amazonka-guardduty-2.0: Amazon GuardDuty SDK.
Copyright(c) 2013-2023 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellSafe-Inferred
LanguageHaskell2010

Amazonka.GuardDuty.Lens

Contents

Description

 
Synopsis

Operations

AcceptAdministratorInvitation

acceptAdministratorInvitation_detectorId :: Lens' AcceptAdministratorInvitation Text Source #

The unique ID of the detector of the GuardDuty member account.

acceptAdministratorInvitation_administratorId :: Lens' AcceptAdministratorInvitation Text Source #

The account ID of the GuardDuty administrator account whose invitation you're accepting.

acceptAdministratorInvitation_invitationId :: Lens' AcceptAdministratorInvitation Text Source #

The value that is used to validate the administrator account to the member account.

acceptAdministratorInvitationResponse_httpStatus :: Lens' AcceptAdministratorInvitationResponse Int Source #

The response's http status code.

ArchiveFindings

archiveFindings_detectorId :: Lens' ArchiveFindings Text Source #

The ID of the detector that specifies the GuardDuty service whose findings you want to archive.

archiveFindings_findingIds :: Lens' ArchiveFindings [Text] Source #

The IDs of the findings that you want to archive.

archiveFindingsResponse_httpStatus :: Lens' ArchiveFindingsResponse Int Source #

The response's http status code.

CreateDetector

createDetector_clientToken :: Lens' CreateDetector (Maybe Text) Source #

The idempotency token for the create request.

createDetector_dataSources :: Lens' CreateDetector (Maybe DataSourceConfigurations) Source #

Describes which data sources will be enabled for the detector.

createDetector_findingPublishingFrequency :: Lens' CreateDetector (Maybe FindingPublishingFrequency) Source #

A value that specifies how frequently updated findings are exported.

createDetector_tags :: Lens' CreateDetector (Maybe (HashMap Text Text)) Source #

The tags to be added to a new detector resource.

createDetector_enable :: Lens' CreateDetector Bool Source #

A Boolean value that specifies whether the detector is to be enabled.

createDetectorResponse_detectorId :: Lens' CreateDetectorResponse (Maybe Text) Source #

The unique ID of the created detector.

createDetectorResponse_unprocessedDataSources :: Lens' CreateDetectorResponse (Maybe UnprocessedDataSourcesResult) Source #

Specifies the data sources that couldn't be enabled when GuardDuty was enabled for the first time.

createDetectorResponse_httpStatus :: Lens' CreateDetectorResponse Int Source #

The response's http status code.

CreateFilter

createFilter_action :: Lens' CreateFilter (Maybe FilterAction) Source #

Specifies the action that is to be applied to the findings that match the filter.

createFilter_clientToken :: Lens' CreateFilter (Maybe Text) Source #

The idempotency token for the create request.

createFilter_description :: Lens' CreateFilter (Maybe Text) Source #

The description of the filter. Valid special characters include period (.), underscore (_), dash (-), and whitespace. The new line character is considered to be an invalid input for description.

createFilter_rank :: Lens' CreateFilter (Maybe Natural) Source #

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

createFilter_tags :: Lens' CreateFilter (Maybe (HashMap Text Text)) Source #

The tags to be added to a new filter resource.

createFilter_detectorId :: Lens' CreateFilter Text Source #

The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

createFilter_name :: Lens' CreateFilter Text Source #

The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.

createFilter_findingCriteria :: Lens' CreateFilter FindingCriteria Source #

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

  • accountId
  • region
  • confidence
  • id
  • resource.accessKeyDetails.accessKeyId
  • resource.accessKeyDetails.principalId
  • resource.accessKeyDetails.userName
  • resource.accessKeyDetails.userType
  • resource.instanceDetails.iamInstanceProfile.id
  • resource.instanceDetails.imageId
  • resource.instanceDetails.instanceId
  • resource.instanceDetails.outpostArn
  • resource.instanceDetails.networkInterfaces.ipv6Addresses
  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
  • resource.instanceDetails.networkInterfaces.publicDnsName
  • resource.instanceDetails.networkInterfaces.publicIp
  • resource.instanceDetails.networkInterfaces.securityGroups.groupId
  • resource.instanceDetails.networkInterfaces.securityGroups.groupName
  • resource.instanceDetails.networkInterfaces.subnetId
  • resource.instanceDetails.networkInterfaces.vpcId
  • resource.instanceDetails.tags.key
  • resource.instanceDetails.tags.value
  • resource.resourceType
  • service.action.actionType
  • service.action.awsApiCallAction.api
  • service.action.awsApiCallAction.callerType
  • service.action.awsApiCallAction.errorCode
  • service.action.awsApiCallAction.userAgent
  • service.action.awsApiCallAction.remoteIpDetails.city.cityName
  • service.action.awsApiCallAction.remoteIpDetails.country.countryName
  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
  • service.action.awsApiCallAction.remoteIpDetails.organization.asn
  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
  • service.action.awsApiCallAction.serviceName
  • service.action.dnsRequestAction.domain
  • service.action.networkConnectionAction.blocked
  • service.action.networkConnectionAction.connectionDirection
  • service.action.networkConnectionAction.localPortDetails.port
  • service.action.networkConnectionAction.protocol
  • service.action.networkConnectionAction.localIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.city.cityName
  • service.action.networkConnectionAction.remoteIpDetails.country.countryName
  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.organization.asn
  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
  • service.action.networkConnectionAction.remotePortDetails.port
  • service.additionalInfo.threatListName
  • resource.s3BucketDetails.publicAccess.effectivePermissions
  • resource.s3BucketDetails.name
  • resource.s3BucketDetails.tags.key
  • resource.s3BucketDetails.tags.value
  • resource.s3BucketDetails.type

  • service.archived

    When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole
  • severity
  • type

  • updatedAt

    Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

createFilterResponse_httpStatus :: Lens' CreateFilterResponse Int Source #

The response's http status code.

createFilterResponse_name :: Lens' CreateFilterResponse Text Source #

The name of the successfully created filter.

CreateIPSet

createIPSet_clientToken :: Lens' CreateIPSet (Maybe Text) Source #

The idempotency token for the create request.

createIPSet_tags :: Lens' CreateIPSet (Maybe (HashMap Text Text)) Source #

The tags to be added to a new IP set resource.

createIPSet_detectorId :: Lens' CreateIPSet Text Source #

The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.

createIPSet_name :: Lens' CreateIPSet Text Source #

The user-friendly name to identify the IPSet.

Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_).

createIPSet_format :: Lens' CreateIPSet IpSetFormat Source #

The format of the file that contains the IPSet.

createIPSet_location :: Lens' CreateIPSet Text Source #

The URI of the file that contains the IPSet.

createIPSet_activate :: Lens' CreateIPSet Bool Source #

A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

createIPSetResponse_httpStatus :: Lens' CreateIPSetResponse Int Source #

The response's http status code.

createIPSetResponse_ipSetId :: Lens' CreateIPSetResponse Text Source #

The ID of the IPSet resource.

CreateMembers

createMembers_detectorId :: Lens' CreateMembers Text Source #

The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.

createMembers_accountDetails :: Lens' CreateMembers (NonEmpty AccountDetail) Source #

A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.

createMembersResponse_httpStatus :: Lens' CreateMembersResponse Int Source #

The response's http status code.

createMembersResponse_unprocessedAccounts :: Lens' CreateMembersResponse [UnprocessedAccount] Source #

A list of objects that include the accountIds of the unprocessed accounts and a result string that explains why each was unprocessed.

CreatePublishingDestination

createPublishingDestination_clientToken :: Lens' CreatePublishingDestination (Maybe Text) Source #

The idempotency token for the request.

createPublishingDestination_detectorId :: Lens' CreatePublishingDestination Text Source #

The ID of the GuardDuty detector associated with the publishing destination.

createPublishingDestination_destinationType :: Lens' CreatePublishingDestination DestinationType Source #

The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.

createPublishingDestination_destinationProperties :: Lens' CreatePublishingDestination DestinationProperties Source #

The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.

createPublishingDestinationResponse_httpStatus :: Lens' CreatePublishingDestinationResponse Int Source #

The response's http status code.

createPublishingDestinationResponse_destinationId :: Lens' CreatePublishingDestinationResponse Text Source #

The ID of the publishing destination that is created.

CreateSampleFindings

createSampleFindings_findingTypes :: Lens' CreateSampleFindings (Maybe [Text]) Source #

The types of sample findings to generate.

createSampleFindings_detectorId :: Lens' CreateSampleFindings Text Source #

The ID of the detector to create sample findings for.

createSampleFindingsResponse_httpStatus :: Lens' CreateSampleFindingsResponse Int Source #

The response's http status code.

CreateThreatIntelSet

createThreatIntelSet_clientToken :: Lens' CreateThreatIntelSet (Maybe Text) Source #

The idempotency token for the create request.

createThreatIntelSet_tags :: Lens' CreateThreatIntelSet (Maybe (HashMap Text Text)) Source #

The tags to be added to a new threat list resource.

createThreatIntelSet_detectorId :: Lens' CreateThreatIntelSet Text Source #

The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.

createThreatIntelSet_name :: Lens' CreateThreatIntelSet Text Source #

A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

createThreatIntelSet_format :: Lens' CreateThreatIntelSet ThreatIntelSetFormat Source #

The format of the file that contains the ThreatIntelSet.

createThreatIntelSet_location :: Lens' CreateThreatIntelSet Text Source #

The URI of the file that contains the ThreatIntelSet.

createThreatIntelSet_activate :: Lens' CreateThreatIntelSet Bool Source #

A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

createThreatIntelSetResponse_httpStatus :: Lens' CreateThreatIntelSetResponse Int Source #

The response's http status code.

createThreatIntelSetResponse_threatIntelSetId :: Lens' CreateThreatIntelSetResponse Text Source #

The ID of the ThreatIntelSet resource.

DeclineInvitations

declineInvitations_accountIds :: Lens' DeclineInvitations (NonEmpty Text) Source #

A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to decline invitations from.

declineInvitationsResponse_httpStatus :: Lens' DeclineInvitationsResponse Int Source #

The response's http status code.

declineInvitationsResponse_unprocessedAccounts :: Lens' DeclineInvitationsResponse [UnprocessedAccount] Source #

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

DeleteDetector

deleteDetector_detectorId :: Lens' DeleteDetector Text Source #

The unique ID of the detector that you want to delete.

deleteDetectorResponse_httpStatus :: Lens' DeleteDetectorResponse Int Source #

The response's http status code.

DeleteFilter

deleteFilter_detectorId :: Lens' DeleteFilter Text Source #

The unique ID of the detector that the filter is associated with.

deleteFilter_filterName :: Lens' DeleteFilter Text Source #

The name of the filter that you want to delete.

deleteFilterResponse_httpStatus :: Lens' DeleteFilterResponse Int Source #

The response's http status code.

DeleteIPSet

deleteIPSet_detectorId :: Lens' DeleteIPSet Text Source #

The unique ID of the detector associated with the IPSet.

deleteIPSet_ipSetId :: Lens' DeleteIPSet Text Source #

The unique ID of the IPSet to delete.

deleteIPSetResponse_httpStatus :: Lens' DeleteIPSetResponse Int Source #

The response's http status code.

DeleteInvitations

deleteInvitations_accountIds :: Lens' DeleteInvitations (NonEmpty Text) Source #

A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to delete invitations from.

deleteInvitationsResponse_httpStatus :: Lens' DeleteInvitationsResponse Int Source #

The response's http status code.

deleteInvitationsResponse_unprocessedAccounts :: Lens' DeleteInvitationsResponse [UnprocessedAccount] Source #

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

DeleteMembers

deleteMembers_detectorId :: Lens' DeleteMembers Text Source #

The unique ID of the detector of the GuardDuty account whose members you want to delete.

deleteMembers_accountIds :: Lens' DeleteMembers (NonEmpty Text) Source #

A list of account IDs of the GuardDuty member accounts that you want to delete.

deleteMembersResponse_httpStatus :: Lens' DeleteMembersResponse Int Source #

The response's http status code.

deleteMembersResponse_unprocessedAccounts :: Lens' DeleteMembersResponse [UnprocessedAccount] Source #

The accounts that could not be processed.

DeletePublishingDestination

deletePublishingDestination_detectorId :: Lens' DeletePublishingDestination Text Source #

The unique ID of the detector associated with the publishing destination to delete.

deletePublishingDestination_destinationId :: Lens' DeletePublishingDestination Text Source #

The ID of the publishing destination to delete.

deletePublishingDestinationResponse_httpStatus :: Lens' DeletePublishingDestinationResponse Int Source #

The response's http status code.

DeleteThreatIntelSet

deleteThreatIntelSet_detectorId :: Lens' DeleteThreatIntelSet Text Source #

The unique ID of the detector that the threatIntelSet is associated with.

deleteThreatIntelSet_threatIntelSetId :: Lens' DeleteThreatIntelSet Text Source #

The unique ID of the threatIntelSet that you want to delete.

deleteThreatIntelSetResponse_httpStatus :: Lens' DeleteThreatIntelSetResponse Int Source #

The response's http status code.

DescribeMalwareScans

describeMalwareScans_filterCriteria :: Lens' DescribeMalwareScans (Maybe FilterCriteria) Source #

Represents the criteria to be used in the filter for describing scan entries.

describeMalwareScans_maxResults :: Lens' DescribeMalwareScans (Maybe Natural) Source #

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

describeMalwareScans_nextToken :: Lens' DescribeMalwareScans (Maybe Text) Source #

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

describeMalwareScans_sortCriteria :: Lens' DescribeMalwareScans (Maybe SortCriteria) Source #

Represents the criteria used for sorting scan entries.

describeMalwareScans_detectorId :: Lens' DescribeMalwareScans Text Source #

The unique ID of the detector that the request is associated with.

describeMalwareScansResponse_nextToken :: Lens' DescribeMalwareScansResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

describeMalwareScansResponse_httpStatus :: Lens' DescribeMalwareScansResponse Int Source #

The response's http status code.

describeMalwareScansResponse_scans :: Lens' DescribeMalwareScansResponse [Scan] Source #

Contains information about malware scans.

DescribeOrganizationConfiguration

describeOrganizationConfiguration_detectorId :: Lens' DescribeOrganizationConfiguration Text Source #

The ID of the detector to retrieve information about the delegated administrator from.

describeOrganizationConfigurationResponse_dataSources :: Lens' DescribeOrganizationConfigurationResponse (Maybe OrganizationDataSourceConfigurationsResult) Source #

Describes which data sources are enabled automatically for member accounts.

describeOrganizationConfigurationResponse_httpStatus :: Lens' DescribeOrganizationConfigurationResponse Int Source #

The response's http status code.

describeOrganizationConfigurationResponse_autoEnable :: Lens' DescribeOrganizationConfigurationResponse Bool Source #

Indicates whether GuardDuty is automatically enabled for accounts added to the organization.

describeOrganizationConfigurationResponse_memberAccountLimitReached :: Lens' DescribeOrganizationConfigurationResponse Bool Source #

Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator account for your organization.

DescribePublishingDestination

describePublishingDestination_detectorId :: Lens' DescribePublishingDestination Text Source #

The unique ID of the detector associated with the publishing destination to retrieve.

describePublishingDestination_destinationId :: Lens' DescribePublishingDestination Text Source #

The ID of the publishing destination to retrieve.

describePublishingDestinationResponse_httpStatus :: Lens' DescribePublishingDestinationResponse Int Source #

The response's http status code.

describePublishingDestinationResponse_destinationId :: Lens' DescribePublishingDestinationResponse Text Source #

The ID of the publishing destination.

describePublishingDestinationResponse_destinationType :: Lens' DescribePublishingDestinationResponse DestinationType Source #

The type of publishing destination. Currently, only Amazon S3 buckets are supported.

describePublishingDestinationResponse_status :: Lens' DescribePublishingDestinationResponse PublishingStatus Source #

The status of the publishing destination.

describePublishingDestinationResponse_publishingFailureStartTimestamp :: Lens' DescribePublishingDestinationResponse Integer Source #

The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.

describePublishingDestinationResponse_destinationProperties :: Lens' DescribePublishingDestinationResponse DestinationProperties Source #

A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

DisableOrganizationAdminAccount

disableOrganizationAdminAccount_adminAccountId :: Lens' DisableOrganizationAdminAccount Text Source #

The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.

disableOrganizationAdminAccountResponse_httpStatus :: Lens' DisableOrganizationAdminAccountResponse Int Source #

The response's http status code.

DisassociateFromAdministratorAccount

disassociateFromAdministratorAccount_detectorId :: Lens' DisassociateFromAdministratorAccount Text Source #

The unique ID of the detector of the GuardDuty member account.

disassociateFromAdministratorAccountResponse_httpStatus :: Lens' DisassociateFromAdministratorAccountResponse Int Source #

The response's http status code.

DisassociateMembers

disassociateMembers_detectorId :: Lens' DisassociateMembers Text Source #

The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.

disassociateMembers_accountIds :: Lens' DisassociateMembers (NonEmpty Text) Source #

A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.

disassociateMembersResponse_httpStatus :: Lens' DisassociateMembersResponse Int Source #

The response's http status code.

disassociateMembersResponse_unprocessedAccounts :: Lens' DisassociateMembersResponse [UnprocessedAccount] Source #

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

EnableOrganizationAdminAccount

enableOrganizationAdminAccount_adminAccountId :: Lens' EnableOrganizationAdminAccount Text Source #

The Amazon Web Services Account ID for the organization account to be enabled as a GuardDuty delegated administrator.

enableOrganizationAdminAccountResponse_httpStatus :: Lens' EnableOrganizationAdminAccountResponse Int Source #

The response's http status code.

GetAdministratorAccount

getAdministratorAccount_detectorId :: Lens' GetAdministratorAccount Text Source #

The unique ID of the detector of the GuardDuty member account.

getAdministratorAccountResponse_httpStatus :: Lens' GetAdministratorAccountResponse Int Source #

The response's http status code.

getAdministratorAccountResponse_administrator :: Lens' GetAdministratorAccountResponse Administrator Source #

The administrator account details.

GetDetector

getDetector_detectorId :: Lens' GetDetector Text Source #

The unique ID of the detector that you want to get.

getDetectorResponse_createdAt :: Lens' GetDetectorResponse (Maybe Text) Source #

The timestamp of when the detector was created.

getDetectorResponse_dataSources :: Lens' GetDetectorResponse (Maybe DataSourceConfigurationsResult) Source #

Describes which data sources are enabled for the detector.

getDetectorResponse_findingPublishingFrequency :: Lens' GetDetectorResponse (Maybe FindingPublishingFrequency) Source #

The publishing frequency of the finding.

getDetectorResponse_tags :: Lens' GetDetectorResponse (Maybe (HashMap Text Text)) Source #

The tags of the detector resource.

getDetectorResponse_updatedAt :: Lens' GetDetectorResponse (Maybe Text) Source #

The last-updated timestamp for the detector.

getDetectorResponse_httpStatus :: Lens' GetDetectorResponse Int Source #

The response's http status code.

getDetectorResponse_serviceRole :: Lens' GetDetectorResponse Text Source #

The GuardDuty service role.

getDetectorResponse_status :: Lens' GetDetectorResponse DetectorStatus Source #

The detector status.

GetFilter

getFilter_detectorId :: Lens' GetFilter Text Source #

The unique ID of the detector that the filter is associated with.

getFilter_filterName :: Lens' GetFilter Text Source #

The name of the filter you want to get.

getFilterResponse_description :: Lens' GetFilterResponse (Maybe Text) Source #

The description of the filter.

getFilterResponse_rank :: Lens' GetFilterResponse (Maybe Natural) Source #

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

getFilterResponse_tags :: Lens' GetFilterResponse (Maybe (HashMap Text Text)) Source #

The tags of the filter resource.

getFilterResponse_httpStatus :: Lens' GetFilterResponse Int Source #

The response's http status code.

getFilterResponse_name :: Lens' GetFilterResponse Text Source #

The name of the filter.

getFilterResponse_action :: Lens' GetFilterResponse FilterAction Source #

Specifies the action that is to be applied to the findings that match the filter.

getFilterResponse_findingCriteria :: Lens' GetFilterResponse FindingCriteria Source #

Represents the criteria to be used in the filter for querying findings.

GetFindings

getFindings_sortCriteria :: Lens' GetFindings (Maybe SortCriteria) Source #

Represents the criteria used for sorting findings.

getFindings_detectorId :: Lens' GetFindings Text Source #

The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.

getFindings_findingIds :: Lens' GetFindings [Text] Source #

The IDs of the findings that you want to retrieve.

getFindingsResponse_httpStatus :: Lens' GetFindingsResponse Int Source #

The response's http status code.

getFindingsResponse_findings :: Lens' GetFindingsResponse [Finding] Source #

A list of findings.

GetFindingsStatistics

getFindingsStatistics_findingCriteria :: Lens' GetFindingsStatistics (Maybe FindingCriteria) Source #

Represents the criteria that is used for querying findings.

getFindingsStatistics_detectorId :: Lens' GetFindingsStatistics Text Source #

The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.

getFindingsStatistics_findingStatisticTypes :: Lens' GetFindingsStatistics [FindingStatisticType] Source #

The types of finding statistics to retrieve.

getFindingsStatisticsResponse_httpStatus :: Lens' GetFindingsStatisticsResponse Int Source #

The response's http status code.

getFindingsStatisticsResponse_findingStatistics :: Lens' GetFindingsStatisticsResponse FindingStatistics Source #

The finding statistics object.

GetIPSet

getIPSet_detectorId :: Lens' GetIPSet Text Source #

The unique ID of the detector that the IPSet is associated with.

getIPSet_ipSetId :: Lens' GetIPSet Text Source #

The unique ID of the IPSet to retrieve.

getIPSetResponse_tags :: Lens' GetIPSetResponse (Maybe (HashMap Text Text)) Source #

The tags of the IPSet resource.

getIPSetResponse_httpStatus :: Lens' GetIPSetResponse Int Source #

The response's http status code.

getIPSetResponse_name :: Lens' GetIPSetResponse Text Source #

The user-friendly name for the IPSet.

getIPSetResponse_format :: Lens' GetIPSetResponse IpSetFormat Source #

The format of the file that contains the IPSet.

getIPSetResponse_location :: Lens' GetIPSetResponse Text Source #

The URI of the file that contains the IPSet.

getIPSetResponse_status :: Lens' GetIPSetResponse IpSetStatus Source #

The status of IPSet file that was uploaded.

GetInvitationsCount

getInvitationsCountResponse_invitationsCount :: Lens' GetInvitationsCountResponse (Maybe Int) Source #

The number of received invitations.

getInvitationsCountResponse_httpStatus :: Lens' GetInvitationsCountResponse Int Source #

The response's http status code.

GetMalwareScanSettings

getMalwareScanSettings_detectorId :: Lens' GetMalwareScanSettings Text Source #

The unique ID of the detector that the scan setting is associated with.

getMalwareScanSettingsResponse_ebsSnapshotPreservation :: Lens' GetMalwareScanSettingsResponse (Maybe EbsSnapshotPreservation) Source #

An enum value representing possible snapshot preservation settings.

getMalwareScanSettingsResponse_scanResourceCriteria :: Lens' GetMalwareScanSettingsResponse (Maybe ScanResourceCriteria) Source #

Represents the criteria to be used in the filter for scanning resources.

getMalwareScanSettingsResponse_httpStatus :: Lens' GetMalwareScanSettingsResponse Int Source #

The response's http status code.

GetMemberDetectors

getMemberDetectors_detectorId :: Lens' GetMemberDetectors Text Source #

The detector ID for the administrator account.

getMemberDetectors_accountIds :: Lens' GetMemberDetectors (NonEmpty Text) Source #

The account ID of the member account.

getMemberDetectorsResponse_httpStatus :: Lens' GetMemberDetectorsResponse Int Source #

The response's http status code.

getMemberDetectorsResponse_memberDataSourceConfigurations :: Lens' GetMemberDetectorsResponse (NonEmpty MemberDataSourceConfiguration) Source #

An object that describes which data sources are enabled for a member account.

getMemberDetectorsResponse_unprocessedAccounts :: Lens' GetMemberDetectorsResponse [UnprocessedAccount] Source #

A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.

GetMembers

getMembers_detectorId :: Lens' GetMembers Text Source #

The unique ID of the detector of the GuardDuty account whose members you want to retrieve.

getMembers_accountIds :: Lens' GetMembers (NonEmpty Text) Source #

A list of account IDs of the GuardDuty member accounts that you want to describe.

getMembersResponse_httpStatus :: Lens' GetMembersResponse Int Source #

The response's http status code.

getMembersResponse_members :: Lens' GetMembersResponse [Member] Source #

A list of members.

getMembersResponse_unprocessedAccounts :: Lens' GetMembersResponse [UnprocessedAccount] Source #

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

GetRemainingFreeTrialDays

getRemainingFreeTrialDays_accountIds :: Lens' GetRemainingFreeTrialDays (Maybe (NonEmpty Text)) Source #

A list of account identifiers of the GuardDuty member account.

getRemainingFreeTrialDays_detectorId :: Lens' GetRemainingFreeTrialDays Text Source #

The unique ID of the detector of the GuardDuty member account.

getRemainingFreeTrialDaysResponse_accounts :: Lens' GetRemainingFreeTrialDaysResponse (Maybe [AccountFreeTrialInfo]) Source #

The member accounts which were included in a request and were processed successfully.

getRemainingFreeTrialDaysResponse_unprocessedAccounts :: Lens' GetRemainingFreeTrialDaysResponse (Maybe [UnprocessedAccount]) Source #

The member account that was included in a request but for which the request could not be processed.

getRemainingFreeTrialDaysResponse_httpStatus :: Lens' GetRemainingFreeTrialDaysResponse Int Source #

The response's http status code.

GetThreatIntelSet

getThreatIntelSet_detectorId :: Lens' GetThreatIntelSet Text Source #

The unique ID of the detector that the threatIntelSet is associated with.

getThreatIntelSet_threatIntelSetId :: Lens' GetThreatIntelSet Text Source #

The unique ID of the threatIntelSet that you want to get.

getThreatIntelSetResponse_tags :: Lens' GetThreatIntelSetResponse (Maybe (HashMap Text Text)) Source #

The tags of the threat list resource.

getThreatIntelSetResponse_httpStatus :: Lens' GetThreatIntelSetResponse Int Source #

The response's http status code.

getThreatIntelSetResponse_name :: Lens' GetThreatIntelSetResponse Text Source #

A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

getThreatIntelSetResponse_format :: Lens' GetThreatIntelSetResponse ThreatIntelSetFormat Source #

The format of the threatIntelSet.

getThreatIntelSetResponse_location :: Lens' GetThreatIntelSetResponse Text Source #

The URI of the file that contains the ThreatIntelSet.

getThreatIntelSetResponse_status :: Lens' GetThreatIntelSetResponse ThreatIntelSetStatus Source #

The status of threatIntelSet file uploaded.

GetUsageStatistics

getUsageStatistics_maxResults :: Lens' GetUsageStatistics (Maybe Natural) Source #

The maximum number of results to return in the response.

getUsageStatistics_nextToken :: Lens' GetUsageStatistics (Maybe Text) Source #

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

getUsageStatistics_unit :: Lens' GetUsageStatistics (Maybe Text) Source #

The currency unit you would like to view your usage statistics in. Current valid values are USD.

getUsageStatistics_detectorId :: Lens' GetUsageStatistics Text Source #

The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.

getUsageStatistics_usageStatisticType :: Lens' GetUsageStatistics UsageStatisticType Source #

The type of usage statistics to retrieve.

getUsageStatistics_usageCriteria :: Lens' GetUsageStatistics UsageCriteria Source #

Represents the criteria used for querying usage.

getUsageStatisticsResponse_nextToken :: Lens' GetUsageStatisticsResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

getUsageStatisticsResponse_usageStatistics :: Lens' GetUsageStatisticsResponse (Maybe UsageStatistics) Source #

The usage statistics object. If a UsageStatisticType was provided, the objects representing other types will be null.

getUsageStatisticsResponse_httpStatus :: Lens' GetUsageStatisticsResponse Int Source #

The response's http status code.

InviteMembers

inviteMembers_disableEmailNotification :: Lens' InviteMembers (Maybe Bool) Source #

A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.

inviteMembers_message :: Lens' InviteMembers (Maybe Text) Source #

The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.

inviteMembers_detectorId :: Lens' InviteMembers Text Source #

The unique ID of the detector of the GuardDuty account that you want to invite members with.

inviteMembers_accountIds :: Lens' InviteMembers (NonEmpty Text) Source #

A list of account IDs of the accounts that you want to invite to GuardDuty as members.

inviteMembersResponse_httpStatus :: Lens' InviteMembersResponse Int Source #

The response's http status code.

inviteMembersResponse_unprocessedAccounts :: Lens' InviteMembersResponse [UnprocessedAccount] Source #

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

ListDetectors

listDetectors_maxResults :: Lens' ListDetectors (Maybe Natural) Source #

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

listDetectors_nextToken :: Lens' ListDetectors (Maybe Text) Source #

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

listDetectorsResponse_nextToken :: Lens' ListDetectorsResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

listDetectorsResponse_httpStatus :: Lens' ListDetectorsResponse Int Source #

The response's http status code.

listDetectorsResponse_detectorIds :: Lens' ListDetectorsResponse [Text] Source #

A list of detector IDs.

ListFilters

listFilters_maxResults :: Lens' ListFilters (Maybe Natural) Source #

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

listFilters_nextToken :: Lens' ListFilters (Maybe Text) Source #

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

listFilters_detectorId :: Lens' ListFilters Text Source #

The unique ID of the detector that the filter is associated with.

listFiltersResponse_nextToken :: Lens' ListFiltersResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

listFiltersResponse_httpStatus :: Lens' ListFiltersResponse Int Source #

The response's http status code.

listFiltersResponse_filterNames :: Lens' ListFiltersResponse [Text] Source #

A list of filter names.

ListFindings

listFindings_findingCriteria :: Lens' ListFindings (Maybe FindingCriteria) Source #

Represents the criteria used for querying findings. Valid values include:

  • JSON field name
  • accountId
  • region
  • confidence
  • id
  • resource.accessKeyDetails.accessKeyId
  • resource.accessKeyDetails.principalId
  • resource.accessKeyDetails.userName
  • resource.accessKeyDetails.userType
  • resource.instanceDetails.iamInstanceProfile.id
  • resource.instanceDetails.imageId
  • resource.instanceDetails.instanceId
  • resource.instanceDetails.networkInterfaces.ipv6Addresses
  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
  • resource.instanceDetails.networkInterfaces.publicDnsName
  • resource.instanceDetails.networkInterfaces.publicIp
  • resource.instanceDetails.networkInterfaces.securityGroups.groupId
  • resource.instanceDetails.networkInterfaces.securityGroups.groupName
  • resource.instanceDetails.networkInterfaces.subnetId
  • resource.instanceDetails.networkInterfaces.vpcId
  • resource.instanceDetails.tags.key
  • resource.instanceDetails.tags.value
  • resource.resourceType
  • service.action.actionType
  • service.action.awsApiCallAction.api
  • service.action.awsApiCallAction.callerType
  • service.action.awsApiCallAction.remoteIpDetails.city.cityName
  • service.action.awsApiCallAction.remoteIpDetails.country.countryName
  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
  • service.action.awsApiCallAction.remoteIpDetails.organization.asn
  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
  • service.action.awsApiCallAction.serviceName
  • service.action.dnsRequestAction.domain
  • service.action.networkConnectionAction.blocked
  • service.action.networkConnectionAction.connectionDirection
  • service.action.networkConnectionAction.localPortDetails.port
  • service.action.networkConnectionAction.protocol
  • service.action.networkConnectionAction.remoteIpDetails.country.countryName
  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
  • service.action.networkConnectionAction.remoteIpDetails.organization.asn
  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
  • service.action.networkConnectionAction.remotePortDetails.port
  • service.additionalInfo.threatListName

  • service.archived

    When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole
  • severity
  • type

  • updatedAt

    Type: Timestamp in Unix Epoch millisecond format: 1486685375000

listFindings_maxResults :: Lens' ListFindings (Maybe Natural) Source #

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

listFindings_nextToken :: Lens' ListFindings (Maybe Text) Source #

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

listFindings_sortCriteria :: Lens' ListFindings (Maybe SortCriteria) Source #

Represents the criteria used for sorting findings.

listFindings_detectorId :: Lens' ListFindings Text Source #

The ID of the detector that specifies the GuardDuty service whose findings you want to list.

listFindingsResponse_nextToken :: Lens' ListFindingsResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

listFindingsResponse_httpStatus :: Lens' ListFindingsResponse Int Source #

The response's http status code.

listFindingsResponse_findingIds :: Lens' ListFindingsResponse [Text] Source #

The IDs of the findings that you're listing.

ListIPSets

listIPSets_maxResults :: Lens' ListIPSets (Maybe Natural) Source #

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

listIPSets_nextToken :: Lens' ListIPSets (Maybe Text) Source #

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

listIPSets_detectorId :: Lens' ListIPSets Text Source #

The unique ID of the detector that the IPSet is associated with.

listIPSetsResponse_nextToken :: Lens' ListIPSetsResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

listIPSetsResponse_httpStatus :: Lens' ListIPSetsResponse Int Source #

The response's http status code.

listIPSetsResponse_ipSetIds :: Lens' ListIPSetsResponse [Text] Source #

The IDs of the IPSet resources.

ListInvitations

listInvitations_maxResults :: Lens' ListInvitations (Maybe Natural) Source #

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

listInvitations_nextToken :: Lens' ListInvitations (Maybe Text) Source #

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

listInvitationsResponse_invitations :: Lens' ListInvitationsResponse (Maybe [Invitation]) Source #

A list of invitation descriptions.

listInvitationsResponse_nextToken :: Lens' ListInvitationsResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

listInvitationsResponse_httpStatus :: Lens' ListInvitationsResponse Int Source #

The response's http status code.

ListMembers

listMembers_maxResults :: Lens' ListMembers (Maybe Natural) Source #

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

listMembers_nextToken :: Lens' ListMembers (Maybe Text) Source #

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

listMembers_onlyAssociated :: Lens' ListMembers (Maybe Text) Source #

Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated). Member accounts must have been previously associated with the GuardDuty administrator account using Create Members .

listMembers_detectorId :: Lens' ListMembers Text Source #

The unique ID of the detector the member is associated with.

listMembersResponse_members :: Lens' ListMembersResponse (Maybe [Member]) Source #

A list of members.

listMembersResponse_nextToken :: Lens' ListMembersResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

listMembersResponse_httpStatus :: Lens' ListMembersResponse Int Source #

The response's http status code.

ListOrganizationAdminAccounts

listOrganizationAdminAccounts_maxResults :: Lens' ListOrganizationAdminAccounts (Maybe Natural) Source #

The maximum number of results to return in the response.

listOrganizationAdminAccounts_nextToken :: Lens' ListOrganizationAdminAccounts (Maybe Text) Source #

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

listOrganizationAdminAccountsResponse_adminAccounts :: Lens' ListOrganizationAdminAccountsResponse (Maybe [AdminAccount]) Source #

A list of accounts configured as GuardDuty delegated administrators.

listOrganizationAdminAccountsResponse_nextToken :: Lens' ListOrganizationAdminAccountsResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

listOrganizationAdminAccountsResponse_httpStatus :: Lens' ListOrganizationAdminAccountsResponse Int Source #

The response's http status code.

ListPublishingDestinations

listPublishingDestinations_maxResults :: Lens' ListPublishingDestinations (Maybe Natural) Source #

The maximum number of results to return in the response.

listPublishingDestinations_nextToken :: Lens' ListPublishingDestinations (Maybe Text) Source #

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

listPublishingDestinations_detectorId :: Lens' ListPublishingDestinations Text Source #

The ID of the detector to retrieve publishing destinations for.

listPublishingDestinationsResponse_nextToken :: Lens' ListPublishingDestinationsResponse (Maybe Text) Source #

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

listPublishingDestinationsResponse_httpStatus :: Lens' ListPublishingDestinationsResponse Int Source #

The response's http status code.

listPublishingDestinationsResponse_destinations :: Lens' ListPublishingDestinationsResponse [Destination] Source #

A Destinations object that includes information about each publishing destination returned.

ListTagsForResource

listTagsForResource_resourceArn :: Lens' ListTagsForResource Text Source #

The Amazon Resource Name (ARN) for the given GuardDuty resource.

listTagsForResourceResponse_tags :: Lens' ListTagsForResourceResponse (Maybe (HashMap Text Text)) Source #

The tags associated with the resource.

listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int Source #

The response's http status code.

ListThreatIntelSets

listThreatIntelSets_maxResults :: Lens' ListThreatIntelSets (Maybe Natural) Source #

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

listThreatIntelSets_nextToken :: Lens' ListThreatIntelSets (Maybe Text) Source #

You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

listThreatIntelSets_detectorId :: Lens' ListThreatIntelSets Text Source #

The unique ID of the detector that the threatIntelSet is associated with.

listThreatIntelSetsResponse_nextToken :: Lens' ListThreatIntelSetsResponse (Maybe Text) Source #

The pagination parameter to be used on the next list operation to retrieve more items.

listThreatIntelSetsResponse_httpStatus :: Lens' ListThreatIntelSetsResponse Int Source #

The response's http status code.

listThreatIntelSetsResponse_threatIntelSetIds :: Lens' ListThreatIntelSetsResponse [Text] Source #

The IDs of the ThreatIntelSet resources.

StartMonitoringMembers

startMonitoringMembers_detectorId :: Lens' StartMonitoringMembers Text Source #

The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor.

startMonitoringMembers_accountIds :: Lens' StartMonitoringMembers (NonEmpty Text) Source #

A list of account IDs of the GuardDuty member accounts to start monitoring.

startMonitoringMembersResponse_httpStatus :: Lens' StartMonitoringMembersResponse Int Source #

The response's http status code.

startMonitoringMembersResponse_unprocessedAccounts :: Lens' StartMonitoringMembersResponse [UnprocessedAccount] Source #

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

StopMonitoringMembers

stopMonitoringMembers_detectorId :: Lens' StopMonitoringMembers Text Source #

The unique ID of the detector associated with the GuardDuty administrator account that is monitoring member accounts.

stopMonitoringMembers_accountIds :: Lens' StopMonitoringMembers (NonEmpty Text) Source #

A list of account IDs for the member accounts to stop monitoring.

stopMonitoringMembersResponse_httpStatus :: Lens' StopMonitoringMembersResponse Int Source #

The response's http status code.

stopMonitoringMembersResponse_unprocessedAccounts :: Lens' StopMonitoringMembersResponse [UnprocessedAccount] Source #

A list of objects that contain an accountId for each account that could not be processed, and a result string that indicates why the account was not processed.

TagResource

tagResource_resourceArn :: Lens' TagResource Text Source #

The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.

tagResource_tags :: Lens' TagResource (HashMap Text Text) Source #

The tags to be added to a resource.

tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int Source #

The response's http status code.

UnarchiveFindings

unarchiveFindings_detectorId :: Lens' UnarchiveFindings Text Source #

The ID of the detector associated with the findings to unarchive.

unarchiveFindings_findingIds :: Lens' UnarchiveFindings [Text] Source #

The IDs of the findings to unarchive.

unarchiveFindingsResponse_httpStatus :: Lens' UnarchiveFindingsResponse Int Source #

The response's http status code.

UntagResource

untagResource_resourceArn :: Lens' UntagResource Text Source #

The Amazon Resource Name (ARN) for the resource to remove tags from.

untagResource_tagKeys :: Lens' UntagResource (NonEmpty Text) Source #

The tag keys to remove from the resource.

untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int Source #

The response's http status code.

UpdateDetector

updateDetector_dataSources :: Lens' UpdateDetector (Maybe DataSourceConfigurations) Source #

Describes which data sources will be updated.

updateDetector_enable :: Lens' UpdateDetector (Maybe Bool) Source #

Specifies whether the detector is enabled or not enabled.

updateDetector_findingPublishingFrequency :: Lens' UpdateDetector (Maybe FindingPublishingFrequency) Source #

An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.

updateDetector_detectorId :: Lens' UpdateDetector Text Source #

The unique ID of the detector to update.

updateDetectorResponse_httpStatus :: Lens' UpdateDetectorResponse Int Source #

The response's http status code.

UpdateFilter

updateFilter_action :: Lens' UpdateFilter (Maybe FilterAction) Source #

Specifies the action that is to be applied to the findings that match the filter.

updateFilter_description :: Lens' UpdateFilter (Maybe Text) Source #

The description of the filter. Valid special characters include period (.), underscore (_), dash (-), and whitespace. The new line character is considered to be an invalid input for description.

updateFilter_findingCriteria :: Lens' UpdateFilter (Maybe FindingCriteria) Source #

Represents the criteria to be used in the filter for querying findings.

updateFilter_rank :: Lens' UpdateFilter (Maybe Natural) Source #

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

updateFilter_detectorId :: Lens' UpdateFilter Text Source #

The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.

updateFilter_filterName :: Lens' UpdateFilter Text Source #

The name of the filter.

updateFilterResponse_httpStatus :: Lens' UpdateFilterResponse Int Source #

The response's http status code.

updateFilterResponse_name :: Lens' UpdateFilterResponse Text Source #

The name of the filter.

UpdateFindingsFeedback

updateFindingsFeedback_comments :: Lens' UpdateFindingsFeedback (Maybe Text) Source #

Additional feedback about the GuardDuty findings.

updateFindingsFeedback_detectorId :: Lens' UpdateFindingsFeedback Text Source #

The ID of the detector associated with the findings to update feedback for.

updateFindingsFeedback_findingIds :: Lens' UpdateFindingsFeedback [Text] Source #

The IDs of the findings that you want to mark as useful or not useful.

updateFindingsFeedback_feedback :: Lens' UpdateFindingsFeedback Feedback Source #

The feedback for the finding.

updateFindingsFeedbackResponse_httpStatus :: Lens' UpdateFindingsFeedbackResponse Int Source #

The response's http status code.

UpdateIPSet

updateIPSet_activate :: Lens' UpdateIPSet (Maybe Bool) Source #

The updated Boolean value that specifies whether the IPSet is active or not.

updateIPSet_location :: Lens' UpdateIPSet (Maybe Text) Source #

The updated URI of the file that contains the IPSet.

updateIPSet_name :: Lens' UpdateIPSet (Maybe Text) Source #

The unique ID that specifies the IPSet that you want to update.

updateIPSet_detectorId :: Lens' UpdateIPSet Text Source #

The detectorID that specifies the GuardDuty service whose IPSet you want to update.

updateIPSet_ipSetId :: Lens' UpdateIPSet Text Source #

The unique ID that specifies the IPSet that you want to update.

updateIPSetResponse_httpStatus :: Lens' UpdateIPSetResponse Int Source #

The response's http status code.

UpdateMalwareScanSettings

updateMalwareScanSettings_ebsSnapshotPreservation :: Lens' UpdateMalwareScanSettings (Maybe EbsSnapshotPreservation) Source #

An enum value representing possible snapshot preservation settings.

updateMalwareScanSettings_scanResourceCriteria :: Lens' UpdateMalwareScanSettings (Maybe ScanResourceCriteria) Source #

Represents the criteria to be used in the filter for selecting resources to scan.

updateMalwareScanSettings_detectorId :: Lens' UpdateMalwareScanSettings Text Source #

The unique ID of the detector that specifies the GuardDuty service where you want to update scan settings.

updateMalwareScanSettingsResponse_httpStatus :: Lens' UpdateMalwareScanSettingsResponse Int Source #

The response's http status code.

UpdateMemberDetectors

updateMemberDetectors_dataSources :: Lens' UpdateMemberDetectors (Maybe DataSourceConfigurations) Source #

Describes which data sources will be updated.

updateMemberDetectors_detectorId :: Lens' UpdateMemberDetectors Text Source #

The detector ID of the administrator account.

updateMemberDetectors_accountIds :: Lens' UpdateMemberDetectors (NonEmpty Text) Source #

A list of member account IDs to be updated.

updateMemberDetectorsResponse_httpStatus :: Lens' UpdateMemberDetectorsResponse Int Source #

The response's http status code.

updateMemberDetectorsResponse_unprocessedAccounts :: Lens' UpdateMemberDetectorsResponse [UnprocessedAccount] Source #

A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.

UpdateOrganizationConfiguration

updateOrganizationConfiguration_dataSources :: Lens' UpdateOrganizationConfiguration (Maybe OrganizationDataSourceConfigurations) Source #

Describes which data sources will be updated.

updateOrganizationConfiguration_detectorId :: Lens' UpdateOrganizationConfiguration Text Source #

The ID of the detector to update the delegated administrator for.

updateOrganizationConfiguration_autoEnable :: Lens' UpdateOrganizationConfiguration Bool Source #

Indicates whether to automatically enable member accounts in the organization.

updateOrganizationConfigurationResponse_httpStatus :: Lens' UpdateOrganizationConfigurationResponse Int Source #

The response's http status code.

UpdatePublishingDestination

updatePublishingDestination_destinationProperties :: Lens' UpdatePublishingDestination (Maybe DestinationProperties) Source #

A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

updatePublishingDestination_detectorId :: Lens' UpdatePublishingDestination Text Source #

The ID of the detector associated with the publishing destinations to update.

updatePublishingDestination_destinationId :: Lens' UpdatePublishingDestination Text Source #

The ID of the publishing destination to update.

updatePublishingDestinationResponse_httpStatus :: Lens' UpdatePublishingDestinationResponse Int Source #

The response's http status code.

UpdateThreatIntelSet

updateThreatIntelSet_activate :: Lens' UpdateThreatIntelSet (Maybe Bool) Source #

The updated Boolean value that specifies whether the ThreateIntelSet is active or not.

updateThreatIntelSet_location :: Lens' UpdateThreatIntelSet (Maybe Text) Source #

The updated URI of the file that contains the ThreateIntelSet.

updateThreatIntelSet_name :: Lens' UpdateThreatIntelSet (Maybe Text) Source #

The unique ID that specifies the ThreatIntelSet that you want to update.

updateThreatIntelSet_detectorId :: Lens' UpdateThreatIntelSet Text Source #

The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.

updateThreatIntelSet_threatIntelSetId :: Lens' UpdateThreatIntelSet Text Source #

The unique ID that specifies the ThreatIntelSet that you want to update.

updateThreatIntelSetResponse_httpStatus :: Lens' UpdateThreatIntelSetResponse Int Source #

The response's http status code.

Types

AccessControlList

accessControlList_allowsPublicReadAccess :: Lens' AccessControlList (Maybe Bool) Source #

A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL).

accessControlList_allowsPublicWriteAccess :: Lens' AccessControlList (Maybe Bool) Source #

A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL).

AccessKeyDetails

accessKeyDetails_accessKeyId :: Lens' AccessKeyDetails (Maybe Text) Source #

The access key ID of the user.

accessKeyDetails_principalId :: Lens' AccessKeyDetails (Maybe Text) Source #

The principal ID of the user.

accessKeyDetails_userName :: Lens' AccessKeyDetails (Maybe Text) Source #

The name of the user.

accessKeyDetails_userType :: Lens' AccessKeyDetails (Maybe Text) Source #

The type of the user.

AccountDetail

accountDetail_accountId :: Lens' AccountDetail Text Source #

The member account ID.

accountDetail_email :: Lens' AccountDetail Text Source #

The email address of the member account.

AccountFreeTrialInfo

accountFreeTrialInfo_accountId :: Lens' AccountFreeTrialInfo (Maybe Text) Source #

The account identifier of the GuardDuty member account.

accountFreeTrialInfo_dataSources :: Lens' AccountFreeTrialInfo (Maybe DataSourcesFreeTrial) Source #

Describes the data source enabled for the GuardDuty member account.

AccountLevelPermissions

accountLevelPermissions_blockPublicAccess :: Lens' AccountLevelPermissions (Maybe BlockPublicAccess) Source #

Describes the S3 Block Public Access settings of the bucket's parent account.

Action

action_actionType :: Lens' Action (Maybe Text) Source #

The GuardDuty finding activity type.

action_awsApiCallAction :: Lens' Action (Maybe AwsApiCallAction) Source #

Information about the AWS_API_CALL action described in this finding.

action_dnsRequestAction :: Lens' Action (Maybe DnsRequestAction) Source #

Information about the DNS_REQUEST action described in this finding.

action_kubernetesApiCallAction :: Lens' Action (Maybe KubernetesApiCallAction) Source #

Information about the Kubernetes API call action described in this finding.

action_networkConnectionAction :: Lens' Action (Maybe NetworkConnectionAction) Source #

Information about the NETWORK_CONNECTION action described in this finding.

action_portProbeAction :: Lens' Action (Maybe PortProbeAction) Source #

Information about the PORT_PROBE action described in this finding.

AdminAccount

adminAccount_adminAccountId :: Lens' AdminAccount (Maybe Text) Source #

The Amazon Web Services account ID for the account.

adminAccount_adminStatus :: Lens' AdminAccount (Maybe AdminStatus) Source #

Indicates whether the account is enabled as the delegated administrator.

Administrator

administrator_accountId :: Lens' Administrator (Maybe Text) Source #

The ID of the account used as the administrator account.

administrator_invitationId :: Lens' Administrator (Maybe Text) Source #

The value that is used to validate the administrator account to the member account.

administrator_invitedAt :: Lens' Administrator (Maybe Text) Source #

The timestamp when the invitation was sent.

administrator_relationshipStatus :: Lens' Administrator (Maybe Text) Source #

The status of the relationship between the administrator and member accounts.

AwsApiCallAction

awsApiCallAction_affectedResources :: Lens' AwsApiCallAction (Maybe (HashMap Text Text)) Source #

The details of the Amazon Web Services account that made the API call. This field identifies the resources that were affected by this API call.

awsApiCallAction_api :: Lens' AwsApiCallAction (Maybe Text) Source #

The Amazon Web Services API name.

awsApiCallAction_callerType :: Lens' AwsApiCallAction (Maybe Text) Source #

The Amazon Web Services API caller type.

awsApiCallAction_domainDetails :: Lens' AwsApiCallAction (Maybe DomainDetails) Source #

The domain information for the Amazon Web Services API call.

awsApiCallAction_errorCode :: Lens' AwsApiCallAction (Maybe Text) Source #

The error code of the failed Amazon Web Services API action.

awsApiCallAction_remoteAccountDetails :: Lens' AwsApiCallAction (Maybe RemoteAccountDetails) Source #

The details of the Amazon Web Services account that made the API call. This field appears if the call was made from outside your account.

awsApiCallAction_remoteIpDetails :: Lens' AwsApiCallAction (Maybe RemoteIpDetails) Source #

The remote IP information of the connection that initiated the Amazon Web Services API call.

awsApiCallAction_serviceName :: Lens' AwsApiCallAction (Maybe Text) Source #

The Amazon Web Services service name whose API was invoked.

awsApiCallAction_userAgent :: Lens' AwsApiCallAction (Maybe Text) Source #

The agent through which the API request was made.

BlockPublicAccess

blockPublicAccess_blockPublicAcls :: Lens' BlockPublicAccess (Maybe Bool) Source #

Indicates if S3 Block Public Access is set to BlockPublicAcls.

blockPublicAccess_blockPublicPolicy :: Lens' BlockPublicAccess (Maybe Bool) Source #

Indicates if S3 Block Public Access is set to BlockPublicPolicy.

blockPublicAccess_ignorePublicAcls :: Lens' BlockPublicAccess (Maybe Bool) Source #

Indicates if S3 Block Public Access is set to IgnorePublicAcls.

blockPublicAccess_restrictPublicBuckets :: Lens' BlockPublicAccess (Maybe Bool) Source #

Indicates if S3 Block Public Access is set to RestrictPublicBuckets.

BucketLevelPermissions

bucketLevelPermissions_accessControlList :: Lens' BucketLevelPermissions (Maybe AccessControlList) Source #

Contains information on how Access Control Policies are applied to the bucket.

bucketLevelPermissions_blockPublicAccess :: Lens' BucketLevelPermissions (Maybe BlockPublicAccess) Source #

Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket.

bucketLevelPermissions_bucketPolicy :: Lens' BucketLevelPermissions (Maybe BucketPolicy) Source #

Contains information on the bucket policies for the S3 bucket.

BucketPolicy

bucketPolicy_allowsPublicReadAccess :: Lens' BucketPolicy (Maybe Bool) Source #

A value that indicates whether public read access for the bucket is enabled through a bucket policy.

bucketPolicy_allowsPublicWriteAccess :: Lens' BucketPolicy (Maybe Bool) Source #

A value that indicates whether public write access for the bucket is enabled through a bucket policy.

City

city_cityName :: Lens' City (Maybe Text) Source #

The city name of the remote IP address.

CloudTrailConfigurationResult

cloudTrailConfigurationResult_status :: Lens' CloudTrailConfigurationResult DataSourceStatus Source #

Describes whether CloudTrail is enabled as a data source for the detector.

Condition

condition_eq :: Lens' Condition (Maybe [Text]) Source #

Represents the equal condition to be applied to a single field when querying for findings.

condition_equals :: Lens' Condition (Maybe [Text]) Source #

Represents an equal ____ condition to be applied to a single field when querying for findings.

condition_greaterThan :: Lens' Condition (Maybe Integer) Source #

Represents a greater than condition to be applied to a single field when querying for findings.

condition_greaterThanOrEqual :: Lens' Condition (Maybe Integer) Source #

Represents a greater than or equal condition to be applied to a single field when querying for findings.

condition_gt :: Lens' Condition (Maybe Int) Source #

Represents a greater than condition to be applied to a single field when querying for findings.

condition_gte :: Lens' Condition (Maybe Int) Source #

Represents a greater than or equal condition to be applied to a single field when querying for findings.

condition_lessThan :: Lens' Condition (Maybe Integer) Source #

Represents a less than condition to be applied to a single field when querying for findings.

condition_lessThanOrEqual :: Lens' Condition (Maybe Integer) Source #

Represents a less than or equal condition to be applied to a single field when querying for findings.

condition_lt :: Lens' Condition (Maybe Int) Source #

Represents a less than condition to be applied to a single field when querying for findings.

condition_lte :: Lens' Condition (Maybe Int) Source #

Represents a less than or equal condition to be applied to a single field when querying for findings.

condition_neq :: Lens' Condition (Maybe [Text]) Source #

Represents the not equal condition to be applied to a single field when querying for findings.

condition_notEquals :: Lens' Condition (Maybe [Text]) Source #

Represents a not equal ____ condition to be applied to a single field when querying for findings.

Container

container_containerRuntime :: Lens' Container (Maybe Text) Source #

The container runtime (such as, Docker or containerd) used to run the container.

container_id :: Lens' Container (Maybe Text) Source #

Container ID.

container_image :: Lens' Container (Maybe Text) Source #

Container image.

container_imagePrefix :: Lens' Container (Maybe Text) Source #

Part of the image name before the last slash. For example, imagePrefix for public.ecr.aws/amazonlinux/amazonlinux:latest would be public.ecr.aws/amazonlinux. If the image name is relative and does not have a slash, this field is empty.

container_name :: Lens' Container (Maybe Text) Source #

Container name.

container_securityContext :: Lens' Container (Maybe SecurityContext) Source #

Container security context.

container_volumeMounts :: Lens' Container (Maybe [VolumeMount]) Source #

Container volume mounts.

Country

country_countryCode :: Lens' Country (Maybe Text) Source #

The country code of the remote IP address.

country_countryName :: Lens' Country (Maybe Text) Source #

The country name of the remote IP address.

DNSLogsConfigurationResult

dNSLogsConfigurationResult_status :: Lens' DNSLogsConfigurationResult DataSourceStatus Source #

Denotes whether DNS logs is enabled as a data source.

DataSourceConfigurations

dataSourceConfigurations_kubernetes :: Lens' DataSourceConfigurations (Maybe KubernetesConfiguration) Source #

Describes whether any Kubernetes logs are enabled as data sources.

dataSourceConfigurations_malwareProtection :: Lens' DataSourceConfigurations (Maybe MalwareProtectionConfiguration) Source #

Describes whether Malware Protection is enabled as a data source.

dataSourceConfigurations_s3Logs :: Lens' DataSourceConfigurations (Maybe S3LogsConfiguration) Source #

Describes whether S3 data event logs are enabled as a data source.

DataSourceConfigurationsResult

dataSourceConfigurationsResult_kubernetes :: Lens' DataSourceConfigurationsResult (Maybe KubernetesConfigurationResult) Source #

An object that contains information on the status of all Kubernetes data sources.

dataSourceConfigurationsResult_malwareProtection :: Lens' DataSourceConfigurationsResult (Maybe MalwareProtectionConfigurationResult) Source #

Describes the configuration of Malware Protection data sources.

dataSourceConfigurationsResult_cloudTrail :: Lens' DataSourceConfigurationsResult CloudTrailConfigurationResult Source #

An object that contains information on the status of CloudTrail as a data source.

dataSourceConfigurationsResult_dNSLogs :: Lens' DataSourceConfigurationsResult DNSLogsConfigurationResult Source #

An object that contains information on the status of DNS logs as a data source.

dataSourceConfigurationsResult_flowLogs :: Lens' DataSourceConfigurationsResult FlowLogsConfigurationResult Source #

An object that contains information on the status of VPC flow logs as a data source.

dataSourceConfigurationsResult_s3Logs :: Lens' DataSourceConfigurationsResult S3LogsConfigurationResult Source #

An object that contains information on the status of S3 Data event logs as a data source.

DataSourceFreeTrial

dataSourceFreeTrial_freeTrialDaysRemaining :: Lens' DataSourceFreeTrial (Maybe Int) Source #

A value that specifies the number of days left to use each enabled data source.

DataSourcesFreeTrial

dataSourcesFreeTrial_cloudTrail :: Lens' DataSourcesFreeTrial (Maybe DataSourceFreeTrial) Source #

Describes whether any Amazon Web Services CloudTrail management event logs are enabled as data sources.

dataSourcesFreeTrial_dnsLogs :: Lens' DataSourcesFreeTrial (Maybe DataSourceFreeTrial) Source #

Describes whether any DNS logs are enabled as data sources.

dataSourcesFreeTrial_flowLogs :: Lens' DataSourcesFreeTrial (Maybe DataSourceFreeTrial) Source #

Describes whether any VPC Flow logs are enabled as data sources.

dataSourcesFreeTrial_kubernetes :: Lens' DataSourcesFreeTrial (Maybe KubernetesDataSourceFreeTrial) Source #

Describes whether any Kubernetes logs are enabled as data sources.

dataSourcesFreeTrial_malwareProtection :: Lens' DataSourcesFreeTrial (Maybe MalwareProtectionDataSourceFreeTrial) Source #

Describes whether Malware Protection is enabled as a data source.

dataSourcesFreeTrial_s3Logs :: Lens' DataSourcesFreeTrial (Maybe DataSourceFreeTrial) Source #

Describes whether any S3 data event logs are enabled as data sources.

DefaultServerSideEncryption

defaultServerSideEncryption_encryptionType :: Lens' DefaultServerSideEncryption (Maybe Text) Source #

The type of encryption used for objects within the S3 bucket.

defaultServerSideEncryption_kmsMasterKeyArn :: Lens' DefaultServerSideEncryption (Maybe Text) Source #

The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the bucket EncryptionType is aws:kms.

Destination

destination_destinationId :: Lens' Destination Text Source #

The unique ID of the publishing destination.

destination_destinationType :: Lens' Destination DestinationType Source #

The type of resource used for the publishing destination. Currently, only Amazon S3 buckets are supported.

destination_status :: Lens' Destination PublishingStatus Source #

The status of the publishing destination.

DestinationProperties

destinationProperties_destinationArn :: Lens' DestinationProperties (Maybe Text) Source #

The ARN of the resource to publish to.

To specify an S3 bucket folder use the following format: arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/

destinationProperties_kmsKeyArn :: Lens' DestinationProperties (Maybe Text) Source #

The ARN of the KMS key to use for encryption.

DnsRequestAction

dnsRequestAction_blocked :: Lens' DnsRequestAction (Maybe Bool) Source #

Indicates whether the targeted port is blocked.

dnsRequestAction_domain :: Lens' DnsRequestAction (Maybe Text) Source #

The domain information for the API request.

dnsRequestAction_protocol :: Lens' DnsRequestAction (Maybe Text) Source #

The network connection protocol observed in the activity that prompted GuardDuty to generate the finding.

DomainDetails

domainDetails_domain :: Lens' DomainDetails (Maybe Text) Source #

The domain information for the Amazon Web Services API call.

EbsVolumeDetails

ebsVolumeDetails_scannedVolumeDetails :: Lens' EbsVolumeDetails (Maybe [VolumeDetail]) Source #

List of EBS volumes that were scanned.

ebsVolumeDetails_skippedVolumeDetails :: Lens' EbsVolumeDetails (Maybe [VolumeDetail]) Source #

List of EBS volumes that were skipped from the malware scan.

EbsVolumeScanDetails

ebsVolumeScanDetails_scanCompletedAt :: Lens' EbsVolumeScanDetails (Maybe UTCTime) Source #

Returns the completion date and time of the malware scan.

ebsVolumeScanDetails_scanDetections :: Lens' EbsVolumeScanDetails (Maybe ScanDetections) Source #

Contains a complete view providing malware scan result details.

ebsVolumeScanDetails_scanId :: Lens' EbsVolumeScanDetails (Maybe Text) Source #

Unique Id of the malware scan that generated the finding.

ebsVolumeScanDetails_scanStartedAt :: Lens' EbsVolumeScanDetails (Maybe UTCTime) Source #

Returns the start date and time of the malware scan.

ebsVolumeScanDetails_sources :: Lens' EbsVolumeScanDetails (Maybe [Text]) Source #

Contains list of threat intelligence sources used to detect threats.

ebsVolumeScanDetails_triggerFindingId :: Lens' EbsVolumeScanDetails (Maybe Text) Source #

GuardDuty finding ID that triggered a malware scan.

EbsVolumesResult

ebsVolumesResult_reason :: Lens' EbsVolumesResult (Maybe Text) Source #

Specifies the reason why scanning EBS volumes (Malware Protection) was not enabled as a data source.

ebsVolumesResult_status :: Lens' EbsVolumesResult (Maybe DataSourceStatus) Source #

Describes whether scanning EBS volumes is enabled as a data source.

EcsClusterDetails

ecsClusterDetails_activeServicesCount :: Lens' EcsClusterDetails (Maybe Int) Source #

The number of services that are running on the cluster in an ACTIVE state.

ecsClusterDetails_arn :: Lens' EcsClusterDetails (Maybe Text) Source #

The Amazon Resource Name (ARN) that identifies the cluster.

ecsClusterDetails_name :: Lens' EcsClusterDetails (Maybe Text) Source #

The name of the ECS Cluster.

ecsClusterDetails_registeredContainerInstancesCount :: Lens' EcsClusterDetails (Maybe Int) Source #

The number of container instances registered into the cluster.

ecsClusterDetails_runningTasksCount :: Lens' EcsClusterDetails (Maybe Int) Source #

The number of tasks in the cluster that are in the RUNNING state.

ecsClusterDetails_status :: Lens' EcsClusterDetails (Maybe Text) Source #

The status of the ECS cluster.

ecsClusterDetails_tags :: Lens' EcsClusterDetails (Maybe [Tag]) Source #

The tags of the ECS Cluster.

ecsClusterDetails_taskDetails :: Lens' EcsClusterDetails (Maybe EcsTaskDetails) Source #

Contains information about the details of the ECS Task.

EcsTaskDetails

ecsTaskDetails_arn :: Lens' EcsTaskDetails (Maybe Text) Source #

The Amazon Resource Name (ARN) of the task.

ecsTaskDetails_containers :: Lens' EcsTaskDetails (Maybe [Container]) Source #

The containers that's associated with the task.

ecsTaskDetails_definitionArn :: Lens' EcsTaskDetails (Maybe Text) Source #

The ARN of the task definition that creates the task.

ecsTaskDetails_group :: Lens' EcsTaskDetails (Maybe Text) Source #

The name of the task group that's associated with the task.

ecsTaskDetails_startedAt :: Lens' EcsTaskDetails (Maybe UTCTime) Source #

The Unix timestamp for the time when the task started.

ecsTaskDetails_startedBy :: Lens' EcsTaskDetails (Maybe Text) Source #

Contains the tag specified when a task is started.

ecsTaskDetails_tags :: Lens' EcsTaskDetails (Maybe [Tag]) Source #

The tags of the ECS Task.

ecsTaskDetails_taskCreatedAt :: Lens' EcsTaskDetails (Maybe UTCTime) Source #

The Unix timestamp for the time when the task was created.

ecsTaskDetails_version :: Lens' EcsTaskDetails (Maybe Text) Source #

The version counter for the task.

ecsTaskDetails_volumes :: Lens' EcsTaskDetails (Maybe [Volume]) Source #

The list of data volume definitions for the task.

EksClusterDetails

eksClusterDetails_arn :: Lens' EksClusterDetails (Maybe Text) Source #

EKS cluster ARN.

eksClusterDetails_createdAt :: Lens' EksClusterDetails (Maybe UTCTime) Source #

The timestamp when the EKS cluster was created.

eksClusterDetails_name :: Lens' EksClusterDetails (Maybe Text) Source #

EKS cluster name.

eksClusterDetails_status :: Lens' EksClusterDetails (Maybe Text) Source #

The EKS cluster status.

eksClusterDetails_tags :: Lens' EksClusterDetails (Maybe [Tag]) Source #

The EKS cluster tags.

eksClusterDetails_vpcId :: Lens' EksClusterDetails (Maybe Text) Source #

The VPC ID to which the EKS cluster is attached.

Evidence

evidence_threatIntelligenceDetails :: Lens' Evidence (Maybe [ThreatIntelligenceDetail]) Source #

A list of threat intelligence details related to the evidence.

FilterCondition

filterCondition_equalsValue :: Lens' FilterCondition (Maybe Text) Source #

Represents an equal ____ condition to be applied to a single field when querying for scan entries.

filterCondition_greaterThan :: Lens' FilterCondition (Maybe Integer) Source #

Represents a greater than condition to be applied to a single field when querying for scan entries.

filterCondition_lessThan :: Lens' FilterCondition (Maybe Integer) Source #

Represents a less than condition to be applied to a single field when querying for scan entries.

FilterCriteria

filterCriteria_filterCriterion :: Lens' FilterCriteria (Maybe [FilterCriterion]) Source #

Represents a condition that when matched will be added to the response of the operation.

FilterCriterion

filterCriterion_criterionKey :: Lens' FilterCriterion (Maybe CriterionKey) Source #

An enum value representing possible scan properties to match with given scan entries.

filterCriterion_filterCondition :: Lens' FilterCriterion (Maybe FilterCondition) Source #

Contains information about the condition.

Finding

finding_confidence :: Lens' Finding (Maybe Double) Source #

The confidence score for the finding.

finding_description :: Lens' Finding (Maybe Text) Source #

The description of the finding.

finding_partition :: Lens' Finding (Maybe Text) Source #

The partition associated with the finding.

finding_service :: Lens' Finding (Maybe ServiceInfo) Source #

Undocumented member.

finding_title :: Lens' Finding (Maybe Text) Source #

The title of the finding.

finding_accountId :: Lens' Finding Text Source #

The ID of the account in which the finding was generated.

finding_arn :: Lens' Finding Text Source #

The ARN of the finding.

finding_createdAt :: Lens' Finding Text Source #

The time and date when the finding was created.

finding_id :: Lens' Finding Text Source #

The ID of the finding.

finding_region :: Lens' Finding Text Source #

The Region where the finding was generated.

finding_resource :: Lens' Finding Resource Source #

Undocumented member.

finding_schemaVersion :: Lens' Finding Text Source #

The version of the schema used for the finding.

finding_severity :: Lens' Finding Double Source #

The severity of the finding.

finding_type :: Lens' Finding Text Source #

The type of finding.

finding_updatedAt :: Lens' Finding Text Source #

The time and date when the finding was last updated.

FindingCriteria

findingCriteria_criterion :: Lens' FindingCriteria (Maybe (HashMap Text Condition)) Source #

Represents a map of finding properties that match specified conditions and values when querying findings.

FindingStatistics

findingStatistics_countBySeverity :: Lens' FindingStatistics (Maybe (HashMap Text Int)) Source #

Represents a map of severity to count statistics for a set of findings.

FlowLogsConfigurationResult

flowLogsConfigurationResult_status :: Lens' FlowLogsConfigurationResult DataSourceStatus Source #

Denotes whether VPC flow logs is enabled as a data source.

GeoLocation

geoLocation_lat :: Lens' GeoLocation (Maybe Double) Source #

The latitude information of the remote IP address.

geoLocation_lon :: Lens' GeoLocation (Maybe Double) Source #

The longitude information of the remote IP address.

HighestSeverityThreatDetails

highestSeverityThreatDetails_count :: Lens' HighestSeverityThreatDetails (Maybe Int) Source #

Total number of infected files with the highest severity threat detected.

highestSeverityThreatDetails_severity :: Lens' HighestSeverityThreatDetails (Maybe Text) Source #

Severity level of the highest severity threat detected.

highestSeverityThreatDetails_threatName :: Lens' HighestSeverityThreatDetails (Maybe Text) Source #

Threat name of the highest severity threat detected as part of the malware scan.

HostPath

hostPath_path :: Lens' HostPath (Maybe Text) Source #

Path of the file or directory on the host that the volume maps to.

IamInstanceProfile

iamInstanceProfile_arn :: Lens' IamInstanceProfile (Maybe Text) Source #

The profile ARN of the EC2 instance.

iamInstanceProfile_id :: Lens' IamInstanceProfile (Maybe Text) Source #

The profile ID of the EC2 instance.

InstanceDetails

instanceDetails_availabilityZone :: Lens' InstanceDetails (Maybe Text) Source #

The Availability Zone of the EC2 instance.

instanceDetails_iamInstanceProfile :: Lens' InstanceDetails (Maybe IamInstanceProfile) Source #

The profile information of the EC2 instance.

instanceDetails_imageDescription :: Lens' InstanceDetails (Maybe Text) Source #

The image description of the EC2 instance.

instanceDetails_imageId :: Lens' InstanceDetails (Maybe Text) Source #

The image ID of the EC2 instance.

instanceDetails_instanceId :: Lens' InstanceDetails (Maybe Text) Source #

The ID of the EC2 instance.

instanceDetails_instanceState :: Lens' InstanceDetails (Maybe Text) Source #

The state of the EC2 instance.

instanceDetails_instanceType :: Lens' InstanceDetails (Maybe Text) Source #

The type of the EC2 instance.

instanceDetails_launchTime :: Lens' InstanceDetails (Maybe Text) Source #

The launch time of the EC2 instance.

instanceDetails_networkInterfaces :: Lens' InstanceDetails (Maybe [NetworkInterface]) Source #

The elastic network interface information of the EC2 instance.

instanceDetails_outpostArn :: Lens' InstanceDetails (Maybe Text) Source #

The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only applicable to Amazon Web Services Outposts instances.

instanceDetails_platform :: Lens' InstanceDetails (Maybe Text) Source #

The platform of the EC2 instance.

instanceDetails_productCodes :: Lens' InstanceDetails (Maybe [ProductCode]) Source #

The product code of the EC2 instance.

instanceDetails_tags :: Lens' InstanceDetails (Maybe [Tag]) Source #

The tags of the EC2 instance.

Invitation

invitation_accountId :: Lens' Invitation (Maybe Text) Source #

The ID of the account that the invitation was sent from.

invitation_invitationId :: Lens' Invitation (Maybe Text) Source #

The ID of the invitation. This value is used to validate the inviter account to the member account.

invitation_invitedAt :: Lens' Invitation (Maybe Text) Source #

The timestamp when the invitation was sent.

invitation_relationshipStatus :: Lens' Invitation (Maybe Text) Source #

The status of the relationship between the inviter and invitee accounts.

KubernetesApiCallAction

kubernetesApiCallAction_parameters :: Lens' KubernetesApiCallAction (Maybe Text) Source #

Parameters related to the Kubernetes API call action.

kubernetesApiCallAction_remoteIpDetails :: Lens' KubernetesApiCallAction (Maybe RemoteIpDetails) Source #

Undocumented member.

kubernetesApiCallAction_requestUri :: Lens' KubernetesApiCallAction (Maybe Text) Source #

The Kubernetes API request URI.

kubernetesApiCallAction_sourceIps :: Lens' KubernetesApiCallAction (Maybe [Text]) Source #

The IP of the Kubernetes API caller and the IPs of any proxies or load balancers between the caller and the API endpoint.

kubernetesApiCallAction_statusCode :: Lens' KubernetesApiCallAction (Maybe Int) Source #

The resulting HTTP response code of the Kubernetes API call action.

kubernetesApiCallAction_userAgent :: Lens' KubernetesApiCallAction (Maybe Text) Source #

The user agent of the caller of the Kubernetes API.

kubernetesApiCallAction_verb :: Lens' KubernetesApiCallAction (Maybe Text) Source #

The Kubernetes API request HTTP verb.

KubernetesAuditLogsConfiguration

kubernetesAuditLogsConfiguration_enable :: Lens' KubernetesAuditLogsConfiguration Bool Source #

The status of Kubernetes audit logs as a data source.

KubernetesAuditLogsConfigurationResult

kubernetesAuditLogsConfigurationResult_status :: Lens' KubernetesAuditLogsConfigurationResult DataSourceStatus Source #

A value that describes whether Kubernetes audit logs are enabled as a data source.

KubernetesConfiguration

kubernetesConfiguration_auditLogs :: Lens' KubernetesConfiguration KubernetesAuditLogsConfiguration Source #

The status of Kubernetes audit logs as a data source.

KubernetesConfigurationResult

kubernetesConfigurationResult_auditLogs :: Lens' KubernetesConfigurationResult KubernetesAuditLogsConfigurationResult Source #

Describes whether Kubernetes audit logs are enabled as a data source.

KubernetesDataSourceFreeTrial

kubernetesDataSourceFreeTrial_auditLogs :: Lens' KubernetesDataSourceFreeTrial (Maybe DataSourceFreeTrial) Source #

Describes whether Kubernetes audit logs are enabled as a data source.

KubernetesDetails

kubernetesDetails_kubernetesUserDetails :: Lens' KubernetesDetails (Maybe KubernetesUserDetails) Source #

Details about the Kubernetes user involved in a Kubernetes finding.

kubernetesDetails_kubernetesWorkloadDetails :: Lens' KubernetesDetails (Maybe KubernetesWorkloadDetails) Source #

Details about the Kubernetes workload involved in a Kubernetes finding.

KubernetesUserDetails

kubernetesUserDetails_groups :: Lens' KubernetesUserDetails (Maybe [Text]) Source #

The groups that include the user who called the Kubernetes API.

kubernetesUserDetails_uid :: Lens' KubernetesUserDetails (Maybe Text) Source #

The user ID of the user who called the Kubernetes API.

kubernetesUserDetails_username :: Lens' KubernetesUserDetails (Maybe Text) Source #

The username of the user who called the Kubernetes API.

KubernetesWorkloadDetails

kubernetesWorkloadDetails_containers :: Lens' KubernetesWorkloadDetails (Maybe [Container]) Source #

Containers running as part of the Kubernetes workload.

kubernetesWorkloadDetails_hostNetwork :: Lens' KubernetesWorkloadDetails (Maybe Bool) Source #

Whether the hostNetwork flag is enabled for the pods included in the workload.

kubernetesWorkloadDetails_name :: Lens' KubernetesWorkloadDetails (Maybe Text) Source #

Kubernetes workload name.

kubernetesWorkloadDetails_namespace :: Lens' KubernetesWorkloadDetails (Maybe Text) Source #

Kubernetes namespace that the workload is part of.

kubernetesWorkloadDetails_type :: Lens' KubernetesWorkloadDetails (Maybe Text) Source #

Kubernetes workload type (e.g. Pod, Deployment, etc.).

kubernetesWorkloadDetails_uid :: Lens' KubernetesWorkloadDetails (Maybe Text) Source #

Kubernetes workload ID.

kubernetesWorkloadDetails_volumes :: Lens' KubernetesWorkloadDetails (Maybe [Volume]) Source #

Volumes used by the Kubernetes workload.

LocalIpDetails

localIpDetails_ipAddressV4 :: Lens' LocalIpDetails (Maybe Text) Source #

The IPv4 local address of the connection.

LocalPortDetails

localPortDetails_port :: Lens' LocalPortDetails (Maybe Int) Source #

The port number of the local connection.

localPortDetails_portName :: Lens' LocalPortDetails (Maybe Text) Source #

The port name of the local connection.

MalwareProtectionConfiguration

malwareProtectionConfiguration_scanEc2InstanceWithFindings :: Lens' MalwareProtectionConfiguration (Maybe ScanEc2InstanceWithFindings) Source #

Describes the configuration of Malware Protection for EC2 instances with findings.

MalwareProtectionConfigurationResult

malwareProtectionConfigurationResult_scanEc2InstanceWithFindings :: Lens' MalwareProtectionConfigurationResult (Maybe ScanEc2InstanceWithFindingsResult) Source #

Describes the configuration of Malware Protection for EC2 instances with findings.

malwareProtectionConfigurationResult_serviceRole :: Lens' MalwareProtectionConfigurationResult (Maybe Text) Source #

The GuardDuty Malware Protection service role.

MalwareProtectionDataSourceFreeTrial

malwareProtectionDataSourceFreeTrial_scanEc2InstanceWithFindings :: Lens' MalwareProtectionDataSourceFreeTrial (Maybe DataSourceFreeTrial) Source #

Describes whether Malware Protection for EC2 instances with findings is enabled as a data source.

Member

member_administratorId :: Lens' Member (Maybe Text) Source #

The administrator account ID.

member_detectorId :: Lens' Member (Maybe Text) Source #

The detector ID of the member account.

member_invitedAt :: Lens' Member (Maybe Text) Source #

The timestamp when the invitation was sent.

member_accountId :: Lens' Member Text Source #

The ID of the member account.

member_masterId :: Lens' Member Text Source #

The administrator account ID.

member_email :: Lens' Member Text Source #

The email address of the member account.

member_relationshipStatus :: Lens' Member Text Source #

The status of the relationship between the member and the administrator.

member_updatedAt :: Lens' Member Text Source #

The last-updated timestamp of the member.

MemberDataSourceConfiguration

memberDataSourceConfiguration_accountId :: Lens' MemberDataSourceConfiguration Text Source #

The account ID for the member account.

memberDataSourceConfiguration_dataSources :: Lens' MemberDataSourceConfiguration DataSourceConfigurationsResult Source #

Contains information on the status of data sources for the account.

NetworkConnectionAction

networkConnectionAction_blocked :: Lens' NetworkConnectionAction (Maybe Bool) Source #

Indicates whether EC2 blocked the network connection to your instance.

networkConnectionAction_connectionDirection :: Lens' NetworkConnectionAction (Maybe Text) Source #

The network connection direction.

networkConnectionAction_localIpDetails :: Lens' NetworkConnectionAction (Maybe LocalIpDetails) Source #

The local IP information of the connection.

networkConnectionAction_localPortDetails :: Lens' NetworkConnectionAction (Maybe LocalPortDetails) Source #

The local port information of the connection.

networkConnectionAction_protocol :: Lens' NetworkConnectionAction (Maybe Text) Source #

The network connection protocol.

networkConnectionAction_remoteIpDetails :: Lens' NetworkConnectionAction (Maybe RemoteIpDetails) Source #

The remote IP information of the connection.

networkConnectionAction_remotePortDetails :: Lens' NetworkConnectionAction (Maybe RemotePortDetails) Source #

The remote port information of the connection.

NetworkInterface

networkInterface_ipv6Addresses :: Lens' NetworkInterface (Maybe [Text]) Source #

A list of IPv6 addresses for the EC2 instance.

networkInterface_networkInterfaceId :: Lens' NetworkInterface (Maybe Text) Source #

The ID of the network interface.

networkInterface_privateDnsName :: Lens' NetworkInterface (Maybe Text) Source #

The private DNS name of the EC2 instance.

networkInterface_privateIpAddress :: Lens' NetworkInterface (Maybe Text) Source #

The private IP address of the EC2 instance.

networkInterface_privateIpAddresses :: Lens' NetworkInterface (Maybe [PrivateIpAddressDetails]) Source #

Other private IP address information of the EC2 instance.

networkInterface_publicDnsName :: Lens' NetworkInterface (Maybe Text) Source #

The public DNS name of the EC2 instance.

networkInterface_publicIp :: Lens' NetworkInterface (Maybe Text) Source #

The public IP address of the EC2 instance.

networkInterface_securityGroups :: Lens' NetworkInterface (Maybe [SecurityGroup]) Source #

The security groups associated with the EC2 instance.

networkInterface_subnetId :: Lens' NetworkInterface (Maybe Text) Source #

The subnet ID of the EC2 instance.

networkInterface_vpcId :: Lens' NetworkInterface (Maybe Text) Source #

The VPC ID of the EC2 instance.

Organization

organization_asn :: Lens' Organization (Maybe Text) Source #

The Autonomous System Number (ASN) of the internet provider of the remote IP address.

organization_asnOrg :: Lens' Organization (Maybe Text) Source #

The organization that registered this ASN.

organization_isp :: Lens' Organization (Maybe Text) Source #

The ISP information for the internet provider.

organization_org :: Lens' Organization (Maybe Text) Source #

The name of the internet provider.

OrganizationDataSourceConfigurations

organizationDataSourceConfigurations_kubernetes :: Lens' OrganizationDataSourceConfigurations (Maybe OrganizationKubernetesConfiguration) Source #

Describes the configuration of Kubernetes data sources for new members of the organization.

organizationDataSourceConfigurations_malwareProtection :: Lens' OrganizationDataSourceConfigurations (Maybe OrganizationMalwareProtectionConfiguration) Source #

Describes the configuration of Malware Protection for new members of the organization.

organizationDataSourceConfigurations_s3Logs :: Lens' OrganizationDataSourceConfigurations (Maybe OrganizationS3LogsConfiguration) Source #

Describes whether S3 data event logs are enabled for new members of the organization.

OrganizationDataSourceConfigurationsResult

organizationDataSourceConfigurationsResult_kubernetes :: Lens' OrganizationDataSourceConfigurationsResult (Maybe OrganizationKubernetesConfigurationResult) Source #

Describes the configuration of Kubernetes data sources.

organizationDataSourceConfigurationsResult_malwareProtection :: Lens' OrganizationDataSourceConfigurationsResult (Maybe OrganizationMalwareProtectionConfigurationResult) Source #

Describes the configuration of Malware Protection data source for an organization.

organizationDataSourceConfigurationsResult_s3Logs :: Lens' OrganizationDataSourceConfigurationsResult OrganizationS3LogsConfigurationResult Source #

Describes whether S3 data event logs are enabled as a data source.

OrganizationEbsVolumes

organizationEbsVolumes_autoEnable :: Lens' OrganizationEbsVolumes (Maybe Bool) Source #

Whether scanning EBS volumes should be auto-enabled for new members joining the organization.

OrganizationEbsVolumesResult

organizationEbsVolumesResult_autoEnable :: Lens' OrganizationEbsVolumesResult (Maybe Bool) Source #

An object that contains the status of whether scanning EBS volumes should be auto-enabled for new members joining the organization.

OrganizationKubernetesAuditLogsConfiguration

organizationKubernetesAuditLogsConfiguration_autoEnable :: Lens' OrganizationKubernetesAuditLogsConfiguration Bool Source #

A value that contains information on whether Kubernetes audit logs should be enabled automatically as a data source for the organization.

OrganizationKubernetesAuditLogsConfigurationResult

organizationKubernetesAuditLogsConfigurationResult_autoEnable :: Lens' OrganizationKubernetesAuditLogsConfigurationResult Bool Source #

Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.

OrganizationKubernetesConfiguration

organizationKubernetesConfiguration_auditLogs :: Lens' OrganizationKubernetesConfiguration OrganizationKubernetesAuditLogsConfiguration Source #

Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.

OrganizationKubernetesConfigurationResult

organizationKubernetesConfigurationResult_auditLogs :: Lens' OrganizationKubernetesConfigurationResult OrganizationKubernetesAuditLogsConfigurationResult Source #

The current configuration of Kubernetes audit logs as a data source for the organization.

OrganizationMalwareProtectionConfiguration

organizationMalwareProtectionConfiguration_scanEc2InstanceWithFindings :: Lens' OrganizationMalwareProtectionConfiguration (Maybe OrganizationScanEc2InstanceWithFindings) Source #

Whether Malware Protection for EC2 instances with findings should be auto-enabled for new members joining the organization.

OrganizationMalwareProtectionConfigurationResult

organizationMalwareProtectionConfigurationResult_scanEc2InstanceWithFindings :: Lens' OrganizationMalwareProtectionConfigurationResult (Maybe OrganizationScanEc2InstanceWithFindingsResult) Source #

Describes the configuration for scanning EC2 instances with findings for an organization.

OrganizationS3LogsConfiguration

organizationS3LogsConfiguration_autoEnable :: Lens' OrganizationS3LogsConfiguration Bool Source #

A value that contains information on whether S3 data event logs will be enabled automatically as a data source for the organization.

OrganizationS3LogsConfigurationResult

organizationS3LogsConfigurationResult_autoEnable :: Lens' OrganizationS3LogsConfigurationResult Bool Source #

A value that describes whether S3 data event logs are automatically enabled for new members of the organization.

OrganizationScanEc2InstanceWithFindings

organizationScanEc2InstanceWithFindings_ebsVolumes :: Lens' OrganizationScanEc2InstanceWithFindings (Maybe OrganizationEbsVolumes) Source #

Whether scanning EBS volumes should be auto-enabled for new members joining the organization.

OrganizationScanEc2InstanceWithFindingsResult

organizationScanEc2InstanceWithFindingsResult_ebsVolumes :: Lens' OrganizationScanEc2InstanceWithFindingsResult (Maybe OrganizationEbsVolumesResult) Source #

Describes the configuration for scanning EBS volumes for an organization.

Owner

owner_id :: Lens' Owner (Maybe Text) Source #

The canonical user ID of the bucket owner. For information about locating your canonical user ID see Finding Your Account Canonical User ID.

PermissionConfiguration

permissionConfiguration_accountLevelPermissions :: Lens' PermissionConfiguration (Maybe AccountLevelPermissions) Source #

Contains information about the account level permissions on the S3 bucket.

permissionConfiguration_bucketLevelPermissions :: Lens' PermissionConfiguration (Maybe BucketLevelPermissions) Source #

Contains information about the bucket level permissions for the S3 bucket.

PortProbeAction

portProbeAction_blocked :: Lens' PortProbeAction (Maybe Bool) Source #

Indicates whether EC2 blocked the port probe to the instance, such as with an ACL.

portProbeAction_portProbeDetails :: Lens' PortProbeAction (Maybe [PortProbeDetail]) Source #

A list of objects related to port probe details.

PortProbeDetail

portProbeDetail_localIpDetails :: Lens' PortProbeDetail (Maybe LocalIpDetails) Source #

The local IP information of the connection.

portProbeDetail_localPortDetails :: Lens' PortProbeDetail (Maybe LocalPortDetails) Source #

The local port information of the connection.

portProbeDetail_remoteIpDetails :: Lens' PortProbeDetail (Maybe RemoteIpDetails) Source #

The remote IP information of the connection.

PrivateIpAddressDetails

privateIpAddressDetails_privateDnsName :: Lens' PrivateIpAddressDetails (Maybe Text) Source #

The private DNS name of the EC2 instance.

privateIpAddressDetails_privateIpAddress :: Lens' PrivateIpAddressDetails (Maybe Text) Source #

The private IP address of the EC2 instance.

ProductCode

productCode_code :: Lens' ProductCode (Maybe Text) Source #

The product code information.

productCode_productType :: Lens' ProductCode (Maybe Text) Source #

The product code type.

PublicAccess

publicAccess_effectivePermission :: Lens' PublicAccess (Maybe Text) Source #

Describes the effective permission on this bucket after factoring all attached policies.

publicAccess_permissionConfiguration :: Lens' PublicAccess (Maybe PermissionConfiguration) Source #

Contains information about how permissions are configured for the S3 bucket.

RemoteAccountDetails

remoteAccountDetails_accountId :: Lens' RemoteAccountDetails (Maybe Text) Source #

The Amazon Web Services account ID of the remote API caller.

remoteAccountDetails_affiliated :: Lens' RemoteAccountDetails (Maybe Bool) Source #

Details on whether the Amazon Web Services account of the remote API caller is related to your GuardDuty environment. If this value is True the API caller is affiliated to your account in some way. If it is False the API caller is from outside your environment.

RemoteIpDetails

remoteIpDetails_city :: Lens' RemoteIpDetails (Maybe City) Source #

The city information of the remote IP address.

remoteIpDetails_country :: Lens' RemoteIpDetails (Maybe Country) Source #

The country code of the remote IP address.

remoteIpDetails_geoLocation :: Lens' RemoteIpDetails (Maybe GeoLocation) Source #

The location information of the remote IP address.

remoteIpDetails_ipAddressV4 :: Lens' RemoteIpDetails (Maybe Text) Source #

The IPv4 remote address of the connection.

remoteIpDetails_organization :: Lens' RemoteIpDetails (Maybe Organization) Source #

The ISP organization information of the remote IP address.

RemotePortDetails

remotePortDetails_port :: Lens' RemotePortDetails (Maybe Int) Source #

The port number of the remote connection.

remotePortDetails_portName :: Lens' RemotePortDetails (Maybe Text) Source #

The port name of the remote connection.

Resource

resource_accessKeyDetails :: Lens' Resource (Maybe AccessKeyDetails) Source #

The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.

resource_containerDetails :: Lens' Resource (Maybe Container) Source #

Undocumented member.

resource_ebsVolumeDetails :: Lens' Resource (Maybe EbsVolumeDetails) Source #

Contains list of scanned and skipped EBS volumes with details.

resource_ecsClusterDetails :: Lens' Resource (Maybe EcsClusterDetails) Source #

Contains information about the details of the ECS Cluster.

resource_eksClusterDetails :: Lens' Resource (Maybe EksClusterDetails) Source #

Details about the EKS cluster involved in a Kubernetes finding.

resource_instanceDetails :: Lens' Resource (Maybe InstanceDetails) Source #

The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.

resource_kubernetesDetails :: Lens' Resource (Maybe KubernetesDetails) Source #

Details about the Kubernetes user and workload involved in a Kubernetes finding.

resource_resourceType :: Lens' Resource (Maybe Text) Source #

The type of Amazon Web Services resource.

resource_s3BucketDetails :: Lens' Resource (Maybe [S3BucketDetail]) Source #

Contains information on the S3 bucket.

ResourceDetails

resourceDetails_instanceArn :: Lens' ResourceDetails (Maybe Text) Source #

InstanceArn that was scanned in the scan entry.

S3BucketDetail

s3BucketDetail_arn :: Lens' S3BucketDetail (Maybe Text) Source #

The Amazon Resource Name (ARN) of the S3 bucket.

s3BucketDetail_createdAt :: Lens' S3BucketDetail (Maybe UTCTime) Source #

The date and time the bucket was created at.

s3BucketDetail_defaultServerSideEncryption :: Lens' S3BucketDetail (Maybe DefaultServerSideEncryption) Source #

Describes the server side encryption method used in the S3 bucket.

s3BucketDetail_name :: Lens' S3BucketDetail (Maybe Text) Source #

The name of the S3 bucket.

s3BucketDetail_owner :: Lens' S3BucketDetail (Maybe Owner) Source #

The owner of the S3 bucket.

s3BucketDetail_publicAccess :: Lens' S3BucketDetail (Maybe PublicAccess) Source #

Describes the public access policies that apply to the S3 bucket.

s3BucketDetail_tags :: Lens' S3BucketDetail (Maybe [Tag]) Source #

All tags attached to the S3 bucket

s3BucketDetail_type :: Lens' S3BucketDetail (Maybe Text) Source #

Describes whether the bucket is a source or destination bucket.

S3LogsConfiguration

s3LogsConfiguration_enable :: Lens' S3LogsConfiguration Bool Source #

The status of S3 data event logs as a data source.

S3LogsConfigurationResult

s3LogsConfigurationResult_status :: Lens' S3LogsConfigurationResult DataSourceStatus Source #

A value that describes whether S3 data event logs are automatically enabled for new members of the organization.

Scan

scan_accountId :: Lens' Scan (Maybe Text) Source #

The ID for the account that belongs to the scan.

scan_adminDetectorId :: Lens' Scan (Maybe Text) Source #

The unique detector ID of the administrator account that the request is associated with. Note that this value will be the same as the one used for DetectorId if the account is an administrator.

scan_attachedVolumes :: Lens' Scan (Maybe [VolumeDetail]) Source #

List of volumes that were attached to the original instance to be scanned.

scan_detectorId :: Lens' Scan (Maybe Text) Source #

The unique ID of the detector that the request is associated with.

scan_failureReason :: Lens' Scan (Maybe Text) Source #

Represents the reason for FAILED scan status.

scan_fileCount :: Lens' Scan (Maybe Natural) Source #

Represents the number of files that were scanned.

scan_resourceDetails :: Lens' Scan (Maybe ResourceDetails) Source #

Represents the resources that were scanned in the scan entry.

scan_scanEndTime :: Lens' Scan (Maybe UTCTime) Source #

The timestamp of when the scan was finished.

scan_scanId :: Lens' Scan (Maybe Text) Source #

The unique scan ID associated with a scan entry.

scan_scanResultDetails :: Lens' Scan (Maybe ScanResultDetails) Source #

Represents the result of the scan.

scan_scanStartTime :: Lens' Scan (Maybe UTCTime) Source #

The timestamp of when the scan was triggered.

scan_scanStatus :: Lens' Scan (Maybe ScanStatus) Source #

An enum value representing possible scan statuses.

scan_totalBytes :: Lens' Scan (Maybe Natural) Source #

Represents total bytes that were scanned.

scan_triggerDetails :: Lens' Scan (Maybe TriggerDetails) Source #

Specifies the reason why the scan was initiated.

ScanCondition

scanCondition_mapEquals :: Lens' ScanCondition [ScanConditionPair] Source #

Represents an mapEqual ____ condition to be applied to a single field when triggering for malware scan.

ScanConditionPair

scanConditionPair_value :: Lens' ScanConditionPair (Maybe Text) Source #

Represents optional value ____ in the map condition. If not specified, only key ____ will be matched.

scanConditionPair_key :: Lens' ScanConditionPair Text Source #

Represents key ____ in the map condition.

ScanDetections

scanDetections_highestSeverityThreatDetails :: Lens' ScanDetections (Maybe HighestSeverityThreatDetails) Source #

Details of the highest severity threat detected during malware scan and number of infected files.

scanDetections_scannedItemCount :: Lens' ScanDetections (Maybe ScannedItemCount) Source #

Total number of scanned files.

scanDetections_threatDetectedByName :: Lens' ScanDetections (Maybe ThreatDetectedByName) Source #

Contains details about identified threats organized by threat name.

scanDetections_threatsDetectedItemCount :: Lens' ScanDetections (Maybe ThreatsDetectedItemCount) Source #

Total number of infected files.

ScanEc2InstanceWithFindings

scanEc2InstanceWithFindings_ebsVolumes :: Lens' ScanEc2InstanceWithFindings (Maybe Bool) Source #

Describes the configuration for scanning EBS volumes as data source.

ScanEc2InstanceWithFindingsResult

scanEc2InstanceWithFindingsResult_ebsVolumes :: Lens' ScanEc2InstanceWithFindingsResult (Maybe EbsVolumesResult) Source #

Describes the configuration of scanning EBS volumes as a data source.

ScanFilePath

scanFilePath_fileName :: Lens' ScanFilePath (Maybe Text) Source #

File name of the infected file.

scanFilePath_filePath :: Lens' ScanFilePath (Maybe Text) Source #

The file path of the infected file.

scanFilePath_hash :: Lens' ScanFilePath (Maybe Text) Source #

The hash value of the infected file.

scanFilePath_volumeArn :: Lens' ScanFilePath (Maybe Text) Source #

EBS volume Arn details of the infected file.

ScanResourceCriteria

scanResourceCriteria_exclude :: Lens' ScanResourceCriteria (Maybe (HashMap ScanCriterionKey ScanCondition)) Source #

Represents condition that when matched will prevent a malware scan for a certain resource.

scanResourceCriteria_include :: Lens' ScanResourceCriteria (Maybe (HashMap ScanCriterionKey ScanCondition)) Source #

Represents condition that when matched will allow a malware scan for a certain resource.

ScanResultDetails

scanResultDetails_scanResult :: Lens' ScanResultDetails (Maybe ScanResult) Source #

An enum value representing possible scan results.

ScanThreatName

scanThreatName_filePaths :: Lens' ScanThreatName (Maybe [ScanFilePath]) Source #

List of infected files in EBS volume with details.

scanThreatName_itemCount :: Lens' ScanThreatName (Maybe Int) Source #

Total number of files infected with given threat.

scanThreatName_name :: Lens' ScanThreatName (Maybe Text) Source #

The name of the identified threat.

scanThreatName_severity :: Lens' ScanThreatName (Maybe Text) Source #

Severity of threat identified as part of the malware scan.

ScannedItemCount

scannedItemCount_files :: Lens' ScannedItemCount (Maybe Int) Source #

Number of files scanned.

scannedItemCount_totalGb :: Lens' ScannedItemCount (Maybe Int) Source #

Total GB of files scanned for malware.

scannedItemCount_volumes :: Lens' ScannedItemCount (Maybe Int) Source #

Total number of scanned volumes.

SecurityContext

securityContext_privileged :: Lens' SecurityContext (Maybe Bool) Source #

Whether the container is privileged.

SecurityGroup

securityGroup_groupId :: Lens' SecurityGroup (Maybe Text) Source #

The security group ID of the EC2 instance.

securityGroup_groupName :: Lens' SecurityGroup (Maybe Text) Source #

The security group name of the EC2 instance.

ServiceAdditionalInfo

serviceAdditionalInfo_type :: Lens' ServiceAdditionalInfo (Maybe Text) Source #

Describes the type of the additional information.

serviceAdditionalInfo_value :: Lens' ServiceAdditionalInfo (Maybe Text) Source #

This field specifies the value of the additional information.

ServiceInfo

serviceInfo_action :: Lens' ServiceInfo (Maybe Action) Source #

Information about the activity that is described in a finding.

serviceInfo_additionalInfo :: Lens' ServiceInfo (Maybe ServiceAdditionalInfo) Source #

Contains additional information about the generated finding.

serviceInfo_archived :: Lens' ServiceInfo (Maybe Bool) Source #

Indicates whether this finding is archived.

serviceInfo_count :: Lens' ServiceInfo (Maybe Int) Source #

The total count of the occurrences of this finding type.

serviceInfo_detectorId :: Lens' ServiceInfo (Maybe Text) Source #

The detector ID for the GuardDuty service.

serviceInfo_ebsVolumeScanDetails :: Lens' ServiceInfo (Maybe EbsVolumeScanDetails) Source #

Returns details from the malware scan that created a finding.

serviceInfo_eventFirstSeen :: Lens' ServiceInfo (Maybe Text) Source #

The first-seen timestamp of the activity that prompted GuardDuty to generate this finding.

serviceInfo_eventLastSeen :: Lens' ServiceInfo (Maybe Text) Source #

The last-seen timestamp of the activity that prompted GuardDuty to generate this finding.

serviceInfo_evidence :: Lens' ServiceInfo (Maybe Evidence) Source #

An evidence object associated with the service.

serviceInfo_featureName :: Lens' ServiceInfo (Maybe Text) Source #

The name of the feature that generated a finding.

serviceInfo_resourceRole :: Lens' ServiceInfo (Maybe Text) Source #

The resource role information for this finding.

serviceInfo_serviceName :: Lens' ServiceInfo (Maybe Text) Source #

The name of the Amazon Web Services service (GuardDuty) that generated a finding.

serviceInfo_userFeedback :: Lens' ServiceInfo (Maybe Text) Source #

Feedback that was submitted about the finding.

SortCriteria

sortCriteria_attributeName :: Lens' SortCriteria (Maybe Text) Source #

Represents the finding attribute (for example, accountId) to sort findings by.

sortCriteria_orderBy :: Lens' SortCriteria (Maybe OrderBy) Source #

The order by which the sorted findings are to be displayed.

Tag

tag_key :: Lens' Tag (Maybe Text) Source #

The EC2 instance tag key.

tag_value :: Lens' Tag (Maybe Text) Source #

The EC2 instance tag value.

ThreatDetectedByName

threatDetectedByName_itemCount :: Lens' ThreatDetectedByName (Maybe Int) Source #

Total number of infected files identified.

threatDetectedByName_shortened :: Lens' ThreatDetectedByName (Maybe Bool) Source #

Flag to determine if the finding contains every single infected file-path and/or every threat.

threatDetectedByName_threatNames :: Lens' ThreatDetectedByName (Maybe [ScanThreatName]) Source #

List of identified threats with details, organized by threat name.

threatDetectedByName_uniqueThreatNameCount :: Lens' ThreatDetectedByName (Maybe Int) Source #

Total number of unique threats by name identified, as part of the malware scan.

ThreatIntelligenceDetail

threatIntelligenceDetail_threatListName :: Lens' ThreatIntelligenceDetail (Maybe Text) Source #

The name of the threat intelligence list that triggered the finding.

threatIntelligenceDetail_threatNames :: Lens' ThreatIntelligenceDetail (Maybe [Text]) Source #

A list of names of the threats in the threat intelligence list that triggered the finding.

ThreatsDetectedItemCount

threatsDetectedItemCount_files :: Lens' ThreatsDetectedItemCount (Maybe Int) Source #

Total number of infected files.

Total

total_amount :: Lens' Total (Maybe Text) Source #

The total usage.

total_unit :: Lens' Total (Maybe Text) Source #

The currency unit that the amount is given in.

TriggerDetails

triggerDetails_description :: Lens' TriggerDetails (Maybe Text) Source #

The description of the scan trigger.

triggerDetails_guardDutyFindingId :: Lens' TriggerDetails (Maybe Text) Source #

The ID of the GuardDuty finding that triggered the BirdDog scan.

UnprocessedAccount

unprocessedAccount_accountId :: Lens' UnprocessedAccount Text Source #

The Amazon Web Services account ID.

unprocessedAccount_result :: Lens' UnprocessedAccount Text Source #

A reason why the account hasn't been processed.

UnprocessedDataSourcesResult

unprocessedDataSourcesResult_malwareProtection :: Lens' UnprocessedDataSourcesResult (Maybe MalwareProtectionConfigurationResult) Source #

Undocumented member.

UsageAccountResult

usageAccountResult_accountId :: Lens' UsageAccountResult (Maybe Text) Source #

The Account ID that generated usage.

usageAccountResult_total :: Lens' UsageAccountResult (Maybe Total) Source #

Represents the total of usage for the Account ID.

UsageCriteria

usageCriteria_accountIds :: Lens' UsageCriteria (Maybe (NonEmpty Text)) Source #

The account IDs to aggregate usage statistics from.

usageCriteria_resources :: Lens' UsageCriteria (Maybe [Text]) Source #

The resources to aggregate usage statistics from. Only accepts exact resource names.

usageCriteria_dataSources :: Lens' UsageCriteria [DataSource] Source #

The data sources to aggregate usage statistics from.

UsageDataSourceResult

usageDataSourceResult_dataSource :: Lens' UsageDataSourceResult (Maybe DataSource) Source #

The data source type that generated usage.

usageDataSourceResult_total :: Lens' UsageDataSourceResult (Maybe Total) Source #

Represents the total of usage for the specified data source.

UsageResourceResult

usageResourceResult_resource :: Lens' UsageResourceResult (Maybe Text) Source #

The Amazon Web Services resource that generated usage.

usageResourceResult_total :: Lens' UsageResourceResult (Maybe Total) Source #

Represents the sum total of usage for the specified resource type.

UsageStatistics

usageStatistics_sumByAccount :: Lens' UsageStatistics (Maybe [UsageAccountResult]) Source #

The usage statistic sum organized by account ID.

usageStatistics_sumByDataSource :: Lens' UsageStatistics (Maybe [UsageDataSourceResult]) Source #

The usage statistic sum organized by on data source.

usageStatistics_sumByResource :: Lens' UsageStatistics (Maybe [UsageResourceResult]) Source #

The usage statistic sum organized by resource.

usageStatistics_topResources :: Lens' UsageStatistics (Maybe [UsageResourceResult]) Source #

Lists the top 50 resources that have generated the most GuardDuty usage, in order from most to least expensive.

Volume

volume_hostPath :: Lens' Volume (Maybe HostPath) Source #

Represents a pre-existing file or directory on the host machine that the volume maps to.

volume_name :: Lens' Volume (Maybe Text) Source #

Volume name.

VolumeDetail

volumeDetail_deviceName :: Lens' VolumeDetail (Maybe Text) Source #

The device name for the EBS volume.

volumeDetail_encryptionType :: Lens' VolumeDetail (Maybe Text) Source #

EBS volume encryption type.

volumeDetail_kmsKeyArn :: Lens' VolumeDetail (Maybe Text) Source #

KMS key Arn used to encrypt the EBS volume.

volumeDetail_snapshotArn :: Lens' VolumeDetail (Maybe Text) Source #

Snapshot Arn of the EBS volume.

volumeDetail_volumeArn :: Lens' VolumeDetail (Maybe Text) Source #

EBS volume Arn information.

volumeDetail_volumeSizeInGB :: Lens' VolumeDetail (Maybe Int) Source #

EBS volume size in GB.

volumeDetail_volumeType :: Lens' VolumeDetail (Maybe Text) Source #

The EBS volume type.

VolumeMount

volumeMount_mountPath :: Lens' VolumeMount (Maybe Text) Source #

Volume mount path.

volumeMount_name :: Lens' VolumeMount (Maybe Text) Source #

Volume mount name.