Skip to main content

AWS GuardDuty

aws

Version: 1.2
Updated: Jun 15, 2023

Interact with AWS GuardDuty during incident investigation.

Actions​

  • List Detectors (Enrichment) - Lists detectorIds of all the existing Amazon GuardDuty detector resources.
  • Get Detector (Enrichment) - Retrieves an Amazon GuardDuty detector specified by the detectorId.
  • List IP Set (Enrichment) - Lists the IPSets of the GuardDuty service specified by the detector ID.
  • Get IP Set (Enrichment) - Retrieves the IPSet specified by the ipSetId.
  • List ThreatIntel Sets (Enrichment) - Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.
  • Get ThreatIntel Set (Enrichment) - Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
  • List Findings (Enrichment) - Lists Amazon GuardDuty findings for the specified detector I.
  • Get Findings (Enrichment) - Describes Amazon GuardDuty findings specified by finding IDs.
  • Create Detector (Containment) - Creates a single Amazon GuardDuty detector.
  • Update Detector (Containment) - Updates the Amazon GuardDuty detector specified by the detectorId.
  • Delete Detector (Containment) - Deletes a Amazon GuardDuty detector specified by the detector ID.
  • Create IP Set (Containment) - Creates a new IPSet, called Trusted IP list in the consoler user interface.
  • Update IP Set (Containment) - Updates the IPSet specified by the IPSet ID.
  • Delete IP Set (Containment) - Deletes the IPSet specified by the ipSetId.
  • Create ThreatIntel Set (Containment) - Create a new ThreatIntelSet.
  • Update ThreatIntel Set (Containment) - Updates the ThreatIntelSet specified by ThreatIntelSet ID.
  • Delete ThreatIntel Set (Containment) - Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
  • Create Sample Findings (Containment) - Generates example findings of types specified by the list of finding types.
  • Update Findings Feedback (Containment) - Marks the specified GuardDuty findings as useful or not useful.
  • Archive Findings (Containment) - Archives GuardDuty findings specified by the list of finding IDs.
  • Unarchive Findings (Containment) - Unarchives GuardDuty findings specified by the findingIds.

External Libraries​

Change Log​

  • January 24, 2020 - First upload
  • March 10, 2022 - Logo
  • June 15, 2023 (v1.2) - Updated the integration with Environmental Variables
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.