Details

#accept_invitation(params = {}) ⇒ Struct

Accepts the invitation to be monitored by a master GuardDuty account.

Examples:

Request syntax with placeholder values

resp = client.accept_invitation({
  detector_id: "__string", # required
  invitation_id: "InvitationId", # required
  master_id: "MasterId", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :invitation_id (required, String) —

  This value is used to validate the master account to the member account.

• :master_id (required, String) —

  The account ID of the master GuardDuty account whose invitation you’re accepting.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 234

def accept_invitation(params = {}, options = {})
  req = build_request(:accept_invitation, params)
  req.send_request(options)
end

#archive_findings(params = {}) ⇒ Struct

Archives Amazon GuardDuty findings specified by the list of finding IDs.

Examples:

Request syntax with placeholder values

resp = client.archive_findings({
  detector_id: "__string", # required
  finding_ids: ["FindingId"], # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :finding_ids (required, Array<String>) —

  IDs of the findings that you want to archive.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 260

def archive_findings(params = {}, options = {})
  req = build_request(:archive_findings, params)
  req.send_request(options)
end

#build_request(operation_name, params = {}) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parameters:

• params ({}) (defaults to: {})

# File 'lib/aws-sdk-guardduty/client.rb', line 1896

def build_request(operation_name, params = {})
  handlers = @handlers.for(operation_name)
  context = Seahorse::Client::RequestContext.new(
    operation_name: operation_name,
    operation: config.api.operation(operation_name),
    client: self,
    params: params,
    config: config)
  context[:gem_name] = 'aws-sdk-guardduty'
  context[:gem_version] = '1.11.0'
  Seahorse::Client::Request.new(handlers, context)
end

#create_detector(params = {}) ⇒ Types::CreateDetectorResponse

Creates a single Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector must be created in order for GuardDuty to become operational.

Examples:

Request syntax with placeholder values

resp = client.create_detector({
  client_token: "__stringMin0Max64",
  enable: false, # required
  finding_publishing_frequency: "FIFTEEN_MINUTES", # accepts FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
})

Response structure

resp.detector_id #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :client_token (String) —

  The idempotency token for the create request.**A suitable default value is auto-generated.** You should normally not need to pass this option.**

• :enable (required, Boolean) —

  A boolean value that specifies whether the detector is to be enabled.

• :finding_publishing_frequency (String) —

  A enum value that specifies how frequently customer got Finding updates published.

Returns:

• (Types::CreateDetectorResponse) —

  Returns a response object which responds to the following methods:

  • #detector_id => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 300

def create_detector(params = {}, options = {})
  req = build_request(:create_detector, params)
  req.send_request(options)
end

#create_filter(params = {}) ⇒ Types::CreateFilterResponse

Creates a filter using the specified finding criteria.

Examples:

Request syntax with placeholder values

resp = client.create_filter({
  action: "NOOP", # accepts NOOP, ARCHIVE
  client_token: "__stringMin0Max64",
  description: "FilterDescription",
  detector_id: "__string", # required
  finding_criteria: { # required
    criterion: {
      "__string" => {
        eq: ["__string"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        neq: ["__string"],
      },
    },
  },
  name: "FilterName", # required
  rank: 1,
})

Response structure

resp.name #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :action (String) —

  Specifies the action that is to be applied to the findings that match the filter.

• :client_token (String) —

  The idempotency token for the create request.**A suitable default value is auto-generated.** You should normally not need to pass this option.**

• :description (String) —

  The description of the filter.

• :detector_id (required, String)
• :finding_criteria (required, Types::FindingCriteria) —

  Represents the criteria to be used in the filter for querying findings.

• :name (required, String) —

  The name of the filter.

• :rank (Integer) —

  Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Returns:

• (Types::CreateFilterResponse) —

  Returns a response object which responds to the following methods:

  • #name => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 367

def create_filter(params = {}, options = {})
  req = build_request(:create_filter, params)
  req.send_request(options)
end

#create_ip_set(params = {}) ⇒ Types::CreateIPSetResponse

Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.

Examples:

Request syntax with placeholder values

resp = client.create_ip_set({
  activate: false, # required
  client_token: "__stringMin0Max64",
  detector_id: "__string", # required
  format: "TXT", # required, accepts TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE
  location: "Location", # required
  name: "Name", # required
})

Response structure

resp.ip_set_id #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :activate (required, Boolean) —

  A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

• :client_token (String) —

  The idempotency token for the create request.**A suitable default value is auto-generated.** You should normally not need to pass this option.**

• :detector_id (required, String)
• :format (required, String) —

  The format of the file that contains the IPSet.

• :location (required, String) —

  The URI of the file that contains the IPSet. For example (s3.us-west-2.amazonaws.com/my-bucket/my-object-key)

• :name (required, String) —

  The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.

Returns:

• (Types::CreateIPSetResponse) —

  Returns a response object which responds to the following methods:

  • #ip_set_id => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 421

def create_ip_set(params = {}, options = {})
  req = build_request(:create_ip_set, params)
  req.send_request(options)
end

#create_members(params = {}) ⇒ Types::CreateMembersResponse

Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.

Examples:

Request syntax with placeholder values

resp = client.create_members({
  account_details: [ # required
    {
      account_id: "AccountId", # required
      email: "Email", # required
    },
  ],
  detector_id: "__string", # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_details (required, Array<Types::AccountDetail>) —

  A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account.

• :detector_id (required, String)

Returns:

• (Types::CreateMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 462

def create_members(params = {}, options = {})
  req = build_request(:create_members, params)
  req.send_request(options)
end

#create_sample_findings(params = {}) ⇒ Struct

Generates example findings of types specified by the list of finding types. If ‘NULL’ is specified for findingTypes, the API generates example findings of all supported finding types.

Examples:

Request syntax with placeholder values

resp = client.create_sample_findings({
  detector_id: "__string", # required
  finding_types: ["FindingType"],
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :finding_types (Array<String>) —

  Types of sample findings that you want to generate.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 489

def create_sample_findings(params = {}, options = {})
  req = build_request(:create_sample_findings, params)
  req.send_request(options)
end

#create_threat_intel_set(params = {}) ⇒ Types::CreateThreatIntelSetResponse

Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.

Examples:

Request syntax with placeholder values

resp = client.create_threat_intel_set({
  activate: false, # required
  client_token: "__stringMin0Max64",
  detector_id: "__string", # required
  format: "TXT", # required, accepts TXT, STIX, OTX_CSV, ALIEN_VAULT, PROOF_POINT, FIRE_EYE
  location: "Location", # required
  name: "Name", # required
})

Response structure

resp.threat_intel_set_id #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :activate (required, Boolean) —

  A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

• :client_token (String) —

  The idempotency token for the create request.**A suitable default value is auto-generated.** You should normally not need to pass this option.**

• :detector_id (required, String)
• :format (required, String) —

  The format of the file that contains the ThreatIntelSet.

• :location (required, String) —

  The URI of the file that contains the ThreatIntelSet. For example (s3.us-west-2.amazonaws.com/my-bucket/my-object-key).

• :name (required, String) —

  A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.

Returns:

• (Types::CreateThreatIntelSetResponse) —

  Returns a response object which responds to the following methods:

  • #threat_intel_set_id => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 543

def create_threat_intel_set(params = {}, options = {})
  req = build_request(:create_threat_intel_set, params)
  req.send_request(options)
end

#decline_invitations(params = {}) ⇒ Types::DeclineInvitationsResponse

Declines invitations sent to the current member account by AWS account specified by their account IDs.

Examples:

Request syntax with placeholder values

resp = client.decline_invitations({
  account_ids: ["__string"], # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.

Returns:

• (Types::DeclineInvitationsResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 575

def decline_invitations(params = {}, options = {})
  req = build_request(:decline_invitations, params)
  req.send_request(options)
end

#delete_detector(params = {}) ⇒ Struct

Deletes a Amazon GuardDuty detector specified by the detector ID.

Examples:

Request syntax with placeholder values

resp = client.delete_detector({
  detector_id: "__string", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 596

def delete_detector(params = {}, options = {})
  req = build_request(:delete_detector, params)
  req.send_request(options)
end

#delete_filter(params = {}) ⇒ Struct

Deletes the filter specified by the filter name.

Examples:

Request syntax with placeholder values

resp = client.delete_filter({
  detector_id: "__string", # required
  filter_name: "__string", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :filter_name (required, String)

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 620

def delete_filter(params = {}, options = {})
  req = build_request(:delete_filter, params)
  req.send_request(options)
end

#delete_invitations(params = {}) ⇒ Types::DeleteInvitationsResponse

Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.

Examples:

Request syntax with placeholder values

resp = client.delete_invitations({
  account_ids: ["__string"], # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.

Returns:

• (Types::DeleteInvitationsResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 676

def delete_invitations(params = {}, options = {})
  req = build_request(:delete_invitations, params)
  req.send_request(options)
end

#delete_ip_set(params = {}) ⇒ Struct

Deletes the IPSet specified by the IPSet ID.

Examples:

Request syntax with placeholder values

resp = client.delete_ip_set({
  detector_id: "__string", # required
  ip_set_id: "__string", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :ip_set_id (required, String)

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 644

def delete_ip_set(params = {}, options = {})
  req = build_request(:delete_ip_set, params)
  req.send_request(options)
end

#delete_members(params = {}) ⇒ Types::DeleteMembersResponse

Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

Examples:

Request syntax with placeholder values

resp = client.delete_members({
  account_ids: ["__string"], # required
  detector_id: "__string", # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  A list of account IDs of the GuardDuty member accounts that you want to delete.

• :detector_id (required, String)

Returns:

• (Types::DeleteMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 711

def delete_members(params = {}, options = {})
  req = build_request(:delete_members, params)
  req.send_request(options)
end

#delete_threat_intel_set(params = {}) ⇒ Struct

Deletes ThreatIntelSet specified by the ThreatIntelSet ID.

Examples:

Request syntax with placeholder values

resp = client.delete_threat_intel_set({
  detector_id: "__string", # required
  threat_intel_set_id: "__string", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :threat_intel_set_id (required, String)

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 735

def delete_threat_intel_set(params = {}, options = {})
  req = build_request(:delete_threat_intel_set, params)
  req.send_request(options)
end

#disassociate_from_master_account(params = {}) ⇒ Struct

Disassociates the current GuardDuty member account from its master account.

Examples:

Request syntax with placeholder values

resp = client.disassociate_from_master_account({
  detector_id: "__string", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 757

def disassociate_from_master_account(params = {}, options = {})
  req = build_request(:disassociate_from_master_account, params)
  req.send_request(options)
end

#disassociate_members(params = {}) ⇒ Types::DisassociateMembersResponse

Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

Examples:

Request syntax with placeholder values

resp = client.disassociate_members({
  account_ids: ["__string"], # required
  detector_id: "__string", # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  A list of account IDs of the GuardDuty member accounts that you want to disassociate from master.

• :detector_id (required, String)

Returns:

• (Types::DisassociateMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 792

def disassociate_members(params = {}, options = {})
  req = build_request(:disassociate_members, params)
  req.send_request(options)
end

#get_detector(params = {}) ⇒ Types::GetDetectorResponse

Retrieves an Amazon GuardDuty detector specified by the detectorId.

Examples:

Request syntax with placeholder values

resp = client.get_detector({
  detector_id: "__string", # required
})

Response structure

resp.created_at #=> String
resp.finding_publishing_frequency #=> String, one of "FIFTEEN_MINUTES", "ONE_HOUR", "SIX_HOURS"
resp.service_role #=> String
resp.status #=> String, one of "ENABLED", "DISABLED"
resp.updated_at #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)

Returns:

• (Types::GetDetectorResponse) —

  Returns a response object which responds to the following methods:

  • #created_at => String

  • #finding_publishing_frequency => String

  • #service_role => String

  • #status => String

  • #updated_at => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 827

def get_detector(params = {}, options = {})
  req = build_request(:get_detector, params)
  req.send_request(options)
end

#get_filter(params = {}) ⇒ Types::GetFilterResponse

Returns the details of the filter specified by the filter name.

Examples:

Request syntax with placeholder values

resp = client.get_filter({
  detector_id: "__string", # required
  filter_name: "__string", # required
})

Response structure

resp.action #=> String, one of "NOOP", "ARCHIVE"
resp.description #=> String
resp.finding_criteria.criterion #=> Hash
resp.finding_criteria.criterion["__string"].eq #=> Array
resp.finding_criteria.criterion["__string"].eq[0] #=> String
resp.finding_criteria.criterion["__string"].gt #=> Integer
resp.finding_criteria.criterion["__string"].gte #=> Integer
resp.finding_criteria.criterion["__string"].lt #=> Integer
resp.finding_criteria.criterion["__string"].lte #=> Integer
resp.finding_criteria.criterion["__string"].neq #=> Array
resp.finding_criteria.criterion["__string"].neq[0] #=> String
resp.name #=> String
resp.rank #=> Integer

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :filter_name (required, String)

Returns:

• (Types::GetFilterResponse) —

  Returns a response object which responds to the following methods:

  • #action => String

  • #description => String

  • #finding_criteria => Types::FindingCriteria

  • #name => String

  • #rank => Integer

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 873

def get_filter(params = {}, options = {})
  req = build_request(:get_filter, params)
  req.send_request(options)
end

#get_findings(params = {}) ⇒ Types::GetFindingsResponse

Describes Amazon GuardDuty findings specified by finding IDs.

Examples:

Request syntax with placeholder values

resp = client.get_findings({
  detector_id: "__string", # required
  finding_ids: ["FindingId"], # required
  sort_criteria: {
    attribute_name: "__string",
    order_by: "ASC", # accepts ASC, DESC
  },
})

Response structure

resp.findings #=> Array
resp.findings[0].account_id #=> String
resp.findings[0].arn #=> String
resp.findings[0].confidence #=> Float
resp.findings[0].created_at #=> String
resp.findings[0].description #=> String
resp.findings[0].id #=> String
resp.findings[0].partition #=> String
resp.findings[0].region #=> String
resp.findings[0].resource.access_key_details.access_key_id #=> String
resp.findings[0].resource.access_key_details.principal_id #=> String
resp.findings[0].resource.access_key_details.user_name #=> String
resp.findings[0].resource.access_key_details.user_type #=> String
resp.findings[0].resource.instance_details.availability_zone #=> String
resp.findings[0].resource.instance_details.iam_instance_profile.arn #=> String
resp.findings[0].resource.instance_details.iam_instance_profile.id #=> String
resp.findings[0].resource.instance_details.image_description #=> String
resp.findings[0].resource.instance_details.image_id #=> String
resp.findings[0].resource.instance_details.instance_id #=> String
resp.findings[0].resource.instance_details.instance_state #=> String
resp.findings[0].resource.instance_details.instance_type #=> String
resp.findings[0].resource.instance_details.launch_time #=> String
resp.findings[0].resource.instance_details.network_interfaces #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].ipv_6_addresses #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].ipv_6_addresses[0] #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].network_interface_id #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_address #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses[0].private_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].private_ip_addresses[0].private_ip_address #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].public_dns_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].public_ip #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups #=> Array
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups[0].group_id #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].security_groups[0].group_name #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].subnet_id #=> String
resp.findings[0].resource.instance_details.network_interfaces[0].vpc_id #=> String
resp.findings[0].resource.instance_details.platform #=> String
resp.findings[0].resource.instance_details.product_codes #=> Array
resp.findings[0].resource.instance_details.product_codes[0].code #=> String
resp.findings[0].resource.instance_details.product_codes[0].product_type #=> String
resp.findings[0].resource.instance_details.tags #=> Array
resp.findings[0].resource.instance_details.tags[0].key #=> String
resp.findings[0].resource.instance_details.tags[0].value #=> String
resp.findings[0].resource.resource_type #=> String
resp.findings[0].schema_version #=> String
resp.findings[0].service.action.action_type #=> String
resp.findings[0].service.action.aws_api_call_action.api #=> String
resp.findings[0].service.action.aws_api_call_action.caller_type #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.aws_api_call_action.remote_ip_details.organization.org #=> String
resp.findings[0].service.action.aws_api_call_action.service_name #=> String
resp.findings[0].service.action.dns_request_action.domain #=> String
resp.findings[0].service.action.network_connection_action.blocked #=> Boolean
resp.findings[0].service.action.network_connection_action.connection_direction #=> String
resp.findings[0].service.action.network_connection_action.local_port_details.port #=> Integer
resp.findings[0].service.action.network_connection_action.local_port_details.port_name #=> String
resp.findings[0].service.action.network_connection_action.protocol #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.network_connection_action.remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.network_connection_action.remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.network_connection_action.remote_ip_details.organization.org #=> String
resp.findings[0].service.action.network_connection_action.remote_port_details.port #=> Integer
resp.findings[0].service.action.network_connection_action.remote_port_details.port_name #=> String
resp.findings[0].service.action.port_probe_action.blocked #=> Boolean
resp.findings[0].service.action.port_probe_action.port_probe_details #=> Array
resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_port_details.port #=> Integer
resp.findings[0].service.action.port_probe_action.port_probe_details[0].local_port_details.port_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.city.city_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_code #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.country.country_name #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lat #=> Float
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.geo_location.lon #=> Float
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.ip_address_v4 #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.asn_org #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.isp #=> String
resp.findings[0].service.action.port_probe_action.port_probe_details[0].remote_ip_details.organization.org #=> String
resp.findings[0].service.archived #=> Boolean
resp.findings[0].service.count #=> Integer
resp.findings[0].service.detector_id #=> String
resp.findings[0].service.event_first_seen #=> String
resp.findings[0].service.event_last_seen #=> String
resp.findings[0].service.resource_role #=> String
resp.findings[0].service.service_name #=> String
resp.findings[0].service.user_feedback #=> String
resp.findings[0].severity #=> Float
resp.findings[0].title #=> String
resp.findings[0].type #=> String
resp.findings[0].updated_at #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :finding_ids (required, Array<String>) —

  IDs of the findings that you want to retrieve.

• :sort_criteria (Types::SortCriteria) —

  Represents the criteria used for sorting findings.

Returns:

• (Types::GetFindingsResponse) —

  Returns a response object which responds to the following methods:

  • #findings => Array&lt;Types::Finding&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1015

def get_findings(params = {}, options = {})
  req = build_request(:get_findings, params)
  req.send_request(options)
end

#get_findings_statistics(params = {}) ⇒ Types::GetFindingsStatisticsResponse

Lists Amazon GuardDuty findings’ statistics for the specified detector ID.

Examples:

Request syntax with placeholder values

resp = client.get_findings_statistics({
  detector_id: "__string", # required
  finding_criteria: {
    criterion: {
      "__string" => {
        eq: ["__string"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        neq: ["__string"],
      },
    },
  },
  finding_statistic_types: ["COUNT_BY_SEVERITY"], # required, accepts COUNT_BY_SEVERITY
})

Response structure

resp.finding_statistics.count_by_severity #=> Hash
resp.finding_statistics.count_by_severity["__string"] #=> Integer

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :finding_criteria (Types::FindingCriteria) —

  Represents the criteria used for querying findings.

• :finding_statistic_types (required, Array<String>) —

  Types of finding statistics to retrieve.

Returns:

• (Types::GetFindingsStatisticsResponse) —

  Returns a response object which responds to the following methods:

  • #finding_statistics => Types::FindingStatistics

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1063

def get_findings_statistics(params = {}, options = {})
  req = build_request(:get_findings_statistics, params)
  req.send_request(options)
end

#get_invitations_count(params = {}) ⇒ Types::GetInvitationsCountResponse

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

Examples:

Response structure

resp.invitations_count #=> Integer

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Returns:

• (Types::GetInvitationsCountResponse) —

  Returns a response object which responds to the following methods:

  • #invitations_count => Integer

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1120

def get_invitations_count(params = {}, options = {})
  req = build_request(:get_invitations_count, params)
  req.send_request(options)
end

#get_ip_set(params = {}) ⇒ Types::GetIPSetResponse

Retrieves the IPSet specified by the IPSet ID.

Examples:

Request syntax with placeholder values

resp = client.get_ip_set({
  detector_id: "__string", # required
  ip_set_id: "__string", # required
})

Response structure

resp.format #=> String, one of "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE"
resp.location #=> String
resp.name #=> String
resp.status #=> String, one of "INACTIVE", "ACTIVATING", "ACTIVE", "DEACTIVATING", "ERROR", "DELETE_PENDING", "DELETED"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :ip_set_id (required, String)

Returns:

• (Types::GetIPSetResponse) —

  Returns a response object which responds to the following methods:

  • #format => String

  • #location => String

  • #name => String

  • #status => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1099

def get_ip_set(params = {}, options = {})
  req = build_request(:get_ip_set, params)
  req.send_request(options)
end

#get_master_account(params = {}) ⇒ Types::GetMasterAccountResponse

Provides the details for the GuardDuty master account to the current GuardDuty member account.

Examples:

Request syntax with placeholder values

resp = client.get_master_account({
  detector_id: "__string", # required
})

Response structure

resp.master.account_id #=> String
resp.master.invitation_id #=> String
resp.master.invited_at #=> String
resp.master.relationship_status #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)

Returns:

• (Types::GetMasterAccountResponse) —

  Returns a response object which responds to the following methods:

  • #master => Types::Master

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1151

def get_master_account(params = {}, options = {})
  req = build_request(:get_master_account, params)
  req.send_request(options)
end

#get_members(params = {}) ⇒ Types::GetMembersResponse

Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

Examples:

Request syntax with placeholder values

resp = client.get_members({
  account_ids: ["__string"], # required
  detector_id: "__string", # required
})

Response structure

resp.members #=> Array
resp.members[0].account_id #=> String
resp.members[0].detector_id #=> String
resp.members[0].email #=> String
resp.members[0].invited_at #=> String
resp.members[0].master_id #=> String
resp.members[0].relationship_status #=> String
resp.members[0].updated_at #=> String
resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  A list of account IDs of the GuardDuty member accounts that you want to describe.

• :detector_id (required, String)

Returns:

• (Types::GetMembersResponse) —

  Returns a response object which responds to the following methods:

  • #members => Array&lt;Types::Member&gt;

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1195

def get_members(params = {}, options = {})
  req = build_request(:get_members, params)
  req.send_request(options)
end

#get_threat_intel_set(params = {}) ⇒ Types::GetThreatIntelSetResponse

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

Examples:

Request syntax with placeholder values

resp = client.get_threat_intel_set({
  detector_id: "__string", # required
  threat_intel_set_id: "__string", # required
})

Response structure

resp.format #=> String, one of "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE"
resp.location #=> String
resp.name #=> String
resp.status #=> String, one of "INACTIVE", "ACTIVATING", "ACTIVE", "DEACTIVATING", "ERROR", "DELETE_PENDING", "DELETED"

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :threat_intel_set_id (required, String)

Returns:

• (Types::GetThreatIntelSetResponse) —

  Returns a response object which responds to the following methods:

  • #format => String

  • #location => String

  • #name => String

  • #status => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1232

def get_threat_intel_set(params = {}, options = {})
  req = build_request(:get_threat_intel_set, params)
  req.send_request(options)
end

#invite_members(params = {}) ⇒ Types::InviteMembersResponse

Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts’ GuardDuty findings on their behalf as the master account.

Examples:

Request syntax with placeholder values

resp = client.invite_members({
  account_ids: ["__string"], # required
  detector_id: "__string", # required
  disable_email_notification: false,
  message: "Message",
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  A list of account IDs of the accounts that you want to invite to GuardDuty as members.

• :detector_id (required, String)
• :disable_email_notification (Boolean) —

  A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members.

• :message (String) —

  The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.

Returns:

• (Types::InviteMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1280

def invite_members(params = {}, options = {})
  req = build_request(:invite_members, params)
  req.send_request(options)
end

#list_detectors(params = {}) ⇒ Types::ListDetectorsResponse

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

Examples:

Request syntax with placeholder values

resp = client.list_detectors({
  max_results: 1,
  next_token: "__string",
})

Response structure

resp.detector_ids #=> Array
resp.detector_ids[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :max_results (Integer) —

  You can use this parameter to indicate the maximum number of items that you want in the response.

• :next_token (String)

Returns:

• (Types::ListDetectorsResponse) —

  Returns a response object which responds to the following methods:

  • #detector_ids => Array&lt;String&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1316

def list_detectors(params = {}, options = {})
  req = build_request(:list_detectors, params)
  req.send_request(options)
end

#list_filters(params = {}) ⇒ Types::ListFiltersResponse

Returns a paginated list of the current filters.

Examples:

Request syntax with placeholder values

resp = client.list_filters({
  detector_id: "__string", # required
  max_results: 1,
  next_token: "__string",
})

Response structure

resp.filter_names #=> Array
resp.filter_names[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :max_results (Integer) —

  You can use this parameter to indicate the maximum number of items that you want in the response.

• :next_token (String)

Returns:

• (Types::ListFiltersResponse) —

  Returns a response object which responds to the following methods:

  • #filter_names => Array&lt;String&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1354

def list_filters(params = {}, options = {})
  req = build_request(:list_filters, params)
  req.send_request(options)
end

#list_findings(params = {}) ⇒ Types::ListFindingsResponse

Lists Amazon GuardDuty findings for the specified detector ID.

Examples:

Request syntax with placeholder values

resp = client.list_findings({
  detector_id: "__string", # required
  finding_criteria: {
    criterion: {
      "__string" => {
        eq: ["__string"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        neq: ["__string"],
      },
    },
  },
  max_results: 1,
  next_token: "NextToken",
  sort_criteria: {
    attribute_name: "__string",
    order_by: "ASC", # accepts ASC, DESC
  },
})

Response structure

resp.finding_ids #=> Array
resp.finding_ids[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :finding_criteria (Types::FindingCriteria) —

  Represents the criteria used for querying findings.

• :max_results (Integer) —

  You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

• :next_token (String) —

  You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListFindings action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.

• :sort_criteria (Types::SortCriteria) —

  Represents the criteria used for sorting findings.

Returns:

• (Types::ListFindingsResponse) —

  Returns a response object which responds to the following methods:

  • #finding_ids => Array&lt;String&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1420

def list_findings(params = {}, options = {})
  req = build_request(:list_findings, params)
  req.send_request(options)
end

#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse

Lists all GuardDuty membership invitations that were sent to the current AWS account.

Examples:

Request syntax with placeholder values

resp = client.list_invitations({
  max_results: 1,
  next_token: "__string",
})

Response structure

resp.invitations #=> Array
resp.invitations[0].account_id #=> String
resp.invitations[0].invitation_id #=> String
resp.invitations[0].invited_at #=> String
resp.invitations[0].relationship_status #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :max_results (Integer) —

  You can use this parameter to indicate the maximum number of items that you want in the response.

• :next_token (String)

Returns:

• (Types::ListInvitationsResponse) —

  Returns a response object which responds to the following methods:

  • #invitations => Array&lt;Types::Invitation&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1498

def list_invitations(params = {}, options = {})
  req = build_request(:list_invitations, params)
  req.send_request(options)
end

#list_ip_sets(params = {}) ⇒ Types::ListIPSetsResponse

Lists the IPSets of the GuardDuty service specified by the detector ID.

Examples:

Request syntax with placeholder values

resp = client.list_ip_sets({
  detector_id: "__string", # required
  max_results: 1,
  next_token: "__string",
})

Response structure

resp.ip_set_ids #=> Array
resp.ip_set_ids[0] #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :max_results (Integer) —

  You can use this parameter to indicate the maximum number of items that you want in the response.

• :next_token (String)

Returns:

• (Types::ListIPSetsResponse) —

  Returns a response object which responds to the following methods:

  • #ip_set_ids => Array&lt;String&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1459

def list_ip_sets(params = {}, options = {})
  req = build_request(:list_ip_sets, params)
  req.send_request(options)
end

#list_members(params = {}) ⇒ Types::ListMembersResponse

Lists details about all member accounts for the current GuardDuty master account.

Examples:

Request syntax with placeholder values

resp = client.list_members({
  detector_id: "__string", # required
  max_results: 1,
  next_token: "__string",
  only_associated: "__string",
})

Response structure

resp.members #=> Array
resp.members[0].account_id #=> String
resp.members[0].detector_id #=> String
resp.members[0].email #=> String
resp.members[0].invited_at #=> String
resp.members[0].master_id #=> String
resp.members[0].relationship_status #=> String
resp.members[0].updated_at #=> String
resp.next_token #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :max_results (Integer) —

  You can use this parameter to indicate the maximum number of items that you want in the response.

• :next_token (String)
• :only_associated (String)

Returns:

• (Types::ListMembersResponse) —

  Returns a response object which responds to the following methods:

  • #members => Array&lt;Types::Member&gt;

  • #next_token => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1546

def list_members(params = {}, options = {})
  req = build_request(:list_members, params)
  req.send_request(options)
end

#list_threat_intel_sets(params = {}) ⇒ Types::ListThreatIntelSetsResponse

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.

Examples:

Request syntax with placeholder values

resp = client.list_threat_intel_sets({
  detector_id: "__string", # required
  max_results: 1,
  next_token: "__string",
})

Response structure

resp.next_token #=> String
resp.threat_intel_set_ids #=> Array
resp.threat_intel_set_ids[0] #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :max_results (Integer) —

  You can use this parameter to indicate the maximum number of items that you want in the response.

• :next_token (String)

Returns:

• (Types::ListThreatIntelSetsResponse) —

  Returns a response object which responds to the following methods:

  • #next_token => String

  • #threat_intel_set_ids => Array&lt;String&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1585

def list_threat_intel_sets(params = {}, options = {})
  req = build_request(:list_threat_intel_sets, params)
  req.send_request(options)
end

#start_monitoring_members(params = {}) ⇒ Types::StartMonitoringMembersResponse

Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members’ findings by running StopMonitoringMembers.

Examples:

Request syntax with placeholder values

resp = client.start_monitoring_members({
  account_ids: ["__string"], # required
  detector_id: "__string", # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  A list of account IDs of the GuardDuty member accounts whose findings you want the master account to monitor.

• :detector_id (required, String)

Returns:

• (Types::StartMonitoringMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1622

def start_monitoring_members(params = {}, options = {})
  req = build_request(:start_monitoring_members, params)
  req.send_request(options)
end

#stop_monitoring_members(params = {}) ⇒ Types::StopMonitoringMembersResponse

Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’ findings.

Examples:

Request syntax with placeholder values

resp = client.stop_monitoring_members({
  account_ids: ["__string"], # required
  detector_id: "__string", # required
})

Response structure

resp.unprocessed_accounts #=> Array
resp.unprocessed_accounts[0].account_id #=> String
resp.unprocessed_accounts[0].result #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :account_ids (required, Array<String>) —

  A list of account IDs of the GuardDuty member accounts whose findings you want the master account to stop monitoring.

• :detector_id (required, String)

Returns:

• (Types::StopMonitoringMembersResponse) —

  Returns a response object which responds to the following methods:

  • #unprocessed_accounts => Array&lt;Types::UnprocessedAccount&gt;

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1659

def stop_monitoring_members(params = {}, options = {})
  req = build_request(:stop_monitoring_members, params)
  req.send_request(options)
end

#unarchive_findings(params = {}) ⇒ Struct

Unarchives Amazon GuardDuty findings specified by the list of finding IDs.

Examples:

Request syntax with placeholder values

resp = client.unarchive_findings({
  detector_id: "__string", # required
  finding_ids: ["FindingId"], # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :finding_ids (required, Array<String>) —

  IDs of the findings that you want to unarchive.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1685

def unarchive_findings(params = {}, options = {})
  req = build_request(:unarchive_findings, params)
  req.send_request(options)
end

#update_detector(params = {}) ⇒ Struct

Updates an Amazon GuardDuty detector specified by the detectorId.

Examples:

Request syntax with placeholder values

resp = client.update_detector({
  detector_id: "__string", # required
  enable: false,
  finding_publishing_frequency: "FIFTEEN_MINUTES", # accepts FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :detector_id (required, String)
• :enable (Boolean) —

  Updated boolean value for the detector that specifies whether the detector is enabled.

• :finding_publishing_frequency (String) —

  A enum value that specifies how frequently customer got Finding updates published.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1716

def update_detector(params = {}, options = {})
  req = build_request(:update_detector, params)
  req.send_request(options)
end

#update_filter(params = {}) ⇒ Types::UpdateFilterResponse

Updates the filter specified by the filter name.

Examples:

Request syntax with placeholder values

resp = client.update_filter({
  action: "NOOP", # accepts NOOP, ARCHIVE
  description: "FilterDescription",
  detector_id: "__string", # required
  filter_name: "__string", # required
  finding_criteria: {
    criterion: {
      "__string" => {
        eq: ["__string"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        neq: ["__string"],
      },
    },
  },
  rank: 1,
})

Response structure

resp.name #=> String

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :action (String) —

  Specifies the action that is to be applied to the findings that match the filter.

• :description (String) —

  The description of the filter.

• :detector_id (required, String)
• :filter_name (required, String)
• :finding_criteria (Types::FindingCriteria) —

  Represents the criteria to be used in the filter for querying findings.

• :rank (Integer) —

  Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Returns:

• (Types::UpdateFilterResponse) —

  Returns a response object which responds to the following methods:

  • #name => String

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1777

def update_filter(params = {}, options = {})
  req = build_request(:update_filter, params)
  req.send_request(options)
end

#update_findings_feedback(params = {}) ⇒ Struct

Marks specified Amazon GuardDuty findings as useful or not useful.

Examples:

Request syntax with placeholder values

resp = client.update_findings_feedback({
  comments: "Comments",
  detector_id: "__string", # required
  feedback: "USEFUL", # required, accepts USEFUL, NOT_USEFUL
  finding_ids: ["FindingId"], # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :comments (String) —

  Additional feedback about the GuardDuty findings.

• :detector_id (required, String)
• :feedback (required, String) —

  Valid values: USEFUL | NOT_USEFUL

• :finding_ids (required, Array<String>) —

  IDs of the findings that you want to mark as useful or not useful.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1810

def update_findings_feedback(params = {}, options = {})
  req = build_request(:update_findings_feedback, params)
  req.send_request(options)
end

#update_ip_set(params = {}) ⇒ Struct

Updates the IPSet specified by the IPSet ID.

Examples:

Request syntax with placeholder values

resp = client.update_ip_set({
  activate: false,
  detector_id: "__string", # required
  ip_set_id: "__string", # required
  location: "Location",
  name: "Name",
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :activate (Boolean) —

  The updated boolean value that specifies whether the IPSet is active or not.

• :detector_id (required, String)
• :ip_set_id (required, String)
• :location (String) —

  The updated URI of the file that contains the IPSet. For example (s3.us-west-2.amazonaws.com/my-bucket/my-object-key).

• :name (String) —

  The unique ID that specifies the IPSet that you want to update.

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1848

def update_ip_set(params = {}, options = {})
  req = build_request(:update_ip_set, params)
  req.send_request(options)
end

#update_threat_intel_set(params = {}) ⇒ Struct

Updates the ThreatIntelSet specified by ThreatIntelSet ID.

Examples:

Request syntax with placeholder values

resp = client.update_threat_intel_set({
  activate: false,
  detector_id: "__string", # required
  location: "Location",
  name: "Name",
  threat_intel_set_id: "__string", # required
})

Parameters:

• params (Hash) (defaults to: {}) —

  ({})

Options Hash (params):

• :activate (Boolean) —

  The updated boolean value that specifies whether the ThreateIntelSet is active or not.

• :detector_id (required, String)
• :location (String) —

  The updated URI of the file that contains the ThreateIntelSet. For example (s3.us-west-2.amazonaws.com/my-bucket/my-object-key)

• :name (String) —

  The unique ID that specifies the ThreatIntelSet that you want to update.

• :threat_intel_set_id (required, String)

Returns:

• (Struct) —

  Returns an empty response.

See Also:

• AWS API Documentation

# File 'lib/aws-sdk-guardduty/client.rb', line 1887

def update_threat_intel_set(params = {}, options = {})
  req = build_request(:update_threat_intel_set, params)
  req.send_request(options)
end

#waiter_names ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deprecated.

# File 'lib/aws-sdk-guardduty/client.rb', line 1911

def waiter_names
  []
end