GuardDuty / Client / list_coverage

list_coverage

GuardDuty.Client.list_coverage(**kwargs)

Lists coverage details for your GuardDuty account. If you’re a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization.

Make sure the accounts have Runtime Monitoring enabled and GuardDuty agent running on their resources.

See also: AWS API Documentation

Request Syntax

response = client.list_coverage(
    DetectorId='string',
    NextToken='string',
    MaxResults=123,
    FilterCriteria={
        'FilterCriterion': [
            {
                'CriterionKey': 'ACCOUNT_ID'|'CLUSTER_NAME'|'RESOURCE_TYPE'|'COVERAGE_STATUS'|'ADDON_VERSION'|'MANAGEMENT_TYPE'|'EKS_CLUSTER_NAME'|'ECS_CLUSTER_NAME'|'AGENT_VERSION'|'INSTANCE_ID'|'CLUSTER_ARN',
                'FilterCondition': {
                    'Equals': [
                        'string',
                    ],
                    'NotEquals': [
                        'string',
                    ]
                }
            },
        ]
    },
    SortCriteria={
        'AttributeName': 'ACCOUNT_ID'|'CLUSTER_NAME'|'COVERAGE_STATUS'|'ISSUE'|'ADDON_VERSION'|'UPDATED_AT'|'EKS_CLUSTER_NAME'|'ECS_CLUSTER_NAME'|'INSTANCE_ID',
        'OrderBy': 'ASC'|'DESC'
    }
)

Parameters:

• DetectorId (string) –

  [REQUIRED]

  The unique ID of the detector whose coverage details you want to retrieve.

• NextToken (string) – A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

• MaxResults (integer) – The maximum number of results to return in the response.

• FilterCriteria (dict) –

  Represents the criteria used to filter the coverage details.

  • FilterCriterion (list) –

    Represents a condition that when matched will be added to the response of the operation.

    • (dict) –

      Represents a condition that when matched will be added to the response of the operation.

      • CriterionKey (string) –

        An enum value representing possible filter fields.

        Note

        Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME. CLUSTER_NAME has been deprecated.

      • FilterCondition (dict) –

        Contains information about the condition.

        • Equals (list) –

          Represents an equal condition that is applied to a single field while retrieving the coverage details.

          • (string) –

        • NotEquals (list) –

          Represents a not equal condition that is applied to a single field while retrieving the coverage details.

          • (string) –

• SortCriteria (dict) –

  Represents the criteria used to sort the coverage details.

  • AttributeName (string) –

    Represents the field name used to sort the coverage details.

    Note

    Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME. CLUSTER_NAME has been deprecated.

  • OrderBy (string) –

    The order in which the sorted findings are to be displayed.

Return type:

dict

Returns:

Response Syntax

{
    'Resources': [
        {
            'ResourceId': 'string',
            'DetectorId': 'string',
            'AccountId': 'string',
            'ResourceDetails': {
                'EksClusterDetails': {
                    'ClusterName': 'string',
                    'CoveredNodes': 123,
                    'CompatibleNodes': 123,
                    'AddonDetails': {
                        'AddonVersion': 'string',
                        'AddonStatus': 'string'
                    },
                    'ManagementType': 'AUTO_MANAGED'|'MANUAL'|'DISABLED'
                },
                'ResourceType': 'EKS'|'ECS'|'EC2',
                'EcsClusterDetails': {
                    'ClusterName': 'string',
                    'FargateDetails': {
                        'Issues': [
                            'string',
                        ],
                        'ManagementType': 'AUTO_MANAGED'|'MANUAL'|'DISABLED'
                    },
                    'ContainerInstanceDetails': {
                        'CoveredContainerInstances': 123,
                        'CompatibleContainerInstances': 123
                    }
                },
                'Ec2InstanceDetails': {
                    'InstanceId': 'string',
                    'InstanceType': 'string',
                    'ClusterArn': 'string',
                    'AgentDetails': {
                        'Version': 'string'
                    },
                    'ManagementType': 'AUTO_MANAGED'|'MANUAL'|'DISABLED'
                }
            },
            'CoverageStatus': 'HEALTHY'|'UNHEALTHY',
            'Issue': 'string',
            'UpdatedAt': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

• (dict) –

  • Resources (list) –

    A list of resources and their attributes providing cluster details.

    • (dict) –

      Information about the resource of the GuardDuty account.

      • ResourceId (string) –

        The unique ID of the resource.

      • DetectorId (string) –

        The unique ID of the GuardDuty detector associated with the resource.

      • AccountId (string) –

        The unique ID of the Amazon Web Services account.

      • ResourceDetails (dict) –

        Information about the resource for which the coverage statistics are retrieved.

        • EksClusterDetails (dict) –

          EKS cluster details involved in the coverage statistics.

          • ClusterName (string) –

            Name of the EKS cluster.

          • CoveredNodes (integer) –

            Represents the nodes within the EKS cluster that have a HEALTHY coverage status.

          • CompatibleNodes (integer) –

            Represents all the nodes within the EKS cluster in your account.

          • AddonDetails (dict) –

            Information about the installed EKS add-on.

            • AddonVersion (string) –

              Version of the installed EKS add-on.

            • AddonStatus (string) –

              Status of the installed EKS add-on.

          • ManagementType (string) –

            Indicates how the Amazon EKS add-on GuardDuty agent is managed for this EKS cluster.

            AUTO_MANAGED indicates GuardDuty deploys and manages updates for this resource.

            MANUAL indicates that you are responsible to deploy, update, and manage the Amazon EKS add-on GuardDuty agent for this resource.

        • ResourceType (string) –

          The type of Amazon Web Services resource.

        • EcsClusterDetails (dict) –

          Information about the Amazon ECS cluster that is assessed for runtime coverage.

          • ClusterName (string) –

            The name of the Amazon ECS cluster.

          • FargateDetails (dict) –

            Information about the Fargate details associated with the Amazon ECS cluster.

            • Issues (list) –

              Runtime coverage issues identified for the resource running on Amazon Web Services Fargate.

              • (string) –

            • ManagementType (string) –

              Indicates how the GuardDuty security agent is managed for this resource.

              • AUTO_MANAGED indicates that GuardDuty deploys and manages updates for this resource.

              • DISABLED indicates that the deployment of the GuardDuty security agent is disabled for this resource.

              Note

              The MANUAL status doesn’t apply to the Amazon Web Services Fargate (Amazon ECS only) woprkloads.

          • ContainerInstanceDetails (dict) –

            Information about the Amazon ECS container running on Amazon EC2 instance.

            • CoveredContainerInstances (integer) –

              Represents the nodes in the Amazon ECS cluster that has a HEALTHY coverage status.

            • CompatibleContainerInstances (integer) –

              Represents total number of nodes in the Amazon ECS cluster.

        • Ec2InstanceDetails (dict) –

          Information about the Amazon EC2 instance assessed for runtime coverage.

          • InstanceId (string) –

            The Amazon EC2 instance ID.

          • InstanceType (string) –

            The instance type of the Amazon EC2 instance.

          • ClusterArn (string) –

            The cluster ARN of the Amazon ECS cluster running on the Amazon EC2 instance.

          • AgentDetails (dict) –

            Information about the installed security agent.

            • Version (string) –

              Version of the installed GuardDuty security agent.

          • ManagementType (string) –

            Indicates how the GuardDuty security agent is managed for this resource.

            • AUTO_MANAGED indicates that GuardDuty deploys and manages updates for this resource.

            • MANUAL indicates that you are responsible to deploy, update, and manage the GuardDuty security agent updates for this resource.

            Note

            The DISABLED status doesn’t apply to Amazon EC2 instances and Amazon EKS clusters.

      • CoverageStatus (string) –

        Represents the status of the EKS cluster coverage.

      • Issue (string) –

        Represents the reason why a coverage status was UNHEALTHY for the EKS cluster.

      • UpdatedAt (datetime) –

        The timestamp at which the coverage details for the resource were last updated. This is in UTC format.

  • NextToken (string) –

    The pagination parameter to be used on the next list operation to retrieve more items.

Exceptions

• GuardDuty.Client.exceptions.BadRequestException

• GuardDuty.Client.exceptions.InternalServerErrorException