Contains information on the current access control policies for the bucket.

Contains information about the access keys.

Contains information about the account.

Provides details of the GuardDuty member account that uses a free trial service.

Contains information about the account level permissions on the S3 bucket.

Contains information about actions.

The account within the organization specified as the GuardDuty delegated administrator.

Contains information about the administrator account and invitation.

Contains information about the API action.

Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.

Contains information about the bucket level permissions for the S3 bucket.

Contains information on the current bucket policies for the S3 bucket.

Contains information about the city associated with the IP address.

Contains information on the status of CloudTrail as a data source for the detector.

Contains information about the condition.

Details of a container.

Contains information about the country where the remote IP address is located.

Contains information about which data sources are enabled.

Contains information on the status of data sources for the detector.

Contains information about which data sources are enabled for the GuardDuty member account.

Contains information about which data sources are enabled for the GuardDuty member account.

Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.

Contains information about the publishing destination, including the ID, type, and status.

Contains the Amazon Resource Name (ARN) of the resource to publish to, such as an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.

Contains information on the status of DNS logs as a data source.

Contains information about the DNS_REQUEST action described in this finding.

Contains information about the domain.

Contains list of scanned and skipped EBS volumes with details.

Contains details from the malware scan that created a finding.

Describes the configuration of scanning EBS volumes as a data source.

Contains information about the details of the ECS Cluster.

Contains information about the task in an ECS cluster.

Details about the EKS cluster involved in a Kubernetes finding.

Contains information about the reason that the finding was generated.

Contains information about the condition.

Represents the criteria to be used in the filter for describing scan entries.

Represents a condition that when matched will be added to the response of the operation. Irrespective of using any filter criteria, an administrator account can view the scan entries for all of its member accounts. However, each member account can view the scan entries only for their own account.

Contains information about the finding, which is generated when abnormal or suspicious activity is detected.

Contains information about the criteria used for querying findings.

Contains information about finding statistics.

Contains information on the status of VPC flow logs as a data source.

Contains information about the location of the remote IP address.

Contains details of the highest severity threat detected during scan and number of infected files.

Represents a pre-existing file or directory on the host machine that the volume maps to.

Contains information about the EC2 instance profile.

Contains information about the details of an instance.

Contains information about the invitation to become a member account.

Information about the Kubernetes API call action described in this finding.

Describes whether Kubernetes audit logs are enabled as a data source.

Describes whether Kubernetes audit logs are enabled as a data source.

Describes whether any Kubernetes data sources are enabled.

Describes whether any Kubernetes logs will be enabled as a data source.

Provides details about the Kubernetes resources when it is enabled as a data source.

Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.

Details about the Kubernetes user involved in a Kubernetes finding.

Details about the Kubernetes workload involved in a Kubernetes finding.

Contains information about the local IP address of the connection.

Contains information about the port for the local connection.

Describes whether Malware Protection will be enabled as a data source.

An object that contains information on the status of all Malware Protection data sources.

Provides details about Malware Protection when it is enabled as a data source.

Contains information about the administrator account and invitation.

Contains information about the member account.

Contains information on which data sources are enabled for a member account.

Contains information about the NETWORK_CONNECTION action described in the finding.

Contains information about the elastic network interface of the EC2 instance.

Contains information about the ISP organization of the remote IP address.

An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.

An object that contains information on which data sources are automatically enabled for new members within the organization.

Organization-wide EBS volumes scan configuration.

An object that contains information on the status of whether EBS volumes scanning will be enabled as a data source for an organization.

Organization-wide Kubernetes audit logs configuration.

The current configuration of Kubernetes audit logs as a data source for the organization.

Organization-wide Kubernetes data sources configurations.

The current configuration of all Kubernetes data sources for the organization.

Organization-wide Malware Protection configurations.

An object that contains information on the status of all Malware Protection data source for an organization.

Describes whether S3 data event logs will be automatically enabled for new members of the organization.

The current configuration of S3 data event logs as a data source for the organization.

Organization-wide EC2 instances with findings scan configuration.

An object that contains information on the status of scanning EC2 instances with findings for an organization.

Contains information on the owner of the bucket.

Contains information about how permissions are configured for the S3 bucket.

Contains information about the PORT_PROBE action described in the finding.

Contains information about the port probe details.

Contains other private IP address information of the EC2 instance.

Contains information about the product code for the EC2 instance.

Describes the public access policies that apply to the S3 bucket.

Contains details about the remote Amazon Web Services account that made the API call.

Contains information about the remote IP address of the connection.

Contains information about the remote port.

Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to generate a finding.

Represents the resources that were scanned in the scan entry.

Contains information on the S3 bucket.

Describes whether S3 data event logs will be enabled as a data source.

Describes whether S3 data event logs will be enabled as a data source.

Contains information about a malware scan.

Contains information about the condition.

Represents key, value pair to be matched against given resource property.

Contains a complete view providing malware scan result details.

Describes whether Malware Protection for EC2 instances with findings will be enabled as a data source.

An object that contains information on the status of whether Malware Protection for EC2 instances with findings will be enabled as a data source.

Contains details of infected file including name, file path and hash.

Total number of scanned files.

Contains information about criteria used to filter resources before triggering malware scan.

Represents the result of the scan.

Contains files infected with the given threat providing details of malware name and severity.

Container security context.

Contains information about the security groups associated with the EC2 instance.

Contains additional information about the generated finding.

Additional information about the generated finding.

Contains information about the criteria used for sorting findings.

Contains information about a tag associated with the EC2 instance.

Contains details about identified threats organized by threat name.

An instance of a threat intelligence detail that constitutes evidence for the finding.

Contains total number of infected files.

Contains the total usage with the corresponding currency unit for that value.

Represents the reason the scan was triggered.

Contains information about the accounts that weren't processed.

Specifies the names of the data sources that couldn't be enabled.

Contains information on the total of usage based on account IDs.

Contains information about the criteria used to query usage statistics.

Contains information on the result of usage based on data source type.

Contains information on the sum of usage based on an Amazon Web Services resource.

Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null.

Volume used by the Kubernetes workload.

Contains EBS volume details.

Container volume mount.

An enum value representing possible resource properties to match with given scan condition.