// Code generated by smithy-go-codegen DO NOT EDIT. package types import ( smithydocument "github.com/aws/smithy-go/document" "time" ) // Contains information on the current access control policies for the bucket. type AccessControlList struct { // A value that indicates whether public read access for the bucket is enabled // through an Access Control List (ACL). AllowsPublicReadAccess bool // A value that indicates whether public write access for the bucket is enabled // through an Access Control List (ACL). AllowsPublicWriteAccess bool noSmithyDocumentSerde } // Contains information about the access keys. type AccessKeyDetails struct { // The access key ID of the user. AccessKeyId *string // The principal ID of the user. PrincipalId *string // The name of the user. UserName *string // The type of the user. UserType *string noSmithyDocumentSerde } // Contains information about the account. type AccountDetail struct { // The member account ID. // // This member is required. AccountId *string // The email address of the member account. // // This member is required. Email *string noSmithyDocumentSerde } // Provides details of the GuardDuty member account that uses a free trial service. type AccountFreeTrialInfo struct { // The account identifier of the GuardDuty member account. AccountId *string // Describes the data source enabled for the GuardDuty member account. // // Deprecated: This parameter is deprecated, use Features instead DataSources *DataSourcesFreeTrial // A list of features enabled for the GuardDuty account. Features []FreeTrialFeatureConfigurationResult noSmithyDocumentSerde } // Contains information about the account level permissions on the S3 bucket. type AccountLevelPermissions struct { // Describes the S3 Block Public Access settings of the bucket's parent account. BlockPublicAccess *BlockPublicAccess noSmithyDocumentSerde } // Contains information about actions. type Action struct { // The GuardDuty finding activity type. ActionType *string // Information about the AWS_API_CALL action described in this finding. AwsApiCallAction *AwsApiCallAction // Information about the DNS_REQUEST action described in this finding. DnsRequestAction *DnsRequestAction // Information about the Kubernetes API call action described in this finding. KubernetesApiCallAction *KubernetesApiCallAction // Information about the NETWORK_CONNECTION action described in this finding. NetworkConnectionAction *NetworkConnectionAction // Information about the PORT_PROBE action described in this finding. PortProbeAction *PortProbeAction // Information about RDS_LOGIN_ATTEMPT action described in this finding. RdsLoginAttemptAction *RdsLoginAttemptAction noSmithyDocumentSerde } // Information about the installed EKS add-on (GuardDuty security agent). type AddonDetails struct { // Status of the installed EKS add-on. AddonStatus *string // Version of the installed EKS add-on. AddonVersion *string noSmithyDocumentSerde } // The account within the organization specified as the GuardDuty delegated // administrator. type AdminAccount struct { // The Amazon Web Services account ID for the account. AdminAccountId *string // Indicates whether the account is enabled as the delegated administrator. AdminStatus AdminStatus noSmithyDocumentSerde } // Contains information about the administrator account and invitation. type Administrator struct { // The ID of the account used as the administrator account. AccountId *string // The value that is used to validate the administrator account to the member // account. InvitationId *string // The timestamp when the invitation was sent. InvitedAt *string // The status of the relationship between the administrator and member accounts. RelationshipStatus *string noSmithyDocumentSerde } // Contains information about the API action. type AwsApiCallAction struct { // The details of the Amazon Web Services account that made the API call. This // field identifies the resources that were affected by this API call. AffectedResources map[string]string // The Amazon Web Services API name. Api *string // The Amazon Web Services API caller type. CallerType *string // The domain information for the Amazon Web Services API call. DomainDetails *DomainDetails // The error code of the failed Amazon Web Services API action. ErrorCode *string // The details of the Amazon Web Services account that made the API call. This // field appears if the call was made from outside your account. RemoteAccountDetails *RemoteAccountDetails // The remote IP information of the connection that initiated the Amazon Web // Services API call. RemoteIpDetails *RemoteIpDetails // The Amazon Web Services service name whose API was invoked. ServiceName *string // The agent through which the API request was made. UserAgent *string noSmithyDocumentSerde } // Contains information on how the bucker owner's S3 Block Public Access settings // are being applied to the S3 bucket. See S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) // for more information. type BlockPublicAccess struct { // Indicates if S3 Block Public Access is set to BlockPublicAcls . BlockPublicAcls bool // Indicates if S3 Block Public Access is set to BlockPublicPolicy . BlockPublicPolicy bool // Indicates if S3 Block Public Access is set to IgnorePublicAcls . IgnorePublicAcls bool // Indicates if S3 Block Public Access is set to RestrictPublicBuckets . RestrictPublicBuckets bool noSmithyDocumentSerde } // Contains information about the bucket level permissions for the S3 bucket. type BucketLevelPermissions struct { // Contains information on how Access Control Policies are applied to the bucket. AccessControlList *AccessControlList // Contains information on which account level S3 Block Public Access settings are // applied to the S3 bucket. BlockPublicAccess *BlockPublicAccess // Contains information on the bucket policies for the S3 bucket. BucketPolicy *BucketPolicy noSmithyDocumentSerde } // Contains information on the current bucket policies for the S3 bucket. type BucketPolicy struct { // A value that indicates whether public read access for the bucket is enabled // through a bucket policy. AllowsPublicReadAccess bool // A value that indicates whether public write access for the bucket is enabled // through a bucket policy. AllowsPublicWriteAccess bool noSmithyDocumentSerde } // Contains information about the city associated with the IP address. type City struct { // The city name of the remote IP address. CityName *string noSmithyDocumentSerde } // Contains information on the status of CloudTrail as a data source for the // detector. type CloudTrailConfigurationResult struct { // Describes whether CloudTrail is enabled as a data source for the detector. // // This member is required. Status DataSourceStatus noSmithyDocumentSerde } // Contains information about the condition. type Condition struct { // Represents the equal condition to be applied to a single field when querying // for findings. // // Deprecated: This member has been deprecated. Eq []string // Represents an equal condition to be applied to a single field when querying for // findings. Equals []string // Represents a greater than condition to be applied to a single field when // querying for findings. GreaterThan int64 // Represents a greater than or equal condition to be applied to a single field // when querying for findings. GreaterThanOrEqual int64 // Represents a greater than condition to be applied to a single field when // querying for findings. // // Deprecated: This member has been deprecated. Gt int32 // Represents a greater than or equal condition to be applied to a single field // when querying for findings. // // Deprecated: This member has been deprecated. Gte int32 // Represents a less than condition to be applied to a single field when querying // for findings. LessThan int64 // Represents a less than or equal condition to be applied to a single field when // querying for findings. LessThanOrEqual int64 // Represents a less than condition to be applied to a single field when querying // for findings. // // Deprecated: This member has been deprecated. Lt int32 // Represents a less than or equal condition to be applied to a single field when // querying for findings. // // Deprecated: This member has been deprecated. Lte int32 // Represents the not equal condition to be applied to a single field when // querying for findings. // // Deprecated: This member has been deprecated. Neq []string // Represents a not equal condition to be applied to a single field when querying // for findings. NotEquals []string noSmithyDocumentSerde } // Details of a container. type Container struct { // The container runtime (such as, Docker or containerd) used to run the container. ContainerRuntime *string // Container ID. Id *string // Container image. Image *string // Part of the image name before the last slash. For example, imagePrefix for // public.ecr.aws/amazonlinux/amazonlinux:latest would be // public.ecr.aws/amazonlinux. If the image name is relative and does not have a // slash, this field is empty. ImagePrefix *string // Container name. Name *string // Container security context. SecurityContext *SecurityContext // Container volume mounts. VolumeMounts []VolumeMount noSmithyDocumentSerde } // Contains information about the country where the remote IP address is located. type Country struct { // The country code of the remote IP address. CountryCode *string // The country name of the remote IP address. CountryName *string noSmithyDocumentSerde } // Information about the EKS cluster that has a coverage status. type CoverageEksClusterDetails struct { // Information about the installed EKS add-on. AddonDetails *AddonDetails // Name of the EKS cluster. ClusterName *string // Represents all the nodes within the EKS cluster in your account. CompatibleNodes int64 // Represents the nodes within the EKS cluster that have a HEALTHY coverage status. CoveredNodes int64 noSmithyDocumentSerde } // Represents a condition that when matched will be added to the response of the // operation. type CoverageFilterCondition struct { // Represents an equal condition that is applied to a single field while // retrieving the coverage details. Equals []string // Represents a not equal condition that is applied to a single field while // retrieving the coverage details. NotEquals []string noSmithyDocumentSerde } // Represents the criteria used in the filter. type CoverageFilterCriteria struct { // Represents a condition that when matched will be added to the response of the // operation. FilterCriterion []CoverageFilterCriterion noSmithyDocumentSerde } // Represents a condition that when matched will be added to the response of the // operation. type CoverageFilterCriterion struct { // An enum value representing possible filter fields. CriterionKey CoverageFilterCriterionKey // Contains information about the condition. FilterCondition *CoverageFilterCondition noSmithyDocumentSerde } // Information about the resource of the GuardDuty account. type CoverageResource struct { // The unique ID of the Amazon Web Services account. AccountId *string // Represents the status of the EKS cluster coverage. CoverageStatus CoverageStatus // The unique ID of the GuardDuty detector associated with the resource. DetectorId *string // Represents the reason why a coverage status was UNHEALTHY for the EKS cluster. Issue *string // Information about the resource for which the coverage statistics are retrieved. ResourceDetails *CoverageResourceDetails // The unique ID of the resource. ResourceId *string // The timestamp at which the coverage details for the resource were last updated. // This is in UTC format. UpdatedAt *time.Time noSmithyDocumentSerde } // Information about the resource for each individual EKS cluster. type CoverageResourceDetails struct { // EKS cluster details involved in the coverage statistics. EksClusterDetails *CoverageEksClusterDetails // The type of Amazon Web Services resource. ResourceType ResourceType noSmithyDocumentSerde } // Information about the sorting criteria used in the coverage statistics. type CoverageSortCriteria struct { // Represents the field name used to sort the coverage details. AttributeName CoverageSortKey // The order in which the sorted findings are to be displayed. OrderBy OrderBy noSmithyDocumentSerde } // Information about the coverage statistics for a resource. type CoverageStatistics struct { // Represents coverage statistics for EKS clusters aggregated by coverage status. CountByCoverageStatus map[string]int64 // Represents coverage statistics for EKS clusters aggregated by resource type. CountByResourceType map[string]int64 noSmithyDocumentSerde } // Contains information about which data sources are enabled. type DataSourceConfigurations struct { // Describes whether any Kubernetes logs are enabled as data sources. Kubernetes *KubernetesConfiguration // Describes whether Malware Protection is enabled as a data source. MalwareProtection *MalwareProtectionConfiguration // Describes whether S3 data event logs are enabled as a data source. S3Logs *S3LogsConfiguration noSmithyDocumentSerde } // Contains information on the status of data sources for the detector. type DataSourceConfigurationsResult struct { // An object that contains information on the status of CloudTrail as a data // source. // // This member is required. CloudTrail *CloudTrailConfigurationResult // An object that contains information on the status of DNS logs as a data source. // // This member is required. DNSLogs *DNSLogsConfigurationResult // An object that contains information on the status of VPC flow logs as a data // source. // // This member is required. FlowLogs *FlowLogsConfigurationResult // An object that contains information on the status of S3 Data event logs as a // data source. // // This member is required. S3Logs *S3LogsConfigurationResult // An object that contains information on the status of all Kubernetes data // sources. Kubernetes *KubernetesConfigurationResult // Describes the configuration of Malware Protection data sources. MalwareProtection *MalwareProtectionConfigurationResult noSmithyDocumentSerde } // Contains information about which data sources are enabled for the GuardDuty // member account. type DataSourceFreeTrial struct { // A value that specifies the number of days left to use each enabled data source. FreeTrialDaysRemaining int32 noSmithyDocumentSerde } // Contains information about which data sources are enabled for the GuardDuty // member account. type DataSourcesFreeTrial struct { // Describes whether any Amazon Web Services CloudTrail management event logs are // enabled as data sources. CloudTrail *DataSourceFreeTrial // Describes whether any DNS logs are enabled as data sources. DnsLogs *DataSourceFreeTrial // Describes whether any VPC Flow logs are enabled as data sources. FlowLogs *DataSourceFreeTrial // Describes whether any Kubernetes logs are enabled as data sources. Kubernetes *KubernetesDataSourceFreeTrial // Describes whether Malware Protection is enabled as a data source. MalwareProtection *MalwareProtectionDataSourceFreeTrial // Describes whether any S3 data event logs are enabled as data sources. S3Logs *DataSourceFreeTrial noSmithyDocumentSerde } // Contains information on the server side encryption method used in the S3 // bucket. See S3 Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) // for more information. type DefaultServerSideEncryption struct { // The type of encryption used for objects within the S3 bucket. EncryptionType *string // The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the // bucket EncryptionType is aws:kms . KmsMasterKeyArn *string noSmithyDocumentSerde } // Contains information about the publishing destination, including the ID, type, // and status. type Destination struct { // The unique ID of the publishing destination. // // This member is required. DestinationId *string // The type of resource used for the publishing destination. Currently, only // Amazon S3 buckets are supported. // // This member is required. DestinationType DestinationType // The status of the publishing destination. // // This member is required. Status PublishingStatus noSmithyDocumentSerde } // Contains the Amazon Resource Name (ARN) of the resource to publish to, such as // an S3 bucket, and the ARN of the KMS key to use to encrypt published findings. type DestinationProperties struct { // The ARN of the resource to publish to. To specify an S3 bucket folder use the // following format: arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/ DestinationArn *string // The ARN of the KMS key to use for encryption. KmsKeyArn *string noSmithyDocumentSerde } // Information about the additional configuration for a feature in your GuardDuty // account. type DetectorAdditionalConfiguration struct { // Name of the additional configuration. Name FeatureAdditionalConfiguration // Status of the additional configuration. Status FeatureStatus noSmithyDocumentSerde } // Information about the additional configuration. type DetectorAdditionalConfigurationResult struct { // Name of the additional configuration. Name FeatureAdditionalConfiguration // Status of the additional configuration. Status FeatureStatus // The timestamp at which the additional configuration was last updated. This is // in UTC format. UpdatedAt *time.Time noSmithyDocumentSerde } // Contains information about a GuardDuty feature. type DetectorFeatureConfiguration struct { // Additional configuration for a resource. AdditionalConfiguration []DetectorAdditionalConfiguration // The name of the feature. Name DetectorFeature // The status of the feature. Status FeatureStatus noSmithyDocumentSerde } // Contains information about a GuardDuty feature. type DetectorFeatureConfigurationResult struct { // Additional configuration for a resource. AdditionalConfiguration []DetectorAdditionalConfigurationResult // Indicates the name of the feature that can be enabled for the detector. Name DetectorFeatureResult // Indicates the status of the feature that is enabled for the detector. Status FeatureStatus // The timestamp at which the feature object was updated. UpdatedAt *time.Time noSmithyDocumentSerde } // Contains information on the status of DNS logs as a data source. type DNSLogsConfigurationResult struct { // Denotes whether DNS logs is enabled as a data source. // // This member is required. Status DataSourceStatus noSmithyDocumentSerde } // Contains information about the DNS_REQUEST action described in this finding. type DnsRequestAction struct { // Indicates whether the targeted port is blocked. Blocked bool // The domain information for the DNS query. Domain *string // The network connection protocol observed in the activity that prompted // GuardDuty to generate the finding. Protocol *string noSmithyDocumentSerde } // Contains information about the domain. type DomainDetails struct { // The domain information for the Amazon Web Services API call. Domain *string noSmithyDocumentSerde } // Contains list of scanned and skipped EBS volumes with details. type EbsVolumeDetails struct { // List of EBS volumes that were scanned. ScannedVolumeDetails []VolumeDetail // List of EBS volumes that were skipped from the malware scan. SkippedVolumeDetails []VolumeDetail noSmithyDocumentSerde } // Contains details from the malware scan that created a finding. type EbsVolumeScanDetails struct { // Returns the completion date and time of the malware scan. ScanCompletedAt *time.Time // Contains a complete view providing malware scan result details. ScanDetections *ScanDetections // Unique Id of the malware scan that generated the finding. ScanId *string // Returns the start date and time of the malware scan. ScanStartedAt *time.Time // Specifies the scan type that invoked the malware scan. ScanType ScanType // Contains list of threat intelligence sources used to detect threats. Sources []string // GuardDuty finding ID that triggered a malware scan. TriggerFindingId *string noSmithyDocumentSerde } // Describes the configuration of scanning EBS volumes as a data source. type EbsVolumesResult struct { // Specifies the reason why scanning EBS volumes (Malware Protection) was not // enabled as a data source. Reason *string // Describes whether scanning EBS volumes is enabled as a data source. Status DataSourceStatus noSmithyDocumentSerde } // Contains information about the details of the ECS Cluster. type EcsClusterDetails struct { // The number of services that are running on the cluster in an ACTIVE state. ActiveServicesCount int32 // The Amazon Resource Name (ARN) that identifies the cluster. Arn *string // The name of the ECS Cluster. Name *string // The number of container instances registered into the cluster. RegisteredContainerInstancesCount int32 // The number of tasks in the cluster that are in the RUNNING state. RunningTasksCount int32 // The status of the ECS cluster. Status *string // The tags of the ECS Cluster. Tags []Tag // Contains information about the details of the ECS Task. TaskDetails *EcsTaskDetails noSmithyDocumentSerde } // Contains information about the task in an ECS cluster. type EcsTaskDetails struct { // The Amazon Resource Name (ARN) of the task. Arn *string // The containers that's associated with the task. Containers []Container // The ARN of the task definition that creates the task. DefinitionArn *string // The name of the task group that's associated with the task. Group *string // The Unix timestamp for the time when the task started. StartedAt *time.Time // Contains the tag specified when a task is started. StartedBy *string // The tags of the ECS Task. Tags []Tag // The Unix timestamp for the time when the task was created. TaskCreatedAt *time.Time // The version counter for the task. Version *string // The list of data volume definitions for the task. Volumes []Volume noSmithyDocumentSerde } // Details about the EKS cluster involved in a Kubernetes finding. type EksClusterDetails struct { // EKS cluster ARN. Arn *string // The timestamp when the EKS cluster was created. CreatedAt *time.Time // EKS cluster name. Name *string // The EKS cluster status. Status *string // The EKS cluster tags. Tags []Tag // The VPC ID to which the EKS cluster is attached. VpcId *string noSmithyDocumentSerde } // Contains information about the reason that the finding was generated. type Evidence struct { // A list of threat intelligence details related to the evidence. ThreatIntelligenceDetails []ThreatIntelligenceDetail noSmithyDocumentSerde } // Contains information about the condition. type FilterCondition struct { // Represents an equal condition to be applied to a single field when querying for // scan entries. EqualsValue *string // Represents a greater than condition to be applied to a single field when // querying for scan entries. GreaterThan int64 // Represents a less than condition to be applied to a single field when querying // for scan entries. LessThan int64 noSmithyDocumentSerde } // Represents the criteria to be used in the filter for describing scan entries. type FilterCriteria struct { // Represents a condition that when matched will be added to the response of the // operation. FilterCriterion []FilterCriterion noSmithyDocumentSerde } // Represents a condition that when matched will be added to the response of the // operation. Irrespective of using any filter criteria, an administrator account // can view the scan entries for all of its member accounts. However, each member // account can view the scan entries only for their own account. type FilterCriterion struct { // An enum value representing possible scan properties to match with given scan // entries. CriterionKey CriterionKey // Contains information about the condition. FilterCondition *FilterCondition noSmithyDocumentSerde } // Contains information about the finding, which is generated when abnormal or // suspicious activity is detected. type Finding struct { // The ID of the account in which the finding was generated. // // This member is required. AccountId *string // The ARN of the finding. // // This member is required. Arn *string // The time and date when the finding was created. // // This member is required. CreatedAt *string // The ID of the finding. // // This member is required. Id *string // The Region where the finding was generated. // // This member is required. Region *string // Contains information about the Amazon Web Services resource associated with the // activity that prompted GuardDuty to generate a finding. // // This member is required. Resource *Resource // The version of the schema used for the finding. // // This member is required. SchemaVersion *string // The severity of the finding. // // This member is required. Severity float64 // The type of finding. // // This member is required. Type *string // The time and date when the finding was last updated. // // This member is required. UpdatedAt *string // The confidence score for the finding. Confidence float64 // The description of the finding. Description *string // The partition associated with the finding. Partition *string // Contains additional information about the generated finding. Service *Service // The title of the finding. Title *string noSmithyDocumentSerde } // Contains information about the criteria used for querying findings. type FindingCriteria struct { // Represents a map of finding properties that match specified conditions and // values when querying findings. Criterion map[string]Condition noSmithyDocumentSerde } // Contains information about finding statistics. type FindingStatistics struct { // Represents a map of severity to count statistics for a set of findings. CountBySeverity map[string]int32 noSmithyDocumentSerde } // Contains information on the status of VPC flow logs as a data source. type FlowLogsConfigurationResult struct { // Denotes whether VPC flow logs is enabled as a data source. // // This member is required. Status DataSourceStatus noSmithyDocumentSerde } // Contains information about the free trial period for a feature. type FreeTrialFeatureConfigurationResult struct { // The number of the remaining free trial days for the feature. FreeTrialDaysRemaining int32 // The name of the feature for which the free trial is configured. Name FreeTrialFeatureResult noSmithyDocumentSerde } // Contains information about the location of the remote IP address. type GeoLocation struct { // The latitude information of the remote IP address. Lat float64 // The longitude information of the remote IP address. Lon float64 noSmithyDocumentSerde } // Contains details of the highest severity threat detected during scan and number // of infected files. type HighestSeverityThreatDetails struct { // Total number of infected files with the highest severity threat detected. Count int32 // Severity level of the highest severity threat detected. Severity *string // Threat name of the highest severity threat detected as part of the malware scan. ThreatName *string noSmithyDocumentSerde } // Represents a pre-existing file or directory on the host machine that the volume // maps to. type HostPath struct { // Path of the file or directory on the host that the volume maps to. Path *string noSmithyDocumentSerde } // Contains information about the EC2 instance profile. type IamInstanceProfile struct { // The profile ARN of the EC2 instance. Arn *string // The profile ID of the EC2 instance. Id *string noSmithyDocumentSerde } // Contains information about the details of an instance. type InstanceDetails struct { // The Availability Zone of the EC2 instance. AvailabilityZone *string // The profile information of the EC2 instance. IamInstanceProfile *IamInstanceProfile // The image description of the EC2 instance. ImageDescription *string // The image ID of the EC2 instance. ImageId *string // The ID of the EC2 instance. InstanceId *string // The state of the EC2 instance. InstanceState *string // The type of the EC2 instance. InstanceType *string // The launch time of the EC2 instance. LaunchTime *string // The elastic network interface information of the EC2 instance. NetworkInterfaces []NetworkInterface // The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only // applicable to Amazon Web Services Outposts instances. OutpostArn *string // The platform of the EC2 instance. Platform *string // The product code of the EC2 instance. ProductCodes []ProductCode // The tags of the EC2 instance. Tags []Tag noSmithyDocumentSerde } // Contains information about the invitation to become a member account. type Invitation struct { // The ID of the account that the invitation was sent from. AccountId *string // The ID of the invitation. This value is used to validate the inviter account to // the member account. InvitationId *string // The timestamp when the invitation was sent. InvitedAt *string // The status of the relationship between the inviter and invitee accounts. RelationshipStatus *string noSmithyDocumentSerde } // Information about the Kubernetes API call action described in this finding. type KubernetesApiCallAction struct { // Parameters related to the Kubernetes API call action. Parameters *string // Contains information about the remote IP address of the connection. RemoteIpDetails *RemoteIpDetails // The Kubernetes API request URI. RequestUri *string // The IP of the Kubernetes API caller and the IPs of any proxies or load // balancers between the caller and the API endpoint. SourceIps []string // The resulting HTTP response code of the Kubernetes API call action. StatusCode int32 // The user agent of the caller of the Kubernetes API. UserAgent *string // The Kubernetes API request HTTP verb. Verb *string noSmithyDocumentSerde } // Describes whether Kubernetes audit logs are enabled as a data source. type KubernetesAuditLogsConfiguration struct { // The status of Kubernetes audit logs as a data source. // // This member is required. Enable bool noSmithyDocumentSerde } // Describes whether Kubernetes audit logs are enabled as a data source. type KubernetesAuditLogsConfigurationResult struct { // A value that describes whether Kubernetes audit logs are enabled as a data // source. // // This member is required. Status DataSourceStatus noSmithyDocumentSerde } // Describes whether any Kubernetes data sources are enabled. type KubernetesConfiguration struct { // The status of Kubernetes audit logs as a data source. // // This member is required. AuditLogs *KubernetesAuditLogsConfiguration noSmithyDocumentSerde } // Describes whether any Kubernetes logs will be enabled as a data source. type KubernetesConfigurationResult struct { // Describes whether Kubernetes audit logs are enabled as a data source. // // This member is required. AuditLogs *KubernetesAuditLogsConfigurationResult noSmithyDocumentSerde } // Provides details about the Kubernetes resources when it is enabled as a data // source. type KubernetesDataSourceFreeTrial struct { // Describes whether Kubernetes audit logs are enabled as a data source. AuditLogs *DataSourceFreeTrial noSmithyDocumentSerde } // Details about Kubernetes resources such as a Kubernetes user or workload // resource involved in a Kubernetes finding. type KubernetesDetails struct { // Details about the Kubernetes user involved in a Kubernetes finding. KubernetesUserDetails *KubernetesUserDetails // Details about the Kubernetes workload involved in a Kubernetes finding. KubernetesWorkloadDetails *KubernetesWorkloadDetails noSmithyDocumentSerde } // Details about the Kubernetes user involved in a Kubernetes finding. type KubernetesUserDetails struct { // The groups that include the user who called the Kubernetes API. Groups []string // Entity that assumes the IAM role when Kubernetes RBAC permissions are assigned // to that role. SessionName []string // The user ID of the user who called the Kubernetes API. Uid *string // The username of the user who called the Kubernetes API. Username *string noSmithyDocumentSerde } // Details about the Kubernetes workload involved in a Kubernetes finding. type KubernetesWorkloadDetails struct { // Containers running as part of the Kubernetes workload. Containers []Container // Whether the hostNetwork flag is enabled for the pods included in the workload. HostNetwork bool // Kubernetes workload name. Name *string // Kubernetes namespace that the workload is part of. Namespace *string // Kubernetes workload type (e.g. Pod, Deployment, etc.). Type *string // Kubernetes workload ID. Uid *string // Volumes used by the Kubernetes workload. Volumes []Volume noSmithyDocumentSerde } // Information about the Lambda function involved in the finding. type LambdaDetails struct { // Description of the Lambda function. Description *string // Amazon Resource Name (ARN) of the Lambda function. FunctionArn *string // Name of the Lambda function. FunctionName *string // The version of the Lambda function. FunctionVersion *string // The timestamp when the Lambda function was last modified. This field is in the // UTC date string format (2023-03-22T19:37:20.168Z) . LastModifiedAt *time.Time // The revision ID of the Lambda function version. RevisionId *string // The execution role of the Lambda function. Role *string // A list of tags attached to this resource, listed in the format of key : value // pair. Tags []Tag // Amazon Virtual Private Cloud configuration details associated with your Lambda // function. VpcConfig *VpcConfig noSmithyDocumentSerde } // Information about the runtime process details. type LineageObject struct { // The effective user ID that was used to execute the process. Euid int32 // The absolute path of the process executable file. ExecutablePath *string // The name of the process. Name *string // The process ID of the child process. NamespacePid int32 // The unique ID of the parent process. This ID is assigned to the parent process // by GuardDuty. ParentUuid *string // The ID of the process. Pid int32 // The time when the process started. This is in UTC format. StartTime *time.Time // The user ID of the user that executed the process. UserId int32 // The unique ID assigned to the process by GuardDuty. Uuid *string noSmithyDocumentSerde } // Contains information about the local IP address of the connection. type LocalIpDetails struct { // The IPv4 local address of the connection. IpAddressV4 *string noSmithyDocumentSerde } // Contains information about the port for the local connection. type LocalPortDetails struct { // The port number of the local connection. Port int32 // The port name of the local connection. PortName *string noSmithyDocumentSerde } // Information about the login attempts. type LoginAttribute struct { // Indicates the application name used to attempt log in. Application *string // Represents the sum of failed (unsuccessful) login attempts made to establish a // connection to the database instance. FailedLoginAttempts int32 // Represents the sum of successful connections (a correct combination of login // attributes) made to the database instance by the actor. SuccessfulLoginAttempts int32 // Indicates the user name which attempted to log in. User *string noSmithyDocumentSerde } // Describes whether Malware Protection will be enabled as a data source. type MalwareProtectionConfiguration struct { // Describes the configuration of Malware Protection for EC2 instances with // findings. ScanEc2InstanceWithFindings *ScanEc2InstanceWithFindings noSmithyDocumentSerde } // An object that contains information on the status of all Malware Protection // data sources. type MalwareProtectionConfigurationResult struct { // Describes the configuration of Malware Protection for EC2 instances with // findings. ScanEc2InstanceWithFindings *ScanEc2InstanceWithFindingsResult // The GuardDuty Malware Protection service role. ServiceRole *string noSmithyDocumentSerde } // Provides details about Malware Protection when it is enabled as a data source. type MalwareProtectionDataSourceFreeTrial struct { // Describes whether Malware Protection for EC2 instances with findings is enabled // as a data source. ScanEc2InstanceWithFindings *DataSourceFreeTrial noSmithyDocumentSerde } // Contains information about the administrator account and invitation. type Master struct { // The ID of the account used as the administrator account. AccountId *string // The value used to validate the administrator account to the member account. InvitationId *string // The timestamp when the invitation was sent. InvitedAt *string // The status of the relationship between the administrator and member accounts. RelationshipStatus *string noSmithyDocumentSerde } // Contains information about the member account. type Member struct { // The ID of the member account. // // This member is required. AccountId *string // The email address of the member account. // // This member is required. Email *string // The administrator account ID. // // This member is required. MasterId *string // The status of the relationship between the member and the administrator. // // This member is required. RelationshipStatus *string // The last-updated timestamp of the member. // // This member is required. UpdatedAt *string // The administrator account ID. AdministratorId *string // The detector ID of the member account. DetectorId *string // The timestamp when the invitation was sent. InvitedAt *string noSmithyDocumentSerde } // Information about the additional configuration for the member account. type MemberAdditionalConfiguration struct { // Name of the additional configuration. Name OrgFeatureAdditionalConfiguration // Status of the additional configuration. Status FeatureStatus noSmithyDocumentSerde } // Information about the additional configuration for the member account. type MemberAdditionalConfigurationResult struct { // Indicates the name of the additional configuration that is set for the member // account. Name OrgFeatureAdditionalConfiguration // Indicates the status of the additional configuration that is set for the member // account. Status FeatureStatus // The timestamp at which the additional configuration was set for the member // account. This is in UTC format. UpdatedAt *time.Time noSmithyDocumentSerde } // Contains information on which data sources are enabled for a member account. type MemberDataSourceConfiguration struct { // The account ID for the member account. // // This member is required. AccountId *string // Contains information on the status of data sources for the account. // // Deprecated: This parameter is deprecated, use Features instead DataSources *DataSourceConfigurationsResult // Contains information about the status of the features for the member account. Features []MemberFeaturesConfigurationResult noSmithyDocumentSerde } // Contains information about the features for the member account. type MemberFeaturesConfiguration struct { // Additional configuration of the feature for the member account. AdditionalConfiguration []MemberAdditionalConfiguration // The name of the feature. Name OrgFeature // The status of the feature. Status FeatureStatus noSmithyDocumentSerde } // Contains information about the features for the member account. type MemberFeaturesConfigurationResult struct { // Indicates the additional configuration of the feature that is configured for // the member account. AdditionalConfiguration []MemberAdditionalConfigurationResult // Indicates the name of the feature that is enabled for the detector. Name OrgFeature // Indicates the status of the feature that is enabled for the detector. Status FeatureStatus // The timestamp at which the feature object was updated. UpdatedAt *time.Time noSmithyDocumentSerde } // Contains information about the NETWORK_CONNECTION action described in the // finding. type NetworkConnectionAction struct { // Indicates whether EC2 blocked the network connection to your instance. Blocked bool // The network connection direction. ConnectionDirection *string // The local IP information of the connection. LocalIpDetails *LocalIpDetails // The local port information of the connection. LocalPortDetails *LocalPortDetails // The network connection protocol. Protocol *string // The remote IP information of the connection. RemoteIpDetails *RemoteIpDetails // The remote port information of the connection. RemotePortDetails *RemotePortDetails noSmithyDocumentSerde } // Contains information about the elastic network interface of the EC2 instance. type NetworkInterface struct { // A list of IPv6 addresses for the EC2 instance. Ipv6Addresses []string // The ID of the network interface. NetworkInterfaceId *string // The private DNS name of the EC2 instance. PrivateDnsName *string // The private IP address of the EC2 instance. PrivateIpAddress *string // Other private IP address information of the EC2 instance. PrivateIpAddresses []PrivateIpAddressDetails // The public DNS name of the EC2 instance. PublicDnsName *string // The public IP address of the EC2 instance. PublicIp *string // The security groups associated with the EC2 instance. SecurityGroups []SecurityGroup // The subnet ID of the EC2 instance. SubnetId *string // The VPC ID of the EC2 instance. VpcId *string noSmithyDocumentSerde } // Contains information about the ISP organization of the remote IP address. type Organization struct { // The Autonomous System Number (ASN) of the internet provider of the remote IP // address. Asn *string // The organization that registered this ASN. AsnOrg *string // The ISP information for the internet provider. Isp *string // The name of the internet provider. Org *string noSmithyDocumentSerde } // A list of additional configurations which will be configured for the // organization. type OrganizationAdditionalConfiguration struct { // The status of the additional configuration that will be configured for the // organization. AutoEnable OrgFeatureStatus // The name of the additional configuration that will be configured for the // organization. Name OrgFeatureAdditionalConfiguration noSmithyDocumentSerde } // A list of additional configuration which will be configured for the // organization. type OrganizationAdditionalConfigurationResult struct { // Describes how The status of the additional configuration that are configured // for the member accounts within the organization. If you set AutoEnable to NEW , // a feature will be configured for only the new accounts when they join the // organization. If you set AutoEnable to NONE , no feature will be configured for // the accounts when they join the organization. AutoEnable OrgFeatureStatus // The name of the additional configuration that is configured for the member // accounts within the organization. Name OrgFeatureAdditionalConfiguration noSmithyDocumentSerde } // An object that contains information on which data sources will be configured to // be automatically enabled for new members within the organization. type OrganizationDataSourceConfigurations struct { // Describes the configuration of Kubernetes data sources for new members of the // organization. Kubernetes *OrganizationKubernetesConfiguration // Describes the configuration of Malware Protection for new members of the // organization. MalwareProtection *OrganizationMalwareProtectionConfiguration // Describes whether S3 data event logs are enabled for new members of the // organization. S3Logs *OrganizationS3LogsConfiguration noSmithyDocumentSerde } // An object that contains information on which data sources are automatically // enabled for new members within the organization. type OrganizationDataSourceConfigurationsResult struct { // Describes whether S3 data event logs are enabled as a data source. // // This member is required. S3Logs *OrganizationS3LogsConfigurationResult // Describes the configuration of Kubernetes data sources. Kubernetes *OrganizationKubernetesConfigurationResult // Describes the configuration of Malware Protection data source for an // organization. MalwareProtection *OrganizationMalwareProtectionConfigurationResult noSmithyDocumentSerde } // Organization-wide EBS volumes scan configuration. type OrganizationEbsVolumes struct { // Whether scanning EBS volumes should be auto-enabled for new members joining the // organization. AutoEnable bool noSmithyDocumentSerde } // An object that contains information on the status of whether EBS volumes // scanning will be enabled as a data source for an organization. type OrganizationEbsVolumesResult struct { // An object that contains the status of whether scanning EBS volumes should be // auto-enabled for new members joining the organization. AutoEnable bool noSmithyDocumentSerde } // A list of features which will be configured for the organization. type OrganizationFeatureConfiguration struct { // The additional information that will be configured for the organization. AdditionalConfiguration []OrganizationAdditionalConfiguration // The status of the feature that will be configured for the organization. AutoEnable OrgFeatureStatus // The name of the feature that will be configured for the organization. Name OrgFeature noSmithyDocumentSerde } // A list of features which will be configured for the organization. type OrganizationFeatureConfigurationResult struct { // The additional configuration that is configured for the member accounts within // the organization. AdditionalConfiguration []OrganizationAdditionalConfigurationResult // Describes how The status of the feature that are configured for the member // accounts within the organization. If you set AutoEnable to NEW , a feature will // be configured for only the new accounts when they join the organization. If you // set AutoEnable to NONE , no feature will be configured for the accounts when // they join the organization. AutoEnable OrgFeatureStatus // The name of the feature that is configured for the member accounts within the // organization. Name OrgFeature noSmithyDocumentSerde } // Organization-wide Kubernetes audit logs configuration. type OrganizationKubernetesAuditLogsConfiguration struct { // A value that contains information on whether Kubernetes audit logs should be // enabled automatically as a data source for the organization. // // This member is required. AutoEnable bool noSmithyDocumentSerde } // The current configuration of Kubernetes audit logs as a data source for the // organization. type OrganizationKubernetesAuditLogsConfigurationResult struct { // Whether Kubernetes audit logs data source should be auto-enabled for new // members joining the organization. // // This member is required. AutoEnable bool noSmithyDocumentSerde } // Organization-wide Kubernetes data sources configurations. type OrganizationKubernetesConfiguration struct { // Whether Kubernetes audit logs data source should be auto-enabled for new // members joining the organization. // // This member is required. AuditLogs *OrganizationKubernetesAuditLogsConfiguration noSmithyDocumentSerde } // The current configuration of all Kubernetes data sources for the organization. type OrganizationKubernetesConfigurationResult struct { // The current configuration of Kubernetes audit logs as a data source for the // organization. // // This member is required. AuditLogs *OrganizationKubernetesAuditLogsConfigurationResult noSmithyDocumentSerde } // Organization-wide Malware Protection configurations. type OrganizationMalwareProtectionConfiguration struct { // Whether Malware Protection for EC2 instances with findings should be // auto-enabled for new members joining the organization. ScanEc2InstanceWithFindings *OrganizationScanEc2InstanceWithFindings noSmithyDocumentSerde } // An object that contains information on the status of all Malware Protection // data source for an organization. type OrganizationMalwareProtectionConfigurationResult struct { // Describes the configuration for scanning EC2 instances with findings for an // organization. ScanEc2InstanceWithFindings *OrganizationScanEc2InstanceWithFindingsResult noSmithyDocumentSerde } // Describes whether S3 data event logs will be automatically enabled for new // members of the organization. type OrganizationS3LogsConfiguration struct { // A value that contains information on whether S3 data event logs will be enabled // automatically as a data source for the organization. // // This member is required. AutoEnable bool noSmithyDocumentSerde } // The current configuration of S3 data event logs as a data source for the // organization. type OrganizationS3LogsConfigurationResult struct { // A value that describes whether S3 data event logs are automatically enabled for // new members of the organization. // // This member is required. AutoEnable bool noSmithyDocumentSerde } // Organization-wide EC2 instances with findings scan configuration. type OrganizationScanEc2InstanceWithFindings struct { // Whether scanning EBS volumes should be auto-enabled for new members joining the // organization. EbsVolumes *OrganizationEbsVolumes noSmithyDocumentSerde } // An object that contains information on the status of scanning EC2 instances // with findings for an organization. type OrganizationScanEc2InstanceWithFindingsResult struct { // Describes the configuration for scanning EBS volumes for an organization. EbsVolumes *OrganizationEbsVolumesResult noSmithyDocumentSerde } // Contains information on the owner of the bucket. type Owner struct { // The canonical user ID of the bucket owner. For information about locating your // canonical user ID see Finding Your Account Canonical User ID. (https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId) Id *string noSmithyDocumentSerde } // Contains information about how permissions are configured for the S3 bucket. type PermissionConfiguration struct { // Contains information about the account level permissions on the S3 bucket. AccountLevelPermissions *AccountLevelPermissions // Contains information about the bucket level permissions for the S3 bucket. BucketLevelPermissions *BucketLevelPermissions noSmithyDocumentSerde } // Contains information about the PORT_PROBE action described in the finding. type PortProbeAction struct { // Indicates whether EC2 blocked the port probe to the instance, such as with an // ACL. Blocked bool // A list of objects related to port probe details. PortProbeDetails []PortProbeDetail noSmithyDocumentSerde } // Contains information about the port probe details. type PortProbeDetail struct { // The local IP information of the connection. LocalIpDetails *LocalIpDetails // The local port information of the connection. LocalPortDetails *LocalPortDetails // The remote IP information of the connection. RemoteIpDetails *RemoteIpDetails noSmithyDocumentSerde } // Contains other private IP address information of the EC2 instance. type PrivateIpAddressDetails struct { // The private DNS name of the EC2 instance. PrivateDnsName *string // The private IP address of the EC2 instance. PrivateIpAddress *string noSmithyDocumentSerde } // Information about the observed process. type ProcessDetails struct { // The effective user ID of the user that executed the process. Euid int32 // The absolute path of the process executable file. ExecutablePath *string // The SHA256 hash of the process executable. ExecutableSha256 *string // Information about the process's lineage. Lineage []LineageObject // The name of the process. Name *string // The ID of the child process. NamespacePid int32 // The unique ID of the parent process. This ID is assigned to the parent process // by GuardDuty. ParentUuid *string // The ID of the process. Pid int32 // The present working directory of the process. Pwd *string // The time when the process started. This is in UTC format. StartTime *time.Time // The user that executed the process. User *string // The unique ID of the user that executed the process. UserId int32 // The unique ID assigned to the process by GuardDuty. Uuid *string noSmithyDocumentSerde } // Contains information about the product code for the EC2 instance. type ProductCode struct { // The product code information. Code *string // The product code type. ProductType *string noSmithyDocumentSerde } // Describes the public access policies that apply to the S3 bucket. type PublicAccess struct { // Describes the effective permission on this bucket after factoring all attached // policies. EffectivePermission *string // Contains information about how permissions are configured for the S3 bucket. PermissionConfiguration *PermissionConfiguration noSmithyDocumentSerde } // Contains information about the resource type RDSDBInstance involved in a // GuardDuty finding. type RdsDbInstanceDetails struct { // The identifier of the database cluster that contains the database instance ID // involved in the finding. DbClusterIdentifier *string // The Amazon Resource Name (ARN) that identifies the database instance involved // in the finding. DbInstanceArn *string // The identifier associated to the database instance that was involved in the // finding. DbInstanceIdentifier *string // The database engine of the database instance involved in the finding. Engine *string // The version of the database engine that was involved in the finding. EngineVersion *string // Instance tag key-value pairs associated with the database instance ID. Tags []Tag noSmithyDocumentSerde } // Contains information about the user and authentication details for a database // instance involved in the finding. type RdsDbUserDetails struct { // The application name used in the anomalous login attempt. Application *string // The authentication method used by the user involved in the finding. AuthMethod *string // The name of the database instance involved in the anomalous login attempt. Database *string // The version of the Secure Socket Layer (SSL) used for the network. Ssl *string // The user name used in the anomalous login attempt. User *string noSmithyDocumentSerde } // Indicates that a login attempt was made to the potentially compromised database // from a remote IP address. type RdsLoginAttemptAction struct { // Indicates the login attributes used in the login attempt. LoginAttributes []LoginAttribute // Contains information about the remote IP address of the connection. RemoteIpDetails *RemoteIpDetails noSmithyDocumentSerde } // Contains details about the remote Amazon Web Services account that made the API // call. type RemoteAccountDetails struct { // The Amazon Web Services account ID of the remote API caller. AccountId *string // Details on whether the Amazon Web Services account of the remote API caller is // related to your GuardDuty environment. If this value is True the API caller is // affiliated to your account in some way. If it is False the API caller is from // outside your environment. Affiliated bool noSmithyDocumentSerde } // Contains information about the remote IP address of the connection. type RemoteIpDetails struct { // The city information of the remote IP address. City *City // The country code of the remote IP address. Country *Country // The location information of the remote IP address. GeoLocation *GeoLocation // The IPv4 remote address of the connection. IpAddressV4 *string // The ISP organization information of the remote IP address. Organization *Organization noSmithyDocumentSerde } // Contains information about the remote port. type RemotePortDetails struct { // The port number of the remote connection. Port int32 // The port name of the remote connection. PortName *string noSmithyDocumentSerde } // Contains information about the Amazon Web Services resource associated with the // activity that prompted GuardDuty to generate a finding. type Resource struct { // The IAM access key details (user information) of a user that engaged in the // activity that prompted GuardDuty to generate a finding. AccessKeyDetails *AccessKeyDetails // Details of a container. ContainerDetails *Container // Contains list of scanned and skipped EBS volumes with details. EbsVolumeDetails *EbsVolumeDetails // Contains information about the details of the ECS Cluster. EcsClusterDetails *EcsClusterDetails // Details about the EKS cluster involved in a Kubernetes finding. EksClusterDetails *EksClusterDetails // The information about the EC2 instance associated with the activity that // prompted GuardDuty to generate a finding. InstanceDetails *InstanceDetails // Details about the Kubernetes user and workload involved in a Kubernetes finding. KubernetesDetails *KubernetesDetails // Contains information about the Lambda function that was involved in a finding. LambdaDetails *LambdaDetails // Contains information about the database instance to which an anomalous login // attempt was made. RdsDbInstanceDetails *RdsDbInstanceDetails // Contains information about the user details through which anomalous login // attempt was made. RdsDbUserDetails *RdsDbUserDetails // The type of Amazon Web Services resource. ResourceType *string // Contains information on the S3 bucket. S3BucketDetails []S3BucketDetail noSmithyDocumentSerde } // Represents the resources that were scanned in the scan entry. type ResourceDetails struct { // InstanceArn that was scanned in the scan entry. InstanceArn *string noSmithyDocumentSerde } // Additional information about the suspicious activity. type RuntimeContext struct { // Represents the communication protocol associated with the address. For example, // the address family AF_INET is used for IP version of 4 protocol. AddressFamily *string // Represents the type of mounted fileSystem. FileSystemType *string // Represents options that control the behavior of a runtime operation or action. // For example, a filesystem mount operation may contain a read-only flag. Flags []string // Specifies a particular protocol within the address family. Usually there is a // single protocol in address families. For example, the address family AF_INET // only has the IP protocol. IanaProtocolNumber int32 // The value of the LD_PRELOAD environment variable. LdPreloadValue *string // The path to the new library that was loaded. LibraryPath *string // Specifies the Region of a process's address space such as stack and heap. MemoryRegions []string // The timestamp at which the process modified the current process. The timestamp // is in UTC date string format. ModifiedAt *time.Time // Information about the process that modified the current process. This is // available for multiple finding types. ModifyingProcess *ProcessDetails // The path to the module loaded into the kernel. ModuleFilePath *string // The name of the module loaded into the kernel. ModuleName *string // The SHA256 hash of the module. ModuleSha256 *string // The path on the host that is mounted by the container. MountSource *string // The path in the container that is mapped to the host directory. MountTarget *string // The path in the container that modified the release agent file. ReleaseAgentPath *string // The path to the leveraged runc implementation. RuncBinaryPath *string // The path to the script that was executed. ScriptPath *string // The path to the modified shell history file. ShellHistoryFilePath *string // The path to the docket socket that was accessed. SocketPath *string // Information about the process that had its memory overwritten by the current // process. TargetProcess *ProcessDetails noSmithyDocumentSerde } // Information about the process and any required context values for a specific // finding. type RuntimeDetails struct { // Additional information about the suspicious activity. Context *RuntimeContext // Information about the observed process. Process *ProcessDetails noSmithyDocumentSerde } // Contains information on the S3 bucket. type S3BucketDetail struct { // The Amazon Resource Name (ARN) of the S3 bucket. Arn *string // The date and time the bucket was created at. CreatedAt *time.Time // Describes the server side encryption method used in the S3 bucket. DefaultServerSideEncryption *DefaultServerSideEncryption // The name of the S3 bucket. Name *string // The owner of the S3 bucket. Owner *Owner // Describes the public access policies that apply to the S3 bucket. PublicAccess *PublicAccess // All tags attached to the S3 bucket Tags []Tag // Describes whether the bucket is a source or destination bucket. Type *string noSmithyDocumentSerde } // Describes whether S3 data event logs will be enabled as a data source. type S3LogsConfiguration struct { // The status of S3 data event logs as a data source. // // This member is required. Enable bool noSmithyDocumentSerde } // Describes whether S3 data event logs will be enabled as a data source. type S3LogsConfigurationResult struct { // A value that describes whether S3 data event logs are automatically enabled for // new members of the organization. // // This member is required. Status DataSourceStatus noSmithyDocumentSerde } // Contains information about a malware scan. type Scan struct { // The ID for the account that belongs to the scan. AccountId *string // The unique detector ID of the administrator account that the request is // associated with. Note that this value will be the same as the one used for // DetectorId if the account is an administrator. AdminDetectorId *string // List of volumes that were attached to the original instance to be scanned. AttachedVolumes []VolumeDetail // The unique ID of the detector that the request is associated with. DetectorId *string // Represents the reason for FAILED scan status. FailureReason *string // Represents the number of files that were scanned. FileCount int64 // Represents the resources that were scanned in the scan entry. ResourceDetails *ResourceDetails // The timestamp of when the scan was finished. ScanEndTime *time.Time // The unique scan ID associated with a scan entry. ScanId *string // Represents the result of the scan. ScanResultDetails *ScanResultDetails // The timestamp of when the scan was triggered. ScanStartTime *time.Time // An enum value representing possible scan statuses. ScanStatus ScanStatus // Specifies the scan type that invoked the malware scan. ScanType ScanType // Represents total bytes that were scanned. TotalBytes int64 // Specifies the reason why the scan was initiated. TriggerDetails *TriggerDetails noSmithyDocumentSerde } // Contains information about the condition. type ScanCondition struct { // Represents an mapEqual condition to be applied to a single field when // triggering for malware scan. // // This member is required. MapEquals []ScanConditionPair noSmithyDocumentSerde } // Represents key, value pair to be matched against given resource property. type ScanConditionPair struct { // Represents key in the map condition. // // This member is required. Key *string // Represents optional value in the map condition. If not specified, only key will // be matched. Value *string noSmithyDocumentSerde } // Contains a complete view providing malware scan result details. type ScanDetections struct { // Details of the highest severity threat detected during malware scan and number // of infected files. HighestSeverityThreatDetails *HighestSeverityThreatDetails // Total number of scanned files. ScannedItemCount *ScannedItemCount // Contains details about identified threats organized by threat name. ThreatDetectedByName *ThreatDetectedByName // Total number of infected files. ThreatsDetectedItemCount *ThreatsDetectedItemCount noSmithyDocumentSerde } // Describes whether Malware Protection for EC2 instances with findings will be // enabled as a data source. type ScanEc2InstanceWithFindings struct { // Describes the configuration for scanning EBS volumes as data source. EbsVolumes bool noSmithyDocumentSerde } // An object that contains information on the status of whether Malware Protection // for EC2 instances with findings will be enabled as a data source. type ScanEc2InstanceWithFindingsResult struct { // Describes the configuration of scanning EBS volumes as a data source. EbsVolumes *EbsVolumesResult noSmithyDocumentSerde } // Contains details of infected file including name, file path and hash. type ScanFilePath struct { // File name of the infected file. FileName *string // The file path of the infected file. FilePath *string // The hash value of the infected file. Hash *string // EBS volume Arn details of the infected file. VolumeArn *string noSmithyDocumentSerde } // Total number of scanned files. type ScannedItemCount struct { // Number of files scanned. Files int32 // Total GB of files scanned for malware. TotalGb int32 // Total number of scanned volumes. Volumes int32 noSmithyDocumentSerde } // Contains information about criteria used to filter resources before triggering // malware scan. type ScanResourceCriteria struct { // Represents condition that when matched will prevent a malware scan for a // certain resource. Exclude map[string]ScanCondition // Represents condition that when matched will allow a malware scan for a certain // resource. Include map[string]ScanCondition noSmithyDocumentSerde } // Represents the result of the scan. type ScanResultDetails struct { // An enum value representing possible scan results. ScanResult ScanResult noSmithyDocumentSerde } // Contains files infected with the given threat providing details of malware name // and severity. type ScanThreatName struct { // List of infected files in EBS volume with details. FilePaths []ScanFilePath // Total number of files infected with given threat. ItemCount int32 // The name of the identified threat. Name *string // Severity of threat identified as part of the malware scan. Severity *string noSmithyDocumentSerde } // Container security context. type SecurityContext struct { // Whether the container is privileged. Privileged bool noSmithyDocumentSerde } // Contains information about the security groups associated with the EC2 instance. type SecurityGroup struct { // The security group ID of the EC2 instance. GroupId *string // The security group name of the EC2 instance. GroupName *string noSmithyDocumentSerde } // Contains additional information about the generated finding. type Service struct { // Information about the activity that is described in a finding. Action *Action // Contains additional information about the generated finding. AdditionalInfo *ServiceAdditionalInfo // Indicates whether this finding is archived. Archived bool // The total count of the occurrences of this finding type. Count int32 // The detector ID for the GuardDuty service. DetectorId *string // Returns details from the malware scan that created a finding. EbsVolumeScanDetails *EbsVolumeScanDetails // The first-seen timestamp of the activity that prompted GuardDuty to generate // this finding. EventFirstSeen *string // The last-seen timestamp of the activity that prompted GuardDuty to generate // this finding. EventLastSeen *string // An evidence object associated with the service. Evidence *Evidence // The name of the feature that generated a finding. FeatureName *string // The resource role information for this finding. ResourceRole *string // Information about the process and any required context values for a specific // finding RuntimeDetails *RuntimeDetails // The name of the Amazon Web Services service (GuardDuty) that generated a // finding. ServiceName *string // Feedback that was submitted about the finding. UserFeedback *string noSmithyDocumentSerde } // Additional information about the generated finding. type ServiceAdditionalInfo struct { // Describes the type of the additional information. Type *string // This field specifies the value of the additional information. Value *string noSmithyDocumentSerde } // Contains information about the criteria used for sorting findings. type SortCriteria struct { // Represents the finding attribute, such as accountId , that sorts the findings. AttributeName *string // The order by which the sorted findings are to be displayed. OrderBy OrderBy noSmithyDocumentSerde } // Contains information about a tag associated with the EC2 instance. type Tag struct { // The EC2 instance tag key. Key *string // The EC2 instance tag value. Value *string noSmithyDocumentSerde } // Contains details about identified threats organized by threat name. type ThreatDetectedByName struct { // Total number of infected files identified. ItemCount int32 // Flag to determine if the finding contains every single infected file-path // and/or every threat. Shortened bool // List of identified threats with details, organized by threat name. ThreatNames []ScanThreatName // Total number of unique threats by name identified, as part of the malware scan. UniqueThreatNameCount int32 noSmithyDocumentSerde } // An instance of a threat intelligence detail that constitutes evidence for the // finding. type ThreatIntelligenceDetail struct { // The name of the threat intelligence list that triggered the finding. ThreatListName *string // A list of names of the threats in the threat intelligence list that triggered // the finding. ThreatNames []string noSmithyDocumentSerde } // Contains total number of infected files. type ThreatsDetectedItemCount struct { // Total number of infected files. Files int32 noSmithyDocumentSerde } // Contains the total usage with the corresponding currency unit for that value. type Total struct { // The total usage. Amount *string // The currency unit that the amount is given in. Unit *string noSmithyDocumentSerde } // Represents the reason the scan was triggered. type TriggerDetails struct { // The description of the scan trigger. Description *string // The ID of the GuardDuty finding that triggered the malware scan. GuardDutyFindingId *string noSmithyDocumentSerde } // Contains information about the accounts that weren't processed. type UnprocessedAccount struct { // The Amazon Web Services account ID. // // This member is required. AccountId *string // A reason why the account hasn't been processed. // // This member is required. Result *string noSmithyDocumentSerde } // Specifies the names of the data sources that couldn't be enabled. type UnprocessedDataSourcesResult struct { // An object that contains information on the status of all Malware Protection // data sources. MalwareProtection *MalwareProtectionConfigurationResult noSmithyDocumentSerde } // Contains information on the total of usage based on account IDs. type UsageAccountResult struct { // The Account ID that generated usage. AccountId *string // Represents the total of usage for the Account ID. Total *Total noSmithyDocumentSerde } // Contains information about the criteria used to query usage statistics. type UsageCriteria struct { // The account IDs to aggregate usage statistics from. AccountIds []string // The data sources to aggregate usage statistics from. // // Deprecated: This parameter is deprecated, use Features instead DataSources []DataSource // The features to aggregate usage statistics from. Features []UsageFeature // The resources to aggregate usage statistics from. Only accepts exact resource // names. Resources []string noSmithyDocumentSerde } // Contains information on the result of usage based on data source type. type UsageDataSourceResult struct { // The data source type that generated usage. DataSource DataSource // Represents the total of usage for the specified data source. Total *Total noSmithyDocumentSerde } // Contains information about the result of the total usage based on the feature. type UsageFeatureResult struct { // The feature that generated the usage cost. Feature UsageFeature // Contains the total usage with the corresponding currency unit for that value. Total *Total noSmithyDocumentSerde } // Contains information on the sum of usage based on an Amazon Web Services // resource. type UsageResourceResult struct { // The Amazon Web Services resource that generated usage. Resource *string // Represents the sum total of usage for the specified resource type. Total *Total noSmithyDocumentSerde } // Contains the result of GuardDuty usage. If a UsageStatisticType is provided the // result for other types will be null. type UsageStatistics struct { // The usage statistic sum organized by account ID. SumByAccount []UsageAccountResult // The usage statistic sum organized by on data source. SumByDataSource []UsageDataSourceResult // The usage statistic sum organized by feature. SumByFeature []UsageFeatureResult // The usage statistic sum organized by resource. SumByResource []UsageResourceResult // Lists the top 50 resources that have generated the most GuardDuty usage, in // order from most to least expensive. TopResources []UsageResourceResult noSmithyDocumentSerde } // Volume used by the Kubernetes workload. type Volume struct { // Represents a pre-existing file or directory on the host machine that the volume // maps to. HostPath *HostPath // Volume name. Name *string noSmithyDocumentSerde } // Contains EBS volume details. type VolumeDetail struct { // The device name for the EBS volume. DeviceName *string // EBS volume encryption type. EncryptionType *string // KMS key Arn used to encrypt the EBS volume. KmsKeyArn *string // Snapshot Arn of the EBS volume. SnapshotArn *string // EBS volume Arn information. VolumeArn *string // EBS volume size in GB. VolumeSizeInGB int32 // The EBS volume type. VolumeType *string noSmithyDocumentSerde } // Container volume mount. type VolumeMount struct { // Volume mount path. MountPath *string // Volume mount name. Name *string noSmithyDocumentSerde } // Amazon Virtual Private Cloud configuration details associated with your Lambda // function. type VpcConfig struct { // The identifier of the security group attached to the Lambda function. SecurityGroups []SecurityGroup // The identifiers of the subnets that are associated with your Lambda function. SubnetIds []string // The identifier of the Amazon Virtual Private Cloud. VpcId *string noSmithyDocumentSerde } type noSmithyDocumentSerde = smithydocument.NoSerde