GuardDuty / Client / update_member_detectors

update_member_detectors#

GuardDuty.Client.update_member_detectors(**kwargs)#

Contains information on member accounts to be updated.

Specifying both EKS Runtime Monitoring ( EKS_RUNTIME_MONITORING) and Runtime Monitoring ( RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.

There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.

See also: AWS API Documentation

Request Syntax

response = client.update_member_detectors(
    DetectorId='string',
    AccountIds=[
        'string',
    ],
    DataSources={
        'S3Logs': {
            'Enable': True|False
        },
        'Kubernetes': {
            'AuditLogs': {
                'Enable': True|False
            }
        },
        'MalwareProtection': {
            'ScanEc2InstanceWithFindings': {
                'EbsVolumes': True|False
            }
        }
    },
    Features=[
        {
            'Name': 'S3_DATA_EVENTS'|'EKS_AUDIT_LOGS'|'EBS_MALWARE_PROTECTION'|'RDS_LOGIN_EVENTS'|'EKS_RUNTIME_MONITORING'|'LAMBDA_NETWORK_LOGS'|'RUNTIME_MONITORING',
            'Status': 'ENABLED'|'DISABLED',
            'AdditionalConfiguration': [
                {
                    'Name': 'EKS_ADDON_MANAGEMENT'|'ECS_FARGATE_AGENT_MANAGEMENT'|'EC2_AGENT_MANAGEMENT',
                    'Status': 'ENABLED'|'DISABLED'
                },
            ]
        },
    ]
)
Parameters:
  • DetectorId (string) –

    [REQUIRED]

    The detector ID of the administrator account.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

  • AccountIds (list) –

    [REQUIRED]

    A list of member account IDs to be updated.

    • (string) –

  • DataSources (dict) –

    Describes which data sources will be updated.

    • S3Logs (dict) –

      Describes whether S3 data event logs are enabled as a data source.

      • Enable (boolean) – [REQUIRED]

        The status of S3 data event logs as a data source.

    • Kubernetes (dict) –

      Describes whether any Kubernetes logs are enabled as data sources.

      • AuditLogs (dict) – [REQUIRED]

        The status of Kubernetes audit logs as a data source.

        • Enable (boolean) – [REQUIRED]

          The status of Kubernetes audit logs as a data source.

    • MalwareProtection (dict) –

      Describes whether Malware Protection is enabled as a data source.

      • ScanEc2InstanceWithFindings (dict) –

        Describes the configuration of Malware Protection for EC2 instances with findings.

        • EbsVolumes (boolean) –

          Describes the configuration for scanning EBS volumes as data source.

  • Features (list) –

    A list of features that will be updated for the specified member accounts.

    • (dict) –

      Contains information about the features for the member account.

      • Name (string) –

        The name of the feature.

      • Status (string) –

        The status of the feature.

      • AdditionalConfiguration (list) –

        Additional configuration of the feature for the member account.

        • (dict) –

          Information about the additional configuration for the member account.

          • Name (string) –

            Name of the additional configuration.

          • Status (string) –

            Status of the additional configuration.

Return type:

dict

Returns:

Response Syntax

{
    'UnprocessedAccounts': [
        {
            'AccountId': 'string',
            'Result': 'string'
        },
    ]
}

Response Structure

  • (dict) –

    • UnprocessedAccounts (list) –

      A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.

      • (dict) –

        Contains information about the accounts that weren’t processed.

        • AccountId (string) –

          The Amazon Web Services account ID.

        • Result (string) –

          A reason why the account hasn’t been processed.

Exceptions

  • GuardDuty.Client.exceptions.BadRequestException

  • GuardDuty.Client.exceptions.InternalServerErrorException