Package-level declarations

Contains information on the current access control policies for the bucket.

An access denied exception object.

Contains information about the access keys.

Contains information about the access keys.

Contains information about the account.

Contains information about the account.

Provides details of the GuardDuty member account that uses a free trial service.

Contains information about the account level permissions on the S3 bucket.

Represents a list of map of accounts with the number of findings associated with each account.

Contains information about actions.

Information about the actors involved in an attack sequence.

Contains information about a process involved in a GuardDuty finding, including process identification, execution details, and file information.

Information about the installed EKS add-on (GuardDuty security agent).

The account within the organization specified as the GuardDuty delegated administrator.

Contains information about the administrator account and invitation.

Information about the installed GuardDuty security agent.

Contains information about the anomalies.

Contains information about the unusual anomalies.

Contains information about the behavior of the anomaly that is new to GuardDuty.

Contains information about the Autonomous System (AS) associated with the network endpoints involved in an attack sequence.

Contains information about the API action.

A bad request exception object.

Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.

Contains information about the bucket level permissions for the S3 bucket.

Contains information on the current bucket policies for the S3 bucket.

Contains information about the city associated with the IP address.

Contains information on the status of CloudTrail as a data source for the detector.

Contains information about the condition.

A request conflict exception object.

Details of a container.

Contains information about container resources involved in a GuardDuty finding. This structure provides details about containers that were identified as part of suspicious or malicious activity.

Contains information about the Amazon EC2 instance that is running the Amazon ECS container.

Contains information about the country where the remote IP address is located.

Contains information about the Amazon EC2 instance runtime coverage details.

Contains information about Amazon ECS cluster runtime coverage details.

Information about the EKS cluster that has a coverage status.

Represents a condition that when matched will be added to the response of the operation.

Represents the criteria used in the filter.

Represents a condition that when matched will be added to the response of the operation.

Information about the resource of the GuardDuty account.

Information about the resource for each individual EKS cluster.

Information about the sorting criteria used in the coverage statistics.

Information about the coverage statistics for a resource.

Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.

Information about the protected S3 bucket resource.

Contains information about which data sources are enabled.

Contains information on the status of data sources for the detector.

Contains information about which data sources are enabled for the GuardDuty member account.

Contains information about which data sources are enabled for the GuardDuty member account.

Represents list a map of dates with a count of total findings generated on each date.

Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.

Contains information about the publishing destination, including the ID, type, and status.

Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.

Contains information about the detected behavior.

Information about the additional configuration for a feature in your GuardDuty account.

Information about the additional configuration.

Contains information about a GuardDuty feature.

Contains information about a GuardDuty feature.

Contains information on the status of DNS logs as a data source.

Contains information about the DNS_REQUEST action described in this finding.

Contains information about the domain.

Contains list of scanned and skipped EBS volumes with details.

Contains details from the malware scan that created a finding.

Describes the configuration of scanning EBS volumes as a data source.

Details about the potentially impacted Amazon EC2 instance resource.

Contains information about the elastic network interface of the Amazon EC2 instance.

Contains information about the details of the ECS Cluster.

Contains information about the task in an ECS cluster.

Contains information about the Amazon EKS cluster involved in a GuardDuty finding, including cluster identification, status, and network configuration.

Details about the EKS cluster involved in a Kubernetes finding.

Contains information about the reason that the finding was generated.

Contains information about Amazon Web Services Fargate details associated with an Amazon ECS cluster.

Contains information about the condition.

Represents the criteria to be used in the filter for describing scan entries.

Represents a condition that when matched will be added to the response of the operation. Irrespective of using any filter criteria, an administrator account can view the scan entries for all of its member accounts. However, each member account can view the scan entries only for their own account.

Contains information about the finding that is generated when abnormal or suspicious activity is detected.

Contains information about the criteria used for querying findings.

Contains information about finding statistics.

Information about each finding type associated with the groupedByFindingType statistics.

Contains information on the status of VPC flow logs as a data source.

Contains information about the free trial period for a feature.

Contains information about the location of the remote IP address. By default, GuardDuty returns Geolocation with Lat and Lon as 0.0.

Base class for all service related exceptions thrown by the GuardDuty client

Contains details of the highest severity threat detected during scan and number of infected files.

Represents a pre-existing file or directory on the host machine that the volume maps to.

Contains information about the EC2 instance profile.

Contains information about the impersonated user.

Contains information about the indicators that include a set of signals observed in an attack sequence.

Contains information about the details of an instance.

An internal server error exception object.

Contains information about the invitation to become a member account.

Information about the nested item path and hash of the protected resource.

Information about the Kubernetes API call action described in this finding.

Describes whether Kubernetes audit logs are enabled as a data source.

Describes whether Kubernetes audit logs are enabled as a data source.

Describes whether any Kubernetes data sources are enabled.

Describes whether any Kubernetes logs will be enabled as a data source.

Provides details about the Kubernetes resources when it is enabled as a data source.

Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.

Information about the Kubernetes API for which you check if you have permission to call.

Contains information about the role binding that grants the permission defined in a Kubernetes role.

Information about the Kubernetes role name and role type.

Details about the Kubernetes user involved in a Kubernetes finding.

Contains information about Kubernetes workloads involved in a GuardDuty finding, including pods, deployments, and other Kubernetes resources.

Details about the Kubernetes workload involved in a Kubernetes finding.

Information about the Lambda function involved in the finding.

Information about the runtime process details.

Contains information about the local IP address of the connection.

Contains information about the port for the local connection.

Information about the login attempts.

Describes whether Malware Protection will be enabled as a data source.

An object that contains information on the status of all Malware Protection data sources.

Provides details about Malware Protection when it is enabled as a data source.

Information about whether the tags will be added to the S3 object after scanning.

Information about the issue code and message associated to the status of your Malware Protection plan.

Information about the Malware Protection plan resource.

Information about adding tags to the scanned S3 object after the scan result.

Information about the malware scan that generated a GuardDuty finding.

Contains information about the administrator account and invitation.

Contains information about the member account.

Information about the additional configuration for the member account.

Information about the additional configuration for the member account.

Contains information on which data sources are enabled for a member account.

Contains information about the features for the member account.

Contains information about the features for the member account.

Contains information about the network connection.

Contains information about the NETWORK_CONNECTION action described in the finding.

Contains information about network endpoints that were observed in the attack sequence.

Contains information about network endpoint location.

Contains information about the elastic network interface of the EC2 instance.

Contains information about the observed behavior.

Contains information about the ISP organization of the remote IP address.

A list of additional configurations which will be configured for the organization.

A list of additional configuration which will be configured for the organization.

An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.

An object that contains information on which data sources are automatically enabled for new members within the organization.

Information about GuardDuty coverage statistics for members in your Amazon Web Services organization.

Organization-wide EBS volumes scan configuration.

An object that contains information on the status of whether EBS volumes scanning will be enabled as a data source for an organization.

A list of features which will be configured for the organization.

A list of features which will be configured for the organization.

Information about the number of accounts that have enabled a specific feature.

Information about the coverage statistic for the additional configuration of the feature.

Organization-wide Kubernetes audit logs configuration.

The current configuration of Kubernetes audit logs as a data source for the organization.

Organization-wide Kubernetes data sources configurations.

The current configuration of all Kubernetes data sources for the organization.

Organization-wide Malware Protection configurations.

An object that contains information on the status of all Malware Protection data source for an organization.