GuardDuty / Client / create_threat_intel_set

create_threat_intel_set#

GuardDuty.Client.create_threat_intel_set(**kwargs)#

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

See also: AWS API Documentation

Request Syntax

response = client.create_threat_intel_set(
    DetectorId='string',
    Name='string',
    Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    Location='string',
    Activate=True|False,
    ClientToken='string',
    Tags={
        'string': 'string'
    }
)
Parameters:
  • DetectorId (string) –

    [REQUIRED]

    The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.

  • Name (string) –

    [REQUIRED]

    A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

  • Format (string) –

    [REQUIRED]

    The format of the file that contains the ThreatIntelSet.

  • Location (string) –

    [REQUIRED]

    The URI of the file that contains the ThreatIntelSet.

  • Activate (boolean) –

    [REQUIRED]

    A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

  • ClientToken (string) –

    The idempotency token for the create request.

    This field is autopopulated if not provided.

  • Tags (dict) –

    The tags to be added to a new threat list resource.

    • (string) –

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'ThreatIntelSetId': 'string'
}

Response Structure

  • (dict) –

    • ThreatIntelSetId (string) –

      The ID of the ThreatIntelSet resource.

Exceptions

  • GuardDuty.Client.exceptions.BadRequestException

  • GuardDuty.Client.exceptions.InternalServerErrorException