GuardDuty / Client / describe_malware_scans

describe_malware_scans#

GuardDuty.Client.describe_malware_scans(**kwargs)#

Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts.

There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

See also: AWS API Documentation

Request Syntax

response = client.describe_malware_scans(
    DetectorId='string',
    NextToken='string',
    MaxResults=123,
    FilterCriteria={
        'FilterCriterion': [
            {
                'CriterionKey': 'EC2_INSTANCE_ARN'|'SCAN_ID'|'ACCOUNT_ID'|'GUARDDUTY_FINDING_ID'|'SCAN_START_TIME'|'SCAN_STATUS'|'SCAN_TYPE',
                'FilterCondition': {
                    'EqualsValue': 'string',
                    'GreaterThan': 123,
                    'LessThan': 123
                }
            },
        ]
    },
    SortCriteria={
        'AttributeName': 'string',
        'OrderBy': 'ASC'|'DESC'
    }
)
Parameters:
  • DetectorId (string) –

    [REQUIRED]

    The unique ID of the detector that the request is associated with.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

  • NextToken (string) – You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

  • MaxResults (integer) – You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

  • FilterCriteria (dict) –

    Represents the criteria to be used in the filter for describing scan entries.

    • FilterCriterion (list) –

      Represents a condition that when matched will be added to the response of the operation.

      • (dict) –

        Represents a condition that when matched will be added to the response of the operation. Irrespective of using any filter criteria, an administrator account can view the scan entries for all of its member accounts. However, each member account can view the scan entries only for their own account.

        • CriterionKey (string) –

          An enum value representing possible scan properties to match with given scan entries.

          Note

          Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME. CLUSTER_NAME has been deprecated.

        • FilterCondition (dict) –

          Contains information about the condition.

          • EqualsValue (string) –

            Represents an equal condition to be applied to a single field when querying for scan entries.

          • GreaterThan (integer) –

            Represents a greater than condition to be applied to a single field when querying for scan entries.

          • LessThan (integer) –

            Represents a less than condition to be applied to a single field when querying for scan entries.

  • SortCriteria (dict) –

    Represents the criteria used for sorting scan entries. The attributeName is required and it must be scanStartTime.

    • AttributeName (string) –

      Represents the finding attribute, such as accountId, that sorts the findings.

    • OrderBy (string) –

      The order by which the sorted findings are to be displayed.

Return type:

dict

Returns:

Response Syntax

{
    'Scans': [
        {
            'DetectorId': 'string',
            'AdminDetectorId': 'string',
            'ScanId': 'string',
            'ScanStatus': 'RUNNING'|'COMPLETED'|'FAILED'|'SKIPPED',
            'FailureReason': 'string',
            'ScanStartTime': datetime(2015, 1, 1),
            'ScanEndTime': datetime(2015, 1, 1),
            'TriggerDetails': {
                'GuardDutyFindingId': 'string',
                'Description': 'string'
            },
            'ResourceDetails': {
                'InstanceArn': 'string'
            },
            'ScanResultDetails': {
                'ScanResult': 'CLEAN'|'INFECTED'
            },
            'AccountId': 'string',
            'TotalBytes': 123,
            'FileCount': 123,
            'AttachedVolumes': [
                {
                    'VolumeArn': 'string',
                    'VolumeType': 'string',
                    'DeviceName': 'string',
                    'VolumeSizeInGB': 123,
                    'EncryptionType': 'string',
                    'SnapshotArn': 'string',
                    'KmsKeyArn': 'string'
                },
            ],
            'ScanType': 'GUARDDUTY_INITIATED'|'ON_DEMAND'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • Scans (list) –

      Contains information about malware scans.

      • (dict) –

        Contains information about a malware scan.

        • DetectorId (string) –

          The unique ID of the detector that the request is associated with.

          To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

        • AdminDetectorId (string) –

          The unique detector ID of the administrator account that the request is associated with. If the account is an administrator, the AdminDetectorId will be the same as the one used for DetectorId.

          To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

        • ScanId (string) –

          The unique scan ID associated with a scan entry.

        • ScanStatus (string) –

          An enum value representing possible scan statuses.

        • FailureReason (string) –

          Represents the reason for FAILED scan status.

        • ScanStartTime (datetime) –

          The timestamp of when the scan was triggered.

        • ScanEndTime (datetime) –

          The timestamp of when the scan was finished.

        • TriggerDetails (dict) –

          Specifies the reason why the scan was initiated.

          • GuardDutyFindingId (string) –

            The ID of the GuardDuty finding that triggered the malware scan.

          • Description (string) –

            The description of the scan trigger.

        • ResourceDetails (dict) –

          Represents the resources that were scanned in the scan entry.

          • InstanceArn (string) –

            Instance ARN that was scanned in the scan entry.

        • ScanResultDetails (dict) –

          Represents the result of the scan.

          • ScanResult (string) –

            An enum value representing possible scan results.

        • AccountId (string) –

          The ID for the account that belongs to the scan.

        • TotalBytes (integer) –

          Represents total bytes that were scanned.

        • FileCount (integer) –

          Represents the number of files that were scanned.

        • AttachedVolumes (list) –

          List of volumes that were attached to the original instance to be scanned.

          • (dict) –

            Contains EBS volume details.

            • VolumeArn (string) –

              EBS volume ARN information.

            • VolumeType (string) –

              The EBS volume type.

            • DeviceName (string) –

              The device name for the EBS volume.

            • VolumeSizeInGB (integer) –

              EBS volume size in GB.

            • EncryptionType (string) –

              EBS volume encryption type.

            • SnapshotArn (string) –

              Snapshot ARN of the EBS volume.

            • KmsKeyArn (string) –

              KMS key ARN used to encrypt the EBS volume.

        • ScanType (string) –

          Specifies the scan type that invoked the malware scan.

    • NextToken (string) –

      The pagination parameter to be used on the next list operation to retrieve more items.

Exceptions