create_threat_intel_set
(**kwargs)¶Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.
See also: AWS API Documentation
Request Syntax
response = client.create_threat_intel_set(
DetectorId='string',
Name='string',
Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
Location='string',
Activate=True|False,
ClientToken='string',
Tags={
'string': 'string'
}
)
[REQUIRED]
The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.
[REQUIRED]
A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
[REQUIRED]
The format of the file that contains the ThreatIntelSet.
[REQUIRED]
The URI of the file that contains the ThreatIntelSet.
[REQUIRED]
A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
The idempotency token for the create request.
This field is autopopulated if not provided.
The tags to be added to a new threat list resource.
dict
Response Syntax
{
'ThreatIntelSetId': 'string'
}
Response Structure
(dict) --
ThreatIntelSetId (string) --
The ID of the ThreatIntelSet resource.
Exceptions
GuardDuty.Client.exceptions.BadRequestException
GuardDuty.Client.exceptions.InternalServerErrorException