Interface GuardDutyFinding.Service
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
GuardDutyFinding.Service.Jsii$Proxy
- Enclosing class:
GuardDutyFinding
@Stability(Experimental)
public static interface GuardDutyFinding.Service
extends software.amazon.jsii.JsiiSerializable
(experimental) Type definition for Service.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.mixins.preview.services.guardduty.events.*;
Object additionalScannedPorts;
Object unusual;
Service service = Service.builder()
.action(Action.builder()
.actionType(List.of("actionType"))
.awsApiCallAction(AwsApiCallAction1.builder()
.affectedResources(AffectedResources1.builder()
.awsCloudTrailTrail(List.of("awsCloudTrailTrail"))
.awsEc2Instance(List.of("awsEc2Instance"))
.awsS3Bucket(List.of("awsS3Bucket"))
.build())
.api(List.of("api"))
.callerType(List.of("callerType"))
.errorCode(List.of("errorCode"))
.remoteAccountDetails(RemoteAccountDetails.builder()
.accountId(List.of("accountId"))
.affiliated(List.of("affiliated"))
.build())
.remoteIpDetails(RemoteIpDetails1.builder()
.city(City1.builder()
.cityName(List.of("cityName"))
.build())
.country(Country1.builder()
.countryName(List.of("countryName"))
.build())
.geoLocation(GeoLocation.builder()
.lat(List.of("lat"))
.lon(List.of("lon"))
.build())
.ipAddressV4(List.of("ipAddressV4"))
.organization(Organization1.builder()
.asn(List.of("asn"))
.asnOrg(List.of("asnOrg"))
.isp(List.of("isp"))
.org(List.of("org"))
.build())
.build())
.serviceName(List.of("serviceName"))
.build())
.dnsRequestAction(DnsRequestAction.builder()
.blocked(List.of("blocked"))
.domain(List.of("domain"))
.protocol(List.of("protocol"))
.build())
.kubernetesApiCallAction(KubernetesApiCallAction.builder()
.parameters(List.of("parameters"))
.remoteIpDetails(RemoteIpDetails2.builder()
.city(City2.builder()
.cityName(List.of("cityName"))
.build())
.country(Country2.builder()
.countryName(List.of("countryName"))
.build())
.geoLocation(GeoLocation.builder()
.lat(List.of("lat"))
.lon(List.of("lon"))
.build())
.ipAddressV4(List.of("ipAddressV4"))
.organization(Organization2.builder()
.asn(List.of("asn"))
.asnOrg(List.of("asnOrg"))
.isp(List.of("isp"))
.org(List.of("org"))
.build())
.build())
.requestUri(List.of("requestUri"))
.sourceIPs(List.of("sourceIPs"))
.statusCode(List.of("statusCode"))
.userAgent(List.of("userAgent"))
.verb(List.of("verb"))
.build())
.networkConnectionAction(NetworkConnectionAction.builder()
.blocked(List.of("blocked"))
.connectionDirection(List.of("connectionDirection"))
.localIpDetails(LocalIpDetails.builder()
.ipAddressV4(List.of("ipAddressV4"))
.build())
.localPortDetails(LocalPortDetails.builder()
.port(List.of("port"))
.portName(List.of("portName"))
.build())
.protocol(List.of("protocol"))
.remoteIpDetails(RemoteIpDetails3.builder()
.city(City3.builder()
.cityName(List.of("cityName"))
.build())
.country(Country3.builder()
.countryName(List.of("countryName"))
.build())
.geoLocation(GeoLocation.builder()
.lat(List.of("lat"))
.lon(List.of("lon"))
.build())
.ipAddressV4(List.of("ipAddressV4"))
.organization(Organization3.builder()
.asn(List.of("asn"))
.asnOrg(List.of("asnOrg"))
.isp(List.of("isp"))
.org(List.of("org"))
.build())
.build())
.remotePortDetails(RemotePortDetails.builder()
.port(List.of("port"))
.portName(List.of("portName"))
.build())
.build())
.portProbeAction(PortProbeAction.builder()
.blocked(List.of("blocked"))
.portProbeDetails(List.of(PortProbeActionItem.builder()
.localIpDetails(LocalIpDetails1.builder()
.ipAddressV4(List.of("ipAddressV4"))
.build())
.localPortDetails(LocalPortDetails1.builder()
.port(List.of("port"))
.portName(List.of("portName"))
.build())
.remoteIpDetails(RemoteIpDetails4.builder()
.city(City4.builder()
.cityName(List.of("cityName"))
.build())
.country(Country4.builder()
.countryName(List.of("countryName"))
.build())
.geoLocation(GeoLocation1.builder()
.lat(List.of("lat"))
.lon(List.of("lon"))
.build())
.ipAddressV4(List.of("ipAddressV4"))
.organization(Organization4.builder()
.asn(List.of("asn"))
.asnOrg(List.of("asnOrg"))
.isp(List.of("isp"))
.org(List.of("org"))
.build())
.build())
.build()))
.build())
.build())
.additionalInfo(AdditionalInfo.builder()
.additionalScannedPorts(List.of(additionalScannedPorts))
.anomalies(Anomalies.builder()
.anomalousApIs(List.of("anomalousApIs"))
.build())
.apiCalls(List.of(AdditionalInfoItem.builder()
.count(List.of("count"))
.firstSeen(List.of("firstSeen"))
.lastSeen(List.of("lastSeen"))
.name(List.of("name"))
.build()))
.domain(List.of("domain"))
.inBytes(List.of("inBytes"))
.localPort(List.of("localPort"))
.newPolicy(NewPolicy.builder()
.allowUsersToChangePassword(List.of("allowUsersToChangePassword"))
.hardExpiry(List.of("hardExpiry"))
.maxPasswordAge(List.of("maxPasswordAge"))
.minimumPasswordLength(List.of("minimumPasswordLength"))
.passwordReusePrevention(List.of("passwordReusePrevention"))
.requireLowercaseCharacters(List.of("requireLowercaseCharacters"))
.requireNumbers(List.of("requireNumbers"))
.requireSymbols(List.of("requireSymbols"))
.requireUppercaseCharacters(List.of("requireUppercaseCharacters"))
.build())
.oldPolicy(OldPolicy.builder()
.allowUsersToChangePassword(List.of("allowUsersToChangePassword"))
.hardExpiry(List.of("hardExpiry"))
.maxPasswordAge(List.of("maxPasswordAge"))
.minimumPasswordLength(List.of("minimumPasswordLength"))
.passwordReusePrevention(List.of("passwordReusePrevention"))
.requireLowercaseCharacters(List.of("requireLowercaseCharacters"))
.requireNumbers(List.of("requireNumbers"))
.requireSymbols(List.of("requireSymbols"))
.requireUppercaseCharacters(List.of("requireUppercaseCharacters"))
.build())
.outBytes(List.of("outBytes"))
.portsScannedSample(List.of(123))
.profiledBehavior(ProfiledBehavior.builder()
.frequentProfiledApIsAccountProfiling(List.of("frequentProfiledApIsAccountProfiling"))
.frequentProfiledApIsUserIdentityProfiling(List.of("frequentProfiledApIsUserIdentityProfiling"))
.frequentProfiledAsNsAccountProfiling(List.of("frequentProfiledAsNsAccountProfiling"))
.frequentProfiledAsNsBucketProfiling(List.of("frequentProfiledAsNsBucketProfiling"))
.frequentProfiledAsNsUserIdentityProfiling(List.of("frequentProfiledAsNsUserIdentityProfiling"))
.frequentProfiledBucketsAccountProfiling(List.of("frequentProfiledBucketsAccountProfiling"))
.frequentProfiledBucketsUserIdentityProfiling(List.of("frequentProfiledBucketsUserIdentityProfiling"))
.frequentProfiledUserAgentsAccountProfiling(List.of("frequentProfiledUserAgentsAccountProfiling"))
.frequentProfiledUserAgentsUserIdentityProfiling(List.of("frequentProfiledUserAgentsUserIdentityProfiling"))
.frequentProfiledUserNamesAccountProfiling(List.of("frequentProfiledUserNamesAccountProfiling"))
.frequentProfiledUserNamesBucketProfiling(List.of("frequentProfiledUserNamesBucketProfiling"))
.frequentProfiledUserTypesAccountProfiling(List.of("frequentProfiledUserTypesAccountProfiling"))
.infrequentProfiledApIsAccountProfiling(List.of("infrequentProfiledApIsAccountProfiling"))
.infrequentProfiledApIsUserIdentityProfiling(List.of("infrequentProfiledApIsUserIdentityProfiling"))
.infrequentProfiledAsNsAccountProfiling(List.of("infrequentProfiledAsNsAccountProfiling"))
.infrequentProfiledAsNsBucketProfiling(List.of("infrequentProfiledAsNsBucketProfiling"))
.infrequentProfiledAsNsUserIdentityProfiling(List.of("infrequentProfiledAsNsUserIdentityProfiling"))
.infrequentProfiledBucketsAccountProfiling(List.of("infrequentProfiledBucketsAccountProfiling"))
.infrequentProfiledBucketsUserIdentityProfiling(List.of("infrequentProfiledBucketsUserIdentityProfiling"))
.infrequentProfiledUserAgentsAccountProfiling(List.of("infrequentProfiledUserAgentsAccountProfiling"))
.infrequentProfiledUserAgentsUserIdentityProfiling(List.of("infrequentProfiledUserAgentsUserIdentityProfiling"))
.infrequentProfiledUserNamesAccountProfiling(List.of("infrequentProfiledUserNamesAccountProfiling"))
.infrequentProfiledUserNamesBucketProfiling(List.of("infrequentProfiledUserNamesBucketProfiling"))
.infrequentProfiledUserTypesAccountProfiling(List.of("infrequentProfiledUserTypesAccountProfiling"))
.numberOfHistoricalDailyAvgApIsBucketProfiling(List.of("numberOfHistoricalDailyAvgApIsBucketProfiling"))
.numberOfHistoricalDailyAvgApIsBucketUserIdentityProfiling(List.of("numberOfHistoricalDailyAvgApIsBucketUserIdentityProfiling"))
.numberOfHistoricalDailyAvgApIsUserIdentityProfiling(List.of("numberOfHistoricalDailyAvgApIsUserIdentityProfiling"))
.numberOfHistoricalDailyMaxApIsBucketProfiling(List.of("numberOfHistoricalDailyMaxApIsBucketProfiling"))
.numberOfHistoricalDailyMaxApIsBucketUserIdentityProfiling(List.of("numberOfHistoricalDailyMaxApIsBucketUserIdentityProfiling"))
.numberOfHistoricalDailyMaxApIsUserIdentityProfiling(List.of("numberOfHistoricalDailyMaxApIsUserIdentityProfiling"))
.rareProfiledApIsAccountProfiling(List.of("rareProfiledApIsAccountProfiling"))
.rareProfiledApIsUserIdentityProfiling(List.of("rareProfiledApIsUserIdentityProfiling"))
.rareProfiledAsNsAccountProfiling(List.of("rareProfiledAsNsAccountProfiling"))
.rareProfiledAsNsBucketProfiling(List.of("rareProfiledAsNsBucketProfiling"))
.rareProfiledAsNsUserIdentityProfiling(List.of("rareProfiledAsNsUserIdentityProfiling"))
.rareProfiledBucketsAccountProfiling(List.of("rareProfiledBucketsAccountProfiling"))
.rareProfiledBucketsUserIdentityProfiling(List.of("rareProfiledBucketsUserIdentityProfiling"))
.rareProfiledUserAgentsAccountProfiling(List.of("rareProfiledUserAgentsAccountProfiling"))
.rareProfiledUserAgentsUserIdentityProfiling(List.of("rareProfiledUserAgentsUserIdentityProfiling"))
.rareProfiledUserNamesAccountProfiling(List.of("rareProfiledUserNamesAccountProfiling"))
.rareProfiledUserNamesBucketProfiling(List.of("rareProfiledUserNamesBucketProfiling"))
.rareProfiledUserTypesAccountProfiling(List.of("rareProfiledUserTypesAccountProfiling"))
.build())
.recentCredentials(List.of(AdditionalInfoItem1.builder()
.accessKeyId(List.of("accessKeyId"))
.ipAddressV4(List.of("ipAddressV4"))
.principalId(List.of("principalId"))
.build()))
.sample(List.of("sample"))
.scannedPort(List.of("scannedPort"))
.threatListName(List.of("threatListName"))
.threatName(List.of("threatName"))
.type(List.of("type"))
.unusual(unusual)
.unusualBehavior(UnusualBehavior.builder()
.isUnusualUserIdentity(List.of("isUnusualUserIdentity"))
.numberOfPast24HoursApIsBucketProfiling(List.of("numberOfPast24HoursApIsBucketProfiling"))
.numberOfPast24HoursApIsBucketUserIdentityProfiling(List.of("numberOfPast24HoursApIsBucketUserIdentityProfiling"))
.numberOfPast24HoursApIsUserIdentityProfiling(List.of("numberOfPast24HoursApIsUserIdentityProfiling"))
.unusualApIsAccountProfiling(List.of("unusualApIsAccountProfiling"))
.unusualApIsUserIdentityProfiling(List.of("unusualApIsUserIdentityProfiling"))
.unusualAsNsAccountProfiling(List.of("unusualAsNsAccountProfiling"))
.unusualAsNsBucketProfiling(List.of("unusualAsNsBucketProfiling"))
.unusualAsNsUserIdentityProfiling(List.of("unusualAsNsUserIdentityProfiling"))
.unusualBucketsAccountProfiling(List.of("unusualBucketsAccountProfiling"))
.unusualBucketsUserIdentityProfiling(List.of("unusualBucketsUserIdentityProfiling"))
.unusualUserAgentsAccountProfiling(List.of("unusualUserAgentsAccountProfiling"))
.unusualUserAgentsUserIdentityProfiling(List.of("unusualUserAgentsUserIdentityProfiling"))
.unusualUserNamesAccountProfiling(List.of("unusualUserNamesAccountProfiling"))
.unusualUserNamesBucketProfiling(List.of("unusualUserNamesBucketProfiling"))
.unusualUserTypesAccountProfiling(List.of("unusualUserTypesAccountProfiling"))
.build())
.unusualProtocol(List.of("unusualProtocol"))
.userAgent(UserAgent.builder()
.fullUserAgent(List.of("fullUserAgent"))
.userAgentCategory(List.of("userAgentCategory"))
.build())
.value(List.of("value"))
.build())
.archived(List.of("archived"))
.awsApiCallAction(AwsApiCallAction.builder()
.affectedResources(List.of("affectedResources"))
.api(List.of("api"))
.callerType(List.of("callerType"))
.errorCode(List.of("errorCode"))
.remoteIpDetails(RemoteIpDetails.builder()
.city(City.builder()
.cityName(List.of("cityName"))
.build())
.country(Country.builder()
.countryName(List.of("countryName"))
.build())
.geoLocation(GeoLocation.builder()
.lat(List.of("lat"))
.lon(List.of("lon"))
.build())
.ipAddressV4(List.of("ipAddressV4"))
.organization(Organization.builder()
.asn(List.of("asn"))
.asnOrg(List.of("asnOrg"))
.isp(List.of("isp"))
.org(List.of("org"))
.build())
.build())
.serviceName(List.of("serviceName"))
.build())
.count(List.of("count"))
.detectorId(List.of("detectorId"))
.ebsVolumeScanDetails(EbsVolumeScanDetails.builder()
.scanCompletedAt(List.of("scanCompletedAt"))
.scanDetections(ScanDetections.builder()
.highestSeverityThreatDetails(HighestSeverityThreatDetails.builder()
.count(List.of("count"))
.severity(List.of("severity"))
.threatName(List.of("threatName"))
.build())
.scannedItemCount(ScannedItemCount.builder()
.files(List.of("files"))
.totalGb(List.of("totalGb"))
.volumes(List.of("volumes"))
.build())
.threatDetectedByName(ThreatDetectedByName.builder()
.itemCount(List.of("itemCount"))
.shortened(List.of("shortened"))
.threatNames(List.of(ThreatDetectedByNameItem.builder()
.filePaths(List.of(ThreatDetectedByNameItemItem.builder()
.fileName(List.of("fileName"))
.filePath(List.of("filePath"))
.hash(List.of("hash"))
.volumeArn(List.of("volumeArn"))
.build()))
.itemCount(List.of("itemCount"))
.name(List.of("name"))
.severity(List.of("severity"))
.build()))
.uniqueThreatNameCount(List.of("uniqueThreatNameCount"))
.build())
.threatsDetectedItemCount(ThreatsDetectedItemCount.builder()
.files(List.of("files"))
.build())
.build())
.scanId(List.of("scanId"))
.scanStartedAt(List.of("scanStartedAt"))
.sources(List.of("sources"))
.triggerFindingId(List.of("triggerFindingId"))
.build())
.eventFirstSeen(List.of("eventFirstSeen"))
.eventLastSeen(List.of("eventLastSeen"))
.evidence(Evidence.builder()
.threatIntelligenceDetails(List.of(EvidenceItem.builder()
.threatListName(List.of("threatListName"))
.threatNames(List.of("threatNames"))
.build()))
.build())
.featureName(List.of("featureName"))
.resourceRole(List.of("resourceRole"))
.serviceName(List.of("serviceName"))
.build();
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forGuardDutyFinding.Servicestatic final classAn implementation forGuardDutyFinding.Service -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default GuardDutyFinding.Action(experimental) action property.default GuardDutyFinding.AdditionalInfo(experimental) additionalInfo property.(experimental) archived property.(experimental) awsApiCallAction property.getCount()(experimental) count property.(experimental) detectorId property.(experimental) ebsVolumeScanDetails property.(experimental) eventFirstSeen property.(experimental) eventLastSeen property.default GuardDutyFinding.Evidence(experimental) evidence property.(experimental) featureName property.(experimental) resourceRole property.(experimental) serviceName property.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAction
(experimental) action property.Specify an array of string values to match this event if the actual value of action is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getAdditionalInfo
(experimental) additionalInfo property.Specify an array of string values to match this event if the actual value of additionalInfo is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getArchived
(experimental) archived property.Specify an array of string values to match this event if the actual value of archived is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getAwsApiCallAction
(experimental) awsApiCallAction property.Specify an array of string values to match this event if the actual value of awsApiCallAction is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getCount
(experimental) count property.Specify an array of string values to match this event if the actual value of count is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getDetectorId
(experimental) detectorId property.Specify an array of string values to match this event if the actual value of detectorId is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Filter with the Detector reference
-
getEbsVolumeScanDetails
@Stability(Experimental) @Nullable default GuardDutyFinding.EbsVolumeScanDetails getEbsVolumeScanDetails()(experimental) ebsVolumeScanDetails property.Specify an array of string values to match this event if the actual value of ebsVolumeScanDetails is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getEventFirstSeen
(experimental) eventFirstSeen property.Specify an array of string values to match this event if the actual value of eventFirstSeen is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getEventLastSeen
(experimental) eventLastSeen property.Specify an array of string values to match this event if the actual value of eventLastSeen is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getEvidence
(experimental) evidence property.Specify an array of string values to match this event if the actual value of evidence is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getFeatureName
(experimental) featureName property.Specify an array of string values to match this event if the actual value of featureName is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getResourceRole
(experimental) resourceRole property.Specify an array of string values to match this event if the actual value of resourceRole is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
getServiceName
(experimental) serviceName property.Specify an array of string values to match this event if the actual value of serviceName is one of the values in the array. Use one of the constructors on the
aws_events.Matchfor more advanced matching options.Default: - Do not filter on this field
-
builder
- Returns:
- a
GuardDutyFinding.Service.BuilderofGuardDutyFinding.Service
-