View on GitHub
GuardDuty Structure Reference
GuardDuty
public struct GuardDutyClient object for interacting with AWS GuardDuty service.
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin. GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength. GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the Amazon GuardDuty User Guide .
-
Undocumented
Declaration
Swift
public let client: AWSClient
-
Initialize the GuardDuty client
Declaration
Swift
public init(accessKeyId: String? = nil, secretAccessKey: String? = nil, sessionToken: String? = nil, region: AWSSDKSwiftCore.Region? = nil, endpoint: String? = nil, middlewares: [AWSServiceMiddleware] = [], eventLoopGroupProvider: AWSClient.EventLoopGroupProvider = .useAWSClientShared)Parameters
accessKeyIdPublic access key provided by AWS
secretAccessKeyPrivate access key provided by AWS
sessionTokenToken provided by STS.AssumeRole() which allows access to another AWS account
regionRegion of server you want to communicate with
endpointCustom endpoint URL to use instead of standard AWS servers
middlewaresArray of middlewares to apply to requests and responses
eventLoopGroupProviderEventLoopGroup to use. Use
useAWSClientSharedif the client shall manage its own EventLoopGroup.
-
Accepts the invitation to be monitored by a master GuardDuty account.
Declaration
Swift
public func acceptInvitation(_ input: AcceptInvitationRequest) -> EventLoopFuture<AcceptInvitationResponse> -
Archives GuardDuty findings that are specified by the list of finding IDs. Only the master account can archive findings. Member accounts don’t have permission to archive findings from their accounts.
Declaration
Swift
public func archiveFindings(_ input: ArchiveFindingsRequest) -> EventLoopFuture<ArchiveFindingsResponse> -
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
Declaration
Swift
public func createDetector(_ input: CreateDetectorRequest) -> EventLoopFuture<CreateDetectorResponse> -
Creates a filter using the specified finding criteria.
Declaration
Swift
public func createFilter(_ input: CreateFilterRequest) -> EventLoopFuture<CreateFilterResponse> -
Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with AWS infrastructure and applications. GuardDuty doesn’t generate findings for IP addresses that are included in IPSets. Only users from the master account can use this operation.
Declaration
Swift
public func createIPSet(_ input: CreateIPSetRequest) -> EventLoopFuture<CreateIPSetResponse> -
Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization. When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization master account, which must enable GuardDuty prior to being added as a member. If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using Invite Members .
Declaration
Swift
public func createMembers(_ input: CreateMembersRequest) -> EventLoopFuture<CreateMembersResponse> -
Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.
Declaration
Swift
public func createPublishingDestination(_ input: CreatePublishingDestinationRequest) -> EventLoopFuture<CreatePublishingDestinationResponse> -
Generates example findings of types specified by the list of finding types. If ‘NULL’ is specified for findingTypes, the API generates example findings of all supported finding types.
Declaration
Swift
public func createSampleFindings(_ input: CreateSampleFindingsRequest) -> EventLoopFuture<CreateSampleFindingsResponse> -
Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the master account can use this operation.
Declaration
Swift
public func createThreatIntelSet(_ input: CreateThreatIntelSetRequest) -> EventLoopFuture<CreateThreatIntelSetResponse> -
Declines invitations sent to the current member account by AWS accounts specified by their account IDs.
Declaration
Swift
public func declineInvitations(_ input: DeclineInvitationsRequest) -> EventLoopFuture<DeclineInvitationsResponse> -
Deletes an Amazon GuardDuty detector that is specified by the detector ID.
Declaration
Swift
public func deleteDetector(_ input: DeleteDetectorRequest) -> EventLoopFuture<DeleteDetectorResponse> -
Deletes the filter specified by the filter name.
Declaration
Swift
public func deleteFilter(_ input: DeleteFilterRequest) -> EventLoopFuture<DeleteFilterResponse> -
Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.
Declaration
Swift
public func deleteIPSet(_ input: DeleteIPSetRequest) -> EventLoopFuture<DeleteIPSetResponse> -
Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
Declaration
Swift
public func deleteInvitations(_ input: DeleteInvitationsRequest) -> EventLoopFuture<DeleteInvitationsResponse> -
Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Declaration
Swift
public func deleteMembers(_ input: DeleteMembersRequest) -> EventLoopFuture<DeleteMembersResponse> -
Deletes the publishing definition with the specified destinationId.
Declaration
Swift
public func deletePublishingDestination(_ input: DeletePublishingDestinationRequest) -> EventLoopFuture<DeletePublishingDestinationResponse> -
Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.
Declaration
Swift
public func deleteThreatIntelSet(_ input: DeleteThreatIntelSetRequest) -> EventLoopFuture<DeleteThreatIntelSetResponse> -
Returns information about the account selected as the delegated administrator for GuardDuty.
Declaration
Swift
public func describeOrganizationConfiguration(_ input: DescribeOrganizationConfigurationRequest) -> EventLoopFuture<DescribeOrganizationConfigurationResponse> -
Returns information about the publishing destination specified by the provided destinationId.
Declaration
Swift
public func describePublishingDestination(_ input: DescribePublishingDestinationRequest) -> EventLoopFuture<DescribePublishingDestinationResponse> -
Disables an AWS account within the Organization as the GuardDuty delegated administrator.
Declaration
Swift
public func disableOrganizationAdminAccount(_ input: DisableOrganizationAdminAccountRequest) -> EventLoopFuture<DisableOrganizationAdminAccountResponse> -
Disassociates the current GuardDuty member account from its master account.
Declaration
Swift
public func disassociateFromMasterAccount(_ input: DisassociateFromMasterAccountRequest) -> EventLoopFuture<DisassociateFromMasterAccountResponse> -
Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Declaration
Swift
public func disassociateMembers(_ input: DisassociateMembersRequest) -> EventLoopFuture<DisassociateMembersResponse> -
Enables an AWS account within the organization as the GuardDuty delegated administrator.
Declaration
Swift
public func enableOrganizationAdminAccount(_ input: EnableOrganizationAdminAccountRequest) -> EventLoopFuture<EnableOrganizationAdminAccountResponse> -
Retrieves an Amazon GuardDuty detector specified by the detectorId.
Declaration
Swift
public func getDetector(_ input: GetDetectorRequest) -> EventLoopFuture<GetDetectorResponse> -
Returns the details of the filter specified by the filter name.
Declaration
Swift
public func getFilter(_ input: GetFilterRequest) -> EventLoopFuture<GetFilterResponse> -
Describes Amazon GuardDuty findings specified by finding IDs.
Declaration
Swift
public func getFindings(_ input: GetFindingsRequest) -> EventLoopFuture<GetFindingsResponse> -
Lists Amazon GuardDuty findings statistics for the specified detector ID.
Declaration
Swift
public func getFindingsStatistics(_ input: GetFindingsStatisticsRequest) -> EventLoopFuture<GetFindingsStatisticsResponse> -
Retrieves the IPSet specified by the ipSetId.
Declaration
Swift
public func getIPSet(_ input: GetIPSetRequest) -> EventLoopFuture<GetIPSetResponse> -
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
Declaration
Swift
public func getInvitationsCount(_ input: GetInvitationsCountRequest) -> EventLoopFuture<GetInvitationsCountResponse> -
Provides the details for the GuardDuty master account associated with the current GuardDuty member account.
Declaration
Swift
public func getMasterAccount(_ input: GetMasterAccountRequest) -> EventLoopFuture<GetMasterAccountResponse> -
Describes which data sources are enabled for the member account’s detector.
Declaration
Swift
public func getMemberDetectors(_ input: GetMemberDetectorsRequest) -> EventLoopFuture<GetMemberDetectorsResponse> -
Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
Declaration
Swift
public func getMembers(_ input: GetMembersRequest) -> EventLoopFuture<GetMembersResponse> -
Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
Declaration
Swift
public func getThreatIntelSet(_ input: GetThreatIntelSetRequest) -> EventLoopFuture<GetThreatIntelSetResponse> -
Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources the cost returned will include only the usage so far under 30 days, this may differ from the cost metrics in the console, which projects usage over 30 days to provide a monthly cost estimate. For more information see Understanding How Usage Costs are Calculated.
Declaration
Swift
public func getUsageStatistics(_ input: GetUsageStatisticsRequest) -> EventLoopFuture<GetUsageStatisticsResponse> -
Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty, and allow the current AWS account to view and manage these accounts’ GuardDuty findings on their behalf as the master account.
Declaration
Swift
public func inviteMembers(_ input: InviteMembersRequest) -> EventLoopFuture<InviteMembersResponse> -
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
Declaration
Swift
public func listDetectors(_ input: ListDetectorsRequest) -> EventLoopFuture<ListDetectorsResponse> -
Returns a paginated list of the current filters.
Declaration
Swift
public func listFilters(_ input: ListFiltersRequest) -> EventLoopFuture<ListFiltersResponse> -
Lists Amazon GuardDuty findings for the specified detector ID.
Declaration
Swift
public func listFindings(_ input: ListFindingsRequest) -> EventLoopFuture<ListFindingsResponse> -
Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated master account.
Declaration
Swift
public func listIPSets(_ input: ListIPSetsRequest) -> EventLoopFuture<ListIPSetsResponse> -
Lists all GuardDuty membership invitations that were sent to the current AWS account.
Declaration
Swift
public func listInvitations(_ input: ListInvitationsRequest) -> EventLoopFuture<ListInvitationsResponse> -
Lists details about all member accounts for the current GuardDuty master account.
Declaration
Swift
public func listMembers(_ input: ListMembersRequest) -> EventLoopFuture<ListMembersResponse> -
Lists the accounts configured as GuardDuty delegated administrators.
Declaration
Swift
public func listOrganizationAdminAccounts(_ input: ListOrganizationAdminAccountsRequest) -> EventLoopFuture<ListOrganizationAdminAccountsResponse> -
Returns a list of publishing destinations associated with the specified dectectorId.
Declaration
Swift
public func listPublishingDestinations(_ input: ListPublishingDestinationsRequest) -> EventLoopFuture<ListPublishingDestinationsResponse> -
Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.
Declaration
Swift
public func listTagsForResource(_ input: ListTagsForResourceRequest) -> EventLoopFuture<ListTagsForResourceResponse> -
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the master account are returned.
Declaration
Swift
public func listThreatIntelSets(_ input: ListThreatIntelSetsRequest) -> EventLoopFuture<ListThreatIntelSetsResponse> -
Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.
Declaration
Swift
public func startMonitoringMembers(_ input: StartMonitoringMembersRequest) -> EventLoopFuture<StartMonitoringMembersResponse> -
Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts.
Declaration
Swift
public func stopMonitoringMembers(_ input: StopMonitoringMembersRequest) -> EventLoopFuture<StopMonitoringMembersResponse> -
Adds tags to a resource.
Declaration
Swift
public func tagResource(_ input: TagResourceRequest) -> EventLoopFuture<TagResourceResponse> -
Unarchives GuardDuty findings specified by the findingIds.
Declaration
Swift
public func unarchiveFindings(_ input: UnarchiveFindingsRequest) -> EventLoopFuture<UnarchiveFindingsResponse> -
Removes tags from a resource.
Declaration
Swift
public func untagResource(_ input: UntagResourceRequest) -> EventLoopFuture<UntagResourceResponse> -
Updates the Amazon GuardDuty detector specified by the detectorId.
Declaration
Swift
public func updateDetector(_ input: UpdateDetectorRequest) -> EventLoopFuture<UpdateDetectorResponse> -
Updates the filter specified by the filter name.
Declaration
Swift
public func updateFilter(_ input: UpdateFilterRequest) -> EventLoopFuture<UpdateFilterResponse> -
Marks the specified GuardDuty findings as useful or not useful.
Declaration
Swift
public func updateFindingsFeedback(_ input: UpdateFindingsFeedbackRequest) -> EventLoopFuture<UpdateFindingsFeedbackResponse> -
Updates the IPSet specified by the IPSet ID.
Declaration
Swift
public func updateIPSet(_ input: UpdateIPSetRequest) -> EventLoopFuture<UpdateIPSetResponse> -
Contains information on member accounts to be updated.
Declaration
Swift
public func updateMemberDetectors(_ input: UpdateMemberDetectorsRequest) -> EventLoopFuture<UpdateMemberDetectorsResponse> -
Updates the delegated administrator account with the values provided.
Declaration
Swift
public func updateOrganizationConfiguration(_ input: UpdateOrganizationConfigurationRequest) -> EventLoopFuture<UpdateOrganizationConfigurationResponse> -
Updates information about the publishing destination specified by the destinationId.
Declaration
Swift
public func updatePublishingDestination(_ input: UpdatePublishingDestinationRequest) -> EventLoopFuture<UpdatePublishingDestinationResponse> -
Updates the ThreatIntelSet specified by the ThreatIntelSet ID.
Declaration
Swift
public func updateThreatIntelSet(_ input: UpdateThreatIntelSetRequest) -> EventLoopFuture<UpdateThreatIntelSetResponse>
-
Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources the cost returned will include only the usage so far under 30 days, this may differ from the cost metrics in the console, which projects usage over 30 days to provide a monthly cost estimate. For more information see Understanding How Usage Costs are Calculated.
Declaration
Swift
public func getUsageStatisticsPaginator(_ input: GetUsageStatisticsRequest, onPage: @escaping (GetUsageStatisticsResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Lists detectorIds of all the existing Amazon GuardDuty detector resources.
Declaration
Swift
public func listDetectorsPaginator(_ input: ListDetectorsRequest, onPage: @escaping (ListDetectorsResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Returns a paginated list of the current filters.
Declaration
Swift
public func listFiltersPaginator(_ input: ListFiltersRequest, onPage: @escaping (ListFiltersResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Lists Amazon GuardDuty findings for the specified detector ID.
Declaration
Swift
public func listFindingsPaginator(_ input: ListFindingsRequest, onPage: @escaping (ListFindingsResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated master account.
Declaration
Swift
public func listIPSetsPaginator(_ input: ListIPSetsRequest, onPage: @escaping (ListIPSetsResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Lists all GuardDuty membership invitations that were sent to the current AWS account.
Declaration
Swift
public func listInvitationsPaginator(_ input: ListInvitationsRequest, onPage: @escaping (ListInvitationsResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Lists details about all member accounts for the current GuardDuty master account.
Declaration
Swift
public func listMembersPaginator(_ input: ListMembersRequest, onPage: @escaping (ListMembersResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Lists the accounts configured as GuardDuty delegated administrators.
Declaration
Swift
public func listOrganizationAdminAccountsPaginator(_ input: ListOrganizationAdminAccountsRequest, onPage: @escaping (ListOrganizationAdminAccountsResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Returns a list of publishing destinations associated with the specified dectectorId.
Declaration
Swift
public func listPublishingDestinationsPaginator(_ input: ListPublishingDestinationsRequest, onPage: @escaping (ListPublishingDestinationsResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void> -
Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the master account are returned.
Declaration
Swift
public func listThreatIntelSetsPaginator(_ input: ListThreatIntelSetsRequest, onPage: @escaping (ListThreatIntelSetsResponse, EventLoop) -> EventLoopFuture<Bool>) -> EventLoopFuture<Void>
-
Undocumented
See moreDeclaration
Swift
public struct GetUsageStatisticsRequest : AWSShapeextension GuardDuty.GetUsageStatisticsRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListDetectorsRequest : AWSShapeextension GuardDuty.ListDetectorsRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListFiltersRequest : AWSShapeextension GuardDuty.ListFiltersRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListFindingsRequest : AWSShapeextension GuardDuty.ListFindingsRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListIPSetsRequest : AWSShapeextension GuardDuty.ListIPSetsRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListInvitationsRequest : AWSShapeextension GuardDuty.ListInvitationsRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListMembersRequest : AWSShapeextension GuardDuty.ListMembersRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListOrganizationAdminAccountsRequest : AWSShapeextension GuardDuty.ListOrganizationAdminAccountsRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListPublishingDestinationsRequest : AWSShapeextension GuardDuty.ListPublishingDestinationsRequest: AWSPaginateStringToken -
Undocumented
See moreDeclaration
Swift
public struct ListThreatIntelSetsRequest : AWSShapeextension GuardDuty.ListThreatIntelSetsRequest: AWSPaginateStringToken
-
Undocumented
See moreDeclaration
Swift
public enum AdminStatus : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum DataSource : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum DataSourceStatus : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum DestinationType : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum DetectorStatus : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum Feedback : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum FilterAction : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum FindingPublishingFrequency : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum FindingStatisticType : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum IpSetFormat : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum IpSetStatus : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum OrderBy : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum PublishingStatus : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum ThreatIntelSetFormat : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum ThreatIntelSetStatus : String, CustomStringConvertible, Codable -
Undocumented
See moreDeclaration
Swift
public enum UsageStatisticType : String, CustomStringConvertible, Codable