/
docs-2.json
1554 lines (1554 loc) · 81.3 KB
/
docs-2.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
{
"version": "2.0",
"service": "<p>Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin. </p> <p>GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength. </p> <p>GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the <i> <a href=\"https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html\">Amazon GuardDuty User Guide</a> </i>. </p>",
"operations": {
"AcceptInvitation": "<p>Accepts the invitation to be monitored by a master GuardDuty account.</p>",
"ArchiveFindings": "<p>Archives GuardDuty findings that are specified by the list of finding IDs.</p> <note> <p>Only the master account can archive findings. Member accounts don't have permission to archive findings from their accounts.</p> </note>",
"CreateDetector": "<p>Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region.</p>",
"CreateFilter": "<p>Creates a filter using the specified finding criteria.</p>",
"CreateIPSet": "<p>Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with AWS infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the master account can use this operation.</p>",
"CreateMembers": "<p>Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.</p>",
"CreatePublishingDestination": "<p>Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.</p>",
"CreateSampleFindings": "<p>Generates example findings of types specified by the list of finding types. If 'NULL' is specified for <code>findingTypes</code>, the API generates example findings of all supported finding types.</p>",
"CreateThreatIntelSet": "<p>Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the master account can use this operation.</p>",
"DeclineInvitations": "<p>Declines invitations sent to the current member account by AWS accounts specified by their account IDs.</p>",
"DeleteDetector": "<p>Deletes an Amazon GuardDuty detector that is specified by the detector ID.</p>",
"DeleteFilter": "<p>Deletes the filter specified by the filter name.</p>",
"DeleteIPSet": "<p>Deletes the IPSet specified by the <code>ipSetId</code>. IPSets are called trusted IP lists in the console user interface.</p>",
"DeleteInvitations": "<p>Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.</p>",
"DeleteMembers": "<p>Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.</p>",
"DeletePublishingDestination": "<p>Deletes the publishing definition with the specified <code>destinationId</code>.</p>",
"DeleteThreatIntelSet": "<p>Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.</p>",
"DescribeOrganizationConfiguration": "<p>Returns information about the account selected as the delegated administrator for GuardDuty.</p>",
"DescribePublishingDestination": "<p>Returns information about the publishing destination specified by the provided <code>destinationId</code>.</p>",
"DisableOrganizationAdminAccount": "<p>Disables an AWS account within the Organization as the GuardDuty delegated administrator.</p>",
"DisassociateFromMasterAccount": "<p>Disassociates the current GuardDuty member account from its master account.</p>",
"DisassociateMembers": "<p>Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.</p>",
"EnableOrganizationAdminAccount": "<p>Enables an AWS account within the organization as the GuardDuty delegated administrator.</p>",
"GetDetector": "<p>Retrieves an Amazon GuardDuty detector specified by the detectorId.</p>",
"GetFilter": "<p>Returns the details of the filter specified by the filter name.</p>",
"GetFindings": "<p>Describes Amazon GuardDuty findings specified by finding IDs.</p>",
"GetFindingsStatistics": "<p>Lists Amazon GuardDuty findings statistics for the specified detector ID.</p>",
"GetIPSet": "<p>Retrieves the IPSet specified by the <code>ipSetId</code>.</p>",
"GetInvitationsCount": "<p>Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.</p>",
"GetMasterAccount": "<p>Provides the details for the GuardDuty master account associated with the current GuardDuty member account.</p>",
"GetMembers": "<p>Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.</p>",
"GetThreatIntelSet": "<p>Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.</p>",
"InviteMembers": "<p>Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty, and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.</p>",
"ListDetectors": "<p>Lists detectorIds of all the existing Amazon GuardDuty detector resources.</p>",
"ListFilters": "<p>Returns a paginated list of the current filters.</p>",
"ListFindings": "<p>Lists Amazon GuardDuty findings for the specified detector ID.</p>",
"ListIPSets": "<p>Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated master account.</p>",
"ListInvitations": "<p>Lists all GuardDuty membership invitations that were sent to the current AWS account.</p>",
"ListMembers": "<p>Lists details about associated member accounts for the current GuardDuty master account.</p>",
"ListOrganizationAdminAccounts": "<p>Lists the accounts configured as GuardDuty delegated administrators.</p>",
"ListPublishingDestinations": "<p>Returns a list of publishing destinations associated with the specified <code>dectectorId</code>.</p>",
"ListTagsForResource": "<p>Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.</p>",
"ListThreatIntelSets": "<p>Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the master account are returned.</p>",
"StartMonitoringMembers": "<p>Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the <code>StopMonitoringMembers</code> operation.</p>",
"StopMonitoringMembers": "<p>Stops GuardDuty monitoring for the specified member accounts. Use the <code>StartMonitoringMembers</code> operation to restart monitoring for those accounts.</p>",
"TagResource": "<p>Adds tags to a resource.</p>",
"UnarchiveFindings": "<p>Unarchives GuardDuty findings specified by the <code>findingIds</code>.</p>",
"UntagResource": "<p>Removes tags from a resource.</p>",
"UpdateDetector": "<p>Updates the Amazon GuardDuty detector specified by the detectorId.</p>",
"UpdateFilter": "<p>Updates the filter specified by the filter name.</p>",
"UpdateFindingsFeedback": "<p>Marks the specified GuardDuty findings as useful or not useful.</p>",
"UpdateIPSet": "<p>Updates the IPSet specified by the IPSet ID.</p>",
"UpdateOrganizationConfiguration": "<p>Updates the delegated administrator account with the values provided.</p>",
"UpdatePublishingDestination": "<p>Updates information about the publishing destination specified by the <code>destinationId</code>.</p>",
"UpdateThreatIntelSet": "<p>Updates the ThreatIntelSet specified by the ThreatIntelSet ID.</p>"
},
"shapes": {
"AcceptInvitationRequest": {
"base": null,
"refs": {
}
},
"AcceptInvitationResponse": {
"base": null,
"refs": {
}
},
"AccessKeyDetails": {
"base": "<p>Contains information about the access keys.</p>",
"refs": {
"Resource$AccessKeyDetails": "<p>The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.</p>"
}
},
"AccountDetail": {
"base": "<p>Contains information about the account.</p>",
"refs": {
"AccountDetails$member": null
}
},
"AccountDetails": {
"base": null,
"refs": {
"CreateMembersRequest$AccountDetails": "<p>A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account.</p>"
}
},
"AccountId": {
"base": null,
"refs": {
"AccountDetail$AccountId": "<p>The member account ID.</p>",
"AccountIds$member": null,
"Invitation$AccountId": "<p>The ID of the account that the invitation was sent from.</p>",
"Master$AccountId": "<p>The ID of the account used as the master account.</p>",
"Member$AccountId": "<p>The ID of the member account.</p>",
"UnprocessedAccount$AccountId": "<p>The AWS account ID.</p>"
}
},
"AccountIds": {
"base": null,
"refs": {
"DeclineInvitationsRequest$AccountIds": "<p>A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.</p>",
"DeleteInvitationsRequest$AccountIds": "<p>A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.</p>",
"DeleteMembersRequest$AccountIds": "<p>A list of account IDs of the GuardDuty member accounts that you want to delete.</p>",
"DisassociateMembersRequest$AccountIds": "<p>A list of account IDs of the GuardDuty member accounts that you want to disassociate from the master account.</p>",
"GetMembersRequest$AccountIds": "<p>A list of account IDs of the GuardDuty member accounts that you want to describe.</p>",
"InviteMembersRequest$AccountIds": "<p>A list of account IDs of the accounts that you want to invite to GuardDuty as members.</p>",
"StartMonitoringMembersRequest$AccountIds": "<p>A list of account IDs of the GuardDuty member accounts to start monitoring.</p>",
"StopMonitoringMembersRequest$AccountIds": "<p>A list of account IDs for the member accounts to stop monitoring.</p>"
}
},
"Action": {
"base": "<p>Contains information about actions.</p>",
"refs": {
"Service$Action": "<p>Information about the activity that is described in a finding.</p>"
}
},
"AdminAccount": {
"base": "<p>The account within the organization specified as the GuardDuty delegated administrator.</p>",
"refs": {
"AdminAccounts$member": null
}
},
"AdminAccounts": {
"base": null,
"refs": {
"ListOrganizationAdminAccountsResponse$AdminAccounts": "<p>An AdminAccounts object that includes a list of accounts configured as GuardDuty delegated administrators.</p>"
}
},
"AdminStatus": {
"base": null,
"refs": {
"AdminAccount$AdminStatus": "<p>Indicates whether the account is enabled as the delegated administrator.</p>"
}
},
"ArchiveFindingsRequest": {
"base": null,
"refs": {
}
},
"ArchiveFindingsResponse": {
"base": null,
"refs": {
}
},
"AwsApiCallAction": {
"base": "<p>Contains information about the API operation.</p>",
"refs": {
"Action$AwsApiCallAction": "<p>Information about the AWS_API_CALL action described in this finding.</p>"
}
},
"BadRequestException": {
"base": "<p>A bad request exception object.</p>",
"refs": {
}
},
"Boolean": {
"base": null,
"refs": {
"CreateDetectorRequest$Enable": "<p>A Boolean value that specifies whether the detector is to be enabled.</p>",
"CreateIPSetRequest$Activate": "<p>A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.</p>",
"CreateThreatIntelSetRequest$Activate": "<p>A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.</p>",
"DescribeOrganizationConfigurationResponse$AutoEnable": "<p>Indicates whether GuardDuty is automatically enabled for accounts added to the organization.</p>",
"DescribeOrganizationConfigurationResponse$MemberAccountLimitReached": "<p>Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator master account.</p>",
"InviteMembersRequest$DisableEmailNotification": "<p>A Boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members.</p>",
"NetworkConnectionAction$Blocked": "<p>Indicates whether EC2 blocked the network connection to your instance.</p>",
"PortProbeAction$Blocked": "<p>Indicates whether EC2 blocked the port probe to the instance, such as with an ACL.</p>",
"Service$Archived": "<p>Indicates whether this finding is archived.</p>",
"UpdateDetectorRequest$Enable": "<p>Specifies whether the detector is enabled or not enabled.</p>",
"UpdateIPSetRequest$Activate": "<p>The updated Boolean value that specifies whether the IPSet is active or not.</p>",
"UpdateOrganizationConfigurationRequest$AutoEnable": "<p>Indicates whether to automatically enable member accounts in the organization.</p>",
"UpdateThreatIntelSetRequest$Activate": "<p>The updated Boolean value that specifies whether the ThreateIntelSet is active or not.</p>"
}
},
"City": {
"base": "<p>Contains information about the city associated with the IP address.</p>",
"refs": {
"RemoteIpDetails$City": "<p>The city information of the remote IP address.</p>"
}
},
"ClientToken": {
"base": null,
"refs": {
"CreateDetectorRequest$ClientToken": "<p>The idempotency token for the create request.</p>",
"CreateFilterRequest$ClientToken": "<p>The idempotency token for the create request.</p>",
"CreateIPSetRequest$ClientToken": "<p>The idempotency token for the create request.</p>",
"CreatePublishingDestinationRequest$ClientToken": "<p>The idempotency token for the request.</p>",
"CreateThreatIntelSetRequest$ClientToken": "<p>The idempotency token for the create request.</p>"
}
},
"Condition": {
"base": "<p>Contains information about the condition.</p>",
"refs": {
"Criterion$value": null
}
},
"CountBySeverity": {
"base": null,
"refs": {
"FindingStatistics$CountBySeverity": "<p>Represents a map of severity to count statistics for a set of findings.</p>"
}
},
"Country": {
"base": "<p>Contains information about the country where the remote IP address is located.</p>",
"refs": {
"RemoteIpDetails$Country": "<p>The country code of the remote IP address.</p>"
}
},
"CreateDetectorRequest": {
"base": null,
"refs": {
}
},
"CreateDetectorResponse": {
"base": null,
"refs": {
}
},
"CreateFilterRequest": {
"base": null,
"refs": {
}
},
"CreateFilterResponse": {
"base": null,
"refs": {
}
},
"CreateIPSetRequest": {
"base": null,
"refs": {
}
},
"CreateIPSetResponse": {
"base": null,
"refs": {
}
},
"CreateMembersRequest": {
"base": null,
"refs": {
}
},
"CreateMembersResponse": {
"base": null,
"refs": {
}
},
"CreatePublishingDestinationRequest": {
"base": null,
"refs": {
}
},
"CreatePublishingDestinationResponse": {
"base": null,
"refs": {
}
},
"CreateSampleFindingsRequest": {
"base": null,
"refs": {
}
},
"CreateSampleFindingsResponse": {
"base": null,
"refs": {
}
},
"CreateThreatIntelSetRequest": {
"base": null,
"refs": {
}
},
"CreateThreatIntelSetResponse": {
"base": null,
"refs": {
}
},
"Criterion": {
"base": null,
"refs": {
"FindingCriteria$Criterion": "<p>Represents a map of finding properties that match specified conditions and values when querying findings.</p>"
}
},
"DeclineInvitationsRequest": {
"base": null,
"refs": {
}
},
"DeclineInvitationsResponse": {
"base": null,
"refs": {
}
},
"DeleteDetectorRequest": {
"base": null,
"refs": {
}
},
"DeleteDetectorResponse": {
"base": null,
"refs": {
}
},
"DeleteFilterRequest": {
"base": null,
"refs": {
}
},
"DeleteFilterResponse": {
"base": null,
"refs": {
}
},
"DeleteIPSetRequest": {
"base": null,
"refs": {
}
},
"DeleteIPSetResponse": {
"base": null,
"refs": {
}
},
"DeleteInvitationsRequest": {
"base": null,
"refs": {
}
},
"DeleteInvitationsResponse": {
"base": null,
"refs": {
}
},
"DeleteMembersRequest": {
"base": null,
"refs": {
}
},
"DeleteMembersResponse": {
"base": null,
"refs": {
}
},
"DeletePublishingDestinationRequest": {
"base": null,
"refs": {
}
},
"DeletePublishingDestinationResponse": {
"base": null,
"refs": {
}
},
"DeleteThreatIntelSetRequest": {
"base": null,
"refs": {
}
},
"DeleteThreatIntelSetResponse": {
"base": null,
"refs": {
}
},
"DescribeOrganizationConfigurationRequest": {
"base": null,
"refs": {
}
},
"DescribeOrganizationConfigurationResponse": {
"base": null,
"refs": {
}
},
"DescribePublishingDestinationRequest": {
"base": null,
"refs": {
}
},
"DescribePublishingDestinationResponse": {
"base": null,
"refs": {
}
},
"Destination": {
"base": "<p>Contains information about the publishing destination, including the ID, type, and status.</p>",
"refs": {
"Destinations$member": null
}
},
"DestinationProperties": {
"base": "<p>Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.</p>",
"refs": {
"CreatePublishingDestinationRequest$DestinationProperties": "<p>The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.</p>",
"DescribePublishingDestinationResponse$DestinationProperties": "<p>A <code>DestinationProperties</code> object that includes the <code>DestinationArn</code> and <code>KmsKeyArn</code> of the publishing destination.</p>",
"UpdatePublishingDestinationRequest$DestinationProperties": "<p>A <code>DestinationProperties</code> object that includes the <code>DestinationArn</code> and <code>KmsKeyArn</code> of the publishing destination.</p>"
}
},
"DestinationType": {
"base": null,
"refs": {
"CreatePublishingDestinationRequest$DestinationType": "<p>The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.</p>",
"DescribePublishingDestinationResponse$DestinationType": "<p>The type of publishing destination. Currently, only Amazon S3 buckets are supported.</p>",
"Destination$DestinationType": "<p>The type of resource used for the publishing destination. Currently, only Amazon S3 buckets are supported.</p>"
}
},
"Destinations": {
"base": null,
"refs": {
"ListPublishingDestinationsResponse$Destinations": "<p>A <code>Destinations</code> object that includes information about each publishing destination returned.</p>"
}
},
"DetectorId": {
"base": null,
"refs": {
"AcceptInvitationRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty member account.</p>",
"ArchiveFindingsRequest$DetectorId": "<p>The ID of the detector that specifies the GuardDuty service whose findings you want to archive.</p>",
"CreateDetectorResponse$DetectorId": "<p>The unique ID of the created detector.</p>",
"CreateFilterRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty account that you want to create a filter for.</p>",
"CreateIPSetRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.</p>",
"CreateMembersRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.</p>",
"CreatePublishingDestinationRequest$DetectorId": "<p>The ID of the GuardDuty detector associated with the publishing destination.</p>",
"CreateSampleFindingsRequest$DetectorId": "<p>The ID of the detector to create sample findings for.</p>",
"CreateThreatIntelSetRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.</p>",
"DeleteDetectorRequest$DetectorId": "<p>The unique ID of the detector that you want to delete.</p>",
"DeleteFilterRequest$DetectorId": "<p>The unique ID of the detector that the filter is associated with.</p>",
"DeleteIPSetRequest$DetectorId": "<p>The unique ID of the detector associated with the IPSet.</p>",
"DeleteMembersRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty account whose members you want to delete.</p>",
"DeletePublishingDestinationRequest$DetectorId": "<p>The unique ID of the detector associated with the publishing destination to delete.</p>",
"DeleteThreatIntelSetRequest$DetectorId": "<p>The unique ID of the detector that the threatIntelSet is associated with.</p>",
"DescribeOrganizationConfigurationRequest$DetectorId": "<p>The ID of the detector to retrieve information about the delegated administrator from.</p>",
"DescribePublishingDestinationRequest$DetectorId": "<p>The unique ID of the detector associated with the publishing destination to retrieve.</p>",
"DetectorIds$member": null,
"DisassociateFromMasterAccountRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty member account.</p>",
"DisassociateMembersRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the master account.</p>",
"GetDetectorRequest$DetectorId": "<p>The unique ID of the detector that you want to get.</p>",
"GetFilterRequest$DetectorId": "<p>The unique ID of the detector that the filter is associated with.</p>",
"GetFindingsRequest$DetectorId": "<p>The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.</p>",
"GetFindingsStatisticsRequest$DetectorId": "<p>The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.</p>",
"GetIPSetRequest$DetectorId": "<p>The unique ID of the detector that the IPSet is associated with.</p>",
"GetMasterAccountRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty member account.</p>",
"GetMembersRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty account whose members you want to retrieve.</p>",
"GetThreatIntelSetRequest$DetectorId": "<p>The unique ID of the detector that the threatIntelSet is associated with.</p>",
"InviteMembersRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty account that you want to invite members with.</p>",
"ListFiltersRequest$DetectorId": "<p>The unique ID of the detector that the filter is associated with.</p>",
"ListFindingsRequest$DetectorId": "<p>The ID of the detector that specifies the GuardDuty service whose findings you want to list.</p>",
"ListIPSetsRequest$DetectorId": "<p>The unique ID of the detector that the IPSet is associated with.</p>",
"ListMembersRequest$DetectorId": "<p>The unique ID of the detector the member is associated with.</p>",
"ListPublishingDestinationsRequest$DetectorId": "<p>The ID of the detector to retrieve publishing destinations for.</p>",
"ListThreatIntelSetsRequest$DetectorId": "<p>The unique ID of the detector that the threatIntelSet is associated with.</p>",
"Member$DetectorId": "<p>The detector ID of the member account.</p>",
"Service$DetectorId": "<p>The detector ID for the GuardDuty service.</p>",
"StartMonitoringMembersRequest$DetectorId": "<p>The unique ID of the detector of the GuardDuty master account associated with the member accounts to monitor.</p>",
"StopMonitoringMembersRequest$DetectorId": "<p>The unique ID of the detector associated with the GuardDuty master account that is monitoring member accounts.</p>",
"UnarchiveFindingsRequest$DetectorId": "<p>The ID of the detector associated with the findings to unarchive.</p>",
"UpdateDetectorRequest$DetectorId": "<p>The unique ID of the detector to update.</p>",
"UpdateFilterRequest$DetectorId": "<p>The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.</p>",
"UpdateFindingsFeedbackRequest$DetectorId": "<p>The ID of the detector associated with the findings to update feedback for.</p>",
"UpdateIPSetRequest$DetectorId": "<p>The detectorID that specifies the GuardDuty service whose IPSet you want to update.</p>",
"UpdateOrganizationConfigurationRequest$DetectorId": "<p>The ID of the detector to update the delegated administrator for.</p>",
"UpdatePublishingDestinationRequest$DetectorId": "<p>The ID of the detector associated with the publishing destinations to update.</p>",
"UpdateThreatIntelSetRequest$DetectorId": "<p>The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.</p>"
}
},
"DetectorIds": {
"base": null,
"refs": {
"ListDetectorsResponse$DetectorIds": "<p>A list of detector IDs.</p>"
}
},
"DetectorStatus": {
"base": null,
"refs": {
"GetDetectorResponse$Status": "<p>The detector status.</p>"
}
},
"DisableOrganizationAdminAccountRequest": {
"base": null,
"refs": {
}
},
"DisableOrganizationAdminAccountResponse": {
"base": null,
"refs": {
}
},
"DisassociateFromMasterAccountRequest": {
"base": null,
"refs": {
}
},
"DisassociateFromMasterAccountResponse": {
"base": null,
"refs": {
}
},
"DisassociateMembersRequest": {
"base": null,
"refs": {
}
},
"DisassociateMembersResponse": {
"base": null,
"refs": {
}
},
"DnsRequestAction": {
"base": "<p>Contains information about the DNS_REQUEST action described in this finding.</p>",
"refs": {
"Action$DnsRequestAction": "<p>Information about the DNS_REQUEST action described in this finding.</p>"
}
},
"DomainDetails": {
"base": "<p>Contains information about the domain.</p>",
"refs": {
"AwsApiCallAction$DomainDetails": "<p>The domain information for the AWS API call.</p>"
}
},
"Double": {
"base": null,
"refs": {
"Finding$Confidence": "<p>The confidence score for the finding.</p>",
"Finding$Severity": "<p>The severity of the finding.</p>",
"GeoLocation$Lat": "<p>The latitude information of the remote IP address.</p>",
"GeoLocation$Lon": "<p>The longitude information of the remote IP address.</p>"
}
},
"Email": {
"base": null,
"refs": {
"AccountDetail$Email": "<p>The email address of the member account.</p>",
"Member$Email": "<p>The email address of the member account.</p>"
}
},
"EnableOrganizationAdminAccountRequest": {
"base": null,
"refs": {
}
},
"EnableOrganizationAdminAccountResponse": {
"base": null,
"refs": {
}
},
"Eq": {
"base": null,
"refs": {
"Condition$Eq": "<p>Represents the <i>equal</i> condition to be applied to a single field when querying for findings.</p>"
}
},
"Equals": {
"base": null,
"refs": {
"Condition$Equals": "<p>Represents an <i>equal</i> <b/> condition to be applied to a single field when querying for findings.</p>"
}
},
"Evidence": {
"base": "<p>Contains information about the reason that the finding was generated.</p>",
"refs": {
"Service$Evidence": "<p>An evidence object associated with the service.</p>"
}
},
"Feedback": {
"base": null,
"refs": {
"UpdateFindingsFeedbackRequest$Feedback": "<p>The feedback for the finding.</p>"
}
},
"FilterAction": {
"base": null,
"refs": {
"CreateFilterRequest$Action": "<p>Specifies the action that is to be applied to the findings that match the filter.</p>",
"GetFilterResponse$Action": "<p>Specifies the action that is to be applied to the findings that match the filter.</p>",
"UpdateFilterRequest$Action": "<p>Specifies the action that is to be applied to the findings that match the filter.</p>"
}
},
"FilterDescription": {
"base": null,
"refs": {
"CreateFilterRequest$Description": "<p>The description of the filter.</p>",
"GetFilterResponse$Description": "<p>The description of the filter.</p>",
"UpdateFilterRequest$Description": "<p>The description of the filter.</p>"
}
},
"FilterName": {
"base": null,
"refs": {
"CreateFilterRequest$Name": "<p>The name of the filter.</p>",
"CreateFilterResponse$Name": "<p>The name of the successfully created filter.</p>",
"FilterNames$member": null,
"GetFilterResponse$Name": "<p>The name of the filter.</p>",
"UpdateFilterResponse$Name": "<p>The name of the filter.</p>"
}
},
"FilterNames": {
"base": null,
"refs": {
"ListFiltersResponse$FilterNames": "<p>A list of filter names.</p>"
}
},
"FilterRank": {
"base": null,
"refs": {
"CreateFilterRequest$Rank": "<p>Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.</p>",
"GetFilterResponse$Rank": "<p>Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.</p>",
"UpdateFilterRequest$Rank": "<p>Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.</p>"
}
},
"Finding": {
"base": "<p>Contains information about the finding, which is generated when abnormal or suspicious activity is detected.</p>",
"refs": {
"Findings$member": null
}
},
"FindingCriteria": {
"base": "<p>Contains information about the criteria used for querying findings.</p>",
"refs": {
"CreateFilterRequest$FindingCriteria": "<p>Represents the criteria to be used in the filter for querying findings.</p> <p>You can only use the following attributes to query findings:</p> <ul> <li> <p>accountId</p> </li> <li> <p>region</p> </li> <li> <p>confidence</p> </li> <li> <p>id</p> </li> <li> <p>resource.accessKeyDetails.accessKeyId</p> </li> <li> <p>resource.accessKeyDetails.principalId</p> </li> <li> <p>resource.accessKeyDetails.userName</p> </li> <li> <p>resource.accessKeyDetails.userType</p> </li> <li> <p>resource.instanceDetails.iamInstanceProfile.id</p> </li> <li> <p>resource.instanceDetails.imageId</p> </li> <li> <p>resource.instanceDetails.instanceId</p> </li> <li> <p>resource.instanceDetails.outpostArn</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.ipv6Addresses</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicDnsName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicIp</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.subnetId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.vpcId</p> </li> <li> <p>resource.instanceDetails.tags.key</p> </li> <li> <p>resource.instanceDetails.tags.value</p> </li> <li> <p>resource.resourceType</p> </li> <li> <p>service.action.actionType</p> </li> <li> <p>service.action.awsApiCallAction.api</p> </li> <li> <p>service.action.awsApiCallAction.callerType</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.awsApiCallAction.serviceName</p> </li> <li> <p>service.action.dnsRequestAction.domain</p> </li> <li> <p>service.action.networkConnectionAction.blocked</p> </li> <li> <p>service.action.networkConnectionAction.connectionDirection</p> </li> <li> <p>service.action.networkConnectionAction.localPortDetails.port</p> </li> <li> <p>service.action.networkConnectionAction.protocol</p> </li> <li> <p>service.action.networkConnectionAction.localIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.networkConnectionAction.remotePortDetails.port</p> </li> <li> <p>service.additionalInfo.threatListName</p> </li> <li> <p>service.archived</p> <p>When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.</p> </li> <li> <p>service.resourceRole</p> </li> <li> <p>severity</p> </li> <li> <p>type</p> </li> <li> <p>updatedAt</p> <p>Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.</p> </li> </ul>",
"GetFilterResponse$FindingCriteria": "<p>Represents the criteria to be used in the filter for querying findings.</p>",
"GetFindingsStatisticsRequest$FindingCriteria": "<p>Represents the criteria that is used for querying findings.</p>",
"ListFindingsRequest$FindingCriteria": "<p>Represents the criteria used for querying findings. Valid values include:</p> <ul> <li> <p>JSON field name</p> </li> <li> <p>accountId</p> </li> <li> <p>region</p> </li> <li> <p>confidence</p> </li> <li> <p>id</p> </li> <li> <p>resource.accessKeyDetails.accessKeyId</p> </li> <li> <p>resource.accessKeyDetails.principalId</p> </li> <li> <p>resource.accessKeyDetails.userName</p> </li> <li> <p>resource.accessKeyDetails.userType</p> </li> <li> <p>resource.instanceDetails.iamInstanceProfile.id</p> </li> <li> <p>resource.instanceDetails.imageId</p> </li> <li> <p>resource.instanceDetails.instanceId</p> </li> <li> <p>resource.instanceDetails.outpostArn</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.ipv6Addresses</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicDnsName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicIp</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.subnetId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.vpcId</p> </li> <li> <p>resource.instanceDetails.tags.key</p> </li> <li> <p>resource.instanceDetails.tags.value</p> </li> <li> <p>resource.resourceType</p> </li> <li> <p>service.action.actionType</p> </li> <li> <p>service.action.awsApiCallAction.api</p> </li> <li> <p>service.action.awsApiCallAction.callerType</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.awsApiCallAction.serviceName</p> </li> <li> <p>service.action.dnsRequestAction.domain</p> </li> <li> <p>service.action.networkConnectionAction.blocked</p> </li> <li> <p>service.action.networkConnectionAction.connectionDirection</p> </li> <li> <p>service.action.networkConnectionAction.localPortDetails.port</p> </li> <li> <p>service.action.networkConnectionAction.protocol</p> </li> <li> <p>service.action.networkConnectionAction.localIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.networkConnectionAction.remotePortDetails.port</p> </li> <li> <p>service.additionalInfo.threatListName</p> </li> <li> <p>service.archived</p> <p>When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.</p> </li> <li> <p>service.resourceRole</p> </li> <li> <p>severity</p> </li> <li> <p>type</p> </li> <li> <p>updatedAt</p> <p>Type: Timestamp in Unix Epoch millisecond format: 1486685375000</p> </li> </ul>",
"UpdateFilterRequest$FindingCriteria": "<p>Represents the criteria to be used in the filter for querying findings.</p>"
}
},
"FindingId": {
"base": null,
"refs": {
"FindingIds$member": null
}
},
"FindingIds": {
"base": null,
"refs": {
"ArchiveFindingsRequest$FindingIds": "<p>The IDs of the findings that you want to archive.</p>",
"GetFindingsRequest$FindingIds": "<p>The IDs of the findings that you want to retrieve.</p>",
"ListFindingsResponse$FindingIds": "<p>The IDs of the findings that you're listing.</p>",
"UnarchiveFindingsRequest$FindingIds": "<p>The IDs of the findings to unarchive.</p>",
"UpdateFindingsFeedbackRequest$FindingIds": "<p>The IDs of the findings that you want to mark as useful or not useful.</p>"
}
},
"FindingPublishingFrequency": {
"base": null,
"refs": {
"CreateDetectorRequest$FindingPublishingFrequency": "<p>An enum value that specifies how frequently updated findings are exported.</p>",
"GetDetectorResponse$FindingPublishingFrequency": "<p>The publishing frequency of the finding.</p>",
"UpdateDetectorRequest$FindingPublishingFrequency": "<p>An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.</p>"
}
},
"FindingStatisticType": {
"base": null,
"refs": {
"FindingStatisticTypes$member": null
}
},
"FindingStatisticTypes": {
"base": null,
"refs": {
"GetFindingsStatisticsRequest$FindingStatisticTypes": "<p>The types of finding statistics to retrieve.</p>"
}
},
"FindingStatistics": {
"base": "<p>Contains information about finding statistics.</p>",
"refs": {
"GetFindingsStatisticsResponse$FindingStatistics": "<p>The finding statistics object.</p>"
}
},
"FindingType": {
"base": null,
"refs": {
"Finding$Type": "<p>The type of finding.</p>",
"FindingTypes$member": null
}
},
"FindingTypes": {
"base": null,
"refs": {
"CreateSampleFindingsRequest$FindingTypes": "<p>The types of sample findings to generate.</p>"
}
},
"Findings": {
"base": null,
"refs": {
"GetFindingsResponse$Findings": "<p>A list of findings.</p>"
}
},
"GeoLocation": {
"base": "<p>Contains information about the location of the remote IP address.</p>",
"refs": {
"RemoteIpDetails$GeoLocation": "<p>The location information of the remote IP address.</p>"
}
},
"GetDetectorRequest": {
"base": null,
"refs": {
}
},
"GetDetectorResponse": {
"base": null,
"refs": {
}
},
"GetFilterRequest": {
"base": null,
"refs": {
}
},
"GetFilterResponse": {
"base": null,
"refs": {
}
},
"GetFindingsRequest": {
"base": null,
"refs": {
}
},
"GetFindingsResponse": {
"base": null,
"refs": {
}
},
"GetFindingsStatisticsRequest": {
"base": null,
"refs": {
}
},
"GetFindingsStatisticsResponse": {
"base": null,
"refs": {
}
},
"GetIPSetRequest": {
"base": null,
"refs": {
}
},
"GetIPSetResponse": {
"base": null,
"refs": {
}
},
"GetInvitationsCountRequest": {
"base": null,
"refs": {
}
},
"GetInvitationsCountResponse": {
"base": null,
"refs": {
}
},
"GetMasterAccountRequest": {
"base": null,
"refs": {
}
},
"GetMasterAccountResponse": {
"base": null,
"refs": {
}
},
"GetMembersRequest": {
"base": null,
"refs": {
}
},
"GetMembersResponse": {
"base": null,
"refs": {
}
},
"GetThreatIntelSetRequest": {
"base": null,
"refs": {
}
},
"GetThreatIntelSetResponse": {
"base": null,
"refs": {
}
},
"GuardDutyArn": {
"base": null,
"refs": {
"ListTagsForResourceRequest$ResourceArn": "<p>The Amazon Resource Name (ARN) for the given GuardDuty resource. </p>",
"TagResourceRequest$ResourceArn": "<p>The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.</p>",
"UntagResourceRequest$ResourceArn": "<p>The Amazon Resource Name (ARN) for the resource to remove tags from.</p>"
}
},
"IamInstanceProfile": {
"base": "<p>Contains information about the EC2 instance profile.</p>",
"refs": {
"InstanceDetails$IamInstanceProfile": "<p>The profile information of the EC2 instance.</p>"
}
},
"InstanceDetails": {
"base": "<p>Contains information about the details of an instance.</p>",
"refs": {
"Resource$InstanceDetails": "<p>The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.</p>"
}
},
"Integer": {
"base": null,
"refs": {
"Condition$Gt": "<p>Represents a <i>greater than</i> condition to be applied to a single field when querying for findings.</p>",
"Condition$Gte": "<p>Represents a <i>greater than or equal</i> condition to be applied to a single field when querying for findings.</p>",
"Condition$Lt": "<p>Represents a <i>less than</i> condition to be applied to a single field when querying for findings.</p>",
"Condition$Lte": "<p>Represents a <i>less than or equal</i> condition to be applied to a single field when querying for findings.</p>",
"CountBySeverity$value": null,
"GetInvitationsCountResponse$InvitationsCount": "<p>The number of received invitations.</p>",
"LocalPortDetails$Port": "<p>The port number of the local connection.</p>",
"RemotePortDetails$Port": "<p>The port number of the remote connection.</p>",
"Service$Count": "<p>The total count of the occurrences of this finding type.</p>"
}
},
"InternalServerErrorException": {
"base": "<p>An internal server error exception object.</p>",
"refs": {
}
},
"Invitation": {
"base": "<p>Contains information about the invitation to become a member account.</p>",
"refs": {
"Invitations$member": null
}
},
"Invitations": {
"base": null,
"refs": {
"ListInvitationsResponse$Invitations": "<p>A list of invitation descriptions.</p>"
}
},
"InviteMembersRequest": {
"base": null,
"refs": {
}
},
"InviteMembersResponse": {
"base": null,
"refs": {
}
},
"IpSetFormat": {
"base": null,
"refs": {
"CreateIPSetRequest$Format": "<p>The format of the file that contains the IPSet.</p>",
"GetIPSetResponse$Format": "<p>The format of the file that contains the IPSet.</p>"
}
},
"IpSetIds": {
"base": null,
"refs": {
"ListIPSetsResponse$IpSetIds": "<p>The IDs of the IPSet resources.</p>"
}
},
"IpSetStatus": {
"base": null,
"refs": {
"GetIPSetResponse$Status": "<p>The status of IPSet file that was uploaded.</p>"
}
},
"Ipv6Addresses": {
"base": null,
"refs": {
"NetworkInterface$Ipv6Addresses": "<p>A list of IPv6 addresses for the EC2 instance.</p>"
}
},
"ListDetectorsRequest": {
"base": null,
"refs": {
}
},
"ListDetectorsResponse": {
"base": null,
"refs": {
}
},
"ListFiltersRequest": {
"base": null,
"refs": {
}
},
"ListFiltersResponse": {
"base": null,
"refs": {
}
},
"ListFindingsRequest": {
"base": null,
"refs": {
}
},
"ListFindingsResponse": {
"base": null,
"refs": {
}
},
"ListIPSetsRequest": {
"base": null,
"refs": {
}
},
"ListIPSetsResponse": {
"base": null,
"refs": {
}
},
"ListInvitationsRequest": {
"base": null,
"refs": {
}
},
"ListInvitationsResponse": {
"base": null,
"refs": {
}
},
"ListMembersRequest": {
"base": null,
"refs": {
}
},
"ListMembersResponse": {
"base": null,
"refs": {
}
},
"ListOrganizationAdminAccountsRequest": {
"base": null,
"refs": {
}
},
"ListOrganizationAdminAccountsResponse": {
"base": null,
"refs": {
}
},
"ListPublishingDestinationsRequest": {
"base": null,
"refs": {
}
},
"ListPublishingDestinationsResponse": {
"base": null,
"refs": {
}
},
"ListTagsForResourceRequest": {
"base": null,
"refs": {
}
},
"ListTagsForResourceResponse": {
"base": null,
"refs": {
}
},
"ListThreatIntelSetsRequest": {
"base": null,
"refs": {
}
},
"ListThreatIntelSetsResponse": {
"base": null,
"refs": {
}
},
"LocalIpDetails": {
"base": "<p>Contains information about the local IP address of the connection.</p>",
"refs": {
"NetworkConnectionAction$LocalIpDetails": "<p>The local IP information of the connection.</p>",
"PortProbeDetail$LocalIpDetails": "<p>The local IP information of the connection.</p>"
}
},
"LocalPortDetails": {
"base": "<p>Contains information about the port for the local connection.</p>",
"refs": {
"NetworkConnectionAction$LocalPortDetails": "<p>The local port information of the connection.</p>",
"PortProbeDetail$LocalPortDetails": "<p>The local port information of the connection.</p>"
}
},
"Location": {
"base": null,
"refs": {
"CreateIPSetRequest$Location": "<p>The URI of the file that contains the IPSet. For example: .</p>",
"CreateThreatIntelSetRequest$Location": "<p>The URI of the file that contains the ThreatIntelSet. For example: .</p>",
"GetIPSetResponse$Location": "<p>The URI of the file that contains the IPSet. For example: .</p>",
"GetThreatIntelSetResponse$Location": "<p>The URI of the file that contains the ThreatIntelSet. For example: .</p>",
"UpdateIPSetRequest$Location": "<p>The updated URI of the file that contains the IPSet. For example: .</p>",
"UpdateThreatIntelSetRequest$Location": "<p>The updated URI of the file that contains the ThreateIntelSet. For example: .</p>"
}
},
"Long": {
"base": null,
"refs": {
"Condition$GreaterThan": "<p>Represents a <i>greater than</i> condition to be applied to a single field when querying for findings.</p>",
"Condition$GreaterThanOrEqual": "<p>Represents a <i>greater than or equal</i> condition to be applied to a single field when querying for findings.</p>",
"Condition$LessThan": "<p>Represents a <i>less than</i> condition to be applied to a single field when querying for findings.</p>",