interface Service
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.Mixins.Preview.AWS.GuardDuty.Events.DetectorEvents.GuardDutyFinding.Service |
 Go | github.com/aws/aws-cdk-go/awscdkmixinspreview/v2/awsguardduty/events#DetectorEvents_GuardDutyFinding_Service |
 Java | software.amazon.awscdk.mixins.preview.services.guardduty.events.DetectorEvents.GuardDutyFinding.Service |
 Python | aws_cdk.mixins_preview.aws_guardduty.events.DetectorEvents.GuardDutyFinding.Service |
 TypeScript | @aws-cdk/mixins-preview ยป aws_guardduty ยป events ยป DetectorEvents ยป GuardDutyFinding ยป Service |
Type definition for Service.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { events as guardduty_events } from '@aws-cdk/mixins-preview/aws-guardduty';
declare const additionalScannedPorts: any;
declare const unusual: any;
const service: guardduty_events.DetectorEvents.GuardDutyFinding.Service = {
action: {
actionType: ['actionType'],
awsApiCallAction: {
affectedResources: {
awsCloudTrailTrail: ['awsCloudTrailTrail'],
awsEc2Instance: ['awsEc2Instance'],
awsS3Bucket: ['awsS3Bucket'],
},
api: ['api'],
callerType: ['callerType'],
errorCode: ['errorCode'],
remoteAccountDetails: {
accountId: ['accountId'],
affiliated: ['affiliated'],
},
remoteIpDetails: {
city: {
cityName: ['cityName'],
},
country: {
countryName: ['countryName'],
},
geoLocation: {
lat: ['lat'],
lon: ['lon'],
},
ipAddressV4: ['ipAddressV4'],
organization: {
asn: ['asn'],
asnOrg: ['asnOrg'],
isp: ['isp'],
org: ['org'],
},
},
serviceName: ['serviceName'],
},
dnsRequestAction: {
blocked: ['blocked'],
domain: ['domain'],
protocol: ['protocol'],
},
kubernetesApiCallAction: {
parameters: ['parameters'],
remoteIpDetails: {
city: {
cityName: ['cityName'],
},
country: {
countryName: ['countryName'],
},
geoLocation: {
lat: ['lat'],
lon: ['lon'],
},
ipAddressV4: ['ipAddressV4'],
organization: {
asn: ['asn'],
asnOrg: ['asnOrg'],
isp: ['isp'],
org: ['org'],
},
},
requestUri: ['requestUri'],
sourceIPs: ['sourceIPs'],
statusCode: ['statusCode'],
userAgent: ['userAgent'],
verb: ['verb'],
},
networkConnectionAction: {
blocked: ['blocked'],
connectionDirection: ['connectionDirection'],
localIpDetails: {
ipAddressV4: ['ipAddressV4'],
},
localPortDetails: {
port: ['port'],
portName: ['portName'],
},
protocol: ['protocol'],
remoteIpDetails: {
city: {
cityName: ['cityName'],
},
country: {
countryName: ['countryName'],
},
geoLocation: {
lat: ['lat'],
lon: ['lon'],
},
ipAddressV4: ['ipAddressV4'],
organization: {
asn: ['asn'],
asnOrg: ['asnOrg'],
isp: ['isp'],
org: ['org'],
},
},
remotePortDetails: {
port: ['port'],
portName: ['portName'],
},
},
portProbeAction: {
blocked: ['blocked'],
portProbeDetails: [{
localIpDetails: {
ipAddressV4: ['ipAddressV4'],
},
localPortDetails: {
port: ['port'],
portName: ['portName'],
},
remoteIpDetails: {
city: {
cityName: ['cityName'],
},
country: {
countryName: ['countryName'],
},
geoLocation: {
lat: ['lat'],
lon: ['lon'],
},
ipAddressV4: ['ipAddressV4'],
organization: {
asn: ['asn'],
asnOrg: ['asnOrg'],
isp: ['isp'],
org: ['org'],
},
},
}],
},
},
additionalInfo: {
additionalScannedPorts: [additionalScannedPorts],
anomalies: {
anomalousApIs: ['anomalousApIs'],
},
apiCalls: [{
count: ['count'],
firstSeen: ['firstSeen'],
lastSeen: ['lastSeen'],
name: ['name'],
}],
domain: ['domain'],
inBytes: ['inBytes'],
localPort: ['localPort'],
newPolicy: {
allowUsersToChangePassword: ['allowUsersToChangePassword'],
hardExpiry: ['hardExpiry'],
maxPasswordAge: ['maxPasswordAge'],
minimumPasswordLength: ['minimumPasswordLength'],
passwordReusePrevention: ['passwordReusePrevention'],
requireLowercaseCharacters: ['requireLowercaseCharacters'],
requireNumbers: ['requireNumbers'],
requireSymbols: ['requireSymbols'],
requireUppercaseCharacters: ['requireUppercaseCharacters'],
},
oldPolicy: {
allowUsersToChangePassword: ['allowUsersToChangePassword'],
hardExpiry: ['hardExpiry'],
maxPasswordAge: ['maxPasswordAge'],
minimumPasswordLength: ['minimumPasswordLength'],
passwordReusePrevention: ['passwordReusePrevention'],
requireLowercaseCharacters: ['requireLowercaseCharacters'],
requireNumbers: ['requireNumbers'],
requireSymbols: ['requireSymbols'],
requireUppercaseCharacters: ['requireUppercaseCharacters'],
},
outBytes: ['outBytes'],
portsScannedSample: [123],
profiledBehavior: {
frequentProfiledApIsAccountProfiling: ['frequentProfiledApIsAccountProfiling'],
frequentProfiledApIsUserIdentityProfiling: ['frequentProfiledApIsUserIdentityProfiling'],
frequentProfiledAsNsAccountProfiling: ['frequentProfiledAsNsAccountProfiling'],
frequentProfiledAsNsBucketProfiling: ['frequentProfiledAsNsBucketProfiling'],
frequentProfiledAsNsUserIdentityProfiling: ['frequentProfiledAsNsUserIdentityProfiling'],
frequentProfiledBucketsAccountProfiling: ['frequentProfiledBucketsAccountProfiling'],
frequentProfiledBucketsUserIdentityProfiling: ['frequentProfiledBucketsUserIdentityProfiling'],
frequentProfiledUserAgentsAccountProfiling: ['frequentProfiledUserAgentsAccountProfiling'],
frequentProfiledUserAgentsUserIdentityProfiling: ['frequentProfiledUserAgentsUserIdentityProfiling'],
frequentProfiledUserNamesAccountProfiling: ['frequentProfiledUserNamesAccountProfiling'],
frequentProfiledUserNamesBucketProfiling: ['frequentProfiledUserNamesBucketProfiling'],
frequentProfiledUserTypesAccountProfiling: ['frequentProfiledUserTypesAccountProfiling'],
infrequentProfiledApIsAccountProfiling: ['infrequentProfiledApIsAccountProfiling'],
infrequentProfiledApIsUserIdentityProfiling: ['infrequentProfiledApIsUserIdentityProfiling'],
infrequentProfiledAsNsAccountProfiling: ['infrequentProfiledAsNsAccountProfiling'],
infrequentProfiledAsNsBucketProfiling: ['infrequentProfiledAsNsBucketProfiling'],
infrequentProfiledAsNsUserIdentityProfiling: ['infrequentProfiledAsNsUserIdentityProfiling'],
infrequentProfiledBucketsAccountProfiling: ['infrequentProfiledBucketsAccountProfiling'],
infrequentProfiledBucketsUserIdentityProfiling: ['infrequentProfiledBucketsUserIdentityProfiling'],
infrequentProfiledUserAgentsAccountProfiling: ['infrequentProfiledUserAgentsAccountProfiling'],
infrequentProfiledUserAgentsUserIdentityProfiling: ['infrequentProfiledUserAgentsUserIdentityProfiling'],
infrequentProfiledUserNamesAccountProfiling: ['infrequentProfiledUserNamesAccountProfiling'],
infrequentProfiledUserNamesBucketProfiling: ['infrequentProfiledUserNamesBucketProfiling'],
infrequentProfiledUserTypesAccountProfiling: ['infrequentProfiledUserTypesAccountProfiling'],
numberOfHistoricalDailyAvgApIsBucketProfiling: ['numberOfHistoricalDailyAvgApIsBucketProfiling'],
numberOfHistoricalDailyAvgApIsBucketUserIdentityProfiling: ['numberOfHistoricalDailyAvgApIsBucketUserIdentityProfiling'],
numberOfHistoricalDailyAvgApIsUserIdentityProfiling: ['numberOfHistoricalDailyAvgApIsUserIdentityProfiling'],
numberOfHistoricalDailyMaxApIsBucketProfiling: ['numberOfHistoricalDailyMaxApIsBucketProfiling'],
numberOfHistoricalDailyMaxApIsBucketUserIdentityProfiling: ['numberOfHistoricalDailyMaxApIsBucketUserIdentityProfiling'],
numberOfHistoricalDailyMaxApIsUserIdentityProfiling: ['numberOfHistoricalDailyMaxApIsUserIdentityProfiling'],
rareProfiledApIsAccountProfiling: ['rareProfiledApIsAccountProfiling'],
rareProfiledApIsUserIdentityProfiling: ['rareProfiledApIsUserIdentityProfiling'],
rareProfiledAsNsAccountProfiling: ['rareProfiledAsNsAccountProfiling'],
rareProfiledAsNsBucketProfiling: ['rareProfiledAsNsBucketProfiling'],
rareProfiledAsNsUserIdentityProfiling: ['rareProfiledAsNsUserIdentityProfiling'],
rareProfiledBucketsAccountProfiling: ['rareProfiledBucketsAccountProfiling'],
rareProfiledBucketsUserIdentityProfiling: ['rareProfiledBucketsUserIdentityProfiling'],
rareProfiledUserAgentsAccountProfiling: ['rareProfiledUserAgentsAccountProfiling'],
rareProfiledUserAgentsUserIdentityProfiling: ['rareProfiledUserAgentsUserIdentityProfiling'],
rareProfiledUserNamesAccountProfiling: ['rareProfiledUserNamesAccountProfiling'],
rareProfiledUserNamesBucketProfiling: ['rareProfiledUserNamesBucketProfiling'],
rareProfiledUserTypesAccountProfiling: ['rareProfiledUserTypesAccountProfiling'],
},
recentCredentials: [{
accessKeyId: ['accessKeyId'],
ipAddressV4: ['ipAddressV4'],
principalId: ['principalId'],
}],
sample: ['sample'],
scannedPort: ['scannedPort'],
threatListName: ['threatListName'],
threatName: ['threatName'],
type: ['type'],
unusual: unusual,
unusualBehavior: {
isUnusualUserIdentity: ['isUnusualUserIdentity'],
numberOfPast24HoursApIsBucketProfiling: ['numberOfPast24HoursApIsBucketProfiling'],
numberOfPast24HoursApIsBucketUserIdentityProfiling: ['numberOfPast24HoursApIsBucketUserIdentityProfiling'],
numberOfPast24HoursApIsUserIdentityProfiling: ['numberOfPast24HoursApIsUserIdentityProfiling'],
unusualApIsAccountProfiling: ['unusualApIsAccountProfiling'],
unusualApIsUserIdentityProfiling: ['unusualApIsUserIdentityProfiling'],
unusualAsNsAccountProfiling: ['unusualAsNsAccountProfiling'],
unusualAsNsBucketProfiling: ['unusualAsNsBucketProfiling'],
unusualAsNsUserIdentityProfiling: ['unusualAsNsUserIdentityProfiling'],
unusualBucketsAccountProfiling: ['unusualBucketsAccountProfiling'],
unusualBucketsUserIdentityProfiling: ['unusualBucketsUserIdentityProfiling'],
unusualUserAgentsAccountProfiling: ['unusualUserAgentsAccountProfiling'],
unusualUserAgentsUserIdentityProfiling: ['unusualUserAgentsUserIdentityProfiling'],
unusualUserNamesAccountProfiling: ['unusualUserNamesAccountProfiling'],
unusualUserNamesBucketProfiling: ['unusualUserNamesBucketProfiling'],
unusualUserTypesAccountProfiling: ['unusualUserTypesAccountProfiling'],
},
unusualProtocol: ['unusualProtocol'],
userAgent: {
fullUserAgent: ['fullUserAgent'],
userAgentCategory: ['userAgentCategory'],
},
value: ['value'],
},
archived: ['archived'],
awsApiCallAction: {
affectedResources: ['affectedResources'],
api: ['api'],
callerType: ['callerType'],
errorCode: ['errorCode'],
remoteIpDetails: {
city: {
cityName: ['cityName'],
},
country: {
countryName: ['countryName'],
},
geoLocation: {
lat: ['lat'],
lon: ['lon'],
},
ipAddressV4: ['ipAddressV4'],
organization: {
asn: ['asn'],
asnOrg: ['asnOrg'],
isp: ['isp'],
org: ['org'],
},
},
serviceName: ['serviceName'],
},
count: ['count'],
detectorId: ['detectorId'],
ebsVolumeScanDetails: {
scanCompletedAt: ['scanCompletedAt'],
scanDetections: {
highestSeverityThreatDetails: {
count: ['count'],
severity: ['severity'],
threatName: ['threatName'],
},
scannedItemCount: {
files: ['files'],
totalGb: ['totalGb'],
volumes: ['volumes'],
},
threatDetectedByName: {
itemCount: ['itemCount'],
shortened: ['shortened'],
threatNames: [{
filePaths: [{
fileName: ['fileName'],
filePath: ['filePath'],
hash: ['hash'],
volumeArn: ['volumeArn'],
}],
itemCount: ['itemCount'],
name: ['name'],
severity: ['severity'],
}],
uniqueThreatNameCount: ['uniqueThreatNameCount'],
},
threatsDetectedItemCount: {
files: ['files'],
},
},
scanId: ['scanId'],
scanStartedAt: ['scanStartedAt'],
sources: ['sources'],
triggerFindingId: ['triggerFindingId'],
},
eventFirstSeen: ['eventFirstSeen'],
eventLastSeen: ['eventLastSeen'],
evidence: {
threatIntelligenceDetails: [{
threatListName: ['threatListName'],
threatNames: ['threatNames'],
}],
},
featureName: ['featureName'],
resourceRole: ['resourceRole'],
serviceName: ['serviceName'],
};
Properties
| Name | Type | Description |
|---|---|---|
| action? | Action | action property. |
| additional | Additional | additionalInfo property. |
| archived? | string[] | archived property. |
| aws | Aws | awsApiCallAction property. |
| count? | string[] | count property. |
| detector | string[] | detectorId property. |
| ebs | Ebs | ebsVolumeScanDetails property. |
| event | string[] | eventFirstSeen property. |
| event | string[] | eventLastSeen property. |
| evidence? | Evidence | evidence property. |
| feature | string[] | featureName property. |
| resource | string[] | resourceRole property. |
| service | string[] | serviceName property. |
action?
Type:
Action
(optional, default: Do not filter on this field)
action property.
Specify an array of string values to match this event if the actual value of action is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
additionalInfo?
Type:
Additional
(optional, default: Do not filter on this field)
additionalInfo property.
Specify an array of string values to match this event if the actual value of additionalInfo is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
archived?
Type:
string[]
(optional, default: Do not filter on this field)
archived property.
Specify an array of string values to match this event if the actual value of archived is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
awsApiCallAction?
Type:
Aws
(optional, default: Do not filter on this field)
awsApiCallAction property.
Specify an array of string values to match this event if the actual value of awsApiCallAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
count?
Type:
string[]
(optional, default: Do not filter on this field)
count property.
Specify an array of string values to match this event if the actual value of count is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
detectorId?
Type:
string[]
(optional, default: Filter with the Detector reference)
detectorId property.
Specify an array of string values to match this event if the actual value of detectorId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
ebsVolumeScanDetails?
Type:
Ebs
(optional, default: Do not filter on this field)
ebsVolumeScanDetails property.
Specify an array of string values to match this event if the actual value of ebsVolumeScanDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
eventFirstSeen?
Type:
string[]
(optional, default: Do not filter on this field)
eventFirstSeen property.
Specify an array of string values to match this event if the actual value of eventFirstSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
eventLastSeen?
Type:
string[]
(optional, default: Do not filter on this field)
eventLastSeen property.
Specify an array of string values to match this event if the actual value of eventLastSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
evidence?
Type:
Evidence
(optional, default: Do not filter on this field)
evidence property.
Specify an array of string values to match this event if the actual value of evidence is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
featureName?
Type:
string[]
(optional, default: Do not filter on this field)
featureName property.
Specify an array of string values to match this event if the actual value of featureName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
resourceRole?
Type:
string[]
(optional, default: Do not filter on this field)
resourceRole property.
Specify an array of string values to match this event if the actual value of resourceRole is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.
serviceName?
Type:
string[]
(optional, default: Do not filter on this field)
serviceName property.
Specify an array of string values to match this event if the actual value of serviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.