guardduty: Amazon GuardDuty

Description Usage Arguments Service syntax Operations Examples

View source: R/guardduty_service.R

Description

Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. It also monitors AWS account access behavior for signs of compromise, such as unauthorized infrastructure deployments, like instances deployed in a region that has never been used, or unusual API calls, like a password policy change to reduce password strength. GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see Amazon GuardDuty User Guide.

Usage

1
guardduty(config = list())

Arguments

config

Optional configuration of credentials, endpoint, and/or region.

Service syntax

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
svc <- guardduty(
  config = list(
    credentials = list(
      creds = list(
        access_key_id = "string",
        secret_access_key = "string",
        session_token = "string"
      ),
      profile = "string"
    ),
    endpoint = "string",
    region = "string"
  )
)

Operations

accept_invitation Accepts the invitation to be monitored by a master GuardDuty account
archive_findings Archives GuardDuty findings specified by the list of finding IDs
create_detector Creates a single Amazon GuardDuty detector
create_filter Creates a filter using the specified finding criteria
create_ip_set Creates a new IPSet, called Trusted IP list in the consoler user interface
create_members Creates member accounts of the current AWS account by specifying a list of AWS account IDs
create_publishing_destination Creates a publishing destination to send findings to
create_sample_findings Generates example findings of types specified by the list of finding types
create_threat_intel_set Create a new ThreatIntelSet
decline_invitations Declines invitations sent to the current member account by AWS account specified by their account IDs
delete_detector Deletes a Amazon GuardDuty detector specified by the detector ID
delete_filter Deletes the filter specified by the filter name
delete_invitations Deletes invitations sent to the current member account by AWS accounts specified by their account IDs
delete_ip_set Deletes the IPSet specified by the ipSetId
delete_members Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs
delete_publishing_destination Deletes the publishing definition with the specified destinationId
delete_threat_intel_set Deletes ThreatIntelSet specified by the ThreatIntelSet ID
describe_publishing_destination Returns information about the publishing destination specified by the provided destinationId
disassociate_from_master_account Disassociates the current GuardDuty member account from its master account
disassociate_members Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs
get_detector Retrieves an Amazon GuardDuty detector specified by the detectorId
get_filter Returns the details of the filter specified by the filter name
get_findings Describes Amazon GuardDuty findings specified by finding IDs
get_findings_statistics Lists Amazon GuardDuty findings' statistics for the specified detector ID
get_invitations_count Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation
get_ip_set Retrieves the IPSet specified by the ipSetId
get_master_account Provides the details for the GuardDuty master account associated with the current GuardDuty member account
get_members Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs
get_threat_intel_set Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID
invite_members Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account
list_detectors Lists detectorIds of all the existing Amazon GuardDuty detector resources
list_filters Returns a paginated list of the current filters
list_findings Lists Amazon GuardDuty findings for the specified detector ID
list_invitations Lists all GuardDuty membership invitations that were sent to the current AWS account
list_ip_sets Lists the IPSets of the GuardDuty service specified by the detector ID
list_members Lists details about all member accounts for the current GuardDuty master account
list_publishing_destinations Returns a list of publishing destinations associated with the specified dectectorId
list_tags_for_resource Lists tags for a resource
list_threat_intel_sets Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID
start_monitoring_members Turns on GuardDuty monitoring of the specified member accounts
stop_monitoring_members Stops GuardDuty monitoring for the specified member accounnts
tag_resource Adds tags to a resource
unarchive_findings Unarchives GuardDuty findings specified by the findingIds
untag_resource Removes tags from a resource
update_detector Updates the Amazon GuardDuty detector specified by the detectorId
update_filter Updates the filter specified by the filter name
update_findings_feedback Marks the specified GuardDuty findings as useful or not useful
update_ip_set Updates the IPSet specified by the IPSet ID
update_publishing_destination Updates information about the publishing destination specified by the destinationId
update_threat_intel_set Updates the ThreatIntelSet specified by ThreatIntelSet ID

Examples

1
2
3
4
svc <- guardduty()
svc$accept_invitation(
  Foo = 123
)

paws.security.identity documentation built on Jan. 14, 2020, 5:08 p.m.