GuardDuty / Client / create_threat_intel_set
create_threat_intel_set#
- GuardDuty.Client.create_threat_intel_set(**kwargs)#
Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.
See also: AWS API Documentation
Request Syntax
response = client.create_threat_intel_set( DetectorId='string', Name='string', Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE', Location='string', Activate=True|False, ClientToken='string', Tags={ 'string': 'string' } )
- Parameters:
DetectorId (string) –
[REQUIRED]
The unique ID of the detector of the GuardDuty account for which you want to create a
ThreatIntelSet
.To find the
detectorId
in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.Name (string) –
[REQUIRED]
A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
Format (string) –
[REQUIRED]
The format of the file that contains the ThreatIntelSet.
Location (string) –
[REQUIRED]
The URI of the file that contains the ThreatIntelSet.
Activate (boolean) –
[REQUIRED]
A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
ClientToken (string) –
The idempotency token for the create request.
This field is autopopulated if not provided.
Tags (dict) –
The tags to be added to a new threat list resource.
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'ThreatIntelSetId': 'string' }
Response Structure
(dict) –
ThreatIntelSetId (string) –
The ID of the ThreatIntelSet resource.
Exceptions