GuardDuty

Table of Contents

Client

class GuardDuty.Client

A low-level client representing Amazon GuardDuty:

import boto3

client = boto3.client('guardduty')

These are the available methods:

accept_invitation(**kwargs)

Accepts the invitation to be monitored by a master GuardDuty account.

See also: AWS API Documentation

Request Syntax

response = client.accept_invitation(
    DetectorId='string',
    MasterId='string',
    InvitationId='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty member account.

  • MasterId (string) --

    [REQUIRED]

    The account ID of the master GuardDuty account whose invitation you're accepting.

  • InvitationId (string) --

    [REQUIRED]

    This value is used to validate the master account to the member account.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

archive_findings(**kwargs)

Archives Amazon GuardDuty findings specified by the list of finding IDs.

See also: AWS API Documentation

Request Syntax

response = client.archive_findings(
    DetectorId='string',
    FindingIds=[
        'string',
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector that specifies the GuardDuty service whose findings you want to archive.

  • FindingIds (list) --

    [REQUIRED]

    IDs of the findings that you want to archive.

    • (string) --
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

can_paginate(operation_name)

Check if an operation can be paginated.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Returns
True if the operation can be paginated, False otherwise.
create_detector(**kwargs)

Creates a single Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector must be created in order for GuardDuty to become operational.

See also: AWS API Documentation

Request Syntax

response = client.create_detector(
    Enable=True|False,
    ClientToken='string',
    FindingPublishingFrequency='FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
    Tags={
        'string': 'string'
    }
)
Parameters
  • Enable (boolean) --

    [REQUIRED]

    A boolean value that specifies whether the detector is to be enabled.

  • ClientToken (string) --

    The idempotency token for the create request.

    This field is autopopulated if not provided.

  • FindingPublishingFrequency (string) -- A enum value that specifies how frequently customer got Finding updates published.
  • Tags (dict) --

    The tags to be added to a new detector resource.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{
    'DetectorId': 'string'
}

Response Structure

  • (dict) --

    • DetectorId (string) --

      The unique ID of the created detector.

create_filter(**kwargs)

Creates a filter using the specified finding criteria.

See also: AWS API Documentation

Request Syntax

response = client.create_filter(
    DetectorId='string',
    Name='string',
    Description='string',
    Action='NOOP'|'ARCHIVE',
    Rank=123,
    FindingCriteria={
        'Criterion': {
            'string': {
                'Eq': [
                    'string',
                ],
                'Neq': [
                    'string',
                ],
                'Gt': 123,
                'Gte': 123,
                'Lt': 123,
                'Lte': 123,
                'Equals': [
                    'string',
                ],
                'NotEquals': [
                    'string',
                ],
                'GreaterThan': 123,
                'GreaterThanOrEqual': 123,
                'LessThan': 123,
                'LessThanOrEqual': 123
            }
        }
    },
    ClientToken='string',
    Tags={
        'string': 'string'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account for which you want to create a filter.

  • Name (string) --

    [REQUIRED]

    The name of the filter.

  • Description (string) -- The description of the filter.
  • Action (string) -- Specifies the action that is to be applied to the findings that match the filter.
  • Rank (integer) -- Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
  • FindingCriteria (dict) --

    [REQUIRED]

    Represents the criteria to be used in the filter for querying findings.

    • Criterion (dict) --

      Represents a map of finding properties that match specified conditions and values when querying findings.

      • (string) --
        • (dict) --
          • Eq (list) --

            Represents the equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Neq (list) --

            Represents the not equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Gt (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • Gte (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • Lt (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • Lte (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

          • Equals (list) --
            • (string) --
          • NotEquals (list) --
            • (string) --
          • GreaterThan (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • GreaterThanOrEqual (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • LessThan (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • LessThanOrEqual (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

  • ClientToken (string) --

    The idempotency token for the create request.

    This field is autopopulated if not provided.

  • Tags (dict) --

    The tags to be added to a new filter resource.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{
    'Name': 'string'
}

Response Structure

  • (dict) --

    • Name (string) --

      The name of the successfully created filter.

create_ip_set(**kwargs)

Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.

See also: AWS API Documentation

Request Syntax

response = client.create_ip_set(
    DetectorId='string',
    Name='string',
    Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    Location='string',
    Activate=True|False,
    ClientToken='string',
    Tags={
        'string': 'string'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.

  • Name (string) --

    [REQUIRED]

    The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.

  • Format (string) --

    [REQUIRED]

    The format of the file that contains the IPSet.

  • Location (string) --

    [REQUIRED]

    The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)

  • Activate (boolean) --

    [REQUIRED]

    A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

  • ClientToken (string) --

    The idempotency token for the create request.

    This field is autopopulated if not provided.

  • Tags (dict) --

    The tags to be added to a new IP set resource.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{
    'IpSetId': 'string'
}

Response Structure

  • (dict) --

    • IpSetId (string) --

      The ID of the IPSet resource.

create_members(**kwargs)

Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.

See also: AWS API Documentation

Request Syntax

response = client.create_members(
    DetectorId='string',
    AccountDetails=[
        {
            'AccountId': 'string',
            'Email': 'string'
        },
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account with which you want to associate member accounts.

  • AccountDetails (list) --

    [REQUIRED]

    A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account.

    • (dict) --
      • AccountId (string) -- [REQUIRED]

        Member account ID.

      • Email (string) -- [REQUIRED]

        Member account's email address.

Return type

dict

Returns

Response Syntax

{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --

        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

create_sample_findings(**kwargs)

Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.

See also: AWS API Documentation

Request Syntax

response = client.create_sample_findings(
    DetectorId='string',
    FindingTypes=[
        'string',
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector to create sample findings for.

  • FindingTypes (list) --

    Types of sample findings that you want to generate.

    • (string) --
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

create_threat_intel_set(**kwargs)

Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.

See also: AWS API Documentation

Request Syntax

response = client.create_threat_intel_set(
    DetectorId='string',
    Name='string',
    Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    Location='string',
    Activate=True|False,
    ClientToken='string',
    Tags={
        'string': 'string'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account for which you want to create a threatIntelSet.

  • Name (string) --

    [REQUIRED]

    A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.

  • Format (string) --

    [REQUIRED]

    The format of the file that contains the ThreatIntelSet.

  • Location (string) --

    [REQUIRED]

    The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).

  • Activate (boolean) --

    [REQUIRED]

    A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

  • ClientToken (string) --

    The idempotency token for the create request.

    This field is autopopulated if not provided.

  • Tags (dict) --

    The tags to be added to a new Threat List resource.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{
    'ThreatIntelSetId': 'string'
}

Response Structure

  • (dict) --

    • ThreatIntelSetId (string) --

      The ID of the ThreatIntelSet resource.

decline_invitations(**kwargs)

Declines invitations sent to the current member account by AWS account specified by their account IDs.

See also: AWS API Documentation

Request Syntax

response = client.decline_invitations(
    AccountIds=[
        'string',
    ]
)
Parameters
AccountIds (list) --

[REQUIRED]

A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.

  • (string) --
Return type
dict
Returns
Response Syntax
{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --
    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --
        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

delete_detector(**kwargs)

Deletes a Amazon GuardDuty detector specified by the detector ID.

See also: AWS API Documentation

Request Syntax

response = client.delete_detector(
    DetectorId='string'
)
Parameters
DetectorId (string) --

[REQUIRED]

The unique ID of the detector that you want to delete.

Return type
dict
Returns
Response Syntax
{}

Response Structure

  • (dict) --
delete_filter(**kwargs)

Deletes the filter specified by the filter name.

See also: AWS API Documentation

Request Syntax

response = client.delete_filter(
    DetectorId='string',
    FilterName='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the filter is associated with.

  • FilterName (string) --

    [REQUIRED]

    The name of the filter you want to delete.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

delete_invitations(**kwargs)

Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.

See also: AWS API Documentation

Request Syntax

response = client.delete_invitations(
    AccountIds=[
        'string',
    ]
)
Parameters
AccountIds (list) --

[REQUIRED]

A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.

  • (string) --
Return type
dict
Returns
Response Syntax
{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --
    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --
        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

delete_ip_set(**kwargs)

Deletes the IPSet specified by the IPSet ID.

See also: AWS API Documentation

Request Syntax

response = client.delete_ip_set(
    DetectorId='string',
    IpSetId='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the ipSet is associated with.

  • IpSetId (string) --

    [REQUIRED]

    The unique ID of the ipSet you want to delete.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

delete_members(**kwargs)

Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

See also: AWS API Documentation

Request Syntax

response = client.delete_members(
    DetectorId='string',
    AccountIds=[
        'string',
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account whose members you want to delete.

  • AccountIds (list) --

    [REQUIRED]

    A list of account IDs of the GuardDuty member accounts that you want to delete.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --

        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

delete_threat_intel_set(**kwargs)

Deletes ThreatIntelSet specified by the ThreatIntelSet ID.

See also: AWS API Documentation

Request Syntax

response = client.delete_threat_intel_set(
    DetectorId='string',
    ThreatIntelSetId='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the threatIntelSet is associated with.

  • ThreatIntelSetId (string) --

    [REQUIRED]

    The unique ID of the threatIntelSet you want to delete.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

disassociate_from_master_account(**kwargs)

Disassociates the current GuardDuty member account from its master account.

See also: AWS API Documentation

Request Syntax

response = client.disassociate_from_master_account(
    DetectorId='string'
)
Parameters
DetectorId (string) --

[REQUIRED]

The unique ID of the detector of the GuardDuty member account.

Return type
dict
Returns
Response Syntax
{}

Response Structure

  • (dict) --
disassociate_members(**kwargs)

Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

See also: AWS API Documentation

Request Syntax

response = client.disassociate_members(
    DetectorId='string',
    AccountIds=[
        'string',
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account whose members you want to disassociate from master.

  • AccountIds (list) --

    [REQUIRED]

    A list of account IDs of the GuardDuty member accounts that you want to disassociate from master.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --

        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

generate_presigned_url(ClientMethod, Params=None, ExpiresIn=3600, HttpMethod=None)

Generate a presigned url given a client, its method, and arguments

Parameters
  • ClientMethod (string) -- The client method to presign for
  • Params (dict) -- The parameters normally passed to ClientMethod.
  • ExpiresIn (int) -- The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds)
  • HttpMethod (string) -- The http method to use on the generated url. By default, the http method is whatever is used in the method's model.
Returns

The presigned url

get_detector(**kwargs)

Retrieves an Amazon GuardDuty detector specified by the detectorId.

See also: AWS API Documentation

Request Syntax

response = client.get_detector(
    DetectorId='string'
)
Parameters
DetectorId (string) --

[REQUIRED]

The unique ID of the detector that you want to get.

Return type
dict
Returns
Response Syntax
{
    'CreatedAt': 'string',
    'FindingPublishingFrequency': 'FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS',
    'ServiceRole': 'string',
    'Status': 'ENABLED'|'DISABLED',
    'UpdatedAt': 'string',
    'Tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --
    • CreatedAt (string) --

      Detector creation timestamp.

    • FindingPublishingFrequency (string) --

      Finding publishing frequency.

    • ServiceRole (string) --

      The GuardDuty service role.

    • Status (string) --

      The detector status.

    • UpdatedAt (string) --

      Detector last update timestamp.

    • Tags (dict) --

      The tags of the detector resource.

      • (string) --
        • (string) --
get_filter(**kwargs)

Returns the details of the filter specified by the filter name.

See also: AWS API Documentation

Request Syntax

response = client.get_filter(
    DetectorId='string',
    FilterName='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the filter is associated with.

  • FilterName (string) --

    [REQUIRED]

    The name of the filter you want to get.

Return type

dict

Returns

Response Syntax

{
    'Name': 'string',
    'Description': 'string',
    'Action': 'NOOP'|'ARCHIVE',
    'Rank': 123,
    'FindingCriteria': {
        'Criterion': {
            'string': {
                'Eq': [
                    'string',
                ],
                'Neq': [
                    'string',
                ],
                'Gt': 123,
                'Gte': 123,
                'Lt': 123,
                'Lte': 123,
                'Equals': [
                    'string',
                ],
                'NotEquals': [
                    'string',
                ],
                'GreaterThan': 123,
                'GreaterThanOrEqual': 123,
                'LessThan': 123,
                'LessThanOrEqual': 123
            }
        }
    },
    'Tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • Name (string) --

      The name of the filter.

    • Description (string) --

      The description of the filter.

    • Action (string) --

      Specifies the action that is to be applied to the findings that match the filter.

    • Rank (integer) --

      Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

    • FindingCriteria (dict) --

      Represents the criteria to be used in the filter for querying findings.

      • Criterion (dict) --

        Represents a map of finding properties that match specified conditions and values when querying findings.

        • (string) --

          • (dict) --

            • Eq (list) --

              Represents the equal condition to be applied to a single field when querying for findings.

              • (string) --
            • Neq (list) --

              Represents the not equal condition to be applied to a single field when querying for findings.

              • (string) --
            • Gt (integer) --

              Represents a greater than condition to be applied to a single field when querying for findings.

            • Gte (integer) --

              Represents a greater than equal condition to be applied to a single field when querying for findings.

            • Lt (integer) --

              Represents a less than condition to be applied to a single field when querying for findings.

            • Lte (integer) --

              Represents a less than equal condition to be applied to a single field when querying for findings.

            • Equals (list) --

              • (string) --
            • NotEquals (list) --

              • (string) --
            • GreaterThan (integer) --

              Represents a greater than condition to be applied to a single field when querying for findings.

            • GreaterThanOrEqual (integer) --

              Represents a greater than equal condition to be applied to a single field when querying for findings.

            • LessThan (integer) --

              Represents a less than condition to be applied to a single field when querying for findings.

            • LessThanOrEqual (integer) --

              Represents a less than equal condition to be applied to a single field when querying for findings.

    • Tags (dict) --

      The tags of the filter resource.

      • (string) --
        • (string) --

get_findings(**kwargs)

Describes Amazon GuardDuty findings specified by finding IDs.

See also: AWS API Documentation

Request Syntax

response = client.get_findings(
    DetectorId='string',
    FindingIds=[
        'string',
    ],
    SortCriteria={
        'AttributeName': 'string',
        'OrderBy': 'ASC'|'DESC'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.

  • FindingIds (list) --

    [REQUIRED]

    IDs of the findings that you want to retrieve.

    • (string) --
  • SortCriteria (dict) --

    Represents the criteria used for sorting findings.

    • AttributeName (string) --

      Represents the finding attribute (for example, accountId) by which to sort findings.

    • OrderBy (string) --

      Order by which the sorted findings are to be displayed.

Return type

dict

Returns

Response Syntax

{
    'Findings': [
        {
            'AccountId': 'string',
            'Arn': 'string',
            'Confidence': 123.0,
            'CreatedAt': 'string',
            'Description': 'string',
            'Id': 'string',
            'Partition': 'string',
            'Region': 'string',
            'Resource': {
                'AccessKeyDetails': {
                    'AccessKeyId': 'string',
                    'PrincipalId': 'string',
                    'UserName': 'string',
                    'UserType': 'string'
                },
                'InstanceDetails': {
                    'AvailabilityZone': 'string',
                    'IamInstanceProfile': {
                        'Arn': 'string',
                        'Id': 'string'
                    },
                    'ImageDescription': 'string',
                    'ImageId': 'string',
                    'InstanceId': 'string',
                    'InstanceState': 'string',
                    'InstanceType': 'string',
                    'LaunchTime': 'string',
                    'NetworkInterfaces': [
                        {
                            'Ipv6Addresses': [
                                'string',
                            ],
                            'NetworkInterfaceId': 'string',
                            'PrivateDnsName': 'string',
                            'PrivateIpAddress': 'string',
                            'PrivateIpAddresses': [
                                {
                                    'PrivateDnsName': 'string',
                                    'PrivateIpAddress': 'string'
                                },
                            ],
                            'PublicDnsName': 'string',
                            'PublicIp': 'string',
                            'SecurityGroups': [
                                {
                                    'GroupId': 'string',
                                    'GroupName': 'string'
                                },
                            ],
                            'SubnetId': 'string',
                            'VpcId': 'string'
                        },
                    ],
                    'Platform': 'string',
                    'ProductCodes': [
                        {
                            'Code': 'string',
                            'ProductType': 'string'
                        },
                    ],
                    'Tags': [
                        {
                            'Key': 'string',
                            'Value': 'string'
                        },
                    ]
                },
                'ResourceType': 'string'
            },
            'SchemaVersion': 'string',
            'Service': {
                'Action': {
                    'ActionType': 'string',
                    'AwsApiCallAction': {
                        'Api': 'string',
                        'CallerType': 'string',
                        'DomainDetails': {
                            'Domain': 'string'
                        },
                        'RemoteIpDetails': {
                            'City': {
                                'CityName': 'string'
                            },
                            'Country': {
                                'CountryCode': 'string',
                                'CountryName': 'string'
                            },
                            'GeoLocation': {
                                'Lat': 123.0,
                                'Lon': 123.0
                            },
                            'IpAddressV4': 'string',
                            'Organization': {
                                'Asn': 'string',
                                'AsnOrg': 'string',
                                'Isp': 'string',
                                'Org': 'string'
                            }
                        },
                        'ServiceName': 'string'
                    },
                    'DnsRequestAction': {
                        'Domain': 'string'
                    },
                    'NetworkConnectionAction': {
                        'Blocked': True|False,
                        'ConnectionDirection': 'string',
                        'LocalPortDetails': {
                            'Port': 123,
                            'PortName': 'string'
                        },
                        'Protocol': 'string',
                        'RemoteIpDetails': {
                            'City': {
                                'CityName': 'string'
                            },
                            'Country': {
                                'CountryCode': 'string',
                                'CountryName': 'string'
                            },
                            'GeoLocation': {
                                'Lat': 123.0,
                                'Lon': 123.0
                            },
                            'IpAddressV4': 'string',
                            'Organization': {
                                'Asn': 'string',
                                'AsnOrg': 'string',
                                'Isp': 'string',
                                'Org': 'string'
                            }
                        },
                        'RemotePortDetails': {
                            'Port': 123,
                            'PortName': 'string'
                        }
                    },
                    'PortProbeAction': {
                        'Blocked': True|False,
                        'PortProbeDetails': [
                            {
                                'LocalPortDetails': {
                                    'Port': 123,
                                    'PortName': 'string'
                                },
                                'RemoteIpDetails': {
                                    'City': {
                                        'CityName': 'string'
                                    },
                                    'Country': {
                                        'CountryCode': 'string',
                                        'CountryName': 'string'
                                    },
                                    'GeoLocation': {
                                        'Lat': 123.0,
                                        'Lon': 123.0
                                    },
                                    'IpAddressV4': 'string',
                                    'Organization': {
                                        'Asn': 'string',
                                        'AsnOrg': 'string',
                                        'Isp': 'string',
                                        'Org': 'string'
                                    }
                                }
                            },
                        ]
                    }
                },
                'Archived': True|False,
                'Count': 123,
                'DetectorId': 'string',
                'EventFirstSeen': 'string',
                'EventLastSeen': 'string',
                'ResourceRole': 'string',
                'ServiceName': 'string',
                'UserFeedback': 'string'
            },
            'Severity': 123.0,
            'Title': 'string',
            'Type': 'string',
            'UpdatedAt': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • Findings (list) --

      A list of findings.

      • (dict) --

        • AccountId (string) --

          AWS account ID where the activity occurred that prompted GuardDuty to generate a finding.

        • Arn (string) --

          The ARN of a finding described by the action.

        • Confidence (float) --

          The confidence level of a finding.

        • CreatedAt (string) --

          The time stamp at which a finding was generated.

        • Description (string) --

          The description of a finding.

        • Id (string) --

          The identifier that corresponds to a finding described by the action.

        • Partition (string) --

          The AWS resource partition.

        • Region (string) --

          The AWS region where the activity occurred that prompted GuardDuty to generate a finding.

        • Resource (dict) --

          The AWS resource associated with the activity that prompted GuardDuty to generate a finding.

          • AccessKeyDetails (dict) --

            The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.

            • AccessKeyId (string) --

              Access key ID of the user.

            • PrincipalId (string) --

              The principal ID of the user.

            • UserName (string) --

              The name of the user.

            • UserType (string) --

              The type of the user.

          • InstanceDetails (dict) --

            The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.

            • AvailabilityZone (string) --

              The availability zone of the EC2 instance.

            • IamInstanceProfile (dict) --

              The profile information of the EC2 instance.

              • Arn (string) --

                AWS EC2 instance profile ARN.

              • Id (string) --

                AWS EC2 instance profile ID.

            • ImageDescription (string) --

              The image description of the EC2 instance.

            • ImageId (string) --

              The image ID of the EC2 instance.

            • InstanceId (string) --

              The ID of the EC2 instance.

            • InstanceState (string) --

              The state of the EC2 instance.

            • InstanceType (string) --

              The type of the EC2 instance.

            • LaunchTime (string) --

              The launch time of the EC2 instance.

            • NetworkInterfaces (list) --

              The network interface information of the EC2 instance.

              • (dict) --

                • Ipv6Addresses (list) --

                  A list of EC2 instance IPv6 address information.

                  • (string) --
                • NetworkInterfaceId (string) --

                  The ID of the network interface

                • PrivateDnsName (string) --

                  Private DNS name of the EC2 instance.

                • PrivateIpAddress (string) --

                  Private IP address of the EC2 instance.

                • PrivateIpAddresses (list) --

                  Other private IP address information of the EC2 instance.

                  • (dict) --

                    • PrivateDnsName (string) --

                      Private DNS name of the EC2 instance.

                    • PrivateIpAddress (string) --

                      Private IP address of the EC2 instance.

                • PublicDnsName (string) --

                  Public DNS name of the EC2 instance.

                • PublicIp (string) --

                  Public IP address of the EC2 instance.

                • SecurityGroups (list) --

                  Security groups associated with the EC2 instance.

                  • (dict) --

                    • GroupId (string) --

                      EC2 instance's security group ID.

                    • GroupName (string) --

                      EC2 instance's security group name.

                • SubnetId (string) --

                  The subnet ID of the EC2 instance.

                • VpcId (string) --

                  The VPC ID of the EC2 instance.

            • Platform (string) --

              The platform of the EC2 instance.

            • ProductCodes (list) --

              The product code of the EC2 instance.

              • (dict) --

                • Code (string) --

                  Product code information.

                • ProductType (string) --

                  Product code type.

            • Tags (list) --

              The tags of the EC2 instance.

              • (dict) --

                • Key (string) --

                  EC2 instance tag key.

                • Value (string) --

                  EC2 instance tag value.

          • ResourceType (string) --

            The type of the AWS resource.

        • SchemaVersion (string) --

          Findings' schema version.

        • Service (dict) --

          Additional information assigned to the generated finding by GuardDuty.

          • Action (dict) --

            Information about the activity described in a finding.

            • ActionType (string) --

              GuardDuty Finding activity type.

            • AwsApiCallAction (dict) --

              Information about the AWS_API_CALL action described in this finding.

              • Api (string) --

                AWS API name.

              • CallerType (string) --

                AWS API caller type.

              • DomainDetails (dict) --

                Domain information for the AWS API call.

                • Domain (string) --

                  Domain information for the AWS API call.

              • RemoteIpDetails (dict) --

                Remote IP information of the connection.

                • City (dict) --

                  City information of the remote IP address.

                  • CityName (string) --

                    City name of the remote IP address.

                • Country (dict) --

                  Country code of the remote IP address.

                  • CountryCode (string) --

                    Country code of the remote IP address.

                  • CountryName (string) --

                    Country name of the remote IP address.

                • GeoLocation (dict) --

                  Location information of the remote IP address.

                  • Lat (float) --

                    Latitude information of remote IP address.

                  • Lon (float) --

                    Longitude information of remote IP address.

                • IpAddressV4 (string) --

                  IPV4 remote address of the connection.

                • Organization (dict) --

                  ISP Organization information of the remote IP address.

                  • Asn (string) --

                    Autonomous system number of the internet provider of the remote IP address.

                  • AsnOrg (string) --

                    Organization that registered this ASN.

                  • Isp (string) --

                    ISP information for the internet provider.

                  • Org (string) --

                    Name of the internet provider.

              • ServiceName (string) --

                AWS service name whose API was invoked.

            • DnsRequestAction (dict) --

              Information about the DNS_REQUEST action described in this finding.

              • Domain (string) --

                Domain information for the DNS request.

            • NetworkConnectionAction (dict) --

              Information about the NETWORK_CONNECTION action described in this finding.

              • Blocked (boolean) --

                Network connection blocked information.

              • ConnectionDirection (string) --

                Network connection direction.

              • LocalPortDetails (dict) --

                Local port information of the connection.

                • Port (integer) --

                  Port number of the local connection.

                • PortName (string) --

                  Port name of the local connection.

              • Protocol (string) --

                Network connection protocol.

              • RemoteIpDetails (dict) --

                Remote IP information of the connection.

                • City (dict) --

                  City information of the remote IP address.

                  • CityName (string) --

                    City name of the remote IP address.

                • Country (dict) --

                  Country code of the remote IP address.

                  • CountryCode (string) --

                    Country code of the remote IP address.

                  • CountryName (string) --

                    Country name of the remote IP address.

                • GeoLocation (dict) --

                  Location information of the remote IP address.

                  • Lat (float) --

                    Latitude information of remote IP address.

                  • Lon (float) --

                    Longitude information of remote IP address.

                • IpAddressV4 (string) --

                  IPV4 remote address of the connection.

                • Organization (dict) --

                  ISP Organization information of the remote IP address.

                  • Asn (string) --

                    Autonomous system number of the internet provider of the remote IP address.

                  • AsnOrg (string) --

                    Organization that registered this ASN.

                  • Isp (string) --

                    ISP information for the internet provider.

                  • Org (string) --

                    Name of the internet provider.

              • RemotePortDetails (dict) --

                Remote port information of the connection.

                • Port (integer) --

                  Port number of the remote connection.

                • PortName (string) --

                  Port name of the remote connection.

            • PortProbeAction (dict) --

              Information about the PORT_PROBE action described in this finding.

              • Blocked (boolean) --

                Port probe blocked information.

              • PortProbeDetails (list) --

                A list of port probe details objects.

                • (dict) --

                  • LocalPortDetails (dict) --

                    Local port information of the connection.

                    • Port (integer) --

                      Port number of the local connection.

                    • PortName (string) --

                      Port name of the local connection.

                  • RemoteIpDetails (dict) --

                    Remote IP information of the connection.

                    • City (dict) --

                      City information of the remote IP address.

                      • CityName (string) --

                        City name of the remote IP address.

                    • Country (dict) --

                      Country code of the remote IP address.

                      • CountryCode (string) --

                        Country code of the remote IP address.

                      • CountryName (string) --

                        Country name of the remote IP address.

                    • GeoLocation (dict) --

                      Location information of the remote IP address.

                      • Lat (float) --

                        Latitude information of remote IP address.

                      • Lon (float) --

                        Longitude information of remote IP address.

                    • IpAddressV4 (string) --

                      IPV4 remote address of the connection.

                    • Organization (dict) --

                      ISP Organization information of the remote IP address.

                      • Asn (string) --

                        Autonomous system number of the internet provider of the remote IP address.

                      • AsnOrg (string) --

                        Organization that registered this ASN.

                      • Isp (string) --

                        ISP information for the internet provider.

                      • Org (string) --

                        Name of the internet provider.

          • Archived (boolean) --

            Indicates whether this finding is archived.

          • Count (integer) --

            Total count of the occurrences of this finding type.

          • DetectorId (string) --

            Detector ID for the GuardDuty service.

          • EventFirstSeen (string) --

            First seen timestamp of the activity that prompted GuardDuty to generate this finding.

          • EventLastSeen (string) --

            Last seen timestamp of the activity that prompted GuardDuty to generate this finding.

          • ResourceRole (string) --

            Resource role information for this finding.

          • ServiceName (string) --

            The name of the AWS service (GuardDuty) that generated a finding.

          • UserFeedback (string) --

            Feedback left about the finding.

        • Severity (float) --

          The severity of a finding.

        • Title (string) --

          The title of a finding.

        • Type (string) --

          The type of a finding described by the action.

        • UpdatedAt (string) --

          The time stamp at which a finding was last updated.

get_findings_statistics(**kwargs)

Lists Amazon GuardDuty findings' statistics for the specified detector ID.

See also: AWS API Documentation

Request Syntax

response = client.get_findings_statistics(
    DetectorId='string',
    FindingStatisticTypes=[
        'COUNT_BY_SEVERITY',
    ],
    FindingCriteria={
        'Criterion': {
            'string': {
                'Eq': [
                    'string',
                ],
                'Neq': [
                    'string',
                ],
                'Gt': 123,
                'Gte': 123,
                'Lt': 123,
                'Lte': 123,
                'Equals': [
                    'string',
                ],
                'NotEquals': [
                    'string',
                ],
                'GreaterThan': 123,
                'GreaterThanOrEqual': 123,
                'LessThan': 123,
                'LessThanOrEqual': 123
            }
        }
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.

  • FindingStatisticTypes (list) --

    [REQUIRED]

    Types of finding statistics to retrieve.

    • (string) --
  • FindingCriteria (dict) --

    Represents the criteria used for querying findings.

    • Criterion (dict) --

      Represents a map of finding properties that match specified conditions and values when querying findings.

      • (string) --
        • (dict) --
          • Eq (list) --

            Represents the equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Neq (list) --

            Represents the not equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Gt (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • Gte (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • Lt (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • Lte (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

          • Equals (list) --
            • (string) --
          • NotEquals (list) --
            • (string) --
          • GreaterThan (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • GreaterThanOrEqual (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • LessThan (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • LessThanOrEqual (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

Return type

dict

Returns

Response Syntax

{
    'FindingStatistics': {
        'CountBySeverity': {
            'string': 123
        }
    }
}

Response Structure

  • (dict) --

    • FindingStatistics (dict) --

      Finding statistics object.

      • CountBySeverity (dict) --

        Represents a map of severity to count statistic for a set of findings

        • (string) --
          • (integer) --

get_invitations_count()

Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.

See also: AWS API Documentation

Request Syntax

response = client.get_invitations_count()
Return type
dict
Returns
Response Syntax
{
    'InvitationsCount': 123
}

Response Structure

  • (dict) --
    • InvitationsCount (integer) --

      The number of received invitations.

get_ip_set(**kwargs)

Retrieves the IPSet specified by the IPSet ID.

See also: AWS API Documentation

Request Syntax

response = client.get_ip_set(
    DetectorId='string',
    IpSetId='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the ipSet is associated with.

  • IpSetId (string) --

    [REQUIRED]

    The unique ID of the ipSet you want to get.

Return type

dict

Returns

Response Syntax

{
    'Name': 'string',
    'Format': 'TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    'Location': 'string',
    'Status': 'INACTIVE'|'ACTIVATING'|'ACTIVE'|'DEACTIVATING'|'ERROR'|'DELETE_PENDING'|'DELETED',
    'Tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • Name (string) --

      The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.

    • Format (string) --

      The format of the file that contains the IPSet.

    • Location (string) --

      The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)

    • Status (string) --

      The status of ipSet file uploaded.

    • Tags (dict) --

      The tags of the IP set resource.

      • (string) --
        • (string) --

get_master_account(**kwargs)

Provides the details for the GuardDuty master account to the current GuardDuty member account.

See also: AWS API Documentation

Request Syntax

response = client.get_master_account(
    DetectorId='string'
)
Parameters
DetectorId (string) --

[REQUIRED]

The unique ID of the detector of the GuardDuty member account.

Return type
dict
Returns
Response Syntax
{
    'Master': {
        'AccountId': 'string',
        'InvitationId': 'string',
        'RelationshipStatus': 'string',
        'InvitedAt': 'string'
    }
}

Response Structure

  • (dict) --
    • Master (dict) --

      Master account details.

      • AccountId (string) --

        Master account ID

      • InvitationId (string) --

        This value is used to validate the master account to the member account.

      • RelationshipStatus (string) --

        The status of the relationship between the master and member accounts.

      • InvitedAt (string) --

        Timestamp at which the invitation was sent

get_members(**kwargs)

Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.

See also: AWS API Documentation

Request Syntax

response = client.get_members(
    DetectorId='string',
    AccountIds=[
        'string',
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account whose members you want to retrieve.

  • AccountIds (list) --

    [REQUIRED]

    A list of account IDs of the GuardDuty member accounts that you want to describe.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'Members': [
        {
            'AccountId': 'string',
            'DetectorId': 'string',
            'MasterId': 'string',
            'Email': 'string',
            'RelationshipStatus': 'string',
            'InvitedAt': 'string',
            'UpdatedAt': 'string'
        },
    ],
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • Members (list) --

      A list of members.

      • (dict) --

        • AccountId (string) --

          Member account ID.

        • DetectorId (string) --

          Member account's detector ID.

        • MasterId (string) --

          Master account ID.

        • Email (string) --

          Member account's email address.

        • RelationshipStatus (string) --

          The status of the relationship between the member and the master.

        • InvitedAt (string) --

          Timestamp at which the invitation was sent

        • UpdatedAt (string) --

          Member last updated timestamp.

    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --

        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

get_paginator(operation_name)

Create a paginator for an operation.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Raises OperationNotPageableError
Raised if the operation is not pageable. You can use the client.can_paginate method to check if an operation is pageable.
Return type
L{botocore.paginate.Paginator}
Returns
A paginator object.
get_threat_intel_set(**kwargs)

Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.

See also: AWS API Documentation

Request Syntax

response = client.get_threat_intel_set(
    DetectorId='string',
    ThreatIntelSetId='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the threatIntelSet is associated with.

  • ThreatIntelSetId (string) --

    [REQUIRED]

    The unique ID of the threatIntelSet you want to get.

Return type

dict

Returns

Response Syntax

{
    'Name': 'string',
    'Format': 'TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    'Location': 'string',
    'Status': 'INACTIVE'|'ACTIVATING'|'ACTIVE'|'DEACTIVATING'|'ERROR'|'DELETE_PENDING'|'DELETED',
    'Tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • Name (string) --

      A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.

    • Format (string) --

      The format of the threatIntelSet.

    • Location (string) --

      The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).

    • Status (string) --

      The status of threatIntelSet file uploaded.

    • Tags (dict) --

      The tags of the Threat List resource.

      • (string) --
        • (string) --

get_waiter(waiter_name)

Returns an object that can wait for some condition.

Parameters
waiter_name (str) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters.
Returns
The specified waiter object.
Return type
botocore.waiter.Waiter
invite_members(**kwargs)

Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.

See also: AWS API Documentation

Request Syntax

response = client.invite_members(
    DetectorId='string',
    AccountIds=[
        'string',
    ],
    DisableEmailNotification=True|False,
    Message='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account with which you want to invite members.

  • AccountIds (list) --

    [REQUIRED]

    A list of account IDs of the accounts that you want to invite to GuardDuty as members.

    • (string) --
  • DisableEmailNotification (boolean) -- A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members.
  • Message (string) -- The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.
Return type

dict

Returns

Response Syntax

{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --

        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

list_detectors(**kwargs)

Lists detectorIds of all the existing Amazon GuardDuty detector resources.

See also: AWS API Documentation

Request Syntax

response = client.list_detectors(
    MaxResults=123,
    NextToken='string'
)
Parameters
  • MaxResults (integer) -- You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • NextToken (string) -- You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Return type

dict

Returns

Response Syntax

{
    'DetectorIds': [
        'string',
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • DetectorIds (list) --

      A list of detector Ids.

      • (string) --
    • NextToken (string) --

      Pagination parameter to be used on the next list operation to retrieve more items.

list_filters(**kwargs)

Returns a paginated list of the current filters.

See also: AWS API Documentation

Request Syntax

response = client.list_filters(
    DetectorId='string',
    MaxResults=123,
    NextToken='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the filter is associated with.

  • MaxResults (integer) -- You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • NextToken (string) -- You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Return type

dict

Returns

Response Syntax

{
    'FilterNames': [
        'string',
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • FilterNames (list) --

      A list of filter names

      • (string) --
    • NextToken (string) --

      Pagination parameter to be used on the next list operation to retrieve more items.

list_findings(**kwargs)

Lists Amazon GuardDuty findings for the specified detector ID.

See also: AWS API Documentation

Request Syntax

response = client.list_findings(
    DetectorId='string',
    FindingCriteria={
        'Criterion': {
            'string': {
                'Eq': [
                    'string',
                ],
                'Neq': [
                    'string',
                ],
                'Gt': 123,
                'Gte': 123,
                'Lt': 123,
                'Lte': 123,
                'Equals': [
                    'string',
                ],
                'NotEquals': [
                    'string',
                ],
                'GreaterThan': 123,
                'GreaterThanOrEqual': 123,
                'LessThan': 123,
                'LessThanOrEqual': 123
            }
        }
    },
    SortCriteria={
        'AttributeName': 'string',
        'OrderBy': 'ASC'|'DESC'
    },
    MaxResults=123,
    NextToken='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector that specifies the GuardDuty service whose findings you want to list.

  • FindingCriteria (dict) --

    Represents the criteria used for querying findings.

    • Criterion (dict) --

      Represents a map of finding properties that match specified conditions and values when querying findings.

      • (string) --
        • (dict) --
          • Eq (list) --

            Represents the equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Neq (list) --

            Represents the not equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Gt (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • Gte (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • Lt (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • Lte (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

          • Equals (list) --
            • (string) --
          • NotEquals (list) --
            • (string) --
          • GreaterThan (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • GreaterThanOrEqual (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • LessThan (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • LessThanOrEqual (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

  • SortCriteria (dict) --

    Represents the criteria used for sorting findings.

    • AttributeName (string) --

      Represents the finding attribute (for example, accountId) by which to sort findings.

    • OrderBy (string) --

      Order by which the sorted findings are to be displayed.

  • MaxResults (integer) -- You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • NextToken (string) -- You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Return type

dict

Returns

Response Syntax

{
    'FindingIds': [
        'string',
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • FindingIds (list) --

      The IDs of the findings you are listing.

      • (string) --
    • NextToken (string) --

      Pagination parameter to be used on the next list operation to retrieve more items.

list_invitations(**kwargs)

Lists all GuardDuty membership invitations that were sent to the current AWS account.

See also: AWS API Documentation

Request Syntax

response = client.list_invitations(
    MaxResults=123,
    NextToken='string'
)
Parameters
  • MaxResults (integer) -- You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • NextToken (string) -- You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Return type

dict

Returns

Response Syntax

{
    'Invitations': [
        {
            'AccountId': 'string',
            'InvitationId': 'string',
            'RelationshipStatus': 'string',
            'InvitedAt': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Invitations (list) --

      A list of invitation descriptions.

      • (dict) --

        • AccountId (string) --

          Inviter account ID

        • InvitationId (string) --

          This value is used to validate the inviter account to the member account.

        • RelationshipStatus (string) --

          The status of the relationship between the inviter and invitee accounts.

        • InvitedAt (string) --

          Timestamp at which the invitation was sent

    • NextToken (string) --

      Pagination parameter to be used on the next list operation to retrieve more items.

list_ip_sets(**kwargs)

Lists the IPSets of the GuardDuty service specified by the detector ID.

See also: AWS API Documentation

Request Syntax

response = client.list_ip_sets(
    DetectorId='string',
    MaxResults=123,
    NextToken='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the ipSet is associated with.

  • MaxResults (integer) -- You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • NextToken (string) -- You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Return type

dict

Returns

Response Syntax

{
    'IpSetIds': [
        'string',
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • IpSetIds (list) --

      The IDs of the IPSet resources.

      • (string) --
    • NextToken (string) --

      Pagination parameter to be used on the next list operation to retrieve more items.

list_members(**kwargs)

Lists details about all member accounts for the current GuardDuty master account.

See also: AWS API Documentation

Request Syntax

response = client.list_members(
    DetectorId='string',
    MaxResults=123,
    NextToken='string',
    OnlyAssociated='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the member is associated with.

  • MaxResults (integer) -- You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • NextToken (string) -- You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
  • OnlyAssociated (string) -- Specifies whether to only return associated members or to return all members (including members which haven't been invited yet or have been disassociated).
Return type

dict

Returns

Response Syntax

{
    'Members': [
        {
            'AccountId': 'string',
            'DetectorId': 'string',
            'MasterId': 'string',
            'Email': 'string',
            'RelationshipStatus': 'string',
            'InvitedAt': 'string',
            'UpdatedAt': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Members (list) --

      A list of members.

      • (dict) --

        • AccountId (string) --

          Member account ID.

        • DetectorId (string) --

          Member account's detector ID.

        • MasterId (string) --

          Master account ID.

        • Email (string) --

          Member account's email address.

        • RelationshipStatus (string) --

          The status of the relationship between the member and the master.

        • InvitedAt (string) --

          Timestamp at which the invitation was sent

        • UpdatedAt (string) --

          Member last updated timestamp.

    • NextToken (string) --

      Pagination parameter to be used on the next list operation to retrieve more items.

list_tags_for_resource(**kwargs)

Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and Threat Intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource..

See also: AWS API Documentation

Request Syntax

response = client.list_tags_for_resource(
    ResourceArn='string'
)
Parameters
ResourceArn (string) --

[REQUIRED]

The Amazon Resource Name (ARN) for the given GuardDuty resource

Return type
dict
Returns
Response Syntax
{
    'Tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --
    • Tags (dict) --
      • (string) --
        • (string) --
list_threat_intel_sets(**kwargs)

Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.

See also: AWS API Documentation

Request Syntax

response = client.list_threat_intel_sets(
    DetectorId='string',
    MaxResults=123,
    NextToken='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the threatIntelSet is associated with.

  • MaxResults (integer) -- You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
  • NextToken (string) -- You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
Return type

dict

Returns

Response Syntax

{
    'ThreatIntelSetIds': [
        'string',
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • ThreatIntelSetIds (list) --

      The IDs of the ThreatIntelSet resources.

      • (string) --
    • NextToken (string) --

      Pagination parameter to be used on the next list operation to retrieve more items.

start_monitoring_members(**kwargs)

Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers.

See also: AWS API Documentation

Request Syntax

response = client.start_monitoring_members(
    DetectorId='string',
    AccountIds=[
        'string',
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account whom you want to re-enable to monitor members' findings.

  • AccountIds (list) --

    [REQUIRED]

    A list of account IDs of the GuardDuty member accounts whose findings you want the master account to monitor.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --

        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

stop_monitoring_members(**kwargs)

Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’ findings.

See also: AWS API Documentation

Request Syntax

response = client.stop_monitoring_members(
    DetectorId='string',
    AccountIds=[
        'string',
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account that you want to stop from monitor members' findings.

  • AccountIds (list) --

    [REQUIRED]

    A list of account IDs of the GuardDuty member accounts whose findings you want the master account to stop monitoring.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • UnprocessedAccounts (list) --

      A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.

      • (dict) --

        • AccountId (string) --

          AWS Account ID.

        • Result (string) --

          A reason why the account hasn't been processed.

tag_resource(**kwargs)

Adds tags to a resource.

See also: AWS API Documentation

Request Syntax

response = client.tag_resource(
    ResourceArn='string',
    Tags={
        'string': 'string'
    }
)
Parameters
  • ResourceArn (string) --

    [REQUIRED]

    The Amazon Resource Name (ARN) for the given GuardDuty resource

  • Tags (dict) --

    [REQUIRED]

    The tags to be added to a resource.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

unarchive_findings(**kwargs)

Unarchives Amazon GuardDuty findings specified by the list of finding IDs.

See also: AWS API Documentation

Request Syntax

response = client.unarchive_findings(
    DetectorId='string',
    FindingIds=[
        'string',
    ]
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector that specifies the GuardDuty service whose findings you want to unarchive.

  • FindingIds (list) --

    [REQUIRED]

    IDs of the findings that you want to unarchive.

    • (string) --
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

untag_resource(**kwargs)

Removes tags from a resource.

See also: AWS API Documentation

Request Syntax

response = client.untag_resource(
    ResourceArn='string',
    TagKeys=[
        'string',
    ]
)
Parameters
  • ResourceArn (string) --

    [REQUIRED]

    The Amazon Resource Name (ARN) for the given GuardDuty resource

  • TagKeys (list) --

    [REQUIRED]

    The tag keys to remove from a resource.

    • (string) --
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

update_detector(**kwargs)

Updates an Amazon GuardDuty detector specified by the detectorId.

See also: AWS API Documentation

Request Syntax

response = client.update_detector(
    DetectorId='string',
    Enable=True|False,
    FindingPublishingFrequency='FIFTEEN_MINUTES'|'ONE_HOUR'|'SIX_HOURS'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector that you want to update.

  • Enable (boolean) -- Updated boolean value for the detector that specifies whether the detector is enabled.
  • FindingPublishingFrequency (string) -- A enum value that specifies how frequently customer got Finding updates published.
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

update_filter(**kwargs)

Updates the filter specified by the filter name.

See also: AWS API Documentation

Request Syntax

response = client.update_filter(
    DetectorId='string',
    FilterName='string',
    Description='string',
    Action='NOOP'|'ARCHIVE',
    Rank=123,
    FindingCriteria={
        'Criterion': {
            'string': {
                'Eq': [
                    'string',
                ],
                'Neq': [
                    'string',
                ],
                'Gt': 123,
                'Gte': 123,
                'Lt': 123,
                'Lte': 123,
                'Equals': [
                    'string',
                ],
                'NotEquals': [
                    'string',
                ],
                'GreaterThan': 123,
                'GreaterThanOrEqual': 123,
                'LessThan': 123,
                'LessThanOrEqual': 123
            }
        }
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.

  • FilterName (string) --

    [REQUIRED]

    The name of the filter.

  • Description (string) -- The description of the filter.
  • Action (string) -- Specifies the action that is to be applied to the findings that match the filter.
  • Rank (integer) -- Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
  • FindingCriteria (dict) --

    Represents the criteria to be used in the filter for querying findings.

    • Criterion (dict) --

      Represents a map of finding properties that match specified conditions and values when querying findings.

      • (string) --
        • (dict) --
          • Eq (list) --

            Represents the equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Neq (list) --

            Represents the not equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Gt (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • Gte (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • Lt (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • Lte (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

          • Equals (list) --
            • (string) --
          • NotEquals (list) --
            • (string) --
          • GreaterThan (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • GreaterThanOrEqual (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • LessThan (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • LessThanOrEqual (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

Return type

dict

Returns

Response Syntax

{
    'Name': 'string'
}

Response Structure

  • (dict) --

    • Name (string) --

      The name of the filter.

update_findings_feedback(**kwargs)

Marks specified Amazon GuardDuty findings as useful or not useful.

See also: AWS API Documentation

Request Syntax

response = client.update_findings_feedback(
    DetectorId='string',
    FindingIds=[
        'string',
    ],
    Feedback='USEFUL'|'NOT_USEFUL',
    Comments='string'
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector that specifies the GuardDuty service whose findings you want to mark as useful or not useful.

  • FindingIds (list) --

    [REQUIRED]

    IDs of the findings that you want to mark as useful or not useful.

    • (string) --
  • Feedback (string) --

    [REQUIRED]

    Valid values: USEFUL | NOT_USEFUL

  • Comments (string) -- Additional feedback about the GuardDuty findings.
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

update_ip_set(**kwargs)

Updates the IPSet specified by the IPSet ID.

See also: AWS API Documentation

Request Syntax

response = client.update_ip_set(
    DetectorId='string',
    IpSetId='string',
    Name='string',
    Location='string',
    Activate=True|False
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The detectorID that specifies the GuardDuty service whose IPSet you want to update.

  • IpSetId (string) --

    [REQUIRED]

    The unique ID that specifies the IPSet that you want to update.

  • Name (string) -- The unique ID that specifies the IPSet that you want to update.
  • Location (string) -- The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
  • Activate (boolean) -- The updated boolean value that specifies whether the IPSet is active or not.
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

update_threat_intel_set(**kwargs)

Updates the ThreatIntelSet specified by ThreatIntelSet ID.

See also: AWS API Documentation

Request Syntax

response = client.update_threat_intel_set(
    DetectorId='string',
    ThreatIntelSetId='string',
    Name='string',
    Location='string',
    Activate=True|False
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.

  • ThreatIntelSetId (string) --

    [REQUIRED]

    The unique ID that specifies the ThreatIntelSet that you want to update.

  • Name (string) -- The unique ID that specifies the ThreatIntelSet that you want to update.
  • Location (string) -- The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
  • Activate (boolean) -- The updated boolean value that specifies whether the ThreateIntelSet is active or not.
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Paginators

The available paginators are:

class GuardDuty.Paginator.ListDetectors
paginator = client.get_paginator('list_detectors')
paginate(**kwargs)

Creates an iterator that will paginate through responses from GuardDuty.Client.list_detectors().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
PaginationConfig (dict) --

A dictionary that provides parameters to control pagination.

  • MaxItems (integer) --

    The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

  • PageSize (integer) --

    The size of each page.

  • StartingToken (string) --

    A token to specify where to start paginating. This is the NextToken from a previous response.

Return type
dict
Returns
Response Syntax
{
    'DetectorIds': [
        'string',
    ],

}

Response Structure

  • (dict) --
    • DetectorIds (list) --

      A list of detector Ids.

      • (string) --
class GuardDuty.Paginator.ListFilters
paginator = client.get_paginator('list_filters')
paginate(**kwargs)

Creates an iterator that will paginate through responses from GuardDuty.Client.list_filters().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    DetectorId='string',
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the filter is associated with.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'FilterNames': [
        'string',
    ],

}

Response Structure

  • (dict) --

    • FilterNames (list) --

      A list of filter names

      • (string) --

class GuardDuty.Paginator.ListFindings
paginator = client.get_paginator('list_findings')
paginate(**kwargs)

Creates an iterator that will paginate through responses from GuardDuty.Client.list_findings().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    DetectorId='string',
    FindingCriteria={
        'Criterion': {
            'string': {
                'Eq': [
                    'string',
                ],
                'Neq': [
                    'string',
                ],
                'Gt': 123,
                'Gte': 123,
                'Lt': 123,
                'Lte': 123,
                'Equals': [
                    'string',
                ],
                'NotEquals': [
                    'string',
                ],
                'GreaterThan': 123,
                'GreaterThanOrEqual': 123,
                'LessThan': 123,
                'LessThanOrEqual': 123
            }
        }
    },
    SortCriteria={
        'AttributeName': 'string',
        'OrderBy': 'ASC'|'DESC'
    },
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The ID of the detector that specifies the GuardDuty service whose findings you want to list.

  • FindingCriteria (dict) --

    Represents the criteria used for querying findings.

    • Criterion (dict) --

      Represents a map of finding properties that match specified conditions and values when querying findings.

      • (string) --
        • (dict) --
          • Eq (list) --

            Represents the equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Neq (list) --

            Represents the not equal condition to be applied to a single field when querying for findings.

            • (string) --
          • Gt (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • Gte (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • Lt (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • Lte (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

          • Equals (list) --
            • (string) --
          • NotEquals (list) --
            • (string) --
          • GreaterThan (integer) --

            Represents a greater than condition to be applied to a single field when querying for findings.

          • GreaterThanOrEqual (integer) --

            Represents a greater than equal condition to be applied to a single field when querying for findings.

          • LessThan (integer) --

            Represents a less than condition to be applied to a single field when querying for findings.

          • LessThanOrEqual (integer) --

            Represents a less than equal condition to be applied to a single field when querying for findings.

  • SortCriteria (dict) --

    Represents the criteria used for sorting findings.

    • AttributeName (string) --

      Represents the finding attribute (for example, accountId) by which to sort findings.

    • OrderBy (string) --

      Order by which the sorted findings are to be displayed.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'FindingIds': [
        'string',
    ],

}

Response Structure

  • (dict) --

    • FindingIds (list) --

      The IDs of the findings you are listing.

      • (string) --

class GuardDuty.Paginator.ListIPSets
paginator = client.get_paginator('list_ip_sets')
paginate(**kwargs)

Creates an iterator that will paginate through responses from GuardDuty.Client.list_ip_sets().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    DetectorId='string',
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the ipSet is associated with.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'IpSetIds': [
        'string',
    ],

}

Response Structure

  • (dict) --

    • IpSetIds (list) --

      The IDs of the IPSet resources.

      • (string) --

class GuardDuty.Paginator.ListInvitations
paginator = client.get_paginator('list_invitations')
paginate(**kwargs)

Creates an iterator that will paginate through responses from GuardDuty.Client.list_invitations().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
PaginationConfig (dict) --

A dictionary that provides parameters to control pagination.

  • MaxItems (integer) --

    The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

  • PageSize (integer) --

    The size of each page.

  • StartingToken (string) --

    A token to specify where to start paginating. This is the NextToken from a previous response.

Return type
dict
Returns
Response Syntax
{
    'Invitations': [
        {
            'AccountId': 'string',
            'InvitationId': 'string',
            'RelationshipStatus': 'string',
            'InvitedAt': 'string'
        },
    ],

}

Response Structure

  • (dict) --
    • Invitations (list) --

      A list of invitation descriptions.

      • (dict) --
        • AccountId (string) --

          Inviter account ID

        • InvitationId (string) --

          This value is used to validate the inviter account to the member account.

        • RelationshipStatus (string) --

          The status of the relationship between the inviter and invitee accounts.

        • InvitedAt (string) --

          Timestamp at which the invitation was sent

class GuardDuty.Paginator.ListMembers
paginator = client.get_paginator('list_members')
paginate(**kwargs)

Creates an iterator that will paginate through responses from GuardDuty.Client.list_members().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    DetectorId='string',
    OnlyAssociated='string',
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the member is associated with.

  • OnlyAssociated (string) -- Specifies whether to only return associated members or to return all members (including members which haven't been invited yet or have been disassociated).
  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'Members': [
        {
            'AccountId': 'string',
            'DetectorId': 'string',
            'MasterId': 'string',
            'Email': 'string',
            'RelationshipStatus': 'string',
            'InvitedAt': 'string',
            'UpdatedAt': 'string'
        },
    ],

}

Response Structure

  • (dict) --

    • Members (list) --

      A list of members.

      • (dict) --

        • AccountId (string) --

          Member account ID.

        • DetectorId (string) --

          Member account's detector ID.

        • MasterId (string) --

          Master account ID.

        • Email (string) --

          Member account's email address.

        • RelationshipStatus (string) --

          The status of the relationship between the member and the master.

        • InvitedAt (string) --

          Timestamp at which the invitation was sent

        • UpdatedAt (string) --

          Member last updated timestamp.

class GuardDuty.Paginator.ListThreatIntelSets
paginator = client.get_paginator('list_threat_intel_sets')
paginate(**kwargs)

Creates an iterator that will paginate through responses from GuardDuty.Client.list_threat_intel_sets().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    DetectorId='string',
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • DetectorId (string) --

    [REQUIRED]

    The unique ID of the detector the threatIntelSet is associated with.

  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'ThreatIntelSetIds': [
        'string',
    ],

}

Response Structure

  • (dict) --

    • ThreatIntelSetIds (list) --

      The IDs of the ThreatIntelSet resources.

      • (string) --