guardduty: Amazon GuardDuty
In paws: Amazon Web Services Software Development Kit
guardduty R Documentation
Amazon GuardDuty
Description
Amazon GuardDuty is a continuous security monitoring service that
analyzes and processes the following data sources: VPC flow logs, Amazon
Web Services CloudTrail management event logs, CloudTrail S3 data event
logs, EKS audit logs, DNS logs, and Amazon EBS volume data. It uses
threat intelligence feeds, such as lists of malicious IPs and domains,
and machine learning to identify unexpected, potentially unauthorized,
and malicious activity within your Amazon Web Services environment. This
can include issues like escalations of privileges, uses of exposed
credentials, or communication with malicious IPs, domains, or presence
of malware on your Amazon EC2 instances and container workloads. For
example, GuardDuty can detect compromised EC2 instances and container
workloads serving malware, or mining bitcoin.
GuardDuty also monitors Amazon Web Services account access behavior for
signs of compromise, such as unauthorized infrastructure deployments
like EC2 instances deployed in a Region that has never been used, or
unusual API calls like a password policy change to reduce password
strength.
GuardDuty informs you about the status of your Amazon Web Services
environment by producing security findings that you can view in the
GuardDuty console or through Amazon EventBridge. For more information,
see the AmazonGuardDuty User Guide .
Usage
guardduty(
config = list(),
credentials = list(),
endpoint = NULL,
region = NULL
)
Arguments
config
Optional configuration of credentials, endpoint, and/or region.
credentials:
creds:
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
endpoint: The complete URL to use for the constructed client.
region: The AWS Region used in instantiating the client.
close_connection: Immediately close all HTTP connections.
timeout: The time in seconds till a timeout exception is thrown when attempting to make a connection. The default is 60 seconds.
s3_force_path_style: Set this to true to force the request to use path-style addressing, i.e. http://s3.amazonaws.com/BUCKET/KEY.
sts_regional_endpoint: Set sts regional endpoint resolver to regional or legacy https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html
credentials
Optional credentials shorthand for the config parameter
creds:
access_key_id: AWS access key ID
secret_access_key: AWS secret access key
session_token: AWS temporary session token
profile: The name of a profile to use. If not given, then the default profile is used.
anonymous: Set anonymous credentials.
endpoint
Optional shorthand for complete URL to use for the constructed client.
region
Optional shorthand for AWS Region used in instantiating the client.
Value
A client for the service. You can call the service's operations using
syntax like svc$operation(...), where svc is the name you've assigned
to the client. The available operations are listed in the
Operations section.
Service syntax
svc <- guardduty(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string",
close_connection = "logical",
timeout = "numeric",
s3_force_path_style = "logical",
sts_regional_endpoint = "string"
),
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string"
)
Operations
accept_administrator_invitation Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation
accept_invitation Accepts the invitation to be monitored by a GuardDuty administrator account
archive_findings Archives GuardDuty findings that are specified by the list of finding IDs
create_detector Creates a single Amazon GuardDuty detector
create_filter Creates a filter using the specified finding criteria
create_ip_set Creates a new IPSet, which is called a trusted IP list in the console user interface
create_members Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs
create_publishing_destination Creates a publishing destination to export findings to
create_sample_findings Generates sample findings of types specified by the list of finding types
create_threat_intel_set Creates a new ThreatIntelSet
decline_invitations Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs
delete_detector Deletes an Amazon GuardDuty detector that is specified by the detector ID
delete_filter Deletes the filter specified by the filter name
delete_invitations Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs
delete_ip_set Deletes the IPSet specified by the ipSetId
delete_members Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs
delete_publishing_destination Deletes the publishing definition with the specified destinationId
delete_threat_intel_set Deletes the ThreatIntelSet specified by the ThreatIntelSet ID
describe_malware_scans Returns a list of malware scans
describe_organization_configuration Returns information about the account selected as the delegated administrator for GuardDuty
describe_publishing_destination Returns information about the publishing destination specified by the provided destinationId
disable_organization_admin_account Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator
disassociate_from_administrator_account Disassociates the current GuardDuty member account from its administrator account
disassociate_from_master_account Disassociates the current GuardDuty member account from its administrator account
disassociate_members Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs
enable_organization_admin_account Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator
get_administrator_account Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account
get_coverage_statistics Retrieves aggregated statistics for your account
get_detector Retrieves an Amazon GuardDuty detector specified by the detectorId
get_filter Returns the details of the filter specified by the filter name
get_findings Describes Amazon GuardDuty findings specified by finding IDs
get_findings_statistics Lists Amazon GuardDuty findings statistics for the specified detector ID
get_invitations_count Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation
get_ip_set Retrieves the IPSet specified by the ipSetId
get_malware_scan_settings Returns the details of the malware scan settings
get_master_account Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account
get_member_detectors Describes which data sources are enabled for the member account's detector
get_members Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs
get_remaining_free_trial_days Provides the number of days left for each data source used in the free trial period
get_threat_intel_set Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID
get_usage_statistics Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID
invite_members Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account that invokes this API
list_coverage Lists coverage details for your GuardDuty account
list_detectors Lists detectorIds of all the existing Amazon GuardDuty detector resources
list_filters Returns a paginated list of the current filters
list_findings Lists Amazon GuardDuty findings for the specified detector ID
list_invitations Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account
list_ip_sets Lists the IPSets of the GuardDuty service specified by the detector ID
list_members Lists details about all member accounts for the current GuardDuty administrator account
list_organization_admin_accounts Lists the accounts configured as GuardDuty delegated administrators
list_publishing_destinations Returns a list of publishing destinations associated with the specified detectorId
list_tags_for_resource Lists tags for a resource
list_threat_intel_sets Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID
start_malware_scan Initiates the malware scan
start_monitoring_members Turns on GuardDuty monitoring of the specified member accounts
stop_monitoring_members Stops GuardDuty monitoring for the specified member accounts
tag_resource Adds tags to a resource
unarchive_findings Unarchives GuardDuty findings specified by the findingIds
untag_resource Removes tags from a resource
update_detector Updates the Amazon GuardDuty detector specified by the detectorId
update_filter Updates the filter specified by the filter name
update_findings_feedback Marks the specified GuardDuty findings as useful or not useful
update_ip_set Updates the IPSet specified by the IPSet ID
update_malware_scan_settings Updates the malware scan settings
update_member_detectors Contains information on member accounts to be updated
update_organization_configuration Configures the delegated administrator account with the provided values
update_publishing_destination Updates information about the publishing destination specified by the destinationId
update_threat_intel_set Updates the ThreatIntelSet specified by the ThreatIntelSet ID
Examples
## Not run:
svc <- guardduty()
svc$accept_administrator_invitation(
Foo = 123
)
## End(Not run)
paws documentation built on Sept. 15, 2023, 5:06 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| guardduty | R Documentation |
Amazon GuardDuty
Description
Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC flow logs, Amazon Web Services CloudTrail management event logs, CloudTrail S3 data event logs, EKS audit logs, DNS logs, and Amazon EBS volume data. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, domains, or presence of malware on your Amazon EC2 instances and container workloads. For example, GuardDuty can detect compromised EC2 instances and container workloads serving malware, or mining bitcoin.
GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise, such as unauthorized infrastructure deployments like EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength.
GuardDuty informs you about the status of your Amazon Web Services environment by producing security findings that you can view in the GuardDuty console or through Amazon EventBridge. For more information, see the AmazonGuardDuty User Guide .
Usage
guardduty(
config = list(),
credentials = list(),
endpoint = NULL,
region = NULL
)
Arguments
config |
Optional configuration of credentials, endpoint, and/or region.
|
credentials |
Optional credentials shorthand for the config parameter
|
endpoint |
Optional shorthand for complete URL to use for the constructed client. |
region |
Optional shorthand for AWS Region used in instantiating the client. |
Value
A client for the service. You can call the service's operations using
syntax like svc$operation(...), where svc is the name you've assigned
to the client. The available operations are listed in the
Operations section.
Service syntax
svc <- guardduty(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string",
close_connection = "logical",
timeout = "numeric",
s3_force_path_style = "logical",
sts_regional_endpoint = "string"
),
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string",
anonymous = "logical"
),
endpoint = "string",
region = "string"
)
Operations
| accept_administrator_invitation | Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation |
| accept_invitation | Accepts the invitation to be monitored by a GuardDuty administrator account |
| archive_findings | Archives GuardDuty findings that are specified by the list of finding IDs |
| create_detector | Creates a single Amazon GuardDuty detector |
| create_filter | Creates a filter using the specified finding criteria |
| create_ip_set | Creates a new IPSet, which is called a trusted IP list in the console user interface |
| create_members | Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs |
| create_publishing_destination | Creates a publishing destination to export findings to |
| create_sample_findings | Generates sample findings of types specified by the list of finding types |
| create_threat_intel_set | Creates a new ThreatIntelSet |
| decline_invitations | Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs |
| delete_detector | Deletes an Amazon GuardDuty detector that is specified by the detector ID |
| delete_filter | Deletes the filter specified by the filter name |
| delete_invitations | Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs |
| delete_ip_set | Deletes the IPSet specified by the ipSetId |
| delete_members | Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs |
| delete_publishing_destination | Deletes the publishing definition with the specified destinationId |
| delete_threat_intel_set | Deletes the ThreatIntelSet specified by the ThreatIntelSet ID |
| describe_malware_scans | Returns a list of malware scans |
| describe_organization_configuration | Returns information about the account selected as the delegated administrator for GuardDuty |
| describe_publishing_destination | Returns information about the publishing destination specified by the provided destinationId |
| disable_organization_admin_account | Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator |
| disassociate_from_administrator_account | Disassociates the current GuardDuty member account from its administrator account |
| disassociate_from_master_account | Disassociates the current GuardDuty member account from its administrator account |
| disassociate_members | Disassociates GuardDuty member accounts (from the current administrator account) specified by the account IDs |
| enable_organization_admin_account | Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator |
| get_administrator_account | Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account |
| get_coverage_statistics | Retrieves aggregated statistics for your account |
| get_detector | Retrieves an Amazon GuardDuty detector specified by the detectorId |
| get_filter | Returns the details of the filter specified by the filter name |
| get_findings | Describes Amazon GuardDuty findings specified by finding IDs |
| get_findings_statistics | Lists Amazon GuardDuty findings statistics for the specified detector ID |
| get_invitations_count | Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation |
| get_ip_set | Retrieves the IPSet specified by the ipSetId |
| get_malware_scan_settings | Returns the details of the malware scan settings |
| get_master_account | Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account |
| get_member_detectors | Describes which data sources are enabled for the member account's detector |
| get_members | Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs |
| get_remaining_free_trial_days | Provides the number of days left for each data source used in the free trial period |
| get_threat_intel_set | Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID |
| get_usage_statistics | Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID |
| invite_members | Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account that invokes this API |
| list_coverage | Lists coverage details for your GuardDuty account |
| list_detectors | Lists detectorIds of all the existing Amazon GuardDuty detector resources |
| list_filters | Returns a paginated list of the current filters |
| list_findings | Lists Amazon GuardDuty findings for the specified detector ID |
| list_invitations | Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account |
| list_ip_sets | Lists the IPSets of the GuardDuty service specified by the detector ID |
| list_members | Lists details about all member accounts for the current GuardDuty administrator account |
| list_organization_admin_accounts | Lists the accounts configured as GuardDuty delegated administrators |
| list_publishing_destinations | Returns a list of publishing destinations associated with the specified detectorId |
| list_tags_for_resource | Lists tags for a resource |
| list_threat_intel_sets | Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID |
| start_malware_scan | Initiates the malware scan |
| start_monitoring_members | Turns on GuardDuty monitoring of the specified member accounts |
| stop_monitoring_members | Stops GuardDuty monitoring for the specified member accounts |
| tag_resource | Adds tags to a resource |
| unarchive_findings | Unarchives GuardDuty findings specified by the findingIds |
| untag_resource | Removes tags from a resource |
| update_detector | Updates the Amazon GuardDuty detector specified by the detectorId |
| update_filter | Updates the filter specified by the filter name |
| update_findings_feedback | Marks the specified GuardDuty findings as useful or not useful |
| update_ip_set | Updates the IPSet specified by the IPSet ID |
| update_malware_scan_settings | Updates the malware scan settings |
| update_member_detectors | Contains information on member accounts to be updated |
| update_organization_configuration | Configures the delegated administrator account with the provided values |
| update_publishing_destination | Updates information about the publishing destination specified by the destinationId |
| update_threat_intel_set | Updates the ThreatIntelSet specified by the ThreatIntelSet ID |
Examples
## Not run:
svc <- guardduty()
svc$accept_administrator_invitation(
Foo = 123
)
## End(Not run)
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.