Home - Creating Your First Action
- Creating Your First Connector
- Creating Your First Data Parser
- Developing Actions
- Creating Your First Action
- Concepts & Best Practices
- Coding Execute Operations
- Coding Variables
- Coding Input Prompt Operations
- Authenticating Actions
- Developing Connectors
- Creating Your First Connector
- Authenticating Connectors
- Reference: Data Connectors
- Extending Slack
- Overview
- Quickstart
- Slack Slash Commands
- Slack Bots
- Workflows with Slack
- Notifications with Slack
- References
- Developer Platform Glossary
- Python and SQL Operations
- Python Operations
- JavaScript Operations
- SQL Operations
- Block Kit Library
AWS GuardDuty (version v1.*.*)
accept_invitation#
Accepts the invitation to be monitored by a master GuardDuty account.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty member account.
Type: string
$body#
Type: object
{
"MasterId" : "The account ID of the master GuardDuty account whose invitation you're accepting.",
"InvitationId" : "This value is used to validate the master account to the member account."
}archive_findings#
Archives GuardDuty findings specified by the list of finding IDs.
Only the master account can archive findings. Member accounts do not have permission to archive findings from their accounts.
Parameters
detectorId (required)#
The ID of the detector that specifies the GuardDuty service whose findings you want to archive.
Type: string
$body#
Type: object
{
"FindingIds" : [ "string" ]
}create_detector#
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each region that you enable the service. You can have only one detector per account per region.
Parameters
$body#
Type: object
{
"enable" : "A boolean value that specifies whether the detector is to be enabled.",
"clientToken" : "The idempotency token for the create request.",
"findingPublishingFrequency" : "A enum value that specifies how frequently customer got Finding updates published.",
"tags" : "The tags to be added to a new detector resource."
}create_filter#
Creates a filter using the specified finding criteria.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account for which you want to create a filter.
Type: string
$body#
Type: object
{
"Action" : "Specifies the action that is to be applied to the findings that match the filter.",
"Description" : "The description of the filter.",
"FindingCriteria" : {
"criterion" : "Represents a map of finding properties that match specified conditions and values when querying findings."
},
"Rank" : "Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.",
"ClientToken" : "The idempotency token for the create request.",
"Tags" : "The tags to be added to a new filter resource.",
"Name" : "The name of the filter."
}create_ip_set#
Creates a new IPSet, called Trusted IP list in the consoler user interface. An IPSet is a list IP addresses trusted for secure communication with AWS infrastructure and applications. GuardDuty does not generate findings for IP addresses included in IPSets. Only users from the master account can use this operation.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.
Type: string
$body#
Type: object
{
"Format" : "The format of the file that contains the IPSet.",
"Activate" : "A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.",
"ClientToken" : "The idempotency token for the create request.",
"Tags" : "The tags to be added to a new IP set resource.",
"Name" : "The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.",
"Location" : "The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)"
}create_members#
Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account with which you want to associate member accounts.
Type: string
$body#
Type: object
{
"AccountDetails" : [ {
"accountId" : "Member account ID.",
"email" : "Member account's email address."
} ]
}create_publishing_destination#
Creates a publishing destination to send findings to. The resource to send findings to must exist before you use this operation.
Parameters
detectorId (required)#
The ID of the GuardDuty detector associated with the publishing destination.
Type: string
$body#
Type: object
{
"DestinationProperties" : {
"destinationArn" : "The ARN of the resource to publish to.",
"kmsKeyArn" : "The ARN of the KMS key to use for encryption."
},
"DestinationType" : "The type of resource for the publishing destination. Currently only S3 is supported.",
"ClientToken" : "The idempotency token for the request."
}create_sample_findings#
Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.
Parameters
detectorId (required)#
The ID of the detector to create sample findings for.
Type: string
$body#
Type: object
{
"FindingTypes" : [ "string" ]
}create_threat_intel_set#
Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the master account can use this operation.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account for which you want to create a threatIntelSet.
Type: string
$body#
Type: object
{
"Format" : "The format of the file that contains the ThreatIntelSet.",
"Activate" : "A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.",
"ClientToken" : "The idempotency token for the create request.",
"Tags" : "The tags to be added to a new Threat List resource.",
"Name" : "A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.",
"Location" : "The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)."
}decline_invitations#
Declines invitations sent to the current member account by AWS account specified by their account IDs.
delete_detector#
Deletes a Amazon GuardDuty detector specified by the detector ID.
delete_filter#
Deletes the filter specified by the filter name.
Parameters
detectorId (required)#
The unique ID of the detector the filter is associated with.
Type: string
filterName (required)#
The name of the filter you want to delete.
Type: string
delete_invitations#
Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
delete_ip_set#
Deletes the IPSet specified by the ipSetId. IPSets are called Trusted IP lists in the console user interface.
Parameters
detectorId (required)#
The unique ID of the detector associated with the IPSet.
Type: string
ipSetId (required)#
The unique ID of the IPSet to delete.
Type: string
delete_members#
Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account whose members you want to delete.
Type: string
$body#
Type: object
{
"AccountIds" : [ "string" ]
}delete_publishing_destination#
Deletes the publishing definition with the specified destinationId.
Parameters
destinationId (required)#
The ID of the publishing destination to delete.
Type: string
detectorId (required)#
The unique ID of the detector associated with the publishing destination to delete.
Type: string
delete_threat_intel_set#
Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
Parameters
detectorId (required)#
The unique ID of the detector the threatIntelSet is associated with.
Type: string
threatIntelSetId (required)#
The unique ID of the threatIntelSet you want to delete.
Type: string
describe_publishing_destination#
Returns information about the publishing destination specified by the provided destinationId.
Parameters
destinationId (required)#
The ID of the publishing destination to retrieve.
Type: string
detectorId (required)#
The unique ID of the detector associated with the publishing destination to retrieve.
Type: string
disassociate_from_master_account#
Disassociates the current GuardDuty member account from its master account.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty member account.
Type: string
disassociate_members#
Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account whose members you want to disassociate from master.
Type: string
$body#
Type: object
{
"AccountIds" : [ "string" ]
}get_detector#
Retrieves an Amazon GuardDuty detector specified by the detectorId.
get_filter#
Returns the details of the filter specified by the filter name.
Parameters
detectorId (required)#
The unique ID of the detector the filter is associated with.
Type: string
filterName (required)#
The name of the filter you want to get.
Type: string
get_findings#
Describes Amazon GuardDuty findings specified by finding IDs.
Parameters
detectorId (required)#
The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
Type: string
$body#
Type: object
{
"SortCriteria" : {
"orderBy" : "Order by which the sorted findings are to be displayed.",
"attributeName" : "Represents the finding attribute (for example, accountId) by which to sort findings."
},
"FindingIds" : [ "string" ]
}get_findings_statistics#
Lists Amazon GuardDuty findings' statistics for the specified detector ID.
Parameters
detectorId (required)#
The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
Type: string
$body#
Type: object
{
"FindingCriteria" : {
"criterion" : "Represents a map of finding properties that match specified conditions and values when querying findings."
},
"FindingStatisticTypes" : [ "string. Possible values: COUNT_BY_SEVERITY" ]
}get_invitations_count#
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
get_ip_set#
Retrieves the IPSet specified by the ipSetId.
Parameters
detectorId (required)#
The unique ID of the detector the ipSet is associated with.
Type: string
ipSetId (required)#
The unique ID of the IPSet to retrieve.
Type: string
get_master_account#
Provides the details for the GuardDuty master account associated with the current GuardDuty member account.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty member account.
Type: string
get_members#
Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account whose members you want to retrieve.
Type: string
$body#
Type: object
{
"AccountIds" : [ "string" ]
}get_threat_intel_set#
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
Parameters
detectorId (required)#
The unique ID of the detector the threatIntelSet is associated with.
Type: string
threatIntelSetId (required)#
The unique ID of the threatIntelSet you want to get.
Type: string
invite_members#
Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account with which you want to invite members.
Type: string
$body#
Type: object
{
"AccountIds" : [ "string" ],
"Message" : "The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.",
"DisableEmailNotification" : "A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members."
}list_detectors#
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
This operation has no parameters
list_filters#
Returns a paginated list of the current filters.
Parameters
detectorId (required)#
The unique ID of the detector the filter is associated with.
Type: string
list_findings#
Lists Amazon GuardDuty findings for the specified detector ID.
Parameters
detectorId (required)#
The ID of the detector that specifies the GuardDuty service whose findings you want to list.
Type: string
$body#
Type: object
{
"SortCriteria" : {
"orderBy" : "Order by which the sorted findings are to be displayed.",
"attributeName" : "Represents the finding attribute (for example, accountId) by which to sort findings."
},
"FindingCriteria" : {
"criterion" : "Represents a map of finding properties that match specified conditions and values when querying findings."
}
}list_invitations#
Lists all GuardDuty membership invitations that were sent to the current AWS account.
This operation has no parameters
list_ip_sets#
Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated master account.
Parameters
detectorId (required)#
The unique ID of the detector the ipSet is associated with.
Type: string
list_members#
Lists details about all member accounts for the current GuardDuty master account.
Parameters
detectorId (required)#
The unique ID of the detector the member is associated with.
Type: string
onlyAssociated#
Specifies whether to only return associated members or to return all members (including members which haven't been invited yet or have been disassociated).
Type: string
list_publishing_destinations#
Returns a list of publishing destinations associated with the specified dectectorId.
Parameters
detectorId (required)#
The ID of the detector to retrieve publishing destinations for.
Type: string
maxResults#
The maximum number of results to return in the response.
Type: integer
nextToken#
A token to use for paginating results returned in the repsonse. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Type: string
list_tags_for_resource#
Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and Threat Intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource..
Parameters
resourceArn (required)#
The Amazon Resource Name (ARN) for the given GuardDuty resource
Type: string
list_threat_intel_sets#
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the master account are returned.
Parameters
detectorId (required)#
The unique ID of the detector the threatIntelSet is associated with.
Type: string
start_monitoring_members#
Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty master account associated with the member accounts to monitor.
Type: string
$body#
Type: object
{
"AccountIds" : [ "string" ]
}stop_monitoring_members#
Stops GuardDuty monitoring for the specified member accounnts. Use the StartMonitoringMembers to restart monitoring for those accounts.
Parameters
detectorId (required)#
The unique ID of the detector of the GuardDuty account that you want to stop from monitor members' findings.
Type: string
$body#
Type: object
{
"AccountIds" : [ "string" ]
}tag_resource#
Adds tags to a resource.
Parameters
resourceArn (required)#
The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.
Type: string
$body#
Type: object
{
"Tags" : "The tags to be added to a resource."
}unarchive_findings#
Unarchives GuardDuty findings specified by the findingIds.
Parameters
detectorId (required)#
The ID of the detector associated with the findings to unarchive.
Type: string
$body#
Type: object
{
"FindingIds" : [ "string" ]
}untag_resource#
Removes tags from a resource.
Parameters
resourceArn (required)#
The Amazon Resource Name (ARN) for the resource to remove tags from.
Type: string
tagKeys (required)#
The tag keys to remove from the resource.
Type: array
[ "string" ]update_detector#
Updates the Amazon GuardDuty detector specified by the detectorId.
Parameters
detectorId (required)#
The unique ID of the detector to update.
Type: string
$body#
Type: object
{
"FindingPublishingFrequency" : "A enum value that specifies how frequently findings are exported, such as to CloudWatch Events.",
"Enable" : "Specifies whether the detector is enabled or not enabled."
}update_filter#
Updates the filter specified by the filter name.
Parameters
detectorId (required)#
The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
Type: string
filterName (required)#
The name of the filter.
Type: string
$body#
Type: object
{
"Action" : "Specifies the action that is to be applied to the findings that match the filter.",
"Description" : "The description of the filter.",
"FindingCriteria" : {
"criterion" : "Represents a map of finding properties that match specified conditions and values when querying findings."
},
"Rank" : "Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings."
}update_findings_feedback#
Marks the specified GuardDuty findings as useful or not useful.
Parameters
detectorId (required)#
The ID of the detector associated with the findings to update feedback for.
Type: string
$body#
Type: object
{
"Feedback" : "The feedback for the finding.",
"Comments" : "Additional feedback about the GuardDuty findings.",
"FindingIds" : [ "string" ]
}update_ip_set#
Updates the IPSet specified by the IPSet ID.
Parameters
detectorId (required)#
The detectorID that specifies the GuardDuty service whose IPSet you want to update.
Type: string
ipSetId (required)#
The unique ID that specifies the IPSet that you want to update.
Type: string
$body#
Type: object
{
"Activate" : "The updated boolean value that specifies whether the IPSet is active or not.",
"Name" : "The unique ID that specifies the IPSet that you want to update.",
"Location" : "The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)."
}update_publishing_destination#
Updates information about the publishing destination specified by the destinationId.
Parameters
destinationId (required)#
The ID of the detector associated with the publishing destinations to update.
Type: string
detectorId (required)#
The ID of the
Type: string
$body#
Type: object
{
"DestinationProperties" : {
"destinationArn" : "The ARN of the resource to publish to.",
"kmsKeyArn" : "The ARN of the KMS key to use for encryption."
}
}update_threat_intel_set#
Updates the ThreatIntelSet specified by ThreatIntelSet ID.
Parameters
detectorId (required)#
The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
Type: string
threatIntelSetId (required)#
The unique ID that specifies the ThreatIntelSet that you want to update.
Type: string
$body#
Type: object
{
"Activate" : "The updated boolean value that specifies whether the ThreateIntelSet is active or not.",
"Name" : "The unique ID that specifies the ThreatIntelSet that you want to update.",
"Location" : "The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)"
}