Copyright | (c) 2013-2018 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- Errors
- Waiters
- Operations
- CreateFilter
- ListFindings (Paginated)
- CreateIPSet
- DeleteThreatIntelSet
- UpdateThreatIntelSet
- StopMonitoringMembers
- ListThreatIntelSets (Paginated)
- CreateThreatIntelSet
- DeleteMembers
- GetFindingsStatistics
- GetIPSet
- ListInvitations (Paginated)
- GetThreatIntelSet
- DeleteInvitations
- GetMasterAccount
- CreateDetector
- DeclineInvitations
- UpdateFilter
- DeleteFilter
- DisassociateMembers
- DisassociateFromMasterAccount
- AcceptInvitation
- ListFilters (Paginated)
- ListMembers (Paginated)
- GetDetector
- CreateSampleFindings
- ArchiveFindings
- CreateMembers
- UnarchiveFindings
- GetInvitationsCount
- StartMonitoringMembers
- InviteMembers
- DeleteIPSet
- UpdateIPSet
- ListIPSets (Paginated)
- GetMembers
- GetFindings
- ListDetectors (Paginated)
- UpdateDetector
- DeleteDetector
- UpdateFindingsFeedback
- GetFilter
- Types
- DetectorStatus
- Feedback
- FilterAction
- FindingStatisticType
- IPSetFormat
- IPSetStatus
- OrderBy
- ThreatIntelSetFormat
- ThreatIntelSetStatus
- AWSAPICallAction
- AccessKeyDetails
- AccountDetail
- Action
- City
- Condition
- Country
- DNSRequestAction
- DomainDetails
- Finding
- FindingCriteria
- FindingStatistics
- GeoLocation
- IAMInstanceProfile
- InstanceDetails
- Invitation
- LocalPortDetails
- Master
- Member
- NetworkConnectionAction
- NetworkInterface
- Organization
- PortProbeAction
- PortProbeDetail
- PrivateIPAddressDetails
- ProductCode
- RemoteIPDetails
- RemotePortDetails
- Resource
- SecurityGroup
- ServiceInfo
- SortCriteria
- Tag
- UnprocessedAccount
Assess, monitor, manage, and remediate security issues across your AWS infrastructure, applications, and data.
- guardDuty :: Service
- _InternalServerErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _BadRequestException :: AsError a => Getting (First ServiceError) a ServiceError
- module Network.AWS.GuardDuty.CreateFilter
- module Network.AWS.GuardDuty.ListFindings
- module Network.AWS.GuardDuty.CreateIPSet
- module Network.AWS.GuardDuty.DeleteThreatIntelSet
- module Network.AWS.GuardDuty.UpdateThreatIntelSet
- module Network.AWS.GuardDuty.StopMonitoringMembers
- module Network.AWS.GuardDuty.ListThreatIntelSets
- module Network.AWS.GuardDuty.CreateThreatIntelSet
- module Network.AWS.GuardDuty.DeleteMembers
- module Network.AWS.GuardDuty.GetFindingsStatistics
- module Network.AWS.GuardDuty.GetIPSet
- module Network.AWS.GuardDuty.ListInvitations
- module Network.AWS.GuardDuty.GetThreatIntelSet
- module Network.AWS.GuardDuty.DeleteInvitations
- module Network.AWS.GuardDuty.GetMasterAccount
- module Network.AWS.GuardDuty.CreateDetector
- module Network.AWS.GuardDuty.DeclineInvitations
- module Network.AWS.GuardDuty.UpdateFilter
- module Network.AWS.GuardDuty.DeleteFilter
- module Network.AWS.GuardDuty.DisassociateMembers
- module Network.AWS.GuardDuty.DisassociateFromMasterAccount
- module Network.AWS.GuardDuty.AcceptInvitation
- module Network.AWS.GuardDuty.ListFilters
- module Network.AWS.GuardDuty.ListMembers
- module Network.AWS.GuardDuty.GetDetector
- module Network.AWS.GuardDuty.CreateSampleFindings
- module Network.AWS.GuardDuty.ArchiveFindings
- module Network.AWS.GuardDuty.CreateMembers
- module Network.AWS.GuardDuty.UnarchiveFindings
- module Network.AWS.GuardDuty.GetInvitationsCount
- module Network.AWS.GuardDuty.StartMonitoringMembers
- module Network.AWS.GuardDuty.InviteMembers
- module Network.AWS.GuardDuty.DeleteIPSet
- module Network.AWS.GuardDuty.UpdateIPSet
- module Network.AWS.GuardDuty.ListIPSets
- module Network.AWS.GuardDuty.GetMembers
- module Network.AWS.GuardDuty.GetFindings
- module Network.AWS.GuardDuty.ListDetectors
- module Network.AWS.GuardDuty.UpdateDetector
- module Network.AWS.GuardDuty.DeleteDetector
- module Network.AWS.GuardDuty.UpdateFindingsFeedback
- module Network.AWS.GuardDuty.GetFilter
- data DetectorStatus
- data Feedback
- data FilterAction
- data FindingStatisticType = CountBySeverity
- data IPSetFormat
- = AlienVault
- | FireEye
- | OtxCSV
- | ProofPoint
- | Stix
- | Txt
- data IPSetStatus
- data OrderBy
- data ThreatIntelSetFormat
- data ThreatIntelSetStatus
- data AWSAPICallAction
- awsAPICallAction :: AWSAPICallAction
- aacaRemoteIPDetails :: Lens' AWSAPICallAction (Maybe RemoteIPDetails)
- aacaCallerType :: Lens' AWSAPICallAction (Maybe Text)
- aacaDomainDetails :: Lens' AWSAPICallAction (Maybe DomainDetails)
- aacaServiceName :: Lens' AWSAPICallAction (Maybe Text)
- aacaAPI :: Lens' AWSAPICallAction (Maybe Text)
- data AccessKeyDetails
- accessKeyDetails :: AccessKeyDetails
- akdPrincipalId :: Lens' AccessKeyDetails (Maybe Text)
- akdUserName :: Lens' AccessKeyDetails (Maybe Text)
- akdAccessKeyId :: Lens' AccessKeyDetails (Maybe Text)
- akdUserType :: Lens' AccessKeyDetails (Maybe Text)
- data AccountDetail
- accountDetail :: Text -> Text -> AccountDetail
- adEmail :: Lens' AccountDetail Text
- adAccountId :: Lens' AccountDetail Text
- data Action
- action :: Action
- aNetworkConnectionAction :: Lens' Action (Maybe NetworkConnectionAction)
- aPortProbeAction :: Lens' Action (Maybe PortProbeAction)
- aActionType :: Lens' Action (Maybe Text)
- aDNSRequestAction :: Lens' Action (Maybe DNSRequestAction)
- aAWSAPICallAction :: Lens' Action (Maybe AWSAPICallAction)
- data City
- city :: City
- cCityName :: Lens' City (Maybe Text)
- data Condition
- condition :: Condition
- cEQ :: Lens' Condition [Text]
- cLte :: Lens' Condition (Maybe Int)
- cGT :: Lens' Condition (Maybe Int)
- cNeq :: Lens' Condition [Text]
- cLT :: Lens' Condition (Maybe Int)
- cGte :: Lens' Condition (Maybe Int)
- data Country
- country :: Country
- cCountryName :: Lens' Country (Maybe Text)
- cCountryCode :: Lens' Country (Maybe Text)
- data DNSRequestAction
- dnsRequestAction :: DNSRequestAction
- draDomain :: Lens' DNSRequestAction (Maybe Text)
- data DomainDetails
- domainDetails :: DomainDetails
- data Finding
- finding :: Text -> Text -> Text -> Resource -> Double -> Text -> Text -> Text -> Text -> Text -> Finding
- fService :: Lens' Finding (Maybe ServiceInfo)
- fConfidence :: Lens' Finding (Maybe Double)
- fPartition :: Lens' Finding (Maybe Text)
- fTitle :: Lens' Finding (Maybe Text)
- fDescription :: Lens' Finding (Maybe Text)
- fAccountId :: Lens' Finding Text
- fSchemaVersion :: Lens' Finding Text
- fCreatedAt :: Lens' Finding Text
- fResource :: Lens' Finding Resource
- fSeverity :: Lens' Finding Double
- fUpdatedAt :: Lens' Finding Text
- fType :: Lens' Finding Text
- fRegion :: Lens' Finding Text
- fId :: Lens' Finding Text
- fARN :: Lens' Finding Text
- data FindingCriteria
- findingCriteria :: FindingCriteria
- fcCriterion :: Lens' FindingCriteria (HashMap Text Condition)
- data FindingStatistics
- findingStatistics :: FindingStatistics
- fsCountBySeverity :: Lens' FindingStatistics (HashMap Text Int)
- data GeoLocation
- geoLocation :: GeoLocation
- glLat :: Lens' GeoLocation (Maybe Double)
- glLon :: Lens' GeoLocation (Maybe Double)
- data IAMInstanceProfile
- iamInstanceProfile :: IAMInstanceProfile
- iapARN :: Lens' IAMInstanceProfile (Maybe Text)
- iapId :: Lens' IAMInstanceProfile (Maybe Text)
- data InstanceDetails
- instanceDetails :: InstanceDetails
- idInstanceId :: Lens' InstanceDetails (Maybe Text)
- idPlatform :: Lens' InstanceDetails (Maybe Text)
- idLaunchTime :: Lens' InstanceDetails (Maybe Text)
- idNetworkInterfaces :: Lens' InstanceDetails [NetworkInterface]
- idInstanceType :: Lens' InstanceDetails (Maybe Text)
- idAvailabilityZone :: Lens' InstanceDetails (Maybe Text)
- idIAMInstanceProfile :: Lens' InstanceDetails (Maybe IAMInstanceProfile)
- idImageId :: Lens' InstanceDetails (Maybe Text)
- idProductCodes :: Lens' InstanceDetails [ProductCode]
- idInstanceState :: Lens' InstanceDetails (Maybe Text)
- idTags :: Lens' InstanceDetails [Tag]
- idImageDescription :: Lens' InstanceDetails (Maybe Text)
- data Invitation
- invitation :: Invitation
- iInvitedAt :: Lens' Invitation (Maybe Text)
- iRelationshipStatus :: Lens' Invitation (Maybe Text)
- iInvitationId :: Lens' Invitation (Maybe Text)
- iAccountId :: Lens' Invitation (Maybe Text)
- data LocalPortDetails
- localPortDetails :: LocalPortDetails
- lpdPortName :: Lens' LocalPortDetails (Maybe Text)
- lpdPort :: Lens' LocalPortDetails (Maybe Int)
- data Master
- master :: Master
- masInvitedAt :: Lens' Master (Maybe Text)
- masRelationshipStatus :: Lens' Master (Maybe Text)
- masInvitationId :: Lens' Master (Maybe Text)
- masAccountId :: Lens' Master (Maybe Text)
- data Member
- member :: Text -> Text -> Text -> Text -> Text -> Member
- mInvitedAt :: Lens' Member (Maybe Text)
- mDetectorId :: Lens' Member (Maybe Text)
- mEmail :: Lens' Member Text
- mAccountId :: Lens' Member Text
- mMasterId :: Lens' Member Text
- mUpdatedAt :: Lens' Member Text
- mRelationshipStatus :: Lens' Member Text
- data NetworkConnectionAction
- networkConnectionAction :: NetworkConnectionAction
- ncaRemoteIPDetails :: Lens' NetworkConnectionAction (Maybe RemoteIPDetails)
- ncaProtocol :: Lens' NetworkConnectionAction (Maybe Text)
- ncaRemotePortDetails :: Lens' NetworkConnectionAction (Maybe RemotePortDetails)
- ncaBlocked :: Lens' NetworkConnectionAction (Maybe Bool)
- ncaConnectionDirection :: Lens' NetworkConnectionAction (Maybe Text)
- ncaLocalPortDetails :: Lens' NetworkConnectionAction (Maybe LocalPortDetails)
- data NetworkInterface
- networkInterface :: NetworkInterface
- niPrivateIPAddresses :: Lens' NetworkInterface [PrivateIPAddressDetails]
- niPublicDNSName :: Lens' NetworkInterface (Maybe Text)
- niSecurityGroups :: Lens' NetworkInterface [SecurityGroup]
- niVPCId :: Lens' NetworkInterface (Maybe Text)
- niNetworkInterfaceId :: Lens' NetworkInterface (Maybe Text)
- niSubnetId :: Lens' NetworkInterface (Maybe Text)
- niPrivateIPAddress :: Lens' NetworkInterface (Maybe Text)
- niPublicIP :: Lens' NetworkInterface (Maybe Text)
- niPrivateDNSName :: Lens' NetworkInterface (Maybe Text)
- niIPv6Addresses :: Lens' NetworkInterface [Text]
- data Organization
- organization :: Organization
- oOrg :: Lens' Organization (Maybe Text)
- oASNOrg :: Lens' Organization (Maybe Text)
- oASN :: Lens' Organization (Maybe Text)
- oIsp :: Lens' Organization (Maybe Text)
- data PortProbeAction
- portProbeAction :: PortProbeAction
- ppaPortProbeDetails :: Lens' PortProbeAction [PortProbeDetail]
- ppaBlocked :: Lens' PortProbeAction (Maybe Bool)
- data PortProbeDetail
- portProbeDetail :: PortProbeDetail
- ppdRemoteIPDetails :: Lens' PortProbeDetail (Maybe RemoteIPDetails)
- ppdLocalPortDetails :: Lens' PortProbeDetail (Maybe LocalPortDetails)
- data PrivateIPAddressDetails
- privateIPAddressDetails :: PrivateIPAddressDetails
- piadPrivateIPAddress :: Lens' PrivateIPAddressDetails (Maybe Text)
- piadPrivateDNSName :: Lens' PrivateIPAddressDetails (Maybe Text)
- data ProductCode
- productCode :: ProductCode
- pcProductType :: Lens' ProductCode (Maybe Text)
- pcCode :: Lens' ProductCode (Maybe Text)
- data RemoteIPDetails
- remoteIPDetails :: RemoteIPDetails
- ridCountry :: Lens' RemoteIPDetails (Maybe Country)
- ridCity :: Lens' RemoteIPDetails (Maybe City)
- ridIPAddressV4 :: Lens' RemoteIPDetails (Maybe Text)
- ridGeoLocation :: Lens' RemoteIPDetails (Maybe GeoLocation)
- ridOrganization :: Lens' RemoteIPDetails (Maybe Organization)
- data RemotePortDetails
- remotePortDetails :: RemotePortDetails
- rpdPortName :: Lens' RemotePortDetails (Maybe Text)
- rpdPort :: Lens' RemotePortDetails (Maybe Int)
- data Resource
- resource :: Resource
- rResourceType :: Lens' Resource (Maybe Text)
- rInstanceDetails :: Lens' Resource (Maybe InstanceDetails)
- rAccessKeyDetails :: Lens' Resource (Maybe AccessKeyDetails)
- data SecurityGroup
- securityGroup :: SecurityGroup
- sgGroupId :: Lens' SecurityGroup (Maybe Text)
- sgGroupName :: Lens' SecurityGroup (Maybe Text)
- data ServiceInfo
- serviceInfo :: ServiceInfo
- siCount :: Lens' ServiceInfo (Maybe Int)
- siEventFirstSeen :: Lens' ServiceInfo (Maybe Text)
- siAction :: Lens' ServiceInfo (Maybe Action)
- siDetectorId :: Lens' ServiceInfo (Maybe Text)
- siServiceName :: Lens' ServiceInfo (Maybe Text)
- siUserFeedback :: Lens' ServiceInfo (Maybe Text)
- siEventLastSeen :: Lens' ServiceInfo (Maybe Text)
- siResourceRole :: Lens' ServiceInfo (Maybe Text)
- siArchived :: Lens' ServiceInfo (Maybe Bool)
- data SortCriteria
- sortCriteria :: SortCriteria
- scOrderBy :: Lens' SortCriteria (Maybe OrderBy)
- scAttributeName :: Lens' SortCriteria (Maybe Text)
- data Tag
- tag :: Tag
- tagValue :: Lens' Tag (Maybe Text)
- tagKey :: Lens' Tag (Maybe Text)
- data UnprocessedAccount
- unprocessedAccount :: Text -> Text -> UnprocessedAccount
- uaAccountId :: Lens' UnprocessedAccount Text
- uaResult :: Lens' UnprocessedAccount Text
Service Configuration
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by GuardDuty
.
InternalServerErrorException
_InternalServerErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Error response object.
BadRequestException
_BadRequestException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Error response object.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
CreateFilter
ListFindings (Paginated)
CreateIPSet
DeleteThreatIntelSet
UpdateThreatIntelSet
StopMonitoringMembers
ListThreatIntelSets (Paginated)
CreateThreatIntelSet
DeleteMembers
GetFindingsStatistics
GetIPSet
ListInvitations (Paginated)
GetThreatIntelSet
DeleteInvitations
GetMasterAccount
CreateDetector
DeclineInvitations
UpdateFilter
DeleteFilter
DisassociateMembers
DisassociateFromMasterAccount
AcceptInvitation
ListFilters (Paginated)
ListMembers (Paginated)
GetDetector
CreateSampleFindings
ArchiveFindings
CreateMembers
UnarchiveFindings
GetInvitationsCount
StartMonitoringMembers
InviteMembers
DeleteIPSet
UpdateIPSet
ListIPSets (Paginated)
GetMembers
GetFindings
ListDetectors (Paginated)
UpdateDetector
DeleteDetector
UpdateFindingsFeedback
GetFilter
Types
DetectorStatus
data DetectorStatus Source #
The status of detector.
Feedback
Finding Feedback Value
FilterAction
data FilterAction Source #
The action associated with a filter.
FindingStatisticType
data FindingStatisticType Source #
The types of finding statistics.
IPSetFormat
data IPSetFormat Source #
The format of the ipSet.
IPSetStatus
data IPSetStatus Source #
The status of ipSet file uploaded.
OrderBy
ThreatIntelSetFormat
data ThreatIntelSetFormat Source #
The format of the threatIntelSet.
ThreatIntelSetStatus
data ThreatIntelSetStatus Source #
The status of threatIntelSet file uploaded.
AWSAPICallAction
data AWSAPICallAction Source #
Information about the AWS_API_CALL action described in this finding.
See: awsAPICallAction
smart constructor.
awsAPICallAction :: AWSAPICallAction Source #
Creates a value of AWSAPICallAction
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
aacaRemoteIPDetails
- Remote IP information of the connection.aacaCallerType
- AWS API caller type.aacaDomainDetails
- Domain information for the AWS API call.aacaServiceName
- AWS service name whose API was invoked.aacaAPI
- AWS API name.
aacaRemoteIPDetails :: Lens' AWSAPICallAction (Maybe RemoteIPDetails) Source #
Remote IP information of the connection.
aacaCallerType :: Lens' AWSAPICallAction (Maybe Text) Source #
AWS API caller type.
aacaDomainDetails :: Lens' AWSAPICallAction (Maybe DomainDetails) Source #
Domain information for the AWS API call.
aacaServiceName :: Lens' AWSAPICallAction (Maybe Text) Source #
AWS service name whose API was invoked.
AccessKeyDetails
data AccessKeyDetails Source #
The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
See: accessKeyDetails
smart constructor.
accessKeyDetails :: AccessKeyDetails Source #
Creates a value of AccessKeyDetails
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
akdPrincipalId
- The principal ID of the user.akdUserName
- The name of the user.akdAccessKeyId
- Access key ID of the user.akdUserType
- The type of the user.
akdPrincipalId :: Lens' AccessKeyDetails (Maybe Text) Source #
The principal ID of the user.
akdUserName :: Lens' AccessKeyDetails (Maybe Text) Source #
The name of the user.
akdAccessKeyId :: Lens' AccessKeyDetails (Maybe Text) Source #
Access key ID of the user.
akdUserType :: Lens' AccessKeyDetails (Maybe Text) Source #
The type of the user.
AccountDetail
data AccountDetail Source #
An object containing the member's accountId and email address.
See: accountDetail
smart constructor.
Creates a value of AccountDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
adEmail
- Member account's email address.adAccountId
- Member account ID.
adAccountId :: Lens' AccountDetail Text Source #
Member account ID.
Action
Information about the activity described in a finding.
See: action
smart constructor.
Creates a value of Action
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
aNetworkConnectionAction
- Information about the NETWORK_CONNECTION action described in this finding.aPortProbeAction
- Information about the PORT_PROBE action described in this finding.aActionType
- GuardDuty Finding activity type.aDNSRequestAction
- Information about the DNS_REQUEST action described in this finding.aAWSAPICallAction
- Information about the AWS_API_CALL action described in this finding.
aNetworkConnectionAction :: Lens' Action (Maybe NetworkConnectionAction) Source #
Information about the NETWORK_CONNECTION action described in this finding.
aPortProbeAction :: Lens' Action (Maybe PortProbeAction) Source #
Information about the PORT_PROBE action described in this finding.
aDNSRequestAction :: Lens' Action (Maybe DNSRequestAction) Source #
Information about the DNS_REQUEST action described in this finding.
aAWSAPICallAction :: Lens' Action (Maybe AWSAPICallAction) Source #
Information about the AWS_API_CALL action described in this finding.
City
City information of the remote IP address.
See: city
smart constructor.
Condition
Finding attribute (for example, accountId) for which conditions and values must be specified when querying findings.
See: condition
smart constructor.
condition :: Condition Source #
Creates a value of Condition
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cEQ
- Represents the equal condition to be applied to a single field when querying for findings.cLte
- Represents the less than equal condition to be applied to a single field when querying for findings.cGT
- Represents the greater than condition to be applied to a single field when querying for findings.cNeq
- Represents the not equal condition to be applied to a single field when querying for findings.cLT
- Represents the less than condition to be applied to a single field when querying for findings.cGte
- Represents the greater than equal condition to be applied to a single field when querying for findings.
cEQ :: Lens' Condition [Text] Source #
Represents the equal condition to be applied to a single field when querying for findings.
cLte :: Lens' Condition (Maybe Int) Source #
Represents the less than equal condition to be applied to a single field when querying for findings.
cGT :: Lens' Condition (Maybe Int) Source #
Represents the greater than condition to be applied to a single field when querying for findings.
cNeq :: Lens' Condition [Text] Source #
Represents the not equal condition to be applied to a single field when querying for findings.
cLT :: Lens' Condition (Maybe Int) Source #
Represents the less than condition to be applied to a single field when querying for findings.
cGte :: Lens' Condition (Maybe Int) Source #
Represents the greater than equal condition to be applied to a single field when querying for findings.
Country
Country information of the remote IP address.
See: country
smart constructor.
Creates a value of Country
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cCountryName
- Country name of the remote IP address.cCountryCode
- Country code of the remote IP address.
DNSRequestAction
data DNSRequestAction Source #
Information about the DNS_REQUEST action described in this finding.
See: dnsRequestAction
smart constructor.
dnsRequestAction :: DNSRequestAction Source #
Creates a value of DNSRequestAction
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
draDomain
- Domain information for the DNS request.
DomainDetails
data DomainDetails Source #
Domain information for the AWS API call.
See: domainDetails
smart constructor.
domainDetails :: DomainDetails Source #
Creates a value of DomainDetails
with the minimum fields required to make a request.
Finding
Representation of a abnormal or suspicious activity.
See: finding
smart constructor.
Creates a value of Finding
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
fService
- Additional information assigned to the generated finding by GuardDuty.fConfidence
- The confidence level of a finding.fPartition
- The AWS resource partition.fTitle
- The title of a finding.fDescription
- The description of a finding.fAccountId
- AWS account ID where the activity occurred that prompted GuardDuty to generate a finding.fSchemaVersion
- Findings' schema version.fCreatedAt
- The time stamp at which a finding was generated.fResource
- The AWS resource associated with the activity that prompted GuardDuty to generate a finding.fSeverity
- The severity of a finding.fUpdatedAt
- The time stamp at which a finding was last updated.fType
- The type of a finding described by the action.fRegion
- The AWS region where the activity occurred that prompted GuardDuty to generate a finding.fId
- The identifier that corresponds to a finding described by the action.fARN
- The ARN of a finding described by the action.
fService :: Lens' Finding (Maybe ServiceInfo) Source #
Additional information assigned to the generated finding by GuardDuty.
fAccountId :: Lens' Finding Text Source #
AWS account ID where the activity occurred that prompted GuardDuty to generate a finding.
fResource :: Lens' Finding Resource Source #
The AWS resource associated with the activity that prompted GuardDuty to generate a finding.
fRegion :: Lens' Finding Text Source #
The AWS region where the activity occurred that prompted GuardDuty to generate a finding.
fId :: Lens' Finding Text Source #
The identifier that corresponds to a finding described by the action.
FindingCriteria
data FindingCriteria Source #
Represents the criteria used for querying findings.
See: findingCriteria
smart constructor.
findingCriteria :: FindingCriteria Source #
Creates a value of FindingCriteria
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
fcCriterion
- Represents a map of finding properties that match specified conditions and values when querying findings.
fcCriterion :: Lens' FindingCriteria (HashMap Text Condition) Source #
Represents a map of finding properties that match specified conditions and values when querying findings.
FindingStatistics
data FindingStatistics Source #
Finding statistics object.
See: findingStatistics
smart constructor.
findingStatistics :: FindingStatistics Source #
Creates a value of FindingStatistics
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
fsCountBySeverity
- Represents a map of severity to count statistic for a set of findings
fsCountBySeverity :: Lens' FindingStatistics (HashMap Text Int) Source #
Represents a map of severity to count statistic for a set of findings
GeoLocation
data GeoLocation Source #
Location information of the remote IP address.
See: geoLocation
smart constructor.
geoLocation :: GeoLocation Source #
Creates a value of GeoLocation
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
IAMInstanceProfile
data IAMInstanceProfile Source #
The profile information of the EC2 instance.
See: iamInstanceProfile
smart constructor.
iamInstanceProfile :: IAMInstanceProfile Source #
Creates a value of IAMInstanceProfile
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
InstanceDetails
data InstanceDetails Source #
The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
See: instanceDetails
smart constructor.
instanceDetails :: InstanceDetails Source #
Creates a value of InstanceDetails
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
idInstanceId
- The ID of the EC2 instance.idPlatform
- The platform of the EC2 instance.idLaunchTime
- The launch time of the EC2 instance.idNetworkInterfaces
- The network interface information of the EC2 instance.idInstanceType
- The type of the EC2 instance.idAvailabilityZone
- The availability zone of the EC2 instance.idIAMInstanceProfile
- Undocumented member.idImageId
- The image ID of the EC2 instance.idProductCodes
- The product code of the EC2 instance.idInstanceState
- The state of the EC2 instance.idTags
- The tags of the EC2 instance.idImageDescription
- The image description of the EC2 instance.
idInstanceId :: Lens' InstanceDetails (Maybe Text) Source #
The ID of the EC2 instance.
idPlatform :: Lens' InstanceDetails (Maybe Text) Source #
The platform of the EC2 instance.
idLaunchTime :: Lens' InstanceDetails (Maybe Text) Source #
The launch time of the EC2 instance.
idNetworkInterfaces :: Lens' InstanceDetails [NetworkInterface] Source #
The network interface information of the EC2 instance.
idInstanceType :: Lens' InstanceDetails (Maybe Text) Source #
The type of the EC2 instance.
idAvailabilityZone :: Lens' InstanceDetails (Maybe Text) Source #
The availability zone of the EC2 instance.
idIAMInstanceProfile :: Lens' InstanceDetails (Maybe IAMInstanceProfile) Source #
Undocumented member.
idProductCodes :: Lens' InstanceDetails [ProductCode] Source #
The product code of the EC2 instance.
idInstanceState :: Lens' InstanceDetails (Maybe Text) Source #
The state of the EC2 instance.
idImageDescription :: Lens' InstanceDetails (Maybe Text) Source #
The image description of the EC2 instance.
Invitation
data Invitation Source #
Invitation from an AWS account to become the current account's master.
See: invitation
smart constructor.
invitation :: Invitation Source #
Creates a value of Invitation
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
iInvitedAt
- Timestamp at which the invitation was sentiRelationshipStatus
- The status of the relationship between the inviter and invitee accounts.iInvitationId
- This value is used to validate the inviter account to the member account.iAccountId
- Inviter account ID
iInvitedAt :: Lens' Invitation (Maybe Text) Source #
Timestamp at which the invitation was sent
iRelationshipStatus :: Lens' Invitation (Maybe Text) Source #
The status of the relationship between the inviter and invitee accounts.
iInvitationId :: Lens' Invitation (Maybe Text) Source #
This value is used to validate the inviter account to the member account.
iAccountId :: Lens' Invitation (Maybe Text) Source #
Inviter account ID
LocalPortDetails
data LocalPortDetails Source #
Local port information of the connection.
See: localPortDetails
smart constructor.
localPortDetails :: LocalPortDetails Source #
Creates a value of LocalPortDetails
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lpdPortName
- Port name of the local connection.lpdPort
- Port number of the local connection.
lpdPortName :: Lens' LocalPortDetails (Maybe Text) Source #
Port name of the local connection.
Master
Contains details about the master account.
See: master
smart constructor.
Creates a value of Master
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
masInvitedAt
- Timestamp at which the invitation was sentmasRelationshipStatus
- The status of the relationship between the master and member accounts.masInvitationId
- This value is used to validate the master account to the member account.masAccountId
- Master account ID
masRelationshipStatus :: Lens' Master (Maybe Text) Source #
The status of the relationship between the master and member accounts.
masInvitationId :: Lens' Master (Maybe Text) Source #
This value is used to validate the master account to the member account.
Member
Contains details about the member account.
See: member
smart constructor.
Creates a value of Member
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
mInvitedAt
- Timestamp at which the invitation was sentmDetectorId
- Undocumented member.mEmail
- Member account's email address.mAccountId
- Undocumented member.mMasterId
- Undocumented member.mUpdatedAt
- Undocumented member.mRelationshipStatus
- The status of the relationship between the member and the master.
mRelationshipStatus :: Lens' Member Text Source #
The status of the relationship between the member and the master.
NetworkConnectionAction
data NetworkConnectionAction Source #
Information about the NETWORK_CONNECTION action described in this finding.
See: networkConnectionAction
smart constructor.
networkConnectionAction :: NetworkConnectionAction Source #
Creates a value of NetworkConnectionAction
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ncaRemoteIPDetails
- Remote IP information of the connection.ncaProtocol
- Network connection protocol.ncaRemotePortDetails
- Remote port information of the connection.ncaBlocked
- Network connection blocked information.ncaConnectionDirection
- Network connection direction.ncaLocalPortDetails
- Local port information of the connection.
ncaRemoteIPDetails :: Lens' NetworkConnectionAction (Maybe RemoteIPDetails) Source #
Remote IP information of the connection.
ncaProtocol :: Lens' NetworkConnectionAction (Maybe Text) Source #
Network connection protocol.
ncaRemotePortDetails :: Lens' NetworkConnectionAction (Maybe RemotePortDetails) Source #
Remote port information of the connection.
ncaBlocked :: Lens' NetworkConnectionAction (Maybe Bool) Source #
Network connection blocked information.
ncaConnectionDirection :: Lens' NetworkConnectionAction (Maybe Text) Source #
Network connection direction.
ncaLocalPortDetails :: Lens' NetworkConnectionAction (Maybe LocalPortDetails) Source #
Local port information of the connection.
NetworkInterface
data NetworkInterface Source #
The network interface information of the EC2 instance.
See: networkInterface
smart constructor.
networkInterface :: NetworkInterface Source #
Creates a value of NetworkInterface
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
niPrivateIPAddresses
- Other private IP address information of the EC2 instance.niPublicDNSName
- Public DNS name of the EC2 instance.niSecurityGroups
- Security groups associated with the EC2 instance.niVPCId
- The VPC ID of the EC2 instance.niNetworkInterfaceId
- The ID of the network interfaceniSubnetId
- The subnet ID of the EC2 instance.niPrivateIPAddress
- Private IP address of the EC2 instance.niPublicIP
- Public IP address of the EC2 instance.niPrivateDNSName
- Private DNS name of the EC2 instance.niIPv6Addresses
- A list of EC2 instance IPv6 address information.
niPrivateIPAddresses :: Lens' NetworkInterface [PrivateIPAddressDetails] Source #
Other private IP address information of the EC2 instance.
niPublicDNSName :: Lens' NetworkInterface (Maybe Text) Source #
Public DNS name of the EC2 instance.
niSecurityGroups :: Lens' NetworkInterface [SecurityGroup] Source #
Security groups associated with the EC2 instance.
niNetworkInterfaceId :: Lens' NetworkInterface (Maybe Text) Source #
The ID of the network interface
niSubnetId :: Lens' NetworkInterface (Maybe Text) Source #
The subnet ID of the EC2 instance.
niPrivateIPAddress :: Lens' NetworkInterface (Maybe Text) Source #
Private IP address of the EC2 instance.
niPublicIP :: Lens' NetworkInterface (Maybe Text) Source #
Public IP address of the EC2 instance.
niPrivateDNSName :: Lens' NetworkInterface (Maybe Text) Source #
Private DNS name of the EC2 instance.
niIPv6Addresses :: Lens' NetworkInterface [Text] Source #
A list of EC2 instance IPv6 address information.
Organization
data Organization Source #
ISP Organization information of the remote IP address.
See: organization
smart constructor.
organization :: Organization Source #
Creates a value of Organization
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
oASN :: Lens' Organization (Maybe Text) Source #
Autonomous system number of the internet provider of the remote IP address.
PortProbeAction
data PortProbeAction Source #
Information about the PORT_PROBE action described in this finding.
See: portProbeAction
smart constructor.
portProbeAction :: PortProbeAction Source #
Creates a value of PortProbeAction
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ppaPortProbeDetails
- A list of port probe details objects.ppaBlocked
- Port probe blocked information.
ppaPortProbeDetails :: Lens' PortProbeAction [PortProbeDetail] Source #
A list of port probe details objects.
ppaBlocked :: Lens' PortProbeAction (Maybe Bool) Source #
Port probe blocked information.
PortProbeDetail
data PortProbeDetail Source #
Details about the port probe finding.
See: portProbeDetail
smart constructor.
portProbeDetail :: PortProbeDetail Source #
Creates a value of PortProbeDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ppdRemoteIPDetails
- Remote IP information of the connection.ppdLocalPortDetails
- Local port information of the connection.
ppdRemoteIPDetails :: Lens' PortProbeDetail (Maybe RemoteIPDetails) Source #
Remote IP information of the connection.
ppdLocalPortDetails :: Lens' PortProbeDetail (Maybe LocalPortDetails) Source #
Local port information of the connection.
PrivateIPAddressDetails
data PrivateIPAddressDetails Source #
Other private IP address information of the EC2 instance.
See: privateIPAddressDetails
smart constructor.
privateIPAddressDetails :: PrivateIPAddressDetails Source #
Creates a value of PrivateIPAddressDetails
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
piadPrivateIPAddress
- Private IP address of the EC2 instance.piadPrivateDNSName
- Private DNS name of the EC2 instance.
piadPrivateIPAddress :: Lens' PrivateIPAddressDetails (Maybe Text) Source #
Private IP address of the EC2 instance.
piadPrivateDNSName :: Lens' PrivateIPAddressDetails (Maybe Text) Source #
Private DNS name of the EC2 instance.
ProductCode
data ProductCode Source #
The product code of the EC2 instance.
See: productCode
smart constructor.
productCode :: ProductCode Source #
Creates a value of ProductCode
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pcProductType
- Product code type.pcCode
- Product code information.
pcProductType :: Lens' ProductCode (Maybe Text) Source #
Product code type.
RemoteIPDetails
data RemoteIPDetails Source #
Remote IP information of the connection.
See: remoteIPDetails
smart constructor.
remoteIPDetails :: RemoteIPDetails Source #
Creates a value of RemoteIPDetails
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ridCountry
- Country code of the remote IP address.ridCity
- City information of the remote IP address.ridIPAddressV4
- IPV4 remote address of the connection.ridGeoLocation
- Location information of the remote IP address.ridOrganization
- ISP Organization information of the remote IP address.
ridCountry :: Lens' RemoteIPDetails (Maybe Country) Source #
Country code of the remote IP address.
ridIPAddressV4 :: Lens' RemoteIPDetails (Maybe Text) Source #
IPV4 remote address of the connection.
ridGeoLocation :: Lens' RemoteIPDetails (Maybe GeoLocation) Source #
Location information of the remote IP address.
ridOrganization :: Lens' RemoteIPDetails (Maybe Organization) Source #
ISP Organization information of the remote IP address.
RemotePortDetails
data RemotePortDetails Source #
Remote port information of the connection.
See: remotePortDetails
smart constructor.
remotePortDetails :: RemotePortDetails Source #
Creates a value of RemotePortDetails
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rpdPortName
- Port name of the remote connection.rpdPort
- Port number of the remote connection.
rpdPortName :: Lens' RemotePortDetails (Maybe Text) Source #
Port name of the remote connection.
Resource
The AWS resource associated with the activity that prompted GuardDuty to generate a finding.
See: resource
smart constructor.
Creates a value of Resource
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rResourceType
- The type of the AWS resource.rInstanceDetails
- Undocumented member.rAccessKeyDetails
- Undocumented member.
rInstanceDetails :: Lens' Resource (Maybe InstanceDetails) Source #
Undocumented member.
rAccessKeyDetails :: Lens' Resource (Maybe AccessKeyDetails) Source #
Undocumented member.
SecurityGroup
data SecurityGroup Source #
Security groups associated with the EC2 instance.
See: securityGroup
smart constructor.
securityGroup :: SecurityGroup Source #
Creates a value of SecurityGroup
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sgGroupId
- EC2 instance's security group ID.sgGroupName
- EC2 instance's security group name.
sgGroupName :: Lens' SecurityGroup (Maybe Text) Source #
EC2 instance's security group name.
ServiceInfo
data ServiceInfo Source #
Additional information assigned to the generated finding by GuardDuty.
See: serviceInfo
smart constructor.
serviceInfo :: ServiceInfo Source #
Creates a value of ServiceInfo
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
siCount
- Total count of the occurrences of this finding type.siEventFirstSeen
- First seen timestamp of the activity that prompted GuardDuty to generate this finding.siAction
- Information about the activity described in a finding.siDetectorId
- Detector ID for the GuardDuty service.siServiceName
- The name of the AWS service (GuardDuty) that generated a finding.siUserFeedback
- Feedback left about the finding.siEventLastSeen
- Last seen timestamp of the activity that prompted GuardDuty to generate this finding.siResourceRole
- Resource role information for this finding.siArchived
- Indicates whether this finding is archived.
siCount :: Lens' ServiceInfo (Maybe Int) Source #
Total count of the occurrences of this finding type.
siEventFirstSeen :: Lens' ServiceInfo (Maybe Text) Source #
First seen timestamp of the activity that prompted GuardDuty to generate this finding.
siAction :: Lens' ServiceInfo (Maybe Action) Source #
Information about the activity described in a finding.
siDetectorId :: Lens' ServiceInfo (Maybe Text) Source #
Detector ID for the GuardDuty service.
siServiceName :: Lens' ServiceInfo (Maybe Text) Source #
The name of the AWS service (GuardDuty) that generated a finding.
siUserFeedback :: Lens' ServiceInfo (Maybe Text) Source #
Feedback left about the finding.
siEventLastSeen :: Lens' ServiceInfo (Maybe Text) Source #
Last seen timestamp of the activity that prompted GuardDuty to generate this finding.
siResourceRole :: Lens' ServiceInfo (Maybe Text) Source #
Resource role information for this finding.
siArchived :: Lens' ServiceInfo (Maybe Bool) Source #
Indicates whether this finding is archived.
SortCriteria
data SortCriteria Source #
Represents the criteria used for sorting findings.
See: sortCriteria
smart constructor.
sortCriteria :: SortCriteria Source #
Creates a value of SortCriteria
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scOrderBy
- Order by which the sorted findings are to be displayed.scAttributeName
- Represents the finding attribute (for example, accountId) by which to sort findings.
scOrderBy :: Lens' SortCriteria (Maybe OrderBy) Source #
Order by which the sorted findings are to be displayed.
scAttributeName :: Lens' SortCriteria (Maybe Text) Source #
Represents the finding attribute (for example, accountId) by which to sort findings.
Tag
A tag of the EC2 instance.
See: tag
smart constructor.
UnprocessedAccount
data UnprocessedAccount Source #
An object containing the unprocessed account and a result string explaining why it was unprocessed.
See: unprocessedAccount
smart constructor.
Creates a value of UnprocessedAccount
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
uaAccountId
- AWS Account ID.uaResult
- A reason why the account hasn't been processed.
uaAccountId :: Lens' UnprocessedAccount Text Source #
AWS Account ID.