Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. It also monitors AWS account access behavior for signs of compromise, such as unauthorized infrastructure deployments, like instances deployed in a region that has never been used, or unusual API calls, like a password policy change to reduce password strength. GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see Amazon GuardDuty User Guide.
guardduty(config = list())Optional configuration of credentials, endpoint, and/or region.
svc <- guardduty(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string"
),
endpoint = "string",
region = "string"
)
)
| accept_invitation | Accepts the invitation to be monitored by a master GuardDuty account |
| archive_findings | Archives Amazon GuardDuty findings specified by the list of finding IDs |
| create_detector | Creates a single Amazon GuardDuty detector |
| create_filter | Creates a filter using the specified finding criteria |
| create_ip_set | Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications |
| create_members | Creates member accounts of the current AWS account by specifying a list of AWS account IDs |
| create_sample_findings | Generates example findings of types specified by the list of finding types |
| create_threat_intel_set | Create a new ThreatIntelSet |
| decline_invitations | Declines invitations sent to the current member account by AWS account specified by their account IDs |
| delete_detector | Deletes a Amazon GuardDuty detector specified by the detector ID |
| delete_filter | Deletes the filter specified by the filter name |
| delete_ip_set | Deletes the IPSet specified by the IPSet ID |
| delete_invitations | Deletes invitations sent to the current member account by AWS accounts specified by their account IDs |
| delete_members | Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs |
| delete_threat_intel_set | Deletes ThreatIntelSet specified by the ThreatIntelSet ID |
| disassociate_from_master_account | Disassociates the current GuardDuty member account from its master account |
| disassociate_members | Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs |
| get_detector | Retrieves an Amazon GuardDuty detector specified by the detectorId |
| get_filter | Returns the details of the filter specified by the filter name |
| get_findings | Describes Amazon GuardDuty findings specified by finding IDs |
| get_findings_statistics | Lists Amazon GuardDuty findings' statistics for the specified detector ID |
| get_ip_set | Retrieves the IPSet specified by the IPSet ID |
| get_invitations_count | Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation |
| get_master_account | Provides the details for the GuardDuty master account to the current GuardDuty member account |
| get_members | Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs |
| get_threat_intel_set | Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID |
| invite_members | Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account |
| list_detectors | Lists detectorIds of all the existing Amazon GuardDuty detector resources |
| list_filters | Returns a paginated list of the current filters |
| list_findings | Lists Amazon GuardDuty findings for the specified detector ID |
| list_ip_sets | Lists the IPSets of the GuardDuty service specified by the detector ID |
| list_invitations | Lists all GuardDuty membership invitations that were sent to the current AWS account |
| list_members | Lists details about all member accounts for the current GuardDuty master account |
| list_tags_for_resource | Lists tags for a resource |
| list_threat_intel_sets | Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID |
| start_monitoring_members | Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs |
| stop_monitoring_members | Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs |
| tag_resource | Adds tags to a resource |
| unarchive_findings | Unarchives Amazon GuardDuty findings specified by the list of finding IDs |
| untag_resource | Removes tags from a resource |
| update_detector | Updates an Amazon GuardDuty detector specified by the detectorId |
| update_filter | Updates the filter specified by the filter name |
| update_findings_feedback | Marks specified Amazon GuardDuty findings as useful or not useful |
| update_ip_set | Updates the IPSet specified by the IPSet ID |
# NOT RUN {
svc <- guardduty()
svc$accept_invitation(
Foo = 123
)
# }
# NOT RUN {
# }
Run the code above in your browser using DataLab