GuardDuty / Client / start_malware_scan

start_malware_scan

GuardDuty.Client.start_malware_scan(**kwargs)

Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account if the resourceArn belongs to an EC2 instance.

When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see ListMalwareScans and GetMalwareScan.

When you use this API, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.

See also: AWS API Documentation

Request Syntax

response = client.start_malware_scan(
    ResourceArn='string',
    ClientToken='string',
    ScanConfiguration={
        'Role': 'string',
        'IncrementalScanDetails': {
            'BaselineResourceArn': 'string'
        },
        'RecoveryPoint': {
            'BackupVaultName': 'string'
        }
    }
)
Parameters:

  • ResourceArn (string) –

    [REQUIRED]

    Amazon Resource Name (ARN) of the resource for which you invoked the API.

  • ClientToken (string) –

    The idempotency token for the create request.

    This field is autopopulated if not provided.

  • ScanConfiguration (dict) –

    Contains information about the configuration to be used for the malware scan.

    • Role (string) – [REQUIRED]

      Amazon Resource Name (ARN) of the IAM role that is used for scanning the resource.

    • IncrementalScanDetails (dict) –

      Contains information about the incremental scan configuration. When specified, the scan will only process changes since the baseline resource.

      • BaselineResourceArn (string) – [REQUIRED]

        Amazon Resource Name (ARN) of the baseline resource used for incremental scanning. The scan will only process changes since this baseline resource was created.

    • RecoveryPoint (dict) –

      Contains information about the recovery point configuration for the requested scan.

      • BackupVaultName (string) – [REQUIRED]

        The name of the Amazon Web Services Backup vault that contains the name of the recovery point to be scanned.

Return type:

dict

Returns:

Response Syntax

{
    'ScanId': 'string'
}

Response Structure

  • (dict) –

    • ScanId (string) –

      A unique identifier that gets generated when you invoke the API without any error. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.

Exceptions

  • GuardDuty.Client.exceptions.BadRequestException

  • GuardDuty.Client.exceptions.ConflictException

  • GuardDuty.Client.exceptions.InternalServerErrorException