import {Request} from '../lib/request'; import {Response} from '../lib/response'; import {AWSError} from '../lib/error'; import {Service} from '../lib/service'; import {ServiceConfigurationOptions} from '../lib/service'; import {ConfigBase as Config} from '../lib/config'; interface Blob {} declare class GuardDuty extends Service { /** * Constructs a service object. This object has one method for each API operation. */ constructor(options?: GuardDuty.Types.ClientConfiguration) config: Config & GuardDuty.Types.ClientConfiguration; /** * Accepts the invitation to be monitored by a master GuardDuty account. */ acceptInvitation(params: GuardDuty.Types.AcceptInvitationRequest, callback?: (err: AWSError, data: GuardDuty.Types.AcceptInvitationResponse) => void): Request; /** * Accepts the invitation to be monitored by a master GuardDuty account. */ acceptInvitation(callback?: (err: AWSError, data: GuardDuty.Types.AcceptInvitationResponse) => void): Request; /** * Archives GuardDuty findings specified by the list of finding IDs. Only the master account can archive findings. Member accounts do not have permission to archive findings from their accounts. */ archiveFindings(params: GuardDuty.Types.ArchiveFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ArchiveFindingsResponse) => void): Request; /** * Archives GuardDuty findings specified by the list of finding IDs. Only the master account can archive findings. Member accounts do not have permission to archive findings from their accounts. */ archiveFindings(callback?: (err: AWSError, data: GuardDuty.Types.ArchiveFindingsResponse) => void): Request; /** * Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each region that you enable the service. You can have only one detector per account per region. */ createDetector(params: GuardDuty.Types.CreateDetectorRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateDetectorResponse) => void): Request; /** * Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each region that you enable the service. You can have only one detector per account per region. */ createDetector(callback?: (err: AWSError, data: GuardDuty.Types.CreateDetectorResponse) => void): Request; /** * Creates a filter using the specified finding criteria. */ createFilter(params: GuardDuty.Types.CreateFilterRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateFilterResponse) => void): Request; /** * Creates a filter using the specified finding criteria. */ createFilter(callback?: (err: AWSError, data: GuardDuty.Types.CreateFilterResponse) => void): Request; /** * Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications. */ createIPSet(params: GuardDuty.Types.CreateIPSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateIPSetResponse) => void): Request; /** * Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications. */ createIPSet(callback?: (err: AWSError, data: GuardDuty.Types.CreateIPSetResponse) => void): Request; /** * Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts. */ createMembers(params: GuardDuty.Types.CreateMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateMembersResponse) => void): Request; /** * Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts. */ createMembers(callback?: (err: AWSError, data: GuardDuty.Types.CreateMembersResponse) => void): Request; /** * Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types. */ createSampleFindings(params: GuardDuty.Types.CreateSampleFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateSampleFindingsResponse) => void): Request; /** * Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types. */ createSampleFindings(callback?: (err: AWSError, data: GuardDuty.Types.CreateSampleFindingsResponse) => void): Request; /** * Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. */ createThreatIntelSet(params: GuardDuty.Types.CreateThreatIntelSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.CreateThreatIntelSetResponse) => void): Request; /** * Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. */ createThreatIntelSet(callback?: (err: AWSError, data: GuardDuty.Types.CreateThreatIntelSetResponse) => void): Request; /** * Declines invitations sent to the current member account by AWS account specified by their account IDs. */ declineInvitations(params: GuardDuty.Types.DeclineInvitationsRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeclineInvitationsResponse) => void): Request; /** * Declines invitations sent to the current member account by AWS account specified by their account IDs. */ declineInvitations(callback?: (err: AWSError, data: GuardDuty.Types.DeclineInvitationsResponse) => void): Request; /** * Deletes a Amazon GuardDuty detector specified by the detector ID. */ deleteDetector(params: GuardDuty.Types.DeleteDetectorRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteDetectorResponse) => void): Request; /** * Deletes a Amazon GuardDuty detector specified by the detector ID. */ deleteDetector(callback?: (err: AWSError, data: GuardDuty.Types.DeleteDetectorResponse) => void): Request; /** * Deletes the filter specified by the filter name. */ deleteFilter(params: GuardDuty.Types.DeleteFilterRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteFilterResponse) => void): Request; /** * Deletes the filter specified by the filter name. */ deleteFilter(callback?: (err: AWSError, data: GuardDuty.Types.DeleteFilterResponse) => void): Request; /** * Deletes the IPSet specified by the IPSet ID. */ deleteIPSet(params: GuardDuty.Types.DeleteIPSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteIPSetResponse) => void): Request; /** * Deletes the IPSet specified by the IPSet ID. */ deleteIPSet(callback?: (err: AWSError, data: GuardDuty.Types.DeleteIPSetResponse) => void): Request; /** * Deletes invitations sent to the current member account by AWS accounts specified by their account IDs. */ deleteInvitations(params: GuardDuty.Types.DeleteInvitationsRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteInvitationsResponse) => void): Request; /** * Deletes invitations sent to the current member account by AWS accounts specified by their account IDs. */ deleteInvitations(callback?: (err: AWSError, data: GuardDuty.Types.DeleteInvitationsResponse) => void): Request; /** * Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs. */ deleteMembers(params: GuardDuty.Types.DeleteMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteMembersResponse) => void): Request; /** * Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs. */ deleteMembers(callback?: (err: AWSError, data: GuardDuty.Types.DeleteMembersResponse) => void): Request; /** * Deletes ThreatIntelSet specified by the ThreatIntelSet ID. */ deleteThreatIntelSet(params: GuardDuty.Types.DeleteThreatIntelSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.DeleteThreatIntelSetResponse) => void): Request; /** * Deletes ThreatIntelSet specified by the ThreatIntelSet ID. */ deleteThreatIntelSet(callback?: (err: AWSError, data: GuardDuty.Types.DeleteThreatIntelSetResponse) => void): Request; /** * Disassociates the current GuardDuty member account from its master account. */ disassociateFromMasterAccount(params: GuardDuty.Types.DisassociateFromMasterAccountRequest, callback?: (err: AWSError, data: GuardDuty.Types.DisassociateFromMasterAccountResponse) => void): Request; /** * Disassociates the current GuardDuty member account from its master account. */ disassociateFromMasterAccount(callback?: (err: AWSError, data: GuardDuty.Types.DisassociateFromMasterAccountResponse) => void): Request; /** * Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs. */ disassociateMembers(params: GuardDuty.Types.DisassociateMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.DisassociateMembersResponse) => void): Request; /** * Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs. */ disassociateMembers(callback?: (err: AWSError, data: GuardDuty.Types.DisassociateMembersResponse) => void): Request; /** * Retrieves an Amazon GuardDuty detector specified by the detectorId. */ getDetector(params: GuardDuty.Types.GetDetectorRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetDetectorResponse) => void): Request; /** * Retrieves an Amazon GuardDuty detector specified by the detectorId. */ getDetector(callback?: (err: AWSError, data: GuardDuty.Types.GetDetectorResponse) => void): Request; /** * Returns the details of the filter specified by the filter name. */ getFilter(params: GuardDuty.Types.GetFilterRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetFilterResponse) => void): Request; /** * Returns the details of the filter specified by the filter name. */ getFilter(callback?: (err: AWSError, data: GuardDuty.Types.GetFilterResponse) => void): Request; /** * Describes Amazon GuardDuty findings specified by finding IDs. */ getFindings(params: GuardDuty.Types.GetFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetFindingsResponse) => void): Request; /** * Describes Amazon GuardDuty findings specified by finding IDs. */ getFindings(callback?: (err: AWSError, data: GuardDuty.Types.GetFindingsResponse) => void): Request; /** * Lists Amazon GuardDuty findings' statistics for the specified detector ID. */ getFindingsStatistics(params: GuardDuty.Types.GetFindingsStatisticsRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetFindingsStatisticsResponse) => void): Request; /** * Lists Amazon GuardDuty findings' statistics for the specified detector ID. */ getFindingsStatistics(callback?: (err: AWSError, data: GuardDuty.Types.GetFindingsStatisticsResponse) => void): Request; /** * Retrieves the IPSet specified by the IPSet ID. */ getIPSet(params: GuardDuty.Types.GetIPSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetIPSetResponse) => void): Request; /** * Retrieves the IPSet specified by the IPSet ID. */ getIPSet(callback?: (err: AWSError, data: GuardDuty.Types.GetIPSetResponse) => void): Request; /** * Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation. */ getInvitationsCount(params: GuardDuty.Types.GetInvitationsCountRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetInvitationsCountResponse) => void): Request; /** * Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation. */ getInvitationsCount(callback?: (err: AWSError, data: GuardDuty.Types.GetInvitationsCountResponse) => void): Request; /** * Provides the details for the GuardDuty master account associated with the current GuardDuty member account. */ getMasterAccount(params: GuardDuty.Types.GetMasterAccountRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetMasterAccountResponse) => void): Request; /** * Provides the details for the GuardDuty master account associated with the current GuardDuty member account. */ getMasterAccount(callback?: (err: AWSError, data: GuardDuty.Types.GetMasterAccountResponse) => void): Request; /** * Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs. */ getMembers(params: GuardDuty.Types.GetMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetMembersResponse) => void): Request; /** * Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs. */ getMembers(callback?: (err: AWSError, data: GuardDuty.Types.GetMembersResponse) => void): Request; /** * Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID. */ getThreatIntelSet(params: GuardDuty.Types.GetThreatIntelSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.GetThreatIntelSetResponse) => void): Request; /** * Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID. */ getThreatIntelSet(callback?: (err: AWSError, data: GuardDuty.Types.GetThreatIntelSetResponse) => void): Request; /** * Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account. */ inviteMembers(params: GuardDuty.Types.InviteMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.InviteMembersResponse) => void): Request; /** * Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account. */ inviteMembers(callback?: (err: AWSError, data: GuardDuty.Types.InviteMembersResponse) => void): Request; /** * Lists detectorIds of all the existing Amazon GuardDuty detector resources. */ listDetectors(params: GuardDuty.Types.ListDetectorsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListDetectorsResponse) => void): Request; /** * Lists detectorIds of all the existing Amazon GuardDuty detector resources. */ listDetectors(callback?: (err: AWSError, data: GuardDuty.Types.ListDetectorsResponse) => void): Request; /** * Returns a paginated list of the current filters. */ listFilters(params: GuardDuty.Types.ListFiltersRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListFiltersResponse) => void): Request; /** * Returns a paginated list of the current filters. */ listFilters(callback?: (err: AWSError, data: GuardDuty.Types.ListFiltersResponse) => void): Request; /** * Lists Amazon GuardDuty findings for the specified detector ID. */ listFindings(params: GuardDuty.Types.ListFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListFindingsResponse) => void): Request; /** * Lists Amazon GuardDuty findings for the specified detector ID. */ listFindings(callback?: (err: AWSError, data: GuardDuty.Types.ListFindingsResponse) => void): Request; /** * Lists the IPSets of the GuardDuty service specified by the detector ID. */ listIPSets(params: GuardDuty.Types.ListIPSetsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListIPSetsResponse) => void): Request; /** * Lists the IPSets of the GuardDuty service specified by the detector ID. */ listIPSets(callback?: (err: AWSError, data: GuardDuty.Types.ListIPSetsResponse) => void): Request; /** * Lists all GuardDuty membership invitations that were sent to the current AWS account. */ listInvitations(params: GuardDuty.Types.ListInvitationsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListInvitationsResponse) => void): Request; /** * Lists all GuardDuty membership invitations that were sent to the current AWS account. */ listInvitations(callback?: (err: AWSError, data: GuardDuty.Types.ListInvitationsResponse) => void): Request; /** * Lists details about all member accounts for the current GuardDuty master account. */ listMembers(params: GuardDuty.Types.ListMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListMembersResponse) => void): Request; /** * Lists details about all member accounts for the current GuardDuty master account. */ listMembers(callback?: (err: AWSError, data: GuardDuty.Types.ListMembersResponse) => void): Request; /** * Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and Threat Intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.. */ listTagsForResource(params: GuardDuty.Types.ListTagsForResourceRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListTagsForResourceResponse) => void): Request; /** * Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and Threat Intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.. */ listTagsForResource(callback?: (err: AWSError, data: GuardDuty.Types.ListTagsForResourceResponse) => void): Request; /** * Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. */ listThreatIntelSets(params: GuardDuty.Types.ListThreatIntelSetsRequest, callback?: (err: AWSError, data: GuardDuty.Types.ListThreatIntelSetsResponse) => void): Request; /** * Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. */ listThreatIntelSets(callback?: (err: AWSError, data: GuardDuty.Types.ListThreatIntelSetsResponse) => void): Request; /** * Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers. */ startMonitoringMembers(params: GuardDuty.Types.StartMonitoringMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.StartMonitoringMembersResponse) => void): Request; /** * Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers. */ startMonitoringMembers(callback?: (err: AWSError, data: GuardDuty.Types.StartMonitoringMembersResponse) => void): Request; /** * Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’ findings. */ stopMonitoringMembers(params: GuardDuty.Types.StopMonitoringMembersRequest, callback?: (err: AWSError, data: GuardDuty.Types.StopMonitoringMembersResponse) => void): Request; /** * Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’ findings. */ stopMonitoringMembers(callback?: (err: AWSError, data: GuardDuty.Types.StopMonitoringMembersResponse) => void): Request; /** * Adds tags to a resource. */ tagResource(params: GuardDuty.Types.TagResourceRequest, callback?: (err: AWSError, data: GuardDuty.Types.TagResourceResponse) => void): Request; /** * Adds tags to a resource. */ tagResource(callback?: (err: AWSError, data: GuardDuty.Types.TagResourceResponse) => void): Request; /** * Unarchives Amazon GuardDuty findings specified by the list of finding IDs. */ unarchiveFindings(params: GuardDuty.Types.UnarchiveFindingsRequest, callback?: (err: AWSError, data: GuardDuty.Types.UnarchiveFindingsResponse) => void): Request; /** * Unarchives Amazon GuardDuty findings specified by the list of finding IDs. */ unarchiveFindings(callback?: (err: AWSError, data: GuardDuty.Types.UnarchiveFindingsResponse) => void): Request; /** * Removes tags from a resource. */ untagResource(params: GuardDuty.Types.UntagResourceRequest, callback?: (err: AWSError, data: GuardDuty.Types.UntagResourceResponse) => void): Request; /** * Removes tags from a resource. */ untagResource(callback?: (err: AWSError, data: GuardDuty.Types.UntagResourceResponse) => void): Request; /** * Updates an Amazon GuardDuty detector specified by the detectorId. */ updateDetector(params: GuardDuty.Types.UpdateDetectorRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateDetectorResponse) => void): Request; /** * Updates an Amazon GuardDuty detector specified by the detectorId. */ updateDetector(callback?: (err: AWSError, data: GuardDuty.Types.UpdateDetectorResponse) => void): Request; /** * Updates the filter specified by the filter name. */ updateFilter(params: GuardDuty.Types.UpdateFilterRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateFilterResponse) => void): Request; /** * Updates the filter specified by the filter name. */ updateFilter(callback?: (err: AWSError, data: GuardDuty.Types.UpdateFilterResponse) => void): Request; /** * Marks specified Amazon GuardDuty findings as useful or not useful. */ updateFindingsFeedback(params: GuardDuty.Types.UpdateFindingsFeedbackRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateFindingsFeedbackResponse) => void): Request; /** * Marks specified Amazon GuardDuty findings as useful or not useful. */ updateFindingsFeedback(callback?: (err: AWSError, data: GuardDuty.Types.UpdateFindingsFeedbackResponse) => void): Request; /** * Updates the IPSet specified by the IPSet ID. */ updateIPSet(params: GuardDuty.Types.UpdateIPSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateIPSetResponse) => void): Request; /** * Updates the IPSet specified by the IPSet ID. */ updateIPSet(callback?: (err: AWSError, data: GuardDuty.Types.UpdateIPSetResponse) => void): Request; /** * Updates the ThreatIntelSet specified by ThreatIntelSet ID. */ updateThreatIntelSet(params: GuardDuty.Types.UpdateThreatIntelSetRequest, callback?: (err: AWSError, data: GuardDuty.Types.UpdateThreatIntelSetResponse) => void): Request; /** * Updates the ThreatIntelSet specified by ThreatIntelSet ID. */ updateThreatIntelSet(callback?: (err: AWSError, data: GuardDuty.Types.UpdateThreatIntelSetResponse) => void): Request; } declare namespace GuardDuty { export interface AcceptInvitationRequest { /** * The unique ID of the detector of the GuardDuty member account. */ DetectorId: DetectorId; /** * The account ID of the master GuardDuty account whose invitation you're accepting. */ MasterId: String; /** * This value is used to validate the master account to the member account. */ InvitationId: String; } export interface AcceptInvitationResponse { } export interface AccessKeyDetails { /** * Access key ID of the user. */ AccessKeyId?: String; /** * The principal ID of the user. */ PrincipalId?: String; /** * The name of the user. */ UserName?: String; /** * The type of the user. */ UserType?: String; } export interface AccountDetail { /** * Member account ID. */ AccountId: AccountId; /** * Member account's email address. */ Email: Email; } export type AccountDetails = AccountDetail[]; export type AccountId = string; export type AccountIds = AccountId[]; export interface Action { /** * GuardDuty Finding activity type. */ ActionType?: String; /** * Information about the AWS_API_CALL action described in this finding. */ AwsApiCallAction?: AwsApiCallAction; /** * Information about the DNS_REQUEST action described in this finding. */ DnsRequestAction?: DnsRequestAction; /** * Information about the NETWORK_CONNECTION action described in this finding. */ NetworkConnectionAction?: NetworkConnectionAction; /** * Information about the PORT_PROBE action described in this finding. */ PortProbeAction?: PortProbeAction; } export interface ArchiveFindingsRequest { /** * The ID of the detector that specifies the GuardDuty service whose findings you want to archive. */ DetectorId: DetectorId; /** * IDs of the findings that you want to archive. */ FindingIds: FindingIds; } export interface ArchiveFindingsResponse { } export interface AwsApiCallAction { /** * AWS API name. */ Api?: String; /** * AWS API caller type. */ CallerType?: String; /** * Domain information for the AWS API call. */ DomainDetails?: DomainDetails; /** * Remote IP information of the connection. */ RemoteIpDetails?: RemoteIpDetails; /** * AWS service name whose API was invoked. */ ServiceName?: String; } export type Boolean = boolean; export interface City { /** * City name of the remote IP address. */ CityName?: String; } export type ClientToken = string; export interface Condition { /** * Deprecated. Represents the equal condition to be applied to a single field when querying for findings. */ Eq?: Eq; /** * Deprecated. Represents the not equal condition to be applied to a single field when querying for findings. */ Neq?: Neq; /** * Deprecated. Represents a greater than condition to be applied to a single field when querying for findings. */ Gt?: Integer; /** * Deprecated. Represents a greater than equal condition to be applied to a single field when querying for findings. */ Gte?: Integer; /** * Deprecated. Represents a less than condition to be applied to a single field when querying for findings. */ Lt?: Integer; /** * Deprecated. Represents a less than equal condition to be applied to a single field when querying for findings. */ Lte?: Integer; /** * Represents an equal condition to be applied to a single field when querying for findings. */ Equals?: Equals; /** * Represents an not equal condition to be applied to a single field when querying for findings. */ NotEquals?: NotEquals; /** * Represents a greater than condition to be applied to a single field when querying for findings. */ GreaterThan?: Long; /** * Represents a greater than equal condition to be applied to a single field when querying for findings. */ GreaterThanOrEqual?: Long; /** * Represents a less than condition to be applied to a single field when querying for findings. */ LessThan?: Long; /** * Represents a less than equal condition to be applied to a single field when querying for findings. */ LessThanOrEqual?: Long; } export type CountBySeverity = {[key: string]: Integer}; export interface Country { /** * Country code of the remote IP address. */ CountryCode?: String; /** * Country name of the remote IP address. */ CountryName?: String; } export interface CreateDetectorRequest { /** * A boolean value that specifies whether the detector is to be enabled. */ Enable: Boolean; /** * The idempotency token for the create request. */ ClientToken?: ClientToken; /** * A enum value that specifies how frequently customer got Finding updates published. */ FindingPublishingFrequency?: FindingPublishingFrequency; /** * The tags to be added to a new detector resource. */ Tags?: TagMap; } export interface CreateDetectorResponse { /** * The unique ID of the created detector. */ DetectorId?: DetectorId; } export interface CreateFilterRequest { /** * The unique ID of the detector of the GuardDuty account for which you want to create a filter. */ DetectorId: DetectorId; /** * The name of the filter. */ Name: FilterName; /** * The description of the filter. */ Description?: FilterDescription; /** * Specifies the action that is to be applied to the findings that match the filter. */ Action?: FilterAction; /** * Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. */ Rank?: FilterRank; /** * Represents the criteria to be used in the filter for querying findings. */ FindingCriteria: FindingCriteria; /** * The idempotency token for the create request. */ ClientToken?: ClientToken; /** * The tags to be added to a new filter resource. */ Tags?: TagMap; } export interface CreateFilterResponse { /** * The name of the successfully created filter. */ Name: FilterName; } export interface CreateIPSetRequest { /** * The unique ID of the detector of the GuardDuty account for which you want to create an IPSet. */ DetectorId: DetectorId; /** * The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet. */ Name: Name; /** * The format of the file that contains the IPSet. */ Format: IpSetFormat; /** * The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key) */ Location: Location; /** * A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet. */ Activate: Boolean; /** * The idempotency token for the create request. */ ClientToken?: ClientToken; /** * The tags to be added to a new IP set resource. */ Tags?: TagMap; } export interface CreateIPSetResponse { /** * The ID of the IPSet resource. */ IpSetId: String; } export interface CreateMembersRequest { /** * The unique ID of the detector of the GuardDuty account with which you want to associate member accounts. */ DetectorId: DetectorId; /** * A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account. */ AccountDetails: AccountDetails; } export interface CreateMembersResponse { /** * A list of objects containing the unprocessed account and a result string explaining why it was unprocessed. */ UnprocessedAccounts: UnprocessedAccounts; } export interface CreateSampleFindingsRequest { /** * The ID of the detector to create sample findings for. */ DetectorId: DetectorId; /** * Types of sample findings that you want to generate. */ FindingTypes?: FindingTypes; } export interface CreateSampleFindingsResponse { } export interface CreateThreatIntelSetRequest { /** * The unique ID of the detector of the GuardDuty account for which you want to create a threatIntelSet. */ DetectorId: DetectorId; /** * A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet. */ Name: Name; /** * The format of the file that contains the ThreatIntelSet. */ Format: ThreatIntelSetFormat; /** * The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key). */ Location: Location; /** * A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet. */ Activate: Boolean; /** * The idempotency token for the create request. */ ClientToken?: ClientToken; /** * The tags to be added to a new Threat List resource. */ Tags?: TagMap; } export interface CreateThreatIntelSetResponse { /** * The ID of the ThreatIntelSet resource. */ ThreatIntelSetId: String; } export type Criterion = {[key: string]: Condition}; export interface DeclineInvitationsRequest { /** * A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from. */ AccountIds: AccountIds; } export interface DeclineInvitationsResponse { /** * A list of objects containing the unprocessed account and a result string explaining why it was unprocessed. */ UnprocessedAccounts: UnprocessedAccounts; } export interface DeleteDetectorRequest { /** * The unique ID of the detector that you want to delete. */ DetectorId: DetectorId; } export interface DeleteDetectorResponse { } export interface DeleteFilterRequest { /** * The unique ID of the detector the filter is associated with. */ DetectorId: DetectorId; /** * The name of the filter you want to delete. */ FilterName: String; } export interface DeleteFilterResponse { } export interface DeleteIPSetRequest { /** * The unique ID of the detector the ipSet is associated with. */ DetectorId: DetectorId; /** * The unique ID of the ipSet you want to delete. */ IpSetId: String; } export interface DeleteIPSetResponse { } export interface DeleteInvitationsRequest { /** * A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from. */ AccountIds: AccountIds; } export interface DeleteInvitationsResponse { /** * A list of objects containing the unprocessed account and a result string explaining why it was unprocessed. */ UnprocessedAccounts: UnprocessedAccounts; } export interface DeleteMembersRequest { /** * The unique ID of the detector of the GuardDuty account whose members you want to delete. */ DetectorId: DetectorId; /** * A list of account IDs of the GuardDuty member accounts that you want to delete. */ AccountIds: AccountIds; } export interface DeleteMembersResponse { /** * The accounts that could not be processed. */ UnprocessedAccounts: UnprocessedAccounts; } export interface DeleteThreatIntelSetRequest { /** * The unique ID of the detector the threatIntelSet is associated with. */ DetectorId: DetectorId; /** * The unique ID of the threatIntelSet you want to delete. */ ThreatIntelSetId: String; } export interface DeleteThreatIntelSetResponse { } export type DetectorId = string; export type DetectorIds = DetectorId[]; export type DetectorStatus = "ENABLED"|"DISABLED"|string; export interface DisassociateFromMasterAccountRequest { /** * The unique ID of the detector of the GuardDuty member account. */ DetectorId: DetectorId; } export interface DisassociateFromMasterAccountResponse { } export interface DisassociateMembersRequest { /** * The unique ID of the detector of the GuardDuty account whose members you want to disassociate from master. */ DetectorId: DetectorId; /** * A list of account IDs of the GuardDuty member accounts that you want to disassociate from master. */ AccountIds: AccountIds; } export interface DisassociateMembersResponse { /** * A list of objects containing the unprocessed account and a result string explaining why it was unprocessed. */ UnprocessedAccounts: UnprocessedAccounts; } export interface DnsRequestAction { /** * Domain information for the DNS request. */ Domain?: String; } export interface DomainDetails { /** * Domain information for the AWS API call. */ Domain?: String; } export type Double = number; export type Email = string; export type Eq = String[]; export type Equals = String[]; export interface Evidence { /** * A list of threat intelligence details related to the evidence. */ ThreatIntelligenceDetails?: ThreatIntelligenceDetails; } export type Feedback = "USEFUL"|"NOT_USEFUL"|string; export type FilterAction = "NOOP"|"ARCHIVE"|string; export type FilterDescription = string; export type FilterName = string; export type FilterNames = FilterName[]; export type FilterRank = number; export interface Finding { /** * The ID of the account in which the finding was generated. */ AccountId: String; /** * The ARN for the finding. */ Arn: String; /** * The confidence score for the finding. */ Confidence?: Double; /** * The time and date at which the finding was created. */ CreatedAt: String; /** * The description of the finding. */ Description?: String; /** * The ID of the finding. */ Id: String; /** * The partition associated with the finding. */ Partition?: String; /** * The Region in which the finding was generated. */ Region: String; Resource: Resource; /** * The version of the schema used for the finding. */ SchemaVersion: String; Service?: Service; /** * The severity of the finding. */ Severity: Double; /** * The title for the finding. */ Title?: String; /** * The type of the finding. */ Type: FindingType; /** * The time and date at which the finding was laste updated. */ UpdatedAt: String; } export interface FindingCriteria { /** * Represents a map of finding properties that match specified conditions and values when querying findings. */ Criterion?: Criterion; } export type FindingId = string; export type FindingIds = FindingId[]; export type FindingPublishingFrequency = "FIFTEEN_MINUTES"|"ONE_HOUR"|"SIX_HOURS"|string; export type FindingStatisticType = "COUNT_BY_SEVERITY"|string; export type FindingStatisticTypes = FindingStatisticType[]; export interface FindingStatistics { /** * Represents a map of severity to count statistic for a set of findings */ CountBySeverity?: CountBySeverity; } export type FindingType = string; export type FindingTypes = FindingType[]; export type Findings = Finding[]; export interface GeoLocation { /** * Latitude information of remote IP address. */ Lat?: Double; /** * Longitude information of remote IP address. */ Lon?: Double; } export interface GetDetectorRequest { /** * The unique ID of the detector that you want to get. */ DetectorId: DetectorId; } export interface GetDetectorResponse { /** * Detector creation timestamp. */ CreatedAt?: String; /** * Finding publishing frequency. */ FindingPublishingFrequency?: FindingPublishingFrequency; /** * The GuardDuty service role. */ ServiceRole: String; /** * The detector status. */ Status: DetectorStatus; /** * Detector last update timestamp. */ UpdatedAt?: String; /** * The tags of the detector resource. */ Tags?: TagMap; } export interface GetFilterRequest { /** * The unique ID of the detector the filter is associated with. */ DetectorId: DetectorId; /** * The name of the filter you want to get. */ FilterName: String; } export interface GetFilterResponse { /** * The name of the filter. */ Name: FilterName; /** * The description of the filter. */ Description?: FilterDescription; /** * Specifies the action that is to be applied to the findings that match the filter. */ Action: FilterAction; /** * Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. */ Rank?: FilterRank; /** * Represents the criteria to be used in the filter for querying findings. */ FindingCriteria: FindingCriteria; /** * The tags of the filter resource. */ Tags?: TagMap; } export interface GetFindingsRequest { /** * The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve. */ DetectorId: DetectorId; /** * IDs of the findings that you want to retrieve. */ FindingIds: FindingIds; /** * Represents the criteria used for sorting findings. */ SortCriteria?: SortCriteria; } export interface GetFindingsResponse { /** * A list of findings. */ Findings: Findings; } export interface GetFindingsStatisticsRequest { /** * The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve. */ DetectorId: DetectorId; /** * Types of finding statistics to retrieve. */ FindingStatisticTypes: FindingStatisticTypes; /** * Represents the criteria used for querying findings. */ FindingCriteria?: FindingCriteria; } export interface GetFindingsStatisticsResponse { /** * Finding statistics object. */ FindingStatistics: FindingStatistics; } export interface GetIPSetRequest { /** * The unique ID of the detector the ipSet is associated with. */ DetectorId: DetectorId; /** * The unique ID of the ipSet you want to get. */ IpSetId: String; } export interface GetIPSetResponse { /** * The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet. */ Name: Name; /** * The format of the file that contains the IPSet. */ Format: IpSetFormat; /** * The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key) */ Location: Location; /** * The status of ipSet file uploaded. */ Status: IpSetStatus; /** * The tags of the IP set resource. */ Tags?: TagMap; } export interface GetInvitationsCountRequest { } export interface GetInvitationsCountResponse { /** * The number of received invitations. */ InvitationsCount?: Integer; } export interface GetMasterAccountRequest { /** * The unique ID of the detector of the GuardDuty member account. */ DetectorId: DetectorId; } export interface GetMasterAccountResponse { /** * Master account details. */ Master: Master; } export interface GetMembersRequest { /** * The unique ID of the detector of the GuardDuty account whose members you want to retrieve. */ DetectorId: DetectorId; /** * A list of account IDs of the GuardDuty member accounts that you want to describe. */ AccountIds: AccountIds; } export interface GetMembersResponse { /** * A list of members. */ Members: Members; /** * A list of objects containing the unprocessed account and a result string explaining why it was unprocessed. */ UnprocessedAccounts: UnprocessedAccounts; } export interface GetThreatIntelSetRequest { /** * The unique ID of the detector the threatIntelSet is associated with. */ DetectorId: DetectorId; /** * The unique ID of the threatIntelSet you want to get. */ ThreatIntelSetId: String; } export interface GetThreatIntelSetResponse { /** * A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet. */ Name: Name; /** * The format of the threatIntelSet. */ Format: ThreatIntelSetFormat; /** * The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key). */ Location: Location; /** * The status of threatIntelSet file uploaded. */ Status: ThreatIntelSetStatus; /** * The tags of the Threat List resource. */ Tags?: TagMap; } export type GuardDutyArn = string; export interface IamInstanceProfile { /** * AWS EC2 instance profile ARN. */ Arn?: String; /** * AWS EC2 instance profile ID. */ Id?: String; } export interface InstanceDetails { /** * The availability zone of the EC2 instance. */ AvailabilityZone?: String; /** * The profile information of the EC2 instance. */ IamInstanceProfile?: IamInstanceProfile; /** * The image description of the EC2 instance. */ ImageDescription?: String; /** * The image ID of the EC2 instance. */ ImageId?: String; /** * The ID of the EC2 instance. */ InstanceId?: String; /** * The state of the EC2 instance. */ InstanceState?: String; /** * The type of the EC2 instance. */ InstanceType?: String; /** * The launch time of the EC2 instance. */ LaunchTime?: String; /** * The network interface information of the EC2 instance. */ NetworkInterfaces?: NetworkInterfaces; /** * The platform of the EC2 instance. */ Platform?: String; /** * The product code of the EC2 instance. */ ProductCodes?: ProductCodes; /** * The tags of the EC2 instance. */ Tags?: Tags; } export type Integer = number; export interface Invitation { /** * Inviter account ID */ AccountId?: AccountId; /** * This value is used to validate the inviter account to the member account. */ InvitationId?: String; /** * The status of the relationship between the inviter and invitee accounts. */ RelationshipStatus?: String; /** * Timestamp at which the invitation was sent */ InvitedAt?: String; } export type Invitations = Invitation[]; export interface InviteMembersRequest { /** * The unique ID of the detector of the GuardDuty account with which you want to invite members. */ DetectorId: DetectorId; /** * A list of account IDs of the accounts that you want to invite to GuardDuty as members. */ AccountIds: AccountIds; /** * A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members. */ DisableEmailNotification?: Boolean; /** * The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members. */ Message?: String; } export interface InviteMembersResponse { /** * A list of objects containing the unprocessed account and a result string explaining why it was unprocessed. */ UnprocessedAccounts: UnprocessedAccounts; } export type IpSetFormat = "TXT"|"STIX"|"OTX_CSV"|"ALIEN_VAULT"|"PROOF_POINT"|"FIRE_EYE"|string; export type IpSetIds = String[]; export type IpSetStatus = "INACTIVE"|"ACTIVATING"|"ACTIVE"|"DEACTIVATING"|"ERROR"|"DELETE_PENDING"|"DELETED"|string; export type Ipv6Addresses = String[]; export interface ListDetectorsRequest { /** * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. */ MaxResults?: MaxResults; /** * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data. */ NextToken?: String; } export interface ListDetectorsResponse { /** * A list of detector Ids. */ DetectorIds: DetectorIds; /** * Pagination parameter to be used on the next list operation to retrieve more items. */ NextToken?: String; } export interface ListFiltersRequest { /** * The unique ID of the detector the filter is associated with. */ DetectorId: DetectorId; /** * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. */ MaxResults?: MaxResults; /** * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data. */ NextToken?: String; } export interface ListFiltersResponse { /** * A list of filter names */ FilterNames: FilterNames; /** * Pagination parameter to be used on the next list operation to retrieve more items. */ NextToken?: String; } export interface ListFindingsRequest { /** * The ID of the detector that specifies the GuardDuty service whose findings you want to list. */ DetectorId: DetectorId; /** * Represents the criteria used for querying findings. */ FindingCriteria?: FindingCriteria; /** * Represents the criteria used for sorting findings. */ SortCriteria?: SortCriteria; /** * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. */ MaxResults?: MaxResults; /** * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data. */ NextToken?: String; } export interface ListFindingsResponse { /** * The IDs of the findings you are listing. */ FindingIds: FindingIds; /** * Pagination parameter to be used on the next list operation to retrieve more items. */ NextToken?: String; } export interface ListIPSetsRequest { /** * The unique ID of the detector the ipSet is associated with. */ DetectorId: DetectorId; /** * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. */ MaxResults?: MaxResults; /** * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data. */ NextToken?: String; } export interface ListIPSetsResponse { /** * The IDs of the IPSet resources. */ IpSetIds: IpSetIds; /** * Pagination parameter to be used on the next list operation to retrieve more items. */ NextToken?: String; } export interface ListInvitationsRequest { /** * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. */ MaxResults?: MaxResults; /** * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data. */ NextToken?: String; } export interface ListInvitationsResponse { /** * A list of invitation descriptions. */ Invitations?: Invitations; /** * Pagination parameter to be used on the next list operation to retrieve more items. */ NextToken?: String; } export interface ListMembersRequest { /** * The unique ID of the detector the member is associated with. */ DetectorId: DetectorId; /** * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. */ MaxResults?: MaxResults; /** * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data. */ NextToken?: String; /** * Specifies whether to only return associated members or to return all members (including members which haven't been invited yet or have been disassociated). */ OnlyAssociated?: String; } export interface ListMembersResponse { /** * A list of members. */ Members?: Members; /** * Pagination parameter to be used on the next list operation to retrieve more items. */ NextToken?: String; } export interface ListTagsForResourceRequest { /** * The Amazon Resource Name (ARN) for the given GuardDuty resource */ ResourceArn: GuardDutyArn; } export interface ListTagsForResourceResponse { /** * The tags associated with the resource. */ Tags?: TagMap; } export interface ListThreatIntelSetsRequest { /** * The unique ID of the detector the threatIntelSet is associated with. */ DetectorId: DetectorId; /** * You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50. */ MaxResults?: MaxResults; /** * You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data. */ NextToken?: String; } export interface ListThreatIntelSetsResponse { /** * The IDs of the ThreatIntelSet resources. */ ThreatIntelSetIds: ThreatIntelSetIds; /** * Pagination parameter to be used on the next list operation to retrieve more items. */ NextToken?: String; } export interface LocalPortDetails { /** * Port number of the local connection. */ Port?: Integer; /** * Port name of the local connection. */ PortName?: String; } export type Location = string; export type Long = number; export interface Master { /** * The ID of the account used as the Master account. */ AccountId?: AccountId; /** * This value is used to validate the master account to the member account. */ InvitationId?: String; /** * The status of the relationship between the master and member accounts. */ RelationshipStatus?: String; /** * Timestamp at which the invitation was sent. */ InvitedAt?: String; } export type MaxResults = number; export interface Member { /** * Member account ID. */ AccountId: AccountId; /** * Member account's detector ID. */ DetectorId?: DetectorId; /** * Master account ID. */ MasterId: String; /** * Member account's email address. */ Email: Email; /** * The status of the relationship between the member and the master. */ RelationshipStatus: String; /** * Timestamp at which the invitation was sent */ InvitedAt?: String; /** * Member last updated timestamp. */ UpdatedAt: String; } export type Members = Member[]; export type Name = string; export type Neq = String[]; export interface NetworkConnectionAction { /** * Network connection blocked information. */ Blocked?: Boolean; /** * Network connection direction. */ ConnectionDirection?: String; /** * Local port information of the connection. */ LocalPortDetails?: LocalPortDetails; /** * Network connection protocol. */ Protocol?: String; /** * Remote IP information of the connection. */ RemoteIpDetails?: RemoteIpDetails; /** * Remote port information of the connection. */ RemotePortDetails?: RemotePortDetails; } export interface NetworkInterface { /** * A list of EC2 instance IPv6 address information. */ Ipv6Addresses?: Ipv6Addresses; /** * The ID of the network interface */ NetworkInterfaceId?: String; /** * Private DNS name of the EC2 instance. */ PrivateDnsName?: String; /** * Private IP address of the EC2 instance. */ PrivateIpAddress?: String; /** * Other private IP address information of the EC2 instance. */ PrivateIpAddresses?: PrivateIpAddresses; /** * Public DNS name of the EC2 instance. */ PublicDnsName?: String; /** * Public IP address of the EC2 instance. */ PublicIp?: String; /** * Security groups associated with the EC2 instance. */ SecurityGroups?: SecurityGroups; /** * The subnet ID of the EC2 instance. */ SubnetId?: String; /** * The VPC ID of the EC2 instance. */ VpcId?: String; } export type NetworkInterfaces = NetworkInterface[]; export type NotEquals = String[]; export type OrderBy = "ASC"|"DESC"|string; export interface Organization { /** * Autonomous system number of the internet provider of the remote IP address. */ Asn?: String; /** * Organization that registered this ASN. */ AsnOrg?: String; /** * ISP information for the internet provider. */ Isp?: String; /** * Name of the internet provider. */ Org?: String; } export interface PortProbeAction { /** * Port probe blocked information. */ Blocked?: Boolean; /** * A list of port probe details objects. */ PortProbeDetails?: PortProbeDetails; } export interface PortProbeDetail { /** * Local port information of the connection. */ LocalPortDetails?: LocalPortDetails; /** * Remote IP information of the connection. */ RemoteIpDetails?: RemoteIpDetails; } export type PortProbeDetails = PortProbeDetail[]; export interface PrivateIpAddressDetails { /** * Private DNS name of the EC2 instance. */ PrivateDnsName?: String; /** * Private IP address of the EC2 instance. */ PrivateIpAddress?: String; } export type PrivateIpAddresses = PrivateIpAddressDetails[]; export interface ProductCode { /** * Product code information. */ Code?: String; /** * Product code type. */ ProductType?: String; } export type ProductCodes = ProductCode[]; export interface RemoteIpDetails { /** * City information of the remote IP address. */ City?: City; /** * Country code of the remote IP address. */ Country?: Country; /** * Location information of the remote IP address. */ GeoLocation?: GeoLocation; /** * IPV4 remote address of the connection. */ IpAddressV4?: String; /** * ISP Organization information of the remote IP address. */ Organization?: Organization; } export interface RemotePortDetails { /** * Port number of the remote connection. */ Port?: Integer; /** * Port name of the remote connection. */ PortName?: String; } export interface Resource { /** * The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding. */ AccessKeyDetails?: AccessKeyDetails; /** * The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding. */ InstanceDetails?: InstanceDetails; /** * The type of the AWS resource. */ ResourceType?: String; } export interface SecurityGroup { /** * EC2 instance's security group ID. */ GroupId?: String; /** * EC2 instance's security group name. */ GroupName?: String; } export type SecurityGroups = SecurityGroup[]; export interface Service { /** * Information about the activity described in a finding. */ Action?: Action; /** * An evidence object associated with the service. */ Evidence?: Evidence; /** * Indicates whether this finding is archived. */ Archived?: Boolean; /** * Total count of the occurrences of this finding type. */ Count?: Integer; /** * Detector ID for the GuardDuty service. */ DetectorId?: DetectorId; /** * First seen timestamp of the activity that prompted GuardDuty to generate this finding. */ EventFirstSeen?: String; /** * Last seen timestamp of the activity that prompted GuardDuty to generate this finding. */ EventLastSeen?: String; /** * Resource role information for this finding. */ ResourceRole?: String; /** * The name of the AWS service (GuardDuty) that generated a finding. */ ServiceName?: String; /** * Feedback left about the finding. */ UserFeedback?: String; } export interface SortCriteria { /** * Represents the finding attribute (for example, accountId) by which to sort findings. */ AttributeName?: String; /** * Order by which the sorted findings are to be displayed. */ OrderBy?: OrderBy; } export interface StartMonitoringMembersRequest { /** * The unique ID of the detector of the GuardDuty account whom you want to re-enable to monitor members' findings. */ DetectorId: DetectorId; /** * A list of account IDs of the GuardDuty member accounts whose findings you want the master account to monitor. */ AccountIds: AccountIds; } export interface StartMonitoringMembersResponse { /** * A list of objects containing the unprocessed account and a result string explaining why it was unprocessed. */ UnprocessedAccounts: UnprocessedAccounts; } export interface StopMonitoringMembersRequest { /** * The unique ID of the detector of the GuardDuty account that you want to stop from monitor members' findings. */ DetectorId: DetectorId; /** * A list of account IDs of the GuardDuty member accounts whose findings you want the master account to stop monitoring. */ AccountIds: AccountIds; } export interface StopMonitoringMembersResponse { /** * A list of objects containing the unprocessed account and a result string explaining why it was unprocessed. */ UnprocessedAccounts: UnprocessedAccounts; } export type String = string; export interface Tag { /** * EC2 instance tag key. */ Key?: String; /** * EC2 instance tag value. */ Value?: String; } export type TagKey = string; export type TagKeyList = TagKey[]; export type TagMap = {[key: string]: TagValue}; export interface TagResourceRequest { /** * The Amazon Resource Name (ARN) for the given GuardDuty resource */ ResourceArn: GuardDutyArn; /** * The tags to be added to a resource. */ Tags: TagMap; } export interface TagResourceResponse { } export type TagValue = string; export type Tags = Tag[]; export type ThreatIntelSetFormat = "TXT"|"STIX"|"OTX_CSV"|"ALIEN_VAULT"|"PROOF_POINT"|"FIRE_EYE"|string; export type ThreatIntelSetIds = String[]; export type ThreatIntelSetStatus = "INACTIVE"|"ACTIVATING"|"ACTIVE"|"DEACTIVATING"|"ERROR"|"DELETE_PENDING"|"DELETED"|string; export interface ThreatIntelligenceDetail { /** * The name of the threat intelligence list that triggered the finding. */ ThreatListName?: String; /** * A list of names of the threats in the threat intelligence list that triggered the finding. */ ThreatNames?: ThreatNames; } export type ThreatIntelligenceDetails = ThreatIntelligenceDetail[]; export type ThreatNames = String[]; export interface UnarchiveFindingsRequest { /** * The ID of the detector that specifies the GuardDuty service whose findings you want to unarchive. */ DetectorId: DetectorId; /** * IDs of the findings that you want to unarchive. */ FindingIds: FindingIds; } export interface UnarchiveFindingsResponse { } export interface UnprocessedAccount { /** * AWS Account ID. */ AccountId: AccountId; /** * A reason why the account hasn't been processed. */ Result: String; } export type UnprocessedAccounts = UnprocessedAccount[]; export interface UntagResourceRequest { /** * The Amazon Resource Name (ARN) for the given GuardDuty resource */ ResourceArn: GuardDutyArn; /** * The tag keys to remove from a resource. */ TagKeys: TagKeyList; } export interface UntagResourceResponse { } export interface UpdateDetectorRequest { /** * The unique ID of the detector that you want to update. */ DetectorId: DetectorId; /** * Updated boolean value for the detector that specifies whether the detector is enabled. */ Enable?: Boolean; /** * A enum value that specifies how frequently customer got Finding updates published. */ FindingPublishingFrequency?: FindingPublishingFrequency; } export interface UpdateDetectorResponse { } export interface UpdateFilterRequest { /** * The unique ID of the detector that specifies the GuardDuty service where you want to update a filter. */ DetectorId: DetectorId; /** * The name of the filter. */ FilterName: String; /** * The description of the filter. */ Description?: FilterDescription; /** * Specifies the action that is to be applied to the findings that match the filter. */ Action?: FilterAction; /** * Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. */ Rank?: FilterRank; /** * Represents the criteria to be used in the filter for querying findings. */ FindingCriteria?: FindingCriteria; } export interface UpdateFilterResponse { /** * The name of the filter. */ Name: FilterName; } export interface UpdateFindingsFeedbackRequest { /** * The ID of the detector that specifies the GuardDuty service whose findings you want to mark as useful or not useful. */ DetectorId: DetectorId; /** * IDs of the findings that you want to mark as useful or not useful. */ FindingIds: FindingIds; /** * Valid values: USEFUL | NOT_USEFUL */ Feedback: Feedback; /** * Additional feedback about the GuardDuty findings. */ Comments?: String; } export interface UpdateFindingsFeedbackResponse { } export interface UpdateIPSetRequest { /** * The detectorID that specifies the GuardDuty service whose IPSet you want to update. */ DetectorId: DetectorId; /** * The unique ID that specifies the IPSet that you want to update. */ IpSetId: String; /** * The unique ID that specifies the IPSet that you want to update. */ Name?: Name; /** * The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key). */ Location?: Location; /** * The updated boolean value that specifies whether the IPSet is active or not. */ Activate?: Boolean; } export interface UpdateIPSetResponse { } export interface UpdateThreatIntelSetRequest { /** * The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update. */ DetectorId: DetectorId; /** * The unique ID that specifies the ThreatIntelSet that you want to update. */ ThreatIntelSetId: String; /** * The unique ID that specifies the ThreatIntelSet that you want to update. */ Name?: Name; /** * The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key) */ Location?: Location; /** * The updated boolean value that specifies whether the ThreateIntelSet is active or not. */ Activate?: Boolean; } export interface UpdateThreatIntelSetResponse { } /** * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version. */ export type apiVersion = "2017-11-28"|"latest"|string; export interface ClientApiVersions { /** * A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version. */ apiVersion?: apiVersion; } export type ClientConfiguration = ServiceConfigurationOptions & ClientApiVersions; /** * Contains interfaces for use with the GuardDuty client. */ export import Types = GuardDuty; } export = GuardDuty;