DetectorEvents

class aws_cdk.mixins_preview.aws_guardduty.events.DetectorEvents(*args: Any, **kwargs)

Bases: object

(experimental) EventBridge event patterns for Detector.

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events
from aws_cdk.interfaces import aws_guardduty as interfaces_aws_guardduty

# detector_ref: interfaces_aws_guardduty.IDetectorRef

detector_events = guardduty_events.DetectorEvents.from_detector(detector_ref)

Methods

guard_duty_finding_pattern(*, account_id=None, arn=None, created_at=None, description=None, event_metadata=None, id=None, partition=None, region=None, resource=None, schema_version=None, service=None, severity=None, title=None, type=None, updated_at=None)

(experimental) EventBridge event pattern for Detector GuardDuty Finding.

Parameters:

• account_id (Optional[Sequence[str]]) – (experimental) accountId property. Specify an array of string values to match this event if the actual value of accountId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• arn (Optional[Sequence[str]]) – (experimental) arn property. Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• created_at (Optional[Sequence[str]]) – (experimental) createdAt property. Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• description (Optional[Sequence[str]]) – (experimental) description property. Specify an array of string values to match this event if the actual value of description is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• event_metadata (Union[AWSEventMetadataProps, Dict[str, Any], None]) – (experimental) EventBridge event metadata. Default: - -

• id (Optional[Sequence[str]]) – (experimental) id property. Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• partition (Optional[Sequence[str]]) – (experimental) partition property. Specify an array of string values to match this event if the actual value of partition is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• region (Optional[Sequence[str]]) – (experimental) region property. Specify an array of string values to match this event if the actual value of region is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• resource (Union[Resource, Dict[str, Any], None]) – (experimental) resource property. Specify an array of string values to match this event if the actual value of resource is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• schema_version (Optional[Sequence[str]]) – (experimental) schemaVersion property. Specify an array of string values to match this event if the actual value of schemaVersion is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• service (Union[Service, Dict[str, Any], None]) – (experimental) service property. Specify an array of string values to match this event if the actual value of service is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• severity (Optional[Sequence[str]]) – (experimental) severity property. Specify an array of string values to match this event if the actual value of severity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• title (Optional[Sequence[str]]) – (experimental) title property. Specify an array of string values to match this event if the actual value of title is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• type (Optional[Sequence[str]]) – (experimental) type property. Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• updated_at (Optional[Sequence[str]]) – (experimental) updatedAt property. Specify an array of string values to match this event if the actual value of updatedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

Return type:

EventPattern

Static Methods

classmethod from_detector(detector_ref)

(experimental) Create DetectorEvents from a Detector reference.

Parameters:

detector_ref (IDetectorRef)

Stability:

experimental

Return type:

DetectorEvents

GuardDutyFinding

class DetectorEvents.GuardDutyFinding

Bases: object

(experimental) aws.guardduty@GuardDutyFinding event types for Detector.

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

guard_duty_finding = guardduty_events.DetectorEvents.GuardDutyFinding()

Stability:

experimental

AccessControlList

class DetectorEvents.GuardDutyFinding.AccessControlList(*, allows_public_read_access=None, allows_public_write_access=None)

Bases: object

(experimental) Type definition for AccessControlList.

Parameters:

• allows_public_read_access (Optional[Sequence[str]]) – (experimental) allowsPublicReadAccess property. Specify an array of string values to match this event if the actual value of allowsPublicReadAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• allows_public_write_access (Optional[Sequence[str]]) – (experimental) allowsPublicWriteAccess property. Specify an array of string values to match this event if the actual value of allowsPublicWriteAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

access_control_list = guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
    allows_public_read_access=["allowsPublicReadAccess"],
    allows_public_write_access=["allowsPublicWriteAccess"]
)

Attributes

allows_public_read_access

(experimental) allowsPublicReadAccess property.

Specify an array of string values to match this event if the actual value of allowsPublicReadAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

allows_public_write_access

(experimental) allowsPublicWriteAccess property.

Specify an array of string values to match this event if the actual value of allowsPublicWriteAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

AccessKeyDetails

class DetectorEvents.GuardDutyFinding.AccessKeyDetails(*, access_key_id=None, principal_id=None, user_name=None, user_type=None)

Bases: object

(experimental) Type definition for AccessKeyDetails.

Parameters:

• access_key_id (Optional[Sequence[str]]) – (experimental) accessKeyId property. Specify an array of string values to match this event if the actual value of accessKeyId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• principal_id (Optional[Sequence[str]]) – (experimental) principalId property. Specify an array of string values to match this event if the actual value of principalId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• user_name (Optional[Sequence[str]]) – (experimental) userName property. Specify an array of string values to match this event if the actual value of userName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• user_type (Optional[Sequence[str]]) – (experimental) userType property. Specify an array of string values to match this event if the actual value of userType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

access_key_details = guardduty_events.DetectorEvents.GuardDutyFinding.AccessKeyDetails(
    access_key_id=["accessKeyId"],
    principal_id=["principalId"],
    user_name=["userName"],
    user_type=["userType"]
)

Attributes

access_key_id

(experimental) accessKeyId property.

Specify an array of string values to match this event if the actual value of accessKeyId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

principal_id

(experimental) principalId property.

Specify an array of string values to match this event if the actual value of principalId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

user_name

(experimental) userName property.

Specify an array of string values to match this event if the actual value of userName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

user_type

(experimental) userType property.

Specify an array of string values to match this event if the actual value of userType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

AccountLevelPermissions

class DetectorEvents.GuardDutyFinding.AccountLevelPermissions(*, block_public_access=None)

Bases: object

(experimental) Type definition for AccountLevelPermissions.

Parameters:

block_public_access (Union[BlockPublicAccess, Dict[str, Any], None]) – (experimental) blockPublicAccess property. Specify an array of string values to match this event if the actual value of blockPublicAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

account_level_permissions = guardduty_events.DetectorEvents.GuardDutyFinding.AccountLevelPermissions(
    block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
        block_public_acls=["blockPublicAcls"],
        block_public_policy=["blockPublicPolicy"],
        ignore_public_acls=["ignorePublicAcls"],
        restrict_public_buckets=["restrictPublicBuckets"]
    )
)

Attributes

block_public_access

(experimental) blockPublicAccess property.

Specify an array of string values to match this event if the actual value of blockPublicAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Action

class DetectorEvents.GuardDutyFinding.Action(*, action_type=None, aws_api_call_action=None, dns_request_action=None, kubernetes_api_call_action=None, network_connection_action=None, port_probe_action=None)

Bases: object

(experimental) Type definition for Action.

Parameters:

• action_type (Optional[Sequence[str]]) – (experimental) actionType property. Specify an array of string values to match this event if the actual value of actionType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• aws_api_call_action (Union[AwsApiCallAction1, Dict[str, Any], None]) – (experimental) awsApiCallAction property. Specify an array of string values to match this event if the actual value of awsApiCallAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• dns_request_action (Union[DnsRequestAction, Dict[str, Any], None]) – (experimental) dnsRequestAction property. Specify an array of string values to match this event if the actual value of dnsRequestAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• kubernetes_api_call_action (Union[KubernetesApiCallAction, Dict[str, Any], None]) – (experimental) kubernetesApiCallAction property. Specify an array of string values to match this event if the actual value of kubernetesApiCallAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• network_connection_action (Union[NetworkConnectionAction, Dict[str, Any], None]) – (experimental) networkConnectionAction property. Specify an array of string values to match this event if the actual value of networkConnectionAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• port_probe_action (Union[PortProbeAction, Dict[str, Any], None]) – (experimental) portProbeAction property. Specify an array of string values to match this event if the actual value of portProbeAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

action = guardduty_events.DetectorEvents.GuardDutyFinding.Action(
    action_type=["actionType"],
    aws_api_call_action=guardduty_events.DetectorEvents.GuardDutyFinding.AwsApiCallAction1(
        affected_resources=guardduty_events.DetectorEvents.GuardDutyFinding.AffectedResources1(
            aws_cloud_trail_trail=["awsCloudTrailTrail"],
            aws_ec2_instance=["awsEc2Instance"],
            aws_s3_bucket=["awsS3Bucket"]
        ),
        api=["api"],
        caller_type=["callerType"],
        error_code=["errorCode"],
        remote_account_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteAccountDetails(
            account_id=["accountId"],
            affiliated=["affiliated"]
        ),
        remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails1(
            city=guardduty_events.DetectorEvents.GuardDutyFinding.City1(
                city_name=["cityName"]
            ),
            country=guardduty_events.DetectorEvents.GuardDutyFinding.Country1(
                country_name=["countryName"]
            ),
            geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
                lat=["lat"],
                lon=["lon"]
            ),
            ip_address_v4=["ipAddressV4"],
            organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization1(
                asn=["asn"],
                asn_org=["asnOrg"],
                isp=["isp"],
                org=["org"]
            )
        ),
        service_name=["serviceName"]
    ),
    dns_request_action=guardduty_events.DetectorEvents.GuardDutyFinding.DnsRequestAction(
        blocked=["blocked"],
        domain=["domain"],
        protocol=["protocol"]
    ),
    kubernetes_api_call_action=guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesApiCallAction(
        parameters=["parameters"],
        remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails2(
            city=guardduty_events.DetectorEvents.GuardDutyFinding.City2(
                city_name=["cityName"]
            ),
            country=guardduty_events.DetectorEvents.GuardDutyFinding.Country2(
                country_name=["countryName"]
            ),
            geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
                lat=["lat"],
                lon=["lon"]
            ),
            ip_address_v4=["ipAddressV4"],
            organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization2(
                asn=["asn"],
                asn_org=["asnOrg"],
                isp=["isp"],
                org=["org"]
            )
        ),
        request_uri=["requestUri"],
        source_iPs=["sourceIPs"],
        status_code=["statusCode"],
        user_agent=["userAgent"],
        verb=["verb"]
    ),
    network_connection_action=guardduty_events.DetectorEvents.GuardDutyFinding.NetworkConnectionAction(
        blocked=["blocked"],
        connection_direction=["connectionDirection"],
        local_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails(
            ip_address_v4=["ipAddressV4"]
        ),
        local_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails(
            port=["port"],
            port_name=["portName"]
        ),
        protocol=["protocol"],
        remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails3(
            city=guardduty_events.DetectorEvents.GuardDutyFinding.City3(
                city_name=["cityName"]
            ),
            country=guardduty_events.DetectorEvents.GuardDutyFinding.Country3(
                country_name=["countryName"]
            ),
            geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
                lat=["lat"],
                lon=["lon"]
            ),
            ip_address_v4=["ipAddressV4"],
            organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization3(
                asn=["asn"],
                asn_org=["asnOrg"],
                isp=["isp"],
                org=["org"]
            )
        ),
        remote_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemotePortDetails(
            port=["port"],
            port_name=["portName"]
        )
    ),
    port_probe_action=guardduty_events.DetectorEvents.GuardDutyFinding.PortProbeAction(
        blocked=["blocked"],
        port_probe_details=[guardduty_events.DetectorEvents.GuardDutyFinding.PortProbeActionItem(
            local_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails1(
                ip_address_v4=["ipAddressV4"]
            ),
            local_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails1(
                port=["port"],
                port_name=["portName"]
            ),
            remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails4(
                city=guardduty_events.DetectorEvents.GuardDutyFinding.City4(
                    city_name=["cityName"]
                ),
                country=guardduty_events.DetectorEvents.GuardDutyFinding.Country4(
                    country_name=["countryName"]
                ),
                geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation1(
                    lat=["lat"],
                    lon=["lon"]
                ),
                ip_address_v4=["ipAddressV4"],
                organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization4(
                    asn=["asn"],
                    asn_org=["asnOrg"],
                    isp=["isp"],
                    org=["org"]
                )
            )
        )]
    )
)

Attributes

action_type

(experimental) actionType property.

Specify an array of string values to match this event if the actual value of actionType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

aws_api_call_action

(experimental) awsApiCallAction property.

Specify an array of string values to match this event if the actual value of awsApiCallAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

dns_request_action

(experimental) dnsRequestAction property.

Specify an array of string values to match this event if the actual value of dnsRequestAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

kubernetes_api_call_action

(experimental) kubernetesApiCallAction property.

Specify an array of string values to match this event if the actual value of kubernetesApiCallAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

network_connection_action

(experimental) networkConnectionAction property.

Specify an array of string values to match this event if the actual value of networkConnectionAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

port_probe_action

(experimental) portProbeAction property.

Specify an array of string values to match this event if the actual value of portProbeAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

AdditionalInfo

class DetectorEvents.GuardDutyFinding.AdditionalInfo(*, additional_scanned_ports=None, anomalies=None, api_calls=None, domain=None, in_bytes=None, local_port=None, new_policy=None, old_policy=None, out_bytes=None, ports_scanned_sample=None, profiled_behavior=None, recent_credentials=None, sample=None, scanned_port=None, threat_list_name=None, threat_name=None, type=None, unusual=None, unusual_behavior=None, unusual_protocol=None, user_agent=None, value=None)

Bases: object

(experimental) Type definition for AdditionalInfo.

Parameters:

• additional_scanned_ports (Optional[Sequence[Any]]) – (experimental) additionalScannedPorts property. Specify an array of string values to match this event if the actual value of additionalScannedPorts is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• anomalies (Union[Anomalies, Dict[str, Any], None]) – (experimental) anomalies property. Specify an array of string values to match this event if the actual value of anomalies is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• api_calls (Optional[Sequence[Union[AdditionalInfoItem, Dict[str, Any]]]]) – (experimental) apiCalls property. Specify an array of string values to match this event if the actual value of apiCalls is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• domain (Optional[Sequence[str]]) – (experimental) domain property. Specify an array of string values to match this event if the actual value of domain is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• in_bytes (Optional[Sequence[str]]) – (experimental) inBytes property. Specify an array of string values to match this event if the actual value of inBytes is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• local_port (Optional[Sequence[str]]) – (experimental) localPort property. Specify an array of string values to match this event if the actual value of localPort is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• new_policy (Union[NewPolicy, Dict[str, Any], None]) – (experimental) newPolicy property. Specify an array of string values to match this event if the actual value of newPolicy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• old_policy (Union[OldPolicy, Dict[str, Any], None]) – (experimental) oldPolicy property. Specify an array of string values to match this event if the actual value of oldPolicy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• out_bytes (Optional[Sequence[str]]) – (experimental) outBytes property. Specify an array of string values to match this event if the actual value of outBytes is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ports_scanned_sample (Optional[Sequence[Union[int, float]]]) – (experimental) portsScannedSample property. Specify an array of string values to match this event if the actual value of portsScannedSample is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• profiled_behavior (Union[ProfiledBehavior, Dict[str, Any], None]) – (experimental) profiledBehavior property. Specify an array of string values to match this event if the actual value of profiledBehavior is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• recent_credentials (Optional[Sequence[Union[AdditionalInfoItem1, Dict[str, Any]]]]) – (experimental) recentCredentials property. Specify an array of string values to match this event if the actual value of recentCredentials is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• sample (Optional[Sequence[str]]) – (experimental) sample property. Specify an array of string values to match this event if the actual value of sample is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• scanned_port (Optional[Sequence[str]]) – (experimental) scannedPort property. Specify an array of string values to match this event if the actual value of scannedPort is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• threat_list_name (Optional[Sequence[str]]) – (experimental) threatListName property. Specify an array of string values to match this event if the actual value of threatListName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• threat_name (Optional[Sequence[str]]) – (experimental) threatName property. Specify an array of string values to match this event if the actual value of threatName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• type (Optional[Sequence[str]]) – (experimental) type property. Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual (Any) – (experimental) unusual property. Specify an array of string values to match this event if the actual value of unusual is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_behavior (Union[UnusualBehavior, Dict[str, Any], None]) – (experimental) unusualBehavior property. Specify an array of string values to match this event if the actual value of unusualBehavior is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_protocol (Optional[Sequence[str]]) – (experimental) unusualProtocol property. Specify an array of string values to match this event if the actual value of unusualProtocol is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• user_agent (Union[UserAgent, Dict[str, Any], None]) – (experimental) userAgent property. Specify an array of string values to match this event if the actual value of userAgent is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• value (Optional[Sequence[str]]) – (experimental) value property. Specify an array of string values to match this event if the actual value of value is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

# additional_scanned_ports: Any
# unusual: Any

additional_info = guardduty_events.DetectorEvents.GuardDutyFinding.AdditionalInfo(
    additional_scanned_ports=[additional_scanned_ports],
    anomalies=guardduty_events.DetectorEvents.GuardDutyFinding.Anomalies(
        anomalous_ap_is=["anomalousApIs"]
    ),
    api_calls=[guardduty_events.DetectorEvents.GuardDutyFinding.AdditionalInfoItem(
        count=["count"],
        first_seen=["firstSeen"],
        last_seen=["lastSeen"],
        name=["name"]
    )],
    domain=["domain"],
    in_bytes=["inBytes"],
    local_port=["localPort"],
    new_policy=guardduty_events.DetectorEvents.GuardDutyFinding.NewPolicy(
        allow_users_to_change_password=["allowUsersToChangePassword"],
        hard_expiry=["hardExpiry"],
        max_password_age=["maxPasswordAge"],
        minimum_password_length=["minimumPasswordLength"],
        password_reuse_prevention=["passwordReusePrevention"],
        require_lowercase_characters=["requireLowercaseCharacters"],
        require_numbers=["requireNumbers"],
        require_symbols=["requireSymbols"],
        require_uppercase_characters=["requireUppercaseCharacters"]
    ),
    old_policy=guardduty_events.DetectorEvents.GuardDutyFinding.OldPolicy(
        allow_users_to_change_password=["allowUsersToChangePassword"],
        hard_expiry=["hardExpiry"],
        max_password_age=["maxPasswordAge"],
        minimum_password_length=["minimumPasswordLength"],
        password_reuse_prevention=["passwordReusePrevention"],
        require_lowercase_characters=["requireLowercaseCharacters"],
        require_numbers=["requireNumbers"],
        require_symbols=["requireSymbols"],
        require_uppercase_characters=["requireUppercaseCharacters"]
    ),
    out_bytes=["outBytes"],
    ports_scanned_sample=[123],
    profiled_behavior=guardduty_events.DetectorEvents.GuardDutyFinding.ProfiledBehavior(
        frequent_profiled_ap_is_account_profiling=["frequentProfiledApIsAccountProfiling"],
        frequent_profiled_ap_is_user_identity_profiling=["frequentProfiledApIsUserIdentityProfiling"],
        frequent_profiled_as_ns_account_profiling=["frequentProfiledAsNsAccountProfiling"],
        frequent_profiled_as_ns_bucket_profiling=["frequentProfiledAsNsBucketProfiling"],
        frequent_profiled_as_ns_user_identity_profiling=["frequentProfiledAsNsUserIdentityProfiling"],
        frequent_profiled_buckets_account_profiling=["frequentProfiledBucketsAccountProfiling"],
        frequent_profiled_buckets_user_identity_profiling=["frequentProfiledBucketsUserIdentityProfiling"],
        frequent_profiled_user_agents_account_profiling=["frequentProfiledUserAgentsAccountProfiling"],
        frequent_profiled_user_agents_user_identity_profiling=["frequentProfiledUserAgentsUserIdentityProfiling"],
        frequent_profiled_user_names_account_profiling=["frequentProfiledUserNamesAccountProfiling"],
        frequent_profiled_user_names_bucket_profiling=["frequentProfiledUserNamesBucketProfiling"],
        frequent_profiled_user_types_account_profiling=["frequentProfiledUserTypesAccountProfiling"],
        infrequent_profiled_ap_is_account_profiling=["infrequentProfiledApIsAccountProfiling"],
        infrequent_profiled_ap_is_user_identity_profiling=["infrequentProfiledApIsUserIdentityProfiling"],
        infrequent_profiled_as_ns_account_profiling=["infrequentProfiledAsNsAccountProfiling"],
        infrequent_profiled_as_ns_bucket_profiling=["infrequentProfiledAsNsBucketProfiling"],
        infrequent_profiled_as_ns_user_identity_profiling=["infrequentProfiledAsNsUserIdentityProfiling"],
        infrequent_profiled_buckets_account_profiling=["infrequentProfiledBucketsAccountProfiling"],
        infrequent_profiled_buckets_user_identity_profiling=["infrequentProfiledBucketsUserIdentityProfiling"],
        infrequent_profiled_user_agents_account_profiling=["infrequentProfiledUserAgentsAccountProfiling"],
        infrequent_profiled_user_agents_user_identity_profiling=["infrequentProfiledUserAgentsUserIdentityProfiling"],
        infrequent_profiled_user_names_account_profiling=["infrequentProfiledUserNamesAccountProfiling"],
        infrequent_profiled_user_names_bucket_profiling=["infrequentProfiledUserNamesBucketProfiling"],
        infrequent_profiled_user_types_account_profiling=["infrequentProfiledUserTypesAccountProfiling"],
        number_of_historical_daily_avg_ap_is_bucket_profiling=["numberOfHistoricalDailyAvgApIsBucketProfiling"],
        number_of_historical_daily_avg_ap_is_bucket_user_identity_profiling=["numberOfHistoricalDailyAvgApIsBucketUserIdentityProfiling"],
        number_of_historical_daily_avg_ap_is_user_identity_profiling=["numberOfHistoricalDailyAvgApIsUserIdentityProfiling"],
        number_of_historical_daily_max_ap_is_bucket_profiling=["numberOfHistoricalDailyMaxApIsBucketProfiling"],
        number_of_historical_daily_max_ap_is_bucket_user_identity_profiling=["numberOfHistoricalDailyMaxApIsBucketUserIdentityProfiling"],
        number_of_historical_daily_max_ap_is_user_identity_profiling=["numberOfHistoricalDailyMaxApIsUserIdentityProfiling"],
        rare_profiled_ap_is_account_profiling=["rareProfiledApIsAccountProfiling"],
        rare_profiled_ap_is_user_identity_profiling=["rareProfiledApIsUserIdentityProfiling"],
        rare_profiled_as_ns_account_profiling=["rareProfiledAsNsAccountProfiling"],
        rare_profiled_as_ns_bucket_profiling=["rareProfiledAsNsBucketProfiling"],
        rare_profiled_as_ns_user_identity_profiling=["rareProfiledAsNsUserIdentityProfiling"],
        rare_profiled_buckets_account_profiling=["rareProfiledBucketsAccountProfiling"],
        rare_profiled_buckets_user_identity_profiling=["rareProfiledBucketsUserIdentityProfiling"],
        rare_profiled_user_agents_account_profiling=["rareProfiledUserAgentsAccountProfiling"],
        rare_profiled_user_agents_user_identity_profiling=["rareProfiledUserAgentsUserIdentityProfiling"],
        rare_profiled_user_names_account_profiling=["rareProfiledUserNamesAccountProfiling"],
        rare_profiled_user_names_bucket_profiling=["rareProfiledUserNamesBucketProfiling"],
        rare_profiled_user_types_account_profiling=["rareProfiledUserTypesAccountProfiling"]
    ),
    recent_credentials=[guardduty_events.DetectorEvents.GuardDutyFinding.AdditionalInfoItem1(
        access_key_id=["accessKeyId"],
        ip_address_v4=["ipAddressV4"],
        principal_id=["principalId"]
    )],
    sample=["sample"],
    scanned_port=["scannedPort"],
    threat_list_name=["threatListName"],
    threat_name=["threatName"],
    type=["type"],
    unusual=unusual,
    unusual_behavior=guardduty_events.DetectorEvents.GuardDutyFinding.UnusualBehavior(
        is_unusual_user_identity=["isUnusualUserIdentity"],
        number_of_past24_hours_ap_is_bucket_profiling=["numberOfPast24HoursApIsBucketProfiling"],
        number_of_past24_hours_ap_is_bucket_user_identity_profiling=["numberOfPast24HoursApIsBucketUserIdentityProfiling"],
        number_of_past24_hours_ap_is_user_identity_profiling=["numberOfPast24HoursApIsUserIdentityProfiling"],
        unusual_ap_is_account_profiling=["unusualApIsAccountProfiling"],
        unusual_ap_is_user_identity_profiling=["unusualApIsUserIdentityProfiling"],
        unusual_as_ns_account_profiling=["unusualAsNsAccountProfiling"],
        unusual_as_ns_bucket_profiling=["unusualAsNsBucketProfiling"],
        unusual_as_ns_user_identity_profiling=["unusualAsNsUserIdentityProfiling"],
        unusual_buckets_account_profiling=["unusualBucketsAccountProfiling"],
        unusual_buckets_user_identity_profiling=["unusualBucketsUserIdentityProfiling"],
        unusual_user_agents_account_profiling=["unusualUserAgentsAccountProfiling"],
        unusual_user_agents_user_identity_profiling=["unusualUserAgentsUserIdentityProfiling"],
        unusual_user_names_account_profiling=["unusualUserNamesAccountProfiling"],
        unusual_user_names_bucket_profiling=["unusualUserNamesBucketProfiling"],
        unusual_user_types_account_profiling=["unusualUserTypesAccountProfiling"]
    ),
    unusual_protocol=["unusualProtocol"],
    user_agent=guardduty_events.DetectorEvents.GuardDutyFinding.UserAgent(
        full_user_agent=["fullUserAgent"],
        user_agent_category=["userAgentCategory"]
    ),
    value=["value"]
)

Attributes

additional_scanned_ports

(experimental) additionalScannedPorts property.

Specify an array of string values to match this event if the actual value of additionalScannedPorts is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

anomalies

(experimental) anomalies property.

Specify an array of string values to match this event if the actual value of anomalies is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

api_calls

(experimental) apiCalls property.

Specify an array of string values to match this event if the actual value of apiCalls is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

domain

(experimental) domain property.

Specify an array of string values to match this event if the actual value of domain is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

in_bytes

(experimental) inBytes property.

Specify an array of string values to match this event if the actual value of inBytes is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

local_port

(experimental) localPort property.

Specify an array of string values to match this event if the actual value of localPort is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

new_policy

(experimental) newPolicy property.

Specify an array of string values to match this event if the actual value of newPolicy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

old_policy

(experimental) oldPolicy property.

Specify an array of string values to match this event if the actual value of oldPolicy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

out_bytes

(experimental) outBytes property.

Specify an array of string values to match this event if the actual value of outBytes is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ports_scanned_sample

(experimental) portsScannedSample property.

Specify an array of string values to match this event if the actual value of portsScannedSample is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

profiled_behavior

(experimental) profiledBehavior property.

Specify an array of string values to match this event if the actual value of profiledBehavior is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

recent_credentials

(experimental) recentCredentials property.

Specify an array of string values to match this event if the actual value of recentCredentials is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

sample

(experimental) sample property.

Specify an array of string values to match this event if the actual value of sample is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

scanned_port

(experimental) scannedPort property.

Specify an array of string values to match this event if the actual value of scannedPort is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

threat_list_name

(experimental) threatListName property.

Specify an array of string values to match this event if the actual value of threatListName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

threat_name

(experimental) threatName property.

Specify an array of string values to match this event if the actual value of threatName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

type

(experimental) type property.

Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual

(experimental) unusual property.

Specify an array of string values to match this event if the actual value of unusual is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_behavior

(experimental) unusualBehavior property.

Specify an array of string values to match this event if the actual value of unusualBehavior is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_protocol

(experimental) unusualProtocol property.

Specify an array of string values to match this event if the actual value of unusualProtocol is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

user_agent

(experimental) userAgent property.

Specify an array of string values to match this event if the actual value of userAgent is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

value

(experimental) value property.

Specify an array of string values to match this event if the actual value of value is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

AdditionalInfoItem

class DetectorEvents.GuardDutyFinding.AdditionalInfoItem(*, count=None, first_seen=None, last_seen=None, name=None)

Bases: object

(experimental) Type definition for AdditionalInfoItem.

Parameters:

• count (Optional[Sequence[str]]) – (experimental) count property. Specify an array of string values to match this event if the actual value of count is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• first_seen (Optional[Sequence[str]]) – (experimental) firstSeen property. Specify an array of string values to match this event if the actual value of firstSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• last_seen (Optional[Sequence[str]]) – (experimental) lastSeen property. Specify an array of string values to match this event if the actual value of lastSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

additional_info_item = guardduty_events.DetectorEvents.GuardDutyFinding.AdditionalInfoItem(
    count=["count"],
    first_seen=["firstSeen"],
    last_seen=["lastSeen"],
    name=["name"]
)

Attributes

count

(experimental) count property.

Specify an array of string values to match this event if the actual value of count is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

first_seen

(experimental) firstSeen property.

Specify an array of string values to match this event if the actual value of firstSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

last_seen

(experimental) lastSeen property.

Specify an array of string values to match this event if the actual value of lastSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

AdditionalInfoItem1

class DetectorEvents.GuardDutyFinding.AdditionalInfoItem1(*, access_key_id=None, ip_address_v4=None, principal_id=None)

Bases: object

(experimental) Type definition for AdditionalInfoItem_1.

Parameters:

• access_key_id (Optional[Sequence[str]]) – (experimental) accessKeyId property. Specify an array of string values to match this event if the actual value of accessKeyId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ip_address_v4 (Optional[Sequence[str]]) – (experimental) ipAddressV4 property. Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• principal_id (Optional[Sequence[str]]) – (experimental) principalId property. Specify an array of string values to match this event if the actual value of principalId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

additional_info_item1 = guardduty_events.DetectorEvents.GuardDutyFinding.AdditionalInfoItem1(
    access_key_id=["accessKeyId"],
    ip_address_v4=["ipAddressV4"],
    principal_id=["principalId"]
)

Attributes

access_key_id

(experimental) accessKeyId property.

Specify an array of string values to match this event if the actual value of accessKeyId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ip_address_v4

(experimental) ipAddressV4 property.

Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

principal_id

(experimental) principalId property.

Specify an array of string values to match this event if the actual value of principalId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

AffectedResources1

class DetectorEvents.GuardDutyFinding.AffectedResources1(*, aws_cloud_trail_trail=None, aws_ec2_instance=None, aws_s3_bucket=None)

Bases: object

(experimental) Type definition for AffectedResources_1.

Parameters:

• aws_cloud_trail_trail (Optional[Sequence[str]]) – (experimental) AWS-CloudTrail-Trail property. Specify an array of string values to match this event if the actual value of AWS-CloudTrail-Trail is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• aws_ec2_instance (Optional[Sequence[str]]) – (experimental) AWS-EC2-Instance property. Specify an array of string values to match this event if the actual value of AWS-EC2-Instance is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• aws_s3_bucket (Optional[Sequence[str]]) – (experimental) AWS-S3-Bucket property. Specify an array of string values to match this event if the actual value of AWS-S3-Bucket is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

affected_resources1 = guardduty_events.DetectorEvents.GuardDutyFinding.AffectedResources1(
    aws_cloud_trail_trail=["awsCloudTrailTrail"],
    aws_ec2_instance=["awsEc2Instance"],
    aws_s3_bucket=["awsS3Bucket"]
)

Attributes

aws_cloud_trail_trail

(experimental) AWS-CloudTrail-Trail property.

Specify an array of string values to match this event if the actual value of AWS-CloudTrail-Trail is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

aws_ec2_instance

(experimental) AWS-EC2-Instance property.

Specify an array of string values to match this event if the actual value of AWS-EC2-Instance is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

aws_s3_bucket

(experimental) AWS-S3-Bucket property.

Specify an array of string values to match this event if the actual value of AWS-S3-Bucket is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Anomalies

class DetectorEvents.GuardDutyFinding.Anomalies(*, anomalous_ap_is=None)

Bases: object

(experimental) Type definition for Anomalies.

Parameters:

anomalous_ap_is (Optional[Sequence[str]]) – (experimental) anomalousAPIs property. Specify an array of string values to match this event if the actual value of anomalousAPIs is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

anomalies = guardduty_events.DetectorEvents.GuardDutyFinding.Anomalies(
    anomalous_ap_is=["anomalousApIs"]
)

Attributes

anomalous_ap_is

(experimental) anomalousAPIs property.

Specify an array of string values to match this event if the actual value of anomalousAPIs is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

AwsApiCallAction

class DetectorEvents.GuardDutyFinding.AwsApiCallAction(*, affected_resources=None, api=None, caller_type=None, error_code=None, remote_ip_details=None, service_name=None)

Bases: object

(experimental) Type definition for AwsApiCallAction.

Parameters:

• affected_resources (Optional[Sequence[str]]) – (experimental) affectedResources property. Specify an array of string values to match this event if the actual value of affectedResources is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• api (Optional[Sequence[str]]) – (experimental) api property. Specify an array of string values to match this event if the actual value of api is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• caller_type (Optional[Sequence[str]]) – (experimental) callerType property. Specify an array of string values to match this event if the actual value of callerType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• error_code (Optional[Sequence[str]]) – (experimental) errorCode property. Specify an array of string values to match this event if the actual value of errorCode is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• remote_ip_details (Union[RemoteIpDetails, Dict[str, Any], None]) – (experimental) remoteIpDetails property. Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• service_name (Optional[Sequence[str]]) – (experimental) serviceName property. Specify an array of string values to match this event if the actual value of serviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

aws_api_call_action = guardduty_events.DetectorEvents.GuardDutyFinding.AwsApiCallAction(
    affected_resources=["affectedResources"],
    api=["api"],
    caller_type=["callerType"],
    error_code=["errorCode"],
    remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails(
        city=guardduty_events.DetectorEvents.GuardDutyFinding.City(
            city_name=["cityName"]
        ),
        country=guardduty_events.DetectorEvents.GuardDutyFinding.Country(
            country_name=["countryName"]
        ),
        geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
            lat=["lat"],
            lon=["lon"]
        ),
        ip_address_v4=["ipAddressV4"],
        organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization(
            asn=["asn"],
            asn_org=["asnOrg"],
            isp=["isp"],
            org=["org"]
        )
    ),
    service_name=["serviceName"]
)

Attributes

affected_resources

(experimental) affectedResources property.

Specify an array of string values to match this event if the actual value of affectedResources is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

api

(experimental) api property.

Specify an array of string values to match this event if the actual value of api is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

caller_type

(experimental) callerType property.

Specify an array of string values to match this event if the actual value of callerType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

error_code

(experimental) errorCode property.

Specify an array of string values to match this event if the actual value of errorCode is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

remote_ip_details

(experimental) remoteIpDetails property.

Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

service_name

(experimental) serviceName property.

Specify an array of string values to match this event if the actual value of serviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

AwsApiCallAction1

class DetectorEvents.GuardDutyFinding.AwsApiCallAction1(*, affected_resources=None, api=None, caller_type=None, error_code=None, remote_account_details=None, remote_ip_details=None, service_name=None)

Bases: object

(experimental) Type definition for AwsApiCallAction_1.

Parameters:

• affected_resources (Union[AffectedResources1, Dict[str, Any], None]) – (experimental) affectedResources property. Specify an array of string values to match this event if the actual value of affectedResources is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• api (Optional[Sequence[str]]) – (experimental) api property. Specify an array of string values to match this event if the actual value of api is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• caller_type (Optional[Sequence[str]]) – (experimental) callerType property. Specify an array of string values to match this event if the actual value of callerType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• error_code (Optional[Sequence[str]]) – (experimental) errorCode property. Specify an array of string values to match this event if the actual value of errorCode is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• remote_account_details (Union[RemoteAccountDetails, Dict[str, Any], None]) – (experimental) remoteAccountDetails property. Specify an array of string values to match this event if the actual value of remoteAccountDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• remote_ip_details (Union[RemoteIpDetails1, Dict[str, Any], None]) – (experimental) remoteIpDetails property. Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• service_name (Optional[Sequence[str]]) – (experimental) serviceName property. Specify an array of string values to match this event if the actual value of serviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

aws_api_call_action1 = guardduty_events.DetectorEvents.GuardDutyFinding.AwsApiCallAction1(
    affected_resources=guardduty_events.DetectorEvents.GuardDutyFinding.AffectedResources1(
        aws_cloud_trail_trail=["awsCloudTrailTrail"],
        aws_ec2_instance=["awsEc2Instance"],
        aws_s3_bucket=["awsS3Bucket"]
    ),
    api=["api"],
    caller_type=["callerType"],
    error_code=["errorCode"],
    remote_account_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteAccountDetails(
        account_id=["accountId"],
        affiliated=["affiliated"]
    ),
    remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails1(
        city=guardduty_events.DetectorEvents.GuardDutyFinding.City1(
            city_name=["cityName"]
        ),
        country=guardduty_events.DetectorEvents.GuardDutyFinding.Country1(
            country_name=["countryName"]
        ),
        geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
            lat=["lat"],
            lon=["lon"]
        ),
        ip_address_v4=["ipAddressV4"],
        organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization1(
            asn=["asn"],
            asn_org=["asnOrg"],
            isp=["isp"],
            org=["org"]
        )
    ),
    service_name=["serviceName"]
)

Attributes

affected_resources

(experimental) affectedResources property.

Specify an array of string values to match this event if the actual value of affectedResources is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

api

(experimental) api property.

Specify an array of string values to match this event if the actual value of api is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

caller_type

(experimental) callerType property.

Specify an array of string values to match this event if the actual value of callerType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

error_code

(experimental) errorCode property.

Specify an array of string values to match this event if the actual value of errorCode is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

remote_account_details

(experimental) remoteAccountDetails property.

Specify an array of string values to match this event if the actual value of remoteAccountDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

remote_ip_details

(experimental) remoteIpDetails property.

Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

service_name

(experimental) serviceName property.

Specify an array of string values to match this event if the actual value of serviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

BlockPublicAccess

class DetectorEvents.GuardDutyFinding.BlockPublicAccess(*, block_public_acls=None, block_public_policy=None, ignore_public_acls=None, restrict_public_buckets=None)

Bases: object

(experimental) Type definition for BlockPublicAccess.

Parameters:

• block_public_acls (Optional[Sequence[str]]) – (experimental) blockPublicAcls property. Specify an array of string values to match this event if the actual value of blockPublicAcls is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• block_public_policy (Optional[Sequence[str]]) – (experimental) blockPublicPolicy property. Specify an array of string values to match this event if the actual value of blockPublicPolicy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ignore_public_acls (Optional[Sequence[str]]) – (experimental) ignorePublicAcls property. Specify an array of string values to match this event if the actual value of ignorePublicAcls is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• restrict_public_buckets (Optional[Sequence[str]]) – (experimental) restrictPublicBuckets property. Specify an array of string values to match this event if the actual value of restrictPublicBuckets is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

block_public_access = guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
    block_public_acls=["blockPublicAcls"],
    block_public_policy=["blockPublicPolicy"],
    ignore_public_acls=["ignorePublicAcls"],
    restrict_public_buckets=["restrictPublicBuckets"]
)

Attributes

block_public_acls

(experimental) blockPublicAcls property.

Specify an array of string values to match this event if the actual value of blockPublicAcls is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

block_public_policy

(experimental) blockPublicPolicy property.

Specify an array of string values to match this event if the actual value of blockPublicPolicy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ignore_public_acls

(experimental) ignorePublicAcls property.

Specify an array of string values to match this event if the actual value of ignorePublicAcls is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

restrict_public_buckets

(experimental) restrictPublicBuckets property.

Specify an array of string values to match this event if the actual value of restrictPublicBuckets is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

BucketLevelPermissions

class DetectorEvents.GuardDutyFinding.BucketLevelPermissions(*, access_control_list=None, block_public_access=None, bucket_policy=None)

Bases: object

(experimental) Type definition for BucketLevelPermissions.

Parameters:

• access_control_list (Union[AccessControlList, Dict[str, Any], None]) – (experimental) accessControlList property. Specify an array of string values to match this event if the actual value of accessControlList is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• block_public_access (Union[BlockPublicAccess, Dict[str, Any], None]) – (experimental) blockPublicAccess property. Specify an array of string values to match this event if the actual value of blockPublicAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• bucket_policy (Union[AccessControlList, Dict[str, Any], None]) – (experimental) bucketPolicy property. Specify an array of string values to match this event if the actual value of bucketPolicy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

bucket_level_permissions = guardduty_events.DetectorEvents.GuardDutyFinding.BucketLevelPermissions(
    access_control_list=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
        allows_public_read_access=["allowsPublicReadAccess"],
        allows_public_write_access=["allowsPublicWriteAccess"]
    ),
    block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
        block_public_acls=["blockPublicAcls"],
        block_public_policy=["blockPublicPolicy"],
        ignore_public_acls=["ignorePublicAcls"],
        restrict_public_buckets=["restrictPublicBuckets"]
    ),
    bucket_policy=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
        allows_public_read_access=["allowsPublicReadAccess"],
        allows_public_write_access=["allowsPublicWriteAccess"]
    )
)

Attributes

access_control_list

(experimental) accessControlList property.

Specify an array of string values to match this event if the actual value of accessControlList is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

block_public_access

(experimental) blockPublicAccess property.

Specify an array of string values to match this event if the actual value of blockPublicAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

bucket_policy

(experimental) bucketPolicy property.

Specify an array of string values to match this event if the actual value of bucketPolicy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

City

class DetectorEvents.GuardDutyFinding.City(*, city_name=None)

Bases: object

(experimental) Type definition for City.

Parameters:

city_name (Optional[Sequence[str]]) – (experimental) cityName property. Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

city = guardduty_events.DetectorEvents.GuardDutyFinding.City(
    city_name=["cityName"]
)

Attributes

city_name

(experimental) cityName property.

Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

City1

class DetectorEvents.GuardDutyFinding.City1(*, city_name=None)

Bases: object

(experimental) Type definition for City_1.

Parameters:

city_name (Optional[Sequence[str]]) – (experimental) cityName property. Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

city1 = guardduty_events.DetectorEvents.GuardDutyFinding.City1(
    city_name=["cityName"]
)

Attributes

city_name

(experimental) cityName property.

Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

City2

class DetectorEvents.GuardDutyFinding.City2(*, city_name=None)

Bases: object

(experimental) Type definition for City_2.

Parameters:

city_name (Optional[Sequence[str]]) – (experimental) cityName property. Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

city2 = guardduty_events.DetectorEvents.GuardDutyFinding.City2(
    city_name=["cityName"]
)

Attributes

city_name

(experimental) cityName property.

Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

City3

class DetectorEvents.GuardDutyFinding.City3(*, city_name=None)

Bases: object

(experimental) Type definition for City_3.

Parameters:

city_name (Optional[Sequence[str]]) – (experimental) cityName property. Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

city3 = guardduty_events.DetectorEvents.GuardDutyFinding.City3(
    city_name=["cityName"]
)

Attributes

city_name

(experimental) cityName property.

Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

City4

class DetectorEvents.GuardDutyFinding.City4(*, city_name=None)

Bases: object

(experimental) Type definition for City_4.

Parameters:

city_name (Optional[Sequence[str]]) – (experimental) cityName property. Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

city4 = guardduty_events.DetectorEvents.GuardDutyFinding.City4(
    city_name=["cityName"]
)

Attributes

city_name

(experimental) cityName property.

Specify an array of string values to match this event if the actual value of cityName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ContainerDetails

class DetectorEvents.GuardDutyFinding.ContainerDetails(*, id=None, image=None, name=None)

Bases: object

(experimental) Type definition for ContainerDetails.

Parameters:

• id (Optional[Sequence[str]]) – (experimental) id property. Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• image (Optional[Sequence[str]]) – (experimental) image property. Specify an array of string values to match this event if the actual value of image is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

container_details = guardduty_events.DetectorEvents.GuardDutyFinding.ContainerDetails(
    id=["id"],
    image=["image"],
    name=["name"]
)

Attributes

id

(experimental) id property.

Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

image

(experimental) image property.

Specify an array of string values to match this event if the actual value of image is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Country

class DetectorEvents.GuardDutyFinding.Country(*, country_name=None)

Bases: object

(experimental) Type definition for Country.

Parameters:

country_name (Optional[Sequence[str]]) – (experimental) countryName property. Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

country = guardduty_events.DetectorEvents.GuardDutyFinding.Country(
    country_name=["countryName"]
)

Attributes

country_name

(experimental) countryName property.

Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Country1

class DetectorEvents.GuardDutyFinding.Country1(*, country_name=None)

Bases: object

(experimental) Type definition for Country_1.

Parameters:

country_name (Optional[Sequence[str]]) – (experimental) countryName property. Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

country1 = guardduty_events.DetectorEvents.GuardDutyFinding.Country1(
    country_name=["countryName"]
)

Attributes

country_name

(experimental) countryName property.

Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Country2

class DetectorEvents.GuardDutyFinding.Country2(*, country_name=None)

Bases: object

(experimental) Type definition for Country_2.

Parameters:

country_name (Optional[Sequence[str]]) – (experimental) countryName property. Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

country2 = guardduty_events.DetectorEvents.GuardDutyFinding.Country2(
    country_name=["countryName"]
)

Attributes

country_name

(experimental) countryName property.

Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Country3

class DetectorEvents.GuardDutyFinding.Country3(*, country_name=None)

Bases: object

(experimental) Type definition for Country_3.

Parameters:

country_name (Optional[Sequence[str]]) – (experimental) countryName property. Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

country3 = guardduty_events.DetectorEvents.GuardDutyFinding.Country3(
    country_name=["countryName"]
)

Attributes

country_name

(experimental) countryName property.

Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Country4

class DetectorEvents.GuardDutyFinding.Country4(*, country_name=None)

Bases: object

(experimental) Type definition for Country_4.

Parameters:

country_name (Optional[Sequence[str]]) – (experimental) countryName property. Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

country4 = guardduty_events.DetectorEvents.GuardDutyFinding.Country4(
    country_name=["countryName"]
)

Attributes

country_name

(experimental) countryName property.

Specify an array of string values to match this event if the actual value of countryName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

DefaultServerSideEncryption

class DetectorEvents.GuardDutyFinding.DefaultServerSideEncryption(*, encryption_type=None, kms_master_key_arn=None)

Bases: object

(experimental) Type definition for DefaultServerSideEncryption.

Parameters:

• encryption_type (Optional[Sequence[str]]) – (experimental) encryptionType property. Specify an array of string values to match this event if the actual value of encryptionType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• kms_master_key_arn (Optional[Sequence[str]]) – (experimental) kmsMasterKeyArn property. Specify an array of string values to match this event if the actual value of kmsMasterKeyArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

default_server_side_encryption = guardduty_events.DetectorEvents.GuardDutyFinding.DefaultServerSideEncryption(
    encryption_type=["encryptionType"],
    kms_master_key_arn=["kmsMasterKeyArn"]
)

Attributes

encryption_type

(experimental) encryptionType property.

Specify an array of string values to match this event if the actual value of encryptionType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

kms_master_key_arn

(experimental) kmsMasterKeyArn property.

Specify an array of string values to match this event if the actual value of kmsMasterKeyArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

DnsRequestAction

class DetectorEvents.GuardDutyFinding.DnsRequestAction(*, blocked=None, domain=None, protocol=None)

Bases: object

(experimental) Type definition for DnsRequestAction.

Parameters:

• blocked (Optional[Sequence[str]]) – (experimental) blocked property. Specify an array of string values to match this event if the actual value of blocked is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• domain (Optional[Sequence[str]]) – (experimental) domain property. Specify an array of string values to match this event if the actual value of domain is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• protocol (Optional[Sequence[str]]) – (experimental) protocol property. Specify an array of string values to match this event if the actual value of protocol is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

dns_request_action = guardduty_events.DetectorEvents.GuardDutyFinding.DnsRequestAction(
    blocked=["blocked"],
    domain=["domain"],
    protocol=["protocol"]
)

Attributes

blocked

(experimental) blocked property.

Specify an array of string values to match this event if the actual value of blocked is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

domain

(experimental) domain property.

Specify an array of string values to match this event if the actual value of domain is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

protocol

(experimental) protocol property.

Specify an array of string values to match this event if the actual value of protocol is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

EbsVolumeDetails

class DetectorEvents.GuardDutyFinding.EbsVolumeDetails(*, scanned_volume_details=None, skipped_volume_details=None)

Bases: object

(experimental) Type definition for EbsVolumeDetails.

Parameters:

• scanned_volume_details (Optional[Sequence[Union[EbsVolumeDetailsItem, Dict[str, Any]]]]) – (experimental) scannedVolumeDetails property. Specify an array of string values to match this event if the actual value of scannedVolumeDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• skipped_volume_details (Optional[Sequence[str]]) – (experimental) skippedVolumeDetails property. Specify an array of string values to match this event if the actual value of skippedVolumeDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

ebs_volume_details = guardduty_events.DetectorEvents.GuardDutyFinding.EbsVolumeDetails(
    scanned_volume_details=[guardduty_events.DetectorEvents.GuardDutyFinding.EbsVolumeDetailsItem(
        device_name=["deviceName"],
        encryption_type=["encryptionType"],
        kms_key_arn=["kmsKeyArn"],
        snapshot_arn=["snapshotArn"],
        volume_arn=["volumeArn"],
        volume_size_in_gb=["volumeSizeInGb"],
        volume_type=["volumeType"]
    )],
    skipped_volume_details=["skippedVolumeDetails"]
)

Attributes

scanned_volume_details

(experimental) scannedVolumeDetails property.

Specify an array of string values to match this event if the actual value of scannedVolumeDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

skipped_volume_details

(experimental) skippedVolumeDetails property.

Specify an array of string values to match this event if the actual value of skippedVolumeDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

EbsVolumeDetailsItem

class DetectorEvents.GuardDutyFinding.EbsVolumeDetailsItem(*, device_name=None, encryption_type=None, kms_key_arn=None, snapshot_arn=None, volume_arn=None, volume_size_in_gb=None, volume_type=None)

Bases: object

(experimental) Type definition for EbsVolumeDetailsItem.

Parameters:

• device_name (Optional[Sequence[str]]) – (experimental) deviceName property. Specify an array of string values to match this event if the actual value of deviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• encryption_type (Optional[Sequence[str]]) – (experimental) encryptionType property. Specify an array of string values to match this event if the actual value of encryptionType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• kms_key_arn (Optional[Sequence[str]]) – (experimental) kmsKeyArn property. Specify an array of string values to match this event if the actual value of kmsKeyArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• snapshot_arn (Optional[Sequence[str]]) – (experimental) snapshotArn property. Specify an array of string values to match this event if the actual value of snapshotArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• volume_arn (Optional[Sequence[str]]) – (experimental) volumeArn property. Specify an array of string values to match this event if the actual value of volumeArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• volume_size_in_gb (Optional[Sequence[str]]) – (experimental) volumeSizeInGB property. Specify an array of string values to match this event if the actual value of volumeSizeInGB is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• volume_type (Optional[Sequence[str]]) – (experimental) volumeType property. Specify an array of string values to match this event if the actual value of volumeType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

ebs_volume_details_item = guardduty_events.DetectorEvents.GuardDutyFinding.EbsVolumeDetailsItem(
    device_name=["deviceName"],
    encryption_type=["encryptionType"],
    kms_key_arn=["kmsKeyArn"],
    snapshot_arn=["snapshotArn"],
    volume_arn=["volumeArn"],
    volume_size_in_gb=["volumeSizeInGb"],
    volume_type=["volumeType"]
)

Attributes

device_name

(experimental) deviceName property.

Specify an array of string values to match this event if the actual value of deviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

encryption_type

(experimental) encryptionType property.

Specify an array of string values to match this event if the actual value of encryptionType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

kms_key_arn

(experimental) kmsKeyArn property.

Specify an array of string values to match this event if the actual value of kmsKeyArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

snapshot_arn

(experimental) snapshotArn property.

Specify an array of string values to match this event if the actual value of snapshotArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

volume_arn

(experimental) volumeArn property.

Specify an array of string values to match this event if the actual value of volumeArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

volume_size_in_gb

(experimental) volumeSizeInGB property.

Specify an array of string values to match this event if the actual value of volumeSizeInGB is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

volume_type

(experimental) volumeType property.

Specify an array of string values to match this event if the actual value of volumeType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

EbsVolumeScanDetails

class DetectorEvents.GuardDutyFinding.EbsVolumeScanDetails(*, scan_completed_at=None, scan_detections=None, scan_id=None, scan_started_at=None, sources=None, trigger_finding_id=None)

Bases: object

(experimental) Type definition for EbsVolumeScanDetails.

Parameters:

• scan_completed_at (Optional[Sequence[str]]) – (experimental) scanCompletedAt property. Specify an array of string values to match this event if the actual value of scanCompletedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• scan_detections (Union[ScanDetections, Dict[str, Any], None]) – (experimental) scanDetections property. Specify an array of string values to match this event if the actual value of scanDetections is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• scan_id (Optional[Sequence[str]]) – (experimental) scanId property. Specify an array of string values to match this event if the actual value of scanId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• scan_started_at (Optional[Sequence[str]]) – (experimental) scanStartedAt property. Specify an array of string values to match this event if the actual value of scanStartedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• sources (Optional[Sequence[str]]) – (experimental) sources property. Specify an array of string values to match this event if the actual value of sources is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• trigger_finding_id (Optional[Sequence[str]]) – (experimental) triggerFindingId property. Specify an array of string values to match this event if the actual value of triggerFindingId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

ebs_volume_scan_details = guardduty_events.DetectorEvents.GuardDutyFinding.EbsVolumeScanDetails(
    scan_completed_at=["scanCompletedAt"],
    scan_detections=guardduty_events.DetectorEvents.GuardDutyFinding.ScanDetections(
        highest_severity_threat_details=guardduty_events.DetectorEvents.GuardDutyFinding.HighestSeverityThreatDetails(
            count=["count"],
            severity=["severity"],
            threat_name=["threatName"]
        ),
        scanned_item_count=guardduty_events.DetectorEvents.GuardDutyFinding.ScannedItemCount(
            files=["files"],
            total_gb=["totalGb"],
            volumes=["volumes"]
        ),
        threat_detected_by_name=guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByName(
            item_count=["itemCount"],
            shortened=["shortened"],
            threat_names=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItem(
                file_paths=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItemItem(
                    file_name=["fileName"],
                    file_path=["filePath"],
                    hash=["hash"],
                    volume_arn=["volumeArn"]
                )],
                item_count=["itemCount"],
                name=["name"],
                severity=["severity"]
            )],
            unique_threat_name_count=["uniqueThreatNameCount"]
        ),
        threats_detected_item_count=guardduty_events.DetectorEvents.GuardDutyFinding.ThreatsDetectedItemCount(
            files=["files"]
        )
    ),
    scan_id=["scanId"],
    scan_started_at=["scanStartedAt"],
    sources=["sources"],
    trigger_finding_id=["triggerFindingId"]
)

Attributes

scan_completed_at

(experimental) scanCompletedAt property.

Specify an array of string values to match this event if the actual value of scanCompletedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

scan_detections

(experimental) scanDetections property.

Specify an array of string values to match this event if the actual value of scanDetections is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

scan_id

(experimental) scanId property.

Specify an array of string values to match this event if the actual value of scanId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

scan_started_at

(experimental) scanStartedAt property.

Specify an array of string values to match this event if the actual value of scanStartedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

sources

(experimental) sources property.

Specify an array of string values to match this event if the actual value of sources is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

trigger_finding_id

(experimental) triggerFindingId property.

Specify an array of string values to match this event if the actual value of triggerFindingId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

EcsClusterDetails

class DetectorEvents.GuardDutyFinding.EcsClusterDetails(*, arn=None, name=None, status=None, tags=None, task_details=None)

Bases: object

(experimental) Type definition for EcsClusterDetails.

Parameters:

• arn (Optional[Sequence[str]]) – (experimental) arn property. Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• status (Optional[Sequence[str]]) – (experimental) status property. Specify an array of string values to match this event if the actual value of status is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• tags (Optional[Sequence[Union[EcsClusterDetailsItem, Dict[str, Any]]]]) – (experimental) tags property. Specify an array of string values to match this event if the actual value of tags is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• task_details (Union[TaskDetails, Dict[str, Any], None]) – (experimental) taskDetails property. Specify an array of string values to match this event if the actual value of taskDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

ecs_cluster_details = guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetails(
    arn=["arn"],
    name=["name"],
    status=["status"],
    tags=[guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
        key=["key"],
        value=["value"]
    )],
    task_details=guardduty_events.DetectorEvents.GuardDutyFinding.TaskDetails(
        arn=["arn"],
        containers=[guardduty_events.DetectorEvents.GuardDutyFinding.TaskDetailsItem(
            image=["image"],
            name=["name"]
        )],
        created_at=["createdAt"],
        definition_arn=["definitionArn"],
        started_at=["startedAt"],
        started_by=["startedBy"],
        version=["version"]
    )
)

Attributes

arn

(experimental) arn property.

Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

status

(experimental) status property.

Specify an array of string values to match this event if the actual value of status is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

tags

(experimental) tags property.

Specify an array of string values to match this event if the actual value of tags is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

task_details

(experimental) taskDetails property.

Specify an array of string values to match this event if the actual value of taskDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

EcsClusterDetailsItem

class DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(*, key=None, value=None)

Bases: object

(experimental) Type definition for EcsClusterDetailsItem.

Parameters:

• key (Optional[Sequence[str]]) – (experimental) key property. Specify an array of string values to match this event if the actual value of key is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• value (Optional[Sequence[str]]) – (experimental) value property. Specify an array of string values to match this event if the actual value of value is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

ecs_cluster_details_item = guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
    key=["key"],
    value=["value"]
)

Attributes

key

(experimental) key property.

Specify an array of string values to match this event if the actual value of key is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

value

(experimental) value property.

Specify an array of string values to match this event if the actual value of value is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

EksClusterDetails

class DetectorEvents.GuardDutyFinding.EksClusterDetails(*, arn=None, created_at=None, name=None, status=None, tags=None, vpc_id=None)

Bases: object

(experimental) Type definition for EksClusterDetails.

Parameters:

• arn (Optional[Sequence[str]]) – (experimental) arn property. Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• created_at (Optional[Sequence[str]]) – (experimental) createdAt property. Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• status (Optional[Sequence[str]]) – (experimental) status property. Specify an array of string values to match this event if the actual value of status is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• tags (Optional[Sequence[Union[EcsClusterDetailsItem, Dict[str, Any]]]]) – (experimental) tags property. Specify an array of string values to match this event if the actual value of tags is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• vpc_id (Optional[Sequence[str]]) – (experimental) vpcId property. Specify an array of string values to match this event if the actual value of vpcId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

eks_cluster_details = guardduty_events.DetectorEvents.GuardDutyFinding.EksClusterDetails(
    arn=["arn"],
    created_at=["createdAt"],
    name=["name"],
    status=["status"],
    tags=[guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
        key=["key"],
        value=["value"]
    )],
    vpc_id=["vpcId"]
)

Attributes

arn

(experimental) arn property.

Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

created_at

(experimental) createdAt property.

Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

status

(experimental) status property.

Specify an array of string values to match this event if the actual value of status is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

tags

(experimental) tags property.

Specify an array of string values to match this event if the actual value of tags is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

vpc_id

(experimental) vpcId property.

Specify an array of string values to match this event if the actual value of vpcId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Evidence

class DetectorEvents.GuardDutyFinding.Evidence(*, threat_intelligence_details=None)

Bases: object

(experimental) Type definition for Evidence.

Parameters:

threat_intelligence_details (Optional[Sequence[Union[EvidenceItem, Dict[str, Any]]]]) – (experimental) threatIntelligenceDetails property. Specify an array of string values to match this event if the actual value of threatIntelligenceDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

evidence = guardduty_events.DetectorEvents.GuardDutyFinding.Evidence(
    threat_intelligence_details=[guardduty_events.DetectorEvents.GuardDutyFinding.EvidenceItem(
        threat_list_name=["threatListName"],
        threat_names=["threatNames"]
    )]
)

Attributes

threat_intelligence_details

(experimental) threatIntelligenceDetails property.

Specify an array of string values to match this event if the actual value of threatIntelligenceDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

EvidenceItem

class DetectorEvents.GuardDutyFinding.EvidenceItem(*, threat_list_name=None, threat_names=None)

Bases: object

(experimental) Type definition for EvidenceItem.

Parameters:

• threat_list_name (Optional[Sequence[str]]) – (experimental) threatListName property. Specify an array of string values to match this event if the actual value of threatListName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• threat_names (Optional[Sequence[str]]) – (experimental) threatNames property. Specify an array of string values to match this event if the actual value of threatNames is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

evidence_item = guardduty_events.DetectorEvents.GuardDutyFinding.EvidenceItem(
    threat_list_name=["threatListName"],
    threat_names=["threatNames"]
)

Attributes

threat_list_name

(experimental) threatListName property.

Specify an array of string values to match this event if the actual value of threatListName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

threat_names

(experimental) threatNames property.

Specify an array of string values to match this event if the actual value of threatNames is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

GeoLocation

class DetectorEvents.GuardDutyFinding.GeoLocation(*, lat=None, lon=None)

Bases: object

(experimental) Type definition for GeoLocation.

Parameters:

• lat (Optional[Sequence[str]]) – (experimental) lat property. Specify an array of string values to match this event if the actual value of lat is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• lon (Optional[Sequence[str]]) – (experimental) lon property. Specify an array of string values to match this event if the actual value of lon is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

geo_location = guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
    lat=["lat"],
    lon=["lon"]
)

Attributes

lat

(experimental) lat property.

Specify an array of string values to match this event if the actual value of lat is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

lon

(experimental) lon property.

Specify an array of string values to match this event if the actual value of lon is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

GeoLocation1

class DetectorEvents.GuardDutyFinding.GeoLocation1(*, lat=None, lon=None)

Bases: object

(experimental) Type definition for GeoLocation_1.

Parameters:

• lat (Optional[Sequence[str]]) – (experimental) lat property. Specify an array of string values to match this event if the actual value of lat is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• lon (Optional[Sequence[str]]) – (experimental) lon property. Specify an array of string values to match this event if the actual value of lon is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

geo_location1 = guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation1(
    lat=["lat"],
    lon=["lon"]
)

Attributes

lat

(experimental) lat property.

Specify an array of string values to match this event if the actual value of lat is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

lon

(experimental) lon property.

Specify an array of string values to match this event if the actual value of lon is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

GuardDutyFindingProps

class DetectorEvents.GuardDutyFinding.GuardDutyFindingProps(*, account_id=None, arn=None, created_at=None, description=None, event_metadata=None, id=None, partition=None, region=None, resource=None, schema_version=None, service=None, severity=None, title=None, type=None, updated_at=None)

Bases: object

(experimental) Props type for Detector aws.guardduty@GuardDutyFinding event.

Parameters:

• account_id (Optional[Sequence[str]]) – (experimental) accountId property. Specify an array of string values to match this event if the actual value of accountId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• arn (Optional[Sequence[str]]) – (experimental) arn property. Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• created_at (Optional[Sequence[str]]) – (experimental) createdAt property. Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• description (Optional[Sequence[str]]) – (experimental) description property. Specify an array of string values to match this event if the actual value of description is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• event_metadata (Union[AWSEventMetadataProps, Dict[str, Any], None]) – (experimental) EventBridge event metadata. Default: - -

• id (Optional[Sequence[str]]) – (experimental) id property. Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• partition (Optional[Sequence[str]]) – (experimental) partition property. Specify an array of string values to match this event if the actual value of partition is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• region (Optional[Sequence[str]]) – (experimental) region property. Specify an array of string values to match this event if the actual value of region is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• resource (Union[Resource, Dict[str, Any], None]) – (experimental) resource property. Specify an array of string values to match this event if the actual value of resource is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• schema_version (Optional[Sequence[str]]) – (experimental) schemaVersion property. Specify an array of string values to match this event if the actual value of schemaVersion is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• service (Union[Service, Dict[str, Any], None]) – (experimental) service property. Specify an array of string values to match this event if the actual value of service is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• severity (Optional[Sequence[str]]) – (experimental) severity property. Specify an array of string values to match this event if the actual value of severity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• title (Optional[Sequence[str]]) – (experimental) title property. Specify an array of string values to match this event if the actual value of title is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• type (Optional[Sequence[str]]) – (experimental) type property. Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• updated_at (Optional[Sequence[str]]) – (experimental) updatedAt property. Specify an array of string values to match this event if the actual value of updatedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

.. rubric:: Attributes

account_id

(experimental) accountId property.

Specify an array of string values to match this event if the actual value of accountId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

arn

(experimental) arn property.

Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

created_at

(experimental) createdAt property.

Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

description

(experimental) description property.

Specify an array of string values to match this event if the actual value of description is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

event_metadata

(experimental) EventBridge event metadata.

Default:

Stability:

experimental

id

(experimental) id property.

Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

partition

(experimental) partition property.

Specify an array of string values to match this event if the actual value of partition is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

region

(experimental) region property.

Specify an array of string values to match this event if the actual value of region is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

resource

(experimental) resource property.

Specify an array of string values to match this event if the actual value of resource is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

schema_version

(experimental) schemaVersion property.

Specify an array of string values to match this event if the actual value of schemaVersion is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

service

(experimental) service property.

Specify an array of string values to match this event if the actual value of service is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

severity

(experimental) severity property.

Specify an array of string values to match this event if the actual value of severity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

title

(experimental) title property.

Specify an array of string values to match this event if the actual value of title is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

type

(experimental) type property.

Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

updated_at

(experimental) updatedAt property.

Specify an array of string values to match this event if the actual value of updatedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

HighestSeverityThreatDetails

class DetectorEvents.GuardDutyFinding.HighestSeverityThreatDetails(*, count=None, severity=None, threat_name=None)

Bases: object

(experimental) Type definition for HighestSeverityThreatDetails.

Parameters:

• count (Optional[Sequence[str]]) – (experimental) count property. Specify an array of string values to match this event if the actual value of count is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• severity (Optional[Sequence[str]]) – (experimental) severity property. Specify an array of string values to match this event if the actual value of severity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• threat_name (Optional[Sequence[str]]) – (experimental) threatName property. Specify an array of string values to match this event if the actual value of threatName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

highest_severity_threat_details = guardduty_events.DetectorEvents.GuardDutyFinding.HighestSeverityThreatDetails(
    count=["count"],
    severity=["severity"],
    threat_name=["threatName"]
)

Attributes

count

(experimental) count property.

Specify an array of string values to match this event if the actual value of count is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

severity

(experimental) severity property.

Specify an array of string values to match this event if the actual value of severity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

threat_name

(experimental) threatName property.

Specify an array of string values to match this event if the actual value of threatName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

IamInstanceProfile

class DetectorEvents.GuardDutyFinding.IamInstanceProfile(*, arn=None, id=None)

Bases: object

(experimental) Type definition for IamInstanceProfile.

Parameters:

• arn (Optional[Sequence[str]]) – (experimental) arn property. Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• id (Optional[Sequence[str]]) – (experimental) id property. Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

iam_instance_profile = guardduty_events.DetectorEvents.GuardDutyFinding.IamInstanceProfile(
    arn=["arn"],
    id=["id"]
)

Attributes

arn

(experimental) arn property.

Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

id

(experimental) id property.

Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

InstanceDetails

class DetectorEvents.GuardDutyFinding.InstanceDetails(*, availability_zone=None, iam_instance_profile=None, image_description=None, image_id=None, instance_id=None, instance_state=None, instance_type=None, launch_time=None, network_interfaces=None, outpost_arn=None, platform=None, product_codes=None, tags=None)

Bases: object

(experimental) Type definition for InstanceDetails.

Parameters:

• availability_zone (Optional[Sequence[str]]) – (experimental) availabilityZone property. Specify an array of string values to match this event if the actual value of availabilityZone is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• iam_instance_profile (Union[IamInstanceProfile, Dict[str, Any], None]) – (experimental) iamInstanceProfile property. Specify an array of string values to match this event if the actual value of iamInstanceProfile is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• image_description (Optional[Sequence[str]]) – (experimental) imageDescription property. Specify an array of string values to match this event if the actual value of imageDescription is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• image_id (Optional[Sequence[str]]) – (experimental) imageId property. Specify an array of string values to match this event if the actual value of imageId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• instance_id (Optional[Sequence[str]]) – (experimental) instanceId property. Specify an array of string values to match this event if the actual value of instanceId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• instance_state (Optional[Sequence[str]]) – (experimental) instanceState property. Specify an array of string values to match this event if the actual value of instanceState is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• instance_type (Optional[Sequence[str]]) – (experimental) instanceType property. Specify an array of string values to match this event if the actual value of instanceType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• launch_time (Optional[Sequence[str]]) – (experimental) launchTime property. Specify an array of string values to match this event if the actual value of launchTime is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• network_interfaces (Optional[Sequence[Union[InstanceDetailsItem, Dict[str, Any]]]]) – (experimental) networkInterfaces property. Specify an array of string values to match this event if the actual value of networkInterfaces is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• outpost_arn (Optional[Sequence[str]]) – (experimental) outpostArn property. Specify an array of string values to match this event if the actual value of outpostArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• platform (Optional[Sequence[str]]) – (experimental) platform property. Specify an array of string values to match this event if the actual value of platform is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• product_codes (Optional[Sequence[Union[InstanceDetailsItem1, Dict[str, Any]]]]) – (experimental) productCodes property. Specify an array of string values to match this event if the actual value of productCodes is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• tags (Optional[Sequence[Union[EcsClusterDetailsItem, Dict[str, Any]]]]) – (experimental) tags property. Specify an array of string values to match this event if the actual value of tags is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

# ipv6_addresses: Any

instance_details = guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetails(
    availability_zone=["availabilityZone"],
    iam_instance_profile=guardduty_events.DetectorEvents.GuardDutyFinding.IamInstanceProfile(
        arn=["arn"],
        id=["id"]
    ),
    image_description=["imageDescription"],
    image_id=["imageId"],
    instance_id=["instanceId"],
    instance_state=["instanceState"],
    instance_type=["instanceType"],
    launch_time=["launchTime"],
    network_interfaces=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItem(
        ipv6_addresses=[ipv6_addresses],
        network_interface_id=["networkInterfaceId"],
        private_dns_name=["privateDnsName"],
        private_ip_address=["privateIpAddress"],
        private_ip_addresses=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem(
            private_dns_name=["privateDnsName"],
            private_ip_address=["privateIpAddress"]
        )],
        public_dns_name=["publicDnsName"],
        public_ip=["publicIp"],
        security_groups=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem1(
            group_id=["groupId"],
            group_name=["groupName"]
        )],
        subnet_id=["subnetId"],
        vpc_id=["vpcId"]
    )],
    outpost_arn=["outpostArn"],
    platform=["platform"],
    product_codes=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItem1(
        product_code_id=["productCodeId"],
        product_code_type=["productCodeType"]
    )],
    tags=[guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
        key=["key"],
        value=["value"]
    )]
)

Attributes

availability_zone

(experimental) availabilityZone property.

Specify an array of string values to match this event if the actual value of availabilityZone is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

iam_instance_profile

(experimental) iamInstanceProfile property.

Specify an array of string values to match this event if the actual value of iamInstanceProfile is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

image_description

(experimental) imageDescription property.

Specify an array of string values to match this event if the actual value of imageDescription is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

image_id

(experimental) imageId property.

Specify an array of string values to match this event if the actual value of imageId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

instance_id

(experimental) instanceId property.

Specify an array of string values to match this event if the actual value of instanceId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

instance_state

(experimental) instanceState property.

Specify an array of string values to match this event if the actual value of instanceState is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

instance_type

(experimental) instanceType property.

Specify an array of string values to match this event if the actual value of instanceType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

launch_time

(experimental) launchTime property.

Specify an array of string values to match this event if the actual value of launchTime is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

network_interfaces

(experimental) networkInterfaces property.

Specify an array of string values to match this event if the actual value of networkInterfaces is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

outpost_arn

(experimental) outpostArn property.

Specify an array of string values to match this event if the actual value of outpostArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

platform

(experimental) platform property.

Specify an array of string values to match this event if the actual value of platform is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

product_codes

(experimental) productCodes property.

Specify an array of string values to match this event if the actual value of productCodes is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

tags

(experimental) tags property.

Specify an array of string values to match this event if the actual value of tags is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

InstanceDetailsItem

class DetectorEvents.GuardDutyFinding.InstanceDetailsItem(*, ipv6_addresses=None, network_interface_id=None, private_dns_name=None, private_ip_address=None, private_ip_addresses=None, public_dns_name=None, public_ip=None, security_groups=None, subnet_id=None, vpc_id=None)

Bases: object

(experimental) Type definition for InstanceDetailsItem.

Parameters:

• ipv6_addresses (Optional[Sequence[Any]]) – (experimental) ipv6Addresses property. Specify an array of string values to match this event if the actual value of ipv6Addresses is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• network_interface_id (Optional[Sequence[str]]) – (experimental) networkInterfaceId property. Specify an array of string values to match this event if the actual value of networkInterfaceId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• private_dns_name (Optional[Sequence[str]]) – (experimental) privateDnsName property. Specify an array of string values to match this event if the actual value of privateDnsName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• private_ip_address (Optional[Sequence[str]]) – (experimental) privateIpAddress property. Specify an array of string values to match this event if the actual value of privateIpAddress is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• private_ip_addresses (Optional[Sequence[Union[InstanceDetailsItemItem, Dict[str, Any]]]]) – (experimental) privateIpAddresses property. Specify an array of string values to match this event if the actual value of privateIpAddresses is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• public_dns_name (Optional[Sequence[str]]) – (experimental) publicDnsName property. Specify an array of string values to match this event if the actual value of publicDnsName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• public_ip (Optional[Sequence[str]]) – (experimental) publicIp property. Specify an array of string values to match this event if the actual value of publicIp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• security_groups (Optional[Sequence[Union[InstanceDetailsItemItem1, Dict[str, Any]]]]) – (experimental) securityGroups property. Specify an array of string values to match this event if the actual value of securityGroups is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• subnet_id (Optional[Sequence[str]]) – (experimental) subnetId property. Specify an array of string values to match this event if the actual value of subnetId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• vpc_id (Optional[Sequence[str]]) – (experimental) vpcId property. Specify an array of string values to match this event if the actual value of vpcId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

# ipv6_addresses: Any

instance_details_item = guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItem(
    ipv6_addresses=[ipv6_addresses],
    network_interface_id=["networkInterfaceId"],
    private_dns_name=["privateDnsName"],
    private_ip_address=["privateIpAddress"],
    private_ip_addresses=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem(
        private_dns_name=["privateDnsName"],
        private_ip_address=["privateIpAddress"]
    )],
    public_dns_name=["publicDnsName"],
    public_ip=["publicIp"],
    security_groups=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem1(
        group_id=["groupId"],
        group_name=["groupName"]
    )],
    subnet_id=["subnetId"],
    vpc_id=["vpcId"]
)

Attributes

ipv6_addresses

(experimental) ipv6Addresses property.

Specify an array of string values to match this event if the actual value of ipv6Addresses is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

network_interface_id

(experimental) networkInterfaceId property.

Specify an array of string values to match this event if the actual value of networkInterfaceId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

private_dns_name

(experimental) privateDnsName property.

Specify an array of string values to match this event if the actual value of privateDnsName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

private_ip_address

(experimental) privateIpAddress property.

Specify an array of string values to match this event if the actual value of privateIpAddress is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

private_ip_addresses

(experimental) privateIpAddresses property.

Specify an array of string values to match this event if the actual value of privateIpAddresses is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

public_dns_name

(experimental) publicDnsName property.

Specify an array of string values to match this event if the actual value of publicDnsName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

public_ip

(experimental) publicIp property.

Specify an array of string values to match this event if the actual value of publicIp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

security_groups

(experimental) securityGroups property.

Specify an array of string values to match this event if the actual value of securityGroups is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

subnet_id

(experimental) subnetId property.

Specify an array of string values to match this event if the actual value of subnetId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

vpc_id

(experimental) vpcId property.

Specify an array of string values to match this event if the actual value of vpcId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

InstanceDetailsItem1

class DetectorEvents.GuardDutyFinding.InstanceDetailsItem1(*, product_code_id=None, product_code_type=None)

Bases: object

(experimental) Type definition for InstanceDetailsItem_1.

Parameters:

• product_code_id (Optional[Sequence[str]]) – (experimental) productCodeId property. Specify an array of string values to match this event if the actual value of productCodeId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• product_code_type (Optional[Sequence[str]]) – (experimental) productCodeType property. Specify an array of string values to match this event if the actual value of productCodeType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

instance_details_item1 = guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItem1(
    product_code_id=["productCodeId"],
    product_code_type=["productCodeType"]
)

Attributes

product_code_id

(experimental) productCodeId property.

Specify an array of string values to match this event if the actual value of productCodeId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

product_code_type

(experimental) productCodeType property.

Specify an array of string values to match this event if the actual value of productCodeType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

InstanceDetailsItemItem

class DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem(*, private_dns_name=None, private_ip_address=None)

Bases: object

(experimental) Type definition for InstanceDetailsItemItem.

Parameters:

• private_dns_name (Optional[Sequence[str]]) – (experimental) privateDnsName property. Specify an array of string values to match this event if the actual value of privateDnsName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• private_ip_address (Optional[Sequence[str]]) – (experimental) privateIpAddress property. Specify an array of string values to match this event if the actual value of privateIpAddress is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

instance_details_item_item = guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem(
    private_dns_name=["privateDnsName"],
    private_ip_address=["privateIpAddress"]
)

Attributes

private_dns_name

(experimental) privateDnsName property.

Specify an array of string values to match this event if the actual value of privateDnsName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

private_ip_address

(experimental) privateIpAddress property.

Specify an array of string values to match this event if the actual value of privateIpAddress is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

InstanceDetailsItemItem1

class DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem1(*, group_id=None, group_name=None)

Bases: object

(experimental) Type definition for InstanceDetailsItemItem_1.

Parameters:

• group_id (Optional[Sequence[str]]) – (experimental) groupId property. Specify an array of string values to match this event if the actual value of groupId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• group_name (Optional[Sequence[str]]) – (experimental) groupName property. Specify an array of string values to match this event if the actual value of groupName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

instance_details_item_item1 = guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem1(
    group_id=["groupId"],
    group_name=["groupName"]
)

Attributes

group_id

(experimental) groupId property.

Specify an array of string values to match this event if the actual value of groupId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

group_name

(experimental) groupName property.

Specify an array of string values to match this event if the actual value of groupName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

KubernetesApiCallAction

class DetectorEvents.GuardDutyFinding.KubernetesApiCallAction(*, parameters=None, remote_ip_details=None, request_uri=None, source_i_ps=None, status_code=None, user_agent=None, verb=None)

Bases: object

(experimental) Type definition for KubernetesApiCallAction.

Parameters:

• parameters (Optional[Sequence[str]]) – (experimental) parameters property. Specify an array of string values to match this event if the actual value of parameters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• remote_ip_details (Union[RemoteIpDetails2, Dict[str, Any], None]) – (experimental) remoteIpDetails property. Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• request_uri (Optional[Sequence[str]]) – (experimental) requestUri property. Specify an array of string values to match this event if the actual value of requestUri is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• source_i_ps (Optional[Sequence[str]]) – (experimental) sourceIPs property. Specify an array of string values to match this event if the actual value of sourceIPs is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• status_code (Optional[Sequence[str]]) – (experimental) statusCode property. Specify an array of string values to match this event if the actual value of statusCode is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• user_agent (Optional[Sequence[str]]) – (experimental) userAgent property. Specify an array of string values to match this event if the actual value of userAgent is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• verb (Optional[Sequence[str]]) – (experimental) verb property. Specify an array of string values to match this event if the actual value of verb is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

kubernetes_api_call_action = guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesApiCallAction(
    parameters=["parameters"],
    remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails2(
        city=guardduty_events.DetectorEvents.GuardDutyFinding.City2(
            city_name=["cityName"]
        ),
        country=guardduty_events.DetectorEvents.GuardDutyFinding.Country2(
            country_name=["countryName"]
        ),
        geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
            lat=["lat"],
            lon=["lon"]
        ),
        ip_address_v4=["ipAddressV4"],
        organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization2(
            asn=["asn"],
            asn_org=["asnOrg"],
            isp=["isp"],
            org=["org"]
        )
    ),
    request_uri=["requestUri"],
    source_iPs=["sourceIPs"],
    status_code=["statusCode"],
    user_agent=["userAgent"],
    verb=["verb"]
)

Attributes

parameters

(experimental) parameters property.

Specify an array of string values to match this event if the actual value of parameters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

remote_ip_details

(experimental) remoteIpDetails property.

Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

request_uri

(experimental) requestUri property.

Specify an array of string values to match this event if the actual value of requestUri is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

source_i_ps

(experimental) sourceIPs property.

Specify an array of string values to match this event if the actual value of sourceIPs is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

status_code

(experimental) statusCode property.

Specify an array of string values to match this event if the actual value of statusCode is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

user_agent

(experimental) userAgent property.

Specify an array of string values to match this event if the actual value of userAgent is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

verb

(experimental) verb property.

Specify an array of string values to match this event if the actual value of verb is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

KubernetesDetails

class DetectorEvents.GuardDutyFinding.KubernetesDetails(*, kubernetes_user_details=None, kubernetes_workload_details=None)

Bases: object

(experimental) Type definition for KubernetesDetails.

Parameters:

• kubernetes_user_details (Union[KubernetesUserDetails, Dict[str, Any], None]) – (experimental) kubernetesUserDetails property. Specify an array of string values to match this event if the actual value of kubernetesUserDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• kubernetes_workload_details (Union[KubernetesWorkloadDetails, Dict[str, Any], None]) – (experimental) kubernetesWorkloadDetails property. Specify an array of string values to match this event if the actual value of kubernetesWorkloadDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

kubernetes_details = guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesDetails(
    kubernetes_user_details=guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesUserDetails(
        groups=["groups"],
        uid=["uid"],
        username=["username"]
    ),
    kubernetes_workload_details=guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetails(
        containers=[guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetailsItem(
            image=["image"],
            image_prefix=["imagePrefix"],
            name=["name"],
            security_context=guardduty_events.DetectorEvents.GuardDutyFinding.SecurityContext(
                privileged=["privileged"]
            )
        )],
        name=["name"],
        namespace=["namespace"],
        type=["type"],
        uid=["uid"]
    )
)

Attributes

kubernetes_user_details

(experimental) kubernetesUserDetails property.

Specify an array of string values to match this event if the actual value of kubernetesUserDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

kubernetes_workload_details

(experimental) kubernetesWorkloadDetails property.

Specify an array of string values to match this event if the actual value of kubernetesWorkloadDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

KubernetesUserDetails

class DetectorEvents.GuardDutyFinding.KubernetesUserDetails(*, groups=None, uid=None, username=None)

Bases: object

(experimental) Type definition for KubernetesUserDetails.

Parameters:

• groups (Optional[Sequence[str]]) – (experimental) groups property. Specify an array of string values to match this event if the actual value of groups is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• uid (Optional[Sequence[str]]) – (experimental) uid property. Specify an array of string values to match this event if the actual value of uid is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• username (Optional[Sequence[str]]) – (experimental) username property. Specify an array of string values to match this event if the actual value of username is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

kubernetes_user_details = guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesUserDetails(
    groups=["groups"],
    uid=["uid"],
    username=["username"]
)

Attributes

groups

(experimental) groups property.

Specify an array of string values to match this event if the actual value of groups is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

uid

(experimental) uid property.

Specify an array of string values to match this event if the actual value of uid is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

username

(experimental) username property.

Specify an array of string values to match this event if the actual value of username is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

KubernetesWorkloadDetails

class DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetails(*, containers=None, name=None, namespace=None, type=None, uid=None)

Bases: object

(experimental) Type definition for KubernetesWorkloadDetails.

Parameters:

• containers (Optional[Sequence[Union[KubernetesWorkloadDetailsItem, Dict[str, Any]]]]) – (experimental) containers property. Specify an array of string values to match this event if the actual value of containers is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• namespace (Optional[Sequence[str]]) – (experimental) namespace property. Specify an array of string values to match this event if the actual value of namespace is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• type (Optional[Sequence[str]]) – (experimental) type property. Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• uid (Optional[Sequence[str]]) – (experimental) uid property. Specify an array of string values to match this event if the actual value of uid is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

kubernetes_workload_details = guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetails(
    containers=[guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetailsItem(
        image=["image"],
        image_prefix=["imagePrefix"],
        name=["name"],
        security_context=guardduty_events.DetectorEvents.GuardDutyFinding.SecurityContext(
            privileged=["privileged"]
        )
    )],
    name=["name"],
    namespace=["namespace"],
    type=["type"],
    uid=["uid"]
)

Attributes

containers

(experimental) containers property.

Specify an array of string values to match this event if the actual value of containers is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

namespace

(experimental) namespace property.

Specify an array of string values to match this event if the actual value of namespace is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

type

(experimental) type property.

Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

uid

(experimental) uid property.

Specify an array of string values to match this event if the actual value of uid is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

KubernetesWorkloadDetailsItem

class DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetailsItem(*, image=None, image_prefix=None, name=None, security_context=None)

Bases: object

(experimental) Type definition for KubernetesWorkloadDetailsItem.

Parameters:

• image (Optional[Sequence[str]]) – (experimental) image property. Specify an array of string values to match this event if the actual value of image is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• image_prefix (Optional[Sequence[str]]) – (experimental) imagePrefix property. Specify an array of string values to match this event if the actual value of imagePrefix is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• security_context (Union[SecurityContext, Dict[str, Any], None]) – (experimental) securityContext property. Specify an array of string values to match this event if the actual value of securityContext is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

kubernetes_workload_details_item = guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetailsItem(
    image=["image"],
    image_prefix=["imagePrefix"],
    name=["name"],
    security_context=guardduty_events.DetectorEvents.GuardDutyFinding.SecurityContext(
        privileged=["privileged"]
    )
)

Attributes

image

(experimental) image property.

Specify an array of string values to match this event if the actual value of image is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

image_prefix

(experimental) imagePrefix property.

Specify an array of string values to match this event if the actual value of imagePrefix is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

security_context

(experimental) securityContext property.

Specify an array of string values to match this event if the actual value of securityContext is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

LocalIpDetails

class DetectorEvents.GuardDutyFinding.LocalIpDetails(*, ip_address_v4=None)

Bases: object

(experimental) Type definition for LocalIpDetails.

Parameters:

ip_address_v4 (Optional[Sequence[str]]) – (experimental) ipAddressV4 property. Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

local_ip_details = guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails(
    ip_address_v4=["ipAddressV4"]
)

Attributes

ip_address_v4

(experimental) ipAddressV4 property.

Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

LocalIpDetails1

class DetectorEvents.GuardDutyFinding.LocalIpDetails1(*, ip_address_v4=None)

Bases: object

(experimental) Type definition for LocalIpDetails_1.

Parameters:

ip_address_v4 (Optional[Sequence[str]]) – (experimental) ipAddressV4 property. Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

local_ip_details1 = guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails1(
    ip_address_v4=["ipAddressV4"]
)

Attributes

ip_address_v4

(experimental) ipAddressV4 property.

Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

LocalPortDetails

class DetectorEvents.GuardDutyFinding.LocalPortDetails(*, port=None, port_name=None)

Bases: object

(experimental) Type definition for LocalPortDetails.

Parameters:

• port (Optional[Sequence[str]]) – (experimental) port property. Specify an array of string values to match this event if the actual value of port is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• port_name (Optional[Sequence[str]]) – (experimental) portName property. Specify an array of string values to match this event if the actual value of portName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

local_port_details = guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails(
    port=["port"],
    port_name=["portName"]
)

Attributes

port

(experimental) port property.

Specify an array of string values to match this event if the actual value of port is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

port_name

(experimental) portName property.

Specify an array of string values to match this event if the actual value of portName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

LocalPortDetails1

class DetectorEvents.GuardDutyFinding.LocalPortDetails1(*, port=None, port_name=None)

Bases: object

(experimental) Type definition for LocalPortDetails_1.

Parameters:

• port (Optional[Sequence[str]]) – (experimental) port property. Specify an array of string values to match this event if the actual value of port is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• port_name (Optional[Sequence[str]]) – (experimental) portName property. Specify an array of string values to match this event if the actual value of portName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

local_port_details1 = guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails1(
    port=["port"],
    port_name=["portName"]
)

Attributes

port

(experimental) port property.

Specify an array of string values to match this event if the actual value of port is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

port_name

(experimental) portName property.

Specify an array of string values to match this event if the actual value of portName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

NetworkConnectionAction

class DetectorEvents.GuardDutyFinding.NetworkConnectionAction(*, blocked=None, connection_direction=None, local_ip_details=None, local_port_details=None, protocol=None, remote_ip_details=None, remote_port_details=None)

Bases: object

(experimental) Type definition for NetworkConnectionAction.

Parameters:

• blocked (Optional[Sequence[str]]) – (experimental) blocked property. Specify an array of string values to match this event if the actual value of blocked is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• connection_direction (Optional[Sequence[str]]) – (experimental) connectionDirection property. Specify an array of string values to match this event if the actual value of connectionDirection is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• local_ip_details (Union[LocalIpDetails, Dict[str, Any], None]) – (experimental) localIpDetails property. Specify an array of string values to match this event if the actual value of localIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• local_port_details (Union[LocalPortDetails, Dict[str, Any], None]) – (experimental) localPortDetails property. Specify an array of string values to match this event if the actual value of localPortDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• protocol (Optional[Sequence[str]]) – (experimental) protocol property. Specify an array of string values to match this event if the actual value of protocol is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• remote_ip_details (Union[RemoteIpDetails3, Dict[str, Any], None]) – (experimental) remoteIpDetails property. Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• remote_port_details (Union[RemotePortDetails, Dict[str, Any], None]) – (experimental) remotePortDetails property. Specify an array of string values to match this event if the actual value of remotePortDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

network_connection_action = guardduty_events.DetectorEvents.GuardDutyFinding.NetworkConnectionAction(
    blocked=["blocked"],
    connection_direction=["connectionDirection"],
    local_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails(
        ip_address_v4=["ipAddressV4"]
    ),
    local_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails(
        port=["port"],
        port_name=["portName"]
    ),
    protocol=["protocol"],
    remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails3(
        city=guardduty_events.DetectorEvents.GuardDutyFinding.City3(
            city_name=["cityName"]
        ),
        country=guardduty_events.DetectorEvents.GuardDutyFinding.Country3(
            country_name=["countryName"]
        ),
        geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
            lat=["lat"],
            lon=["lon"]
        ),
        ip_address_v4=["ipAddressV4"],
        organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization3(
            asn=["asn"],
            asn_org=["asnOrg"],
            isp=["isp"],
            org=["org"]
        )
    ),
    remote_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemotePortDetails(
        port=["port"],
        port_name=["portName"]
    )
)

Attributes

blocked

(experimental) blocked property.

Specify an array of string values to match this event if the actual value of blocked is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

connection_direction

(experimental) connectionDirection property.

Specify an array of string values to match this event if the actual value of connectionDirection is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

local_ip_details

(experimental) localIpDetails property.

Specify an array of string values to match this event if the actual value of localIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

local_port_details

(experimental) localPortDetails property.

Specify an array of string values to match this event if the actual value of localPortDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

protocol

(experimental) protocol property.

Specify an array of string values to match this event if the actual value of protocol is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

remote_ip_details

(experimental) remoteIpDetails property.

Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

remote_port_details

(experimental) remotePortDetails property.

Specify an array of string values to match this event if the actual value of remotePortDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

NewPolicy

class DetectorEvents.GuardDutyFinding.NewPolicy(*, allow_users_to_change_password=None, hard_expiry=None, max_password_age=None, minimum_password_length=None, password_reuse_prevention=None, require_lowercase_characters=None, require_numbers=None, require_symbols=None, require_uppercase_characters=None)

Bases: object

(experimental) Type definition for NewPolicy.

Parameters:

• allow_users_to_change_password (Optional[Sequence[str]]) – (experimental) allowUsersToChangePassword property. Specify an array of string values to match this event if the actual value of allowUsersToChangePassword is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• hard_expiry (Optional[Sequence[str]]) – (experimental) hardExpiry property. Specify an array of string values to match this event if the actual value of hardExpiry is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• max_password_age (Optional[Sequence[str]]) – (experimental) maxPasswordAge property. Specify an array of string values to match this event if the actual value of maxPasswordAge is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• minimum_password_length (Optional[Sequence[str]]) – (experimental) minimumPasswordLength property. Specify an array of string values to match this event if the actual value of minimumPasswordLength is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• password_reuse_prevention (Optional[Sequence[str]]) – (experimental) passwordReusePrevention property. Specify an array of string values to match this event if the actual value of passwordReusePrevention is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• require_lowercase_characters (Optional[Sequence[str]]) – (experimental) requireLowercaseCharacters property. Specify an array of string values to match this event if the actual value of requireLowercaseCharacters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• require_numbers (Optional[Sequence[str]]) – (experimental) requireNumbers property. Specify an array of string values to match this event if the actual value of requireNumbers is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• require_symbols (Optional[Sequence[str]]) – (experimental) requireSymbols property. Specify an array of string values to match this event if the actual value of requireSymbols is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• require_uppercase_characters (Optional[Sequence[str]]) – (experimental) requireUppercaseCharacters property. Specify an array of string values to match this event if the actual value of requireUppercaseCharacters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

new_policy = guardduty_events.DetectorEvents.GuardDutyFinding.NewPolicy(
    allow_users_to_change_password=["allowUsersToChangePassword"],
    hard_expiry=["hardExpiry"],
    max_password_age=["maxPasswordAge"],
    minimum_password_length=["minimumPasswordLength"],
    password_reuse_prevention=["passwordReusePrevention"],
    require_lowercase_characters=["requireLowercaseCharacters"],
    require_numbers=["requireNumbers"],
    require_symbols=["requireSymbols"],
    require_uppercase_characters=["requireUppercaseCharacters"]
)

Attributes

allow_users_to_change_password

(experimental) allowUsersToChangePassword property.

Specify an array of string values to match this event if the actual value of allowUsersToChangePassword is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

hard_expiry

(experimental) hardExpiry property.

Specify an array of string values to match this event if the actual value of hardExpiry is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

max_password_age

(experimental) maxPasswordAge property.

Specify an array of string values to match this event if the actual value of maxPasswordAge is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

minimum_password_length

(experimental) minimumPasswordLength property.

Specify an array of string values to match this event if the actual value of minimumPasswordLength is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

password_reuse_prevention

(experimental) passwordReusePrevention property.

Specify an array of string values to match this event if the actual value of passwordReusePrevention is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

require_lowercase_characters

(experimental) requireLowercaseCharacters property.

Specify an array of string values to match this event if the actual value of requireLowercaseCharacters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

require_numbers

(experimental) requireNumbers property.

Specify an array of string values to match this event if the actual value of requireNumbers is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

require_symbols

(experimental) requireSymbols property.

Specify an array of string values to match this event if the actual value of requireSymbols is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

require_uppercase_characters

(experimental) requireUppercaseCharacters property.

Specify an array of string values to match this event if the actual value of requireUppercaseCharacters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

OldPolicy

class DetectorEvents.GuardDutyFinding.OldPolicy(*, allow_users_to_change_password=None, hard_expiry=None, max_password_age=None, minimum_password_length=None, password_reuse_prevention=None, require_lowercase_characters=None, require_numbers=None, require_symbols=None, require_uppercase_characters=None)

Bases: object

(experimental) Type definition for OldPolicy.

Parameters:

• allow_users_to_change_password (Optional[Sequence[str]]) – (experimental) allowUsersToChangePassword property. Specify an array of string values to match this event if the actual value of allowUsersToChangePassword is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• hard_expiry (Optional[Sequence[str]]) – (experimental) hardExpiry property. Specify an array of string values to match this event if the actual value of hardExpiry is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• max_password_age (Optional[Sequence[str]]) – (experimental) maxPasswordAge property. Specify an array of string values to match this event if the actual value of maxPasswordAge is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• minimum_password_length (Optional[Sequence[str]]) – (experimental) minimumPasswordLength property. Specify an array of string values to match this event if the actual value of minimumPasswordLength is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• password_reuse_prevention (Optional[Sequence[str]]) – (experimental) passwordReusePrevention property. Specify an array of string values to match this event if the actual value of passwordReusePrevention is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• require_lowercase_characters (Optional[Sequence[str]]) – (experimental) requireLowercaseCharacters property. Specify an array of string values to match this event if the actual value of requireLowercaseCharacters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• require_numbers (Optional[Sequence[str]]) – (experimental) requireNumbers property. Specify an array of string values to match this event if the actual value of requireNumbers is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• require_symbols (Optional[Sequence[str]]) – (experimental) requireSymbols property. Specify an array of string values to match this event if the actual value of requireSymbols is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• require_uppercase_characters (Optional[Sequence[str]]) – (experimental) requireUppercaseCharacters property. Specify an array of string values to match this event if the actual value of requireUppercaseCharacters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

old_policy = guardduty_events.DetectorEvents.GuardDutyFinding.OldPolicy(
    allow_users_to_change_password=["allowUsersToChangePassword"],
    hard_expiry=["hardExpiry"],
    max_password_age=["maxPasswordAge"],
    minimum_password_length=["minimumPasswordLength"],
    password_reuse_prevention=["passwordReusePrevention"],
    require_lowercase_characters=["requireLowercaseCharacters"],
    require_numbers=["requireNumbers"],
    require_symbols=["requireSymbols"],
    require_uppercase_characters=["requireUppercaseCharacters"]
)

Attributes

allow_users_to_change_password

(experimental) allowUsersToChangePassword property.

Specify an array of string values to match this event if the actual value of allowUsersToChangePassword is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

hard_expiry

(experimental) hardExpiry property.

Specify an array of string values to match this event if the actual value of hardExpiry is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

max_password_age

(experimental) maxPasswordAge property.

Specify an array of string values to match this event if the actual value of maxPasswordAge is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

minimum_password_length

(experimental) minimumPasswordLength property.

Specify an array of string values to match this event if the actual value of minimumPasswordLength is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

password_reuse_prevention

(experimental) passwordReusePrevention property.

Specify an array of string values to match this event if the actual value of passwordReusePrevention is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

require_lowercase_characters

(experimental) requireLowercaseCharacters property.

Specify an array of string values to match this event if the actual value of requireLowercaseCharacters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

require_numbers

(experimental) requireNumbers property.

Specify an array of string values to match this event if the actual value of requireNumbers is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

require_symbols

(experimental) requireSymbols property.

Specify an array of string values to match this event if the actual value of requireSymbols is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

require_uppercase_characters

(experimental) requireUppercaseCharacters property.

Specify an array of string values to match this event if the actual value of requireUppercaseCharacters is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Organization

class DetectorEvents.GuardDutyFinding.Organization(*, asn=None, asn_org=None, isp=None, org=None)

Bases: object

(experimental) Type definition for Organization.

Parameters:

• asn (Optional[Sequence[str]]) – (experimental) asn property. Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• asn_org (Optional[Sequence[str]]) – (experimental) asnOrg property. Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• isp (Optional[Sequence[str]]) – (experimental) isp property. Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• org (Optional[Sequence[str]]) – (experimental) org property. Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

organization = guardduty_events.DetectorEvents.GuardDutyFinding.Organization(
    asn=["asn"],
    asn_org=["asnOrg"],
    isp=["isp"],
    org=["org"]
)

Attributes

asn

(experimental) asn property.

Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

asn_org

(experimental) asnOrg property.

Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

isp

(experimental) isp property.

Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

org

(experimental) org property.

Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Organization1

class DetectorEvents.GuardDutyFinding.Organization1(*, asn=None, asn_org=None, isp=None, org=None)

Bases: object

(experimental) Type definition for Organization_1.

Parameters:

• asn (Optional[Sequence[str]]) – (experimental) asn property. Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• asn_org (Optional[Sequence[str]]) – (experimental) asnOrg property. Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• isp (Optional[Sequence[str]]) – (experimental) isp property. Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• org (Optional[Sequence[str]]) – (experimental) org property. Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

organization1 = guardduty_events.DetectorEvents.GuardDutyFinding.Organization1(
    asn=["asn"],
    asn_org=["asnOrg"],
    isp=["isp"],
    org=["org"]
)

Attributes

asn

(experimental) asn property.

Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

asn_org

(experimental) asnOrg property.

Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

isp

(experimental) isp property.

Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

org

(experimental) org property.

Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Organization2

class DetectorEvents.GuardDutyFinding.Organization2(*, asn=None, asn_org=None, isp=None, org=None)

Bases: object

(experimental) Type definition for Organization_2.

Parameters:

• asn (Optional[Sequence[str]]) – (experimental) asn property. Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• asn_org (Optional[Sequence[str]]) – (experimental) asnOrg property. Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• isp (Optional[Sequence[str]]) – (experimental) isp property. Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• org (Optional[Sequence[str]]) – (experimental) org property. Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

organization2 = guardduty_events.DetectorEvents.GuardDutyFinding.Organization2(
    asn=["asn"],
    asn_org=["asnOrg"],
    isp=["isp"],
    org=["org"]
)

Attributes

asn

(experimental) asn property.

Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

asn_org

(experimental) asnOrg property.

Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

isp

(experimental) isp property.

Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

org

(experimental) org property.

Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Organization3

class DetectorEvents.GuardDutyFinding.Organization3(*, asn=None, asn_org=None, isp=None, org=None)

Bases: object

(experimental) Type definition for Organization_3.

Parameters:

• asn (Optional[Sequence[str]]) – (experimental) asn property. Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• asn_org (Optional[Sequence[str]]) – (experimental) asnOrg property. Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• isp (Optional[Sequence[str]]) – (experimental) isp property. Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• org (Optional[Sequence[str]]) – (experimental) org property. Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

organization3 = guardduty_events.DetectorEvents.GuardDutyFinding.Organization3(
    asn=["asn"],
    asn_org=["asnOrg"],
    isp=["isp"],
    org=["org"]
)

Attributes

asn

(experimental) asn property.

Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

asn_org

(experimental) asnOrg property.

Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

isp

(experimental) isp property.

Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

org

(experimental) org property.

Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Organization4

class DetectorEvents.GuardDutyFinding.Organization4(*, asn=None, asn_org=None, isp=None, org=None)

Bases: object

(experimental) Type definition for Organization_4.

Parameters:

• asn (Optional[Sequence[str]]) – (experimental) asn property. Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• asn_org (Optional[Sequence[str]]) – (experimental) asnOrg property. Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• isp (Optional[Sequence[str]]) – (experimental) isp property. Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• org (Optional[Sequence[str]]) – (experimental) org property. Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

organization4 = guardduty_events.DetectorEvents.GuardDutyFinding.Organization4(
    asn=["asn"],
    asn_org=["asnOrg"],
    isp=["isp"],
    org=["org"]
)

Attributes

asn

(experimental) asn property.

Specify an array of string values to match this event if the actual value of asn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

asn_org

(experimental) asnOrg property.

Specify an array of string values to match this event if the actual value of asnOrg is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

isp

(experimental) isp property.

Specify an array of string values to match this event if the actual value of isp is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

org

(experimental) org property.

Specify an array of string values to match this event if the actual value of org is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Owner

class DetectorEvents.GuardDutyFinding.Owner(*, id=None)

Bases: object

(experimental) Type definition for Owner.

Parameters:

id (Optional[Sequence[str]]) – (experimental) id property. Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

owner = guardduty_events.DetectorEvents.GuardDutyFinding.Owner(
    id=["id"]
)

Attributes

id

(experimental) id property.

Specify an array of string values to match this event if the actual value of id is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

PermissionConfiguration

class DetectorEvents.GuardDutyFinding.PermissionConfiguration(*, account_level_permissions=None, bucket_level_permissions=None)

Bases: object

(experimental) Type definition for PermissionConfiguration.

Parameters:

• account_level_permissions (Union[AccountLevelPermissions, Dict[str, Any], None]) – (experimental) accountLevelPermissions property. Specify an array of string values to match this event if the actual value of accountLevelPermissions is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• bucket_level_permissions (Union[BucketLevelPermissions, Dict[str, Any], None]) – (experimental) bucketLevelPermissions property. Specify an array of string values to match this event if the actual value of bucketLevelPermissions is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

permission_configuration = guardduty_events.DetectorEvents.GuardDutyFinding.PermissionConfiguration(
    account_level_permissions=guardduty_events.DetectorEvents.GuardDutyFinding.AccountLevelPermissions(
        block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
            block_public_acls=["blockPublicAcls"],
            block_public_policy=["blockPublicPolicy"],
            ignore_public_acls=["ignorePublicAcls"],
            restrict_public_buckets=["restrictPublicBuckets"]
        )
    ),
    bucket_level_permissions=guardduty_events.DetectorEvents.GuardDutyFinding.BucketLevelPermissions(
        access_control_list=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
            allows_public_read_access=["allowsPublicReadAccess"],
            allows_public_write_access=["allowsPublicWriteAccess"]
        ),
        block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
            block_public_acls=["blockPublicAcls"],
            block_public_policy=["blockPublicPolicy"],
            ignore_public_acls=["ignorePublicAcls"],
            restrict_public_buckets=["restrictPublicBuckets"]
        ),
        bucket_policy=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
            allows_public_read_access=["allowsPublicReadAccess"],
            allows_public_write_access=["allowsPublicWriteAccess"]
        )
    )
)

Attributes

account_level_permissions

(experimental) accountLevelPermissions property.

Specify an array of string values to match this event if the actual value of accountLevelPermissions is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

bucket_level_permissions

(experimental) bucketLevelPermissions property.

Specify an array of string values to match this event if the actual value of bucketLevelPermissions is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

PortProbeAction

class DetectorEvents.GuardDutyFinding.PortProbeAction(*, blocked=None, port_probe_details=None)

Bases: object

(experimental) Type definition for PortProbeAction.

Parameters:

• blocked (Optional[Sequence[str]]) – (experimental) blocked property. Specify an array of string values to match this event if the actual value of blocked is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• port_probe_details (Optional[Sequence[Union[PortProbeActionItem, Dict[str, Any]]]]) – (experimental) portProbeDetails property. Specify an array of string values to match this event if the actual value of portProbeDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

port_probe_action = guardduty_events.DetectorEvents.GuardDutyFinding.PortProbeAction(
    blocked=["blocked"],
    port_probe_details=[guardduty_events.DetectorEvents.GuardDutyFinding.PortProbeActionItem(
        local_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails1(
            ip_address_v4=["ipAddressV4"]
        ),
        local_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails1(
            port=["port"],
            port_name=["portName"]
        ),
        remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails4(
            city=guardduty_events.DetectorEvents.GuardDutyFinding.City4(
                city_name=["cityName"]
            ),
            country=guardduty_events.DetectorEvents.GuardDutyFinding.Country4(
                country_name=["countryName"]
            ),
            geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation1(
                lat=["lat"],
                lon=["lon"]
            ),
            ip_address_v4=["ipAddressV4"],
            organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization4(
                asn=["asn"],
                asn_org=["asnOrg"],
                isp=["isp"],
                org=["org"]
            )
        )
    )]
)

Attributes

blocked

(experimental) blocked property.

Specify an array of string values to match this event if the actual value of blocked is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

port_probe_details

(experimental) portProbeDetails property.

Specify an array of string values to match this event if the actual value of portProbeDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

PortProbeActionItem

class DetectorEvents.GuardDutyFinding.PortProbeActionItem(*, local_ip_details=None, local_port_details=None, remote_ip_details=None)

Bases: object

(experimental) Type definition for PortProbeActionItem.

Parameters:

• local_ip_details (Union[LocalIpDetails1, Dict[str, Any], None]) – (experimental) localIpDetails property. Specify an array of string values to match this event if the actual value of localIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• local_port_details (Union[LocalPortDetails1, Dict[str, Any], None]) – (experimental) localPortDetails property. Specify an array of string values to match this event if the actual value of localPortDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• remote_ip_details (Union[RemoteIpDetails4, Dict[str, Any], None]) – (experimental) remoteIpDetails property. Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

port_probe_action_item = guardduty_events.DetectorEvents.GuardDutyFinding.PortProbeActionItem(
    local_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails1(
        ip_address_v4=["ipAddressV4"]
    ),
    local_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails1(
        port=["port"],
        port_name=["portName"]
    ),
    remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails4(
        city=guardduty_events.DetectorEvents.GuardDutyFinding.City4(
            city_name=["cityName"]
        ),
        country=guardduty_events.DetectorEvents.GuardDutyFinding.Country4(
            country_name=["countryName"]
        ),
        geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation1(
            lat=["lat"],
            lon=["lon"]
        ),
        ip_address_v4=["ipAddressV4"],
        organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization4(
            asn=["asn"],
            asn_org=["asnOrg"],
            isp=["isp"],
            org=["org"]
        )
    )
)

Attributes

local_ip_details

(experimental) localIpDetails property.

Specify an array of string values to match this event if the actual value of localIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

local_port_details

(experimental) localPortDetails property.

Specify an array of string values to match this event if the actual value of localPortDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

remote_ip_details

(experimental) remoteIpDetails property.

Specify an array of string values to match this event if the actual value of remoteIpDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ProfiledBehavior

class DetectorEvents.GuardDutyFinding.ProfiledBehavior(*, frequent_profiled_ap_is_account_profiling=None, frequent_profiled_ap_is_user_identity_profiling=None, frequent_profiled_as_ns_account_profiling=None, frequent_profiled_as_ns_bucket_profiling=None, frequent_profiled_as_ns_user_identity_profiling=None, frequent_profiled_buckets_account_profiling=None, frequent_profiled_buckets_user_identity_profiling=None, frequent_profiled_user_agents_account_profiling=None, frequent_profiled_user_agents_user_identity_profiling=None, frequent_profiled_user_names_account_profiling=None, frequent_profiled_user_names_bucket_profiling=None, frequent_profiled_user_types_account_profiling=None, infrequent_profiled_ap_is_account_profiling=None, infrequent_profiled_ap_is_user_identity_profiling=None, infrequent_profiled_as_ns_account_profiling=None, infrequent_profiled_as_ns_bucket_profiling=None, infrequent_profiled_as_ns_user_identity_profiling=None, infrequent_profiled_buckets_account_profiling=None, infrequent_profiled_buckets_user_identity_profiling=None, infrequent_profiled_user_agents_account_profiling=None, infrequent_profiled_user_agents_user_identity_profiling=None, infrequent_profiled_user_names_account_profiling=None, infrequent_profiled_user_names_bucket_profiling=None, infrequent_profiled_user_types_account_profiling=None, number_of_historical_daily_avg_ap_is_bucket_profiling=None, number_of_historical_daily_avg_ap_is_bucket_user_identity_profiling=None, number_of_historical_daily_avg_ap_is_user_identity_profiling=None, number_of_historical_daily_max_ap_is_bucket_profiling=None, number_of_historical_daily_max_ap_is_bucket_user_identity_profiling=None, number_of_historical_daily_max_ap_is_user_identity_profiling=None, rare_profiled_ap_is_account_profiling=None, rare_profiled_ap_is_user_identity_profiling=None, rare_profiled_as_ns_account_profiling=None, rare_profiled_as_ns_bucket_profiling=None, rare_profiled_as_ns_user_identity_profiling=None, rare_profiled_buckets_account_profiling=None, rare_profiled_buckets_user_identity_profiling=None, rare_profiled_user_agents_account_profiling=None, rare_profiled_user_agents_user_identity_profiling=None, rare_profiled_user_names_account_profiling=None, rare_profiled_user_names_bucket_profiling=None, rare_profiled_user_types_account_profiling=None)

Bases: object

(experimental) Type definition for ProfiledBehavior.

Parameters:

• frequent_profiled_ap_is_account_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledAPIsAccountProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledAPIsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_ap_is_user_identity_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledAPIsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_as_ns_account_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledASNsAccountProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledASNsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_as_ns_bucket_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledASNsBucketProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledASNsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_as_ns_user_identity_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledASNsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledASNsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_buckets_account_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledBucketsAccountProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledBucketsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_buckets_user_identity_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledBucketsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledBucketsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_user_agents_account_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledUserAgentsAccountProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledUserAgentsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_user_agents_user_identity_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledUserAgentsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledUserAgentsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_user_names_account_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledUserNamesAccountProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledUserNamesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_user_names_bucket_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledUserNamesBucketProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledUserNamesBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• frequent_profiled_user_types_account_profiling (Optional[Sequence[str]]) – (experimental) frequentProfiledUserTypesAccountProfiling property. Specify an array of string values to match this event if the actual value of frequentProfiledUserTypesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_ap_is_account_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledAPIsAccountProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledAPIsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_ap_is_user_identity_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledAPIsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_as_ns_account_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledASNsAccountProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledASNsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_as_ns_bucket_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledASNsBucketProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledASNsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_as_ns_user_identity_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledASNsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledASNsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_buckets_account_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledBucketsAccountProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledBucketsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_buckets_user_identity_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledBucketsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledBucketsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_user_agents_account_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledUserAgentsAccountProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledUserAgentsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_user_agents_user_identity_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledUserAgentsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledUserAgentsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_user_names_account_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledUserNamesAccountProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledUserNamesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_user_names_bucket_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledUserNamesBucketProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledUserNamesBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• infrequent_profiled_user_types_account_profiling (Optional[Sequence[str]]) – (experimental) infrequentProfiledUserTypesAccountProfiling property. Specify an array of string values to match this event if the actual value of infrequentProfiledUserTypesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_historical_daily_avg_ap_is_bucket_profiling (Optional[Sequence[str]]) – (experimental) numberOfHistoricalDailyAvgAPIsBucketProfiling property. Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyAvgAPIsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_historical_daily_avg_ap_is_bucket_user_identity_profiling (Optional[Sequence[str]]) – (experimental) numberOfHistoricalDailyAvgAPIsBucketUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyAvgAPIsBucketUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_historical_daily_avg_ap_is_user_identity_profiling (Optional[Sequence[str]]) – (experimental) numberOfHistoricalDailyAvgAPIsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyAvgAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_historical_daily_max_ap_is_bucket_profiling (Optional[Sequence[str]]) – (experimental) numberOfHistoricalDailyMaxAPIsBucketProfiling property. Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyMaxAPIsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_historical_daily_max_ap_is_bucket_user_identity_profiling (Optional[Sequence[str]]) – (experimental) numberOfHistoricalDailyMaxAPIsBucketUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyMaxAPIsBucketUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_historical_daily_max_ap_is_user_identity_profiling (Optional[Sequence[str]]) – (experimental) numberOfHistoricalDailyMaxAPIsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyMaxAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_ap_is_account_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledAPIsAccountProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledAPIsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_ap_is_user_identity_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledAPIsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_as_ns_account_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledASNsAccountProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledASNsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_as_ns_bucket_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledASNsBucketProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledASNsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_as_ns_user_identity_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledASNsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledASNsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_buckets_account_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledBucketsAccountProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledBucketsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_buckets_user_identity_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledBucketsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledBucketsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_user_agents_account_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledUserAgentsAccountProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledUserAgentsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_user_agents_user_identity_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledUserAgentsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledUserAgentsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_user_names_account_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledUserNamesAccountProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledUserNamesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_user_names_bucket_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledUserNamesBucketProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledUserNamesBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• rare_profiled_user_types_account_profiling (Optional[Sequence[str]]) – (experimental) rareProfiledUserTypesAccountProfiling property. Specify an array of string values to match this event if the actual value of rareProfiledUserTypesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

profiled_behavior = guardduty_events.DetectorEvents.GuardDutyFinding.ProfiledBehavior(
    frequent_profiled_ap_is_account_profiling=["frequentProfiledApIsAccountProfiling"],
    frequent_profiled_ap_is_user_identity_profiling=["frequentProfiledApIsUserIdentityProfiling"],
    frequent_profiled_as_ns_account_profiling=["frequentProfiledAsNsAccountProfiling"],
    frequent_profiled_as_ns_bucket_profiling=["frequentProfiledAsNsBucketProfiling"],
    frequent_profiled_as_ns_user_identity_profiling=["frequentProfiledAsNsUserIdentityProfiling"],
    frequent_profiled_buckets_account_profiling=["frequentProfiledBucketsAccountProfiling"],
    frequent_profiled_buckets_user_identity_profiling=["frequentProfiledBucketsUserIdentityProfiling"],
    frequent_profiled_user_agents_account_profiling=["frequentProfiledUserAgentsAccountProfiling"],
    frequent_profiled_user_agents_user_identity_profiling=["frequentProfiledUserAgentsUserIdentityProfiling"],
    frequent_profiled_user_names_account_profiling=["frequentProfiledUserNamesAccountProfiling"],
    frequent_profiled_user_names_bucket_profiling=["frequentProfiledUserNamesBucketProfiling"],
    frequent_profiled_user_types_account_profiling=["frequentProfiledUserTypesAccountProfiling"],
    infrequent_profiled_ap_is_account_profiling=["infrequentProfiledApIsAccountProfiling"],
    infrequent_profiled_ap_is_user_identity_profiling=["infrequentProfiledApIsUserIdentityProfiling"],
    infrequent_profiled_as_ns_account_profiling=["infrequentProfiledAsNsAccountProfiling"],
    infrequent_profiled_as_ns_bucket_profiling=["infrequentProfiledAsNsBucketProfiling"],
    infrequent_profiled_as_ns_user_identity_profiling=["infrequentProfiledAsNsUserIdentityProfiling"],
    infrequent_profiled_buckets_account_profiling=["infrequentProfiledBucketsAccountProfiling"],
    infrequent_profiled_buckets_user_identity_profiling=["infrequentProfiledBucketsUserIdentityProfiling"],
    infrequent_profiled_user_agents_account_profiling=["infrequentProfiledUserAgentsAccountProfiling"],
    infrequent_profiled_user_agents_user_identity_profiling=["infrequentProfiledUserAgentsUserIdentityProfiling"],
    infrequent_profiled_user_names_account_profiling=["infrequentProfiledUserNamesAccountProfiling"],
    infrequent_profiled_user_names_bucket_profiling=["infrequentProfiledUserNamesBucketProfiling"],
    infrequent_profiled_user_types_account_profiling=["infrequentProfiledUserTypesAccountProfiling"],
    number_of_historical_daily_avg_ap_is_bucket_profiling=["numberOfHistoricalDailyAvgApIsBucketProfiling"],
    number_of_historical_daily_avg_ap_is_bucket_user_identity_profiling=["numberOfHistoricalDailyAvgApIsBucketUserIdentityProfiling"],
    number_of_historical_daily_avg_ap_is_user_identity_profiling=["numberOfHistoricalDailyAvgApIsUserIdentityProfiling"],
    number_of_historical_daily_max_ap_is_bucket_profiling=["numberOfHistoricalDailyMaxApIsBucketProfiling"],
    number_of_historical_daily_max_ap_is_bucket_user_identity_profiling=["numberOfHistoricalDailyMaxApIsBucketUserIdentityProfiling"],
    number_of_historical_daily_max_ap_is_user_identity_profiling=["numberOfHistoricalDailyMaxApIsUserIdentityProfiling"],
    rare_profiled_ap_is_account_profiling=["rareProfiledApIsAccountProfiling"],
    rare_profiled_ap_is_user_identity_profiling=["rareProfiledApIsUserIdentityProfiling"],
    rare_profiled_as_ns_account_profiling=["rareProfiledAsNsAccountProfiling"],
    rare_profiled_as_ns_bucket_profiling=["rareProfiledAsNsBucketProfiling"],
    rare_profiled_as_ns_user_identity_profiling=["rareProfiledAsNsUserIdentityProfiling"],
    rare_profiled_buckets_account_profiling=["rareProfiledBucketsAccountProfiling"],
    rare_profiled_buckets_user_identity_profiling=["rareProfiledBucketsUserIdentityProfiling"],
    rare_profiled_user_agents_account_profiling=["rareProfiledUserAgentsAccountProfiling"],
    rare_profiled_user_agents_user_identity_profiling=["rareProfiledUserAgentsUserIdentityProfiling"],
    rare_profiled_user_names_account_profiling=["rareProfiledUserNamesAccountProfiling"],
    rare_profiled_user_names_bucket_profiling=["rareProfiledUserNamesBucketProfiling"],
    rare_profiled_user_types_account_profiling=["rareProfiledUserTypesAccountProfiling"]
)

Attributes

frequent_profiled_ap_is_account_profiling

(experimental) frequentProfiledAPIsAccountProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledAPIsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_ap_is_user_identity_profiling

(experimental) frequentProfiledAPIsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_as_ns_account_profiling

(experimental) frequentProfiledASNsAccountProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledASNsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_as_ns_bucket_profiling

(experimental) frequentProfiledASNsBucketProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledASNsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_as_ns_user_identity_profiling

(experimental) frequentProfiledASNsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledASNsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_buckets_account_profiling

(experimental) frequentProfiledBucketsAccountProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledBucketsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_buckets_user_identity_profiling

(experimental) frequentProfiledBucketsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledBucketsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_user_agents_account_profiling

(experimental) frequentProfiledUserAgentsAccountProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledUserAgentsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_user_agents_user_identity_profiling

(experimental) frequentProfiledUserAgentsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledUserAgentsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_user_names_account_profiling

(experimental) frequentProfiledUserNamesAccountProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledUserNamesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_user_names_bucket_profiling

(experimental) frequentProfiledUserNamesBucketProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledUserNamesBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

frequent_profiled_user_types_account_profiling

(experimental) frequentProfiledUserTypesAccountProfiling property.

Specify an array of string values to match this event if the actual value of frequentProfiledUserTypesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_ap_is_account_profiling

(experimental) infrequentProfiledAPIsAccountProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledAPIsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_ap_is_user_identity_profiling

(experimental) infrequentProfiledAPIsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_as_ns_account_profiling

(experimental) infrequentProfiledASNsAccountProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledASNsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_as_ns_bucket_profiling

(experimental) infrequentProfiledASNsBucketProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledASNsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_as_ns_user_identity_profiling

(experimental) infrequentProfiledASNsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledASNsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_buckets_account_profiling

(experimental) infrequentProfiledBucketsAccountProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledBucketsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_buckets_user_identity_profiling

(experimental) infrequentProfiledBucketsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledBucketsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_user_agents_account_profiling

(experimental) infrequentProfiledUserAgentsAccountProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledUserAgentsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_user_agents_user_identity_profiling

(experimental) infrequentProfiledUserAgentsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledUserAgentsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_user_names_account_profiling

(experimental) infrequentProfiledUserNamesAccountProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledUserNamesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_user_names_bucket_profiling

(experimental) infrequentProfiledUserNamesBucketProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledUserNamesBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

infrequent_profiled_user_types_account_profiling

(experimental) infrequentProfiledUserTypesAccountProfiling property.

Specify an array of string values to match this event if the actual value of infrequentProfiledUserTypesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_historical_daily_avg_ap_is_bucket_profiling

(experimental) numberOfHistoricalDailyAvgAPIsBucketProfiling property.

Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyAvgAPIsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_historical_daily_avg_ap_is_bucket_user_identity_profiling

(experimental) numberOfHistoricalDailyAvgAPIsBucketUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyAvgAPIsBucketUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_historical_daily_avg_ap_is_user_identity_profiling

(experimental) numberOfHistoricalDailyAvgAPIsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyAvgAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_historical_daily_max_ap_is_bucket_profiling

(experimental) numberOfHistoricalDailyMaxAPIsBucketProfiling property.

Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyMaxAPIsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_historical_daily_max_ap_is_bucket_user_identity_profiling

(experimental) numberOfHistoricalDailyMaxAPIsBucketUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyMaxAPIsBucketUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_historical_daily_max_ap_is_user_identity_profiling

(experimental) numberOfHistoricalDailyMaxAPIsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of numberOfHistoricalDailyMaxAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_ap_is_account_profiling

(experimental) rareProfiledAPIsAccountProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledAPIsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_ap_is_user_identity_profiling

(experimental) rareProfiledAPIsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_as_ns_account_profiling

(experimental) rareProfiledASNsAccountProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledASNsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_as_ns_bucket_profiling

(experimental) rareProfiledASNsBucketProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledASNsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_as_ns_user_identity_profiling

(experimental) rareProfiledASNsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledASNsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_buckets_account_profiling

(experimental) rareProfiledBucketsAccountProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledBucketsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_buckets_user_identity_profiling

(experimental) rareProfiledBucketsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledBucketsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_user_agents_account_profiling

(experimental) rareProfiledUserAgentsAccountProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledUserAgentsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_user_agents_user_identity_profiling

(experimental) rareProfiledUserAgentsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledUserAgentsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_user_names_account_profiling

(experimental) rareProfiledUserNamesAccountProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledUserNamesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_user_names_bucket_profiling

(experimental) rareProfiledUserNamesBucketProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledUserNamesBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

rare_profiled_user_types_account_profiling

(experimental) rareProfiledUserTypesAccountProfiling property.

Specify an array of string values to match this event if the actual value of rareProfiledUserTypesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

PublicAccess

class DetectorEvents.GuardDutyFinding.PublicAccess(*, effective_permission=None, permission_configuration=None)

Bases: object

(experimental) Type definition for PublicAccess.

Parameters:

• effective_permission (Optional[Sequence[str]]) – (experimental) effectivePermission property. Specify an array of string values to match this event if the actual value of effectivePermission is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• permission_configuration (Union[PermissionConfiguration, Dict[str, Any], None]) – (experimental) permissionConfiguration property. Specify an array of string values to match this event if the actual value of permissionConfiguration is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

public_access = guardduty_events.DetectorEvents.GuardDutyFinding.PublicAccess(
    effective_permission=["effectivePermission"],
    permission_configuration=guardduty_events.DetectorEvents.GuardDutyFinding.PermissionConfiguration(
        account_level_permissions=guardduty_events.DetectorEvents.GuardDutyFinding.AccountLevelPermissions(
            block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
                block_public_acls=["blockPublicAcls"],
                block_public_policy=["blockPublicPolicy"],
                ignore_public_acls=["ignorePublicAcls"],
                restrict_public_buckets=["restrictPublicBuckets"]
            )
        ),
        bucket_level_permissions=guardduty_events.DetectorEvents.GuardDutyFinding.BucketLevelPermissions(
            access_control_list=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
                allows_public_read_access=["allowsPublicReadAccess"],
                allows_public_write_access=["allowsPublicWriteAccess"]
            ),
            block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
                block_public_acls=["blockPublicAcls"],
                block_public_policy=["blockPublicPolicy"],
                ignore_public_acls=["ignorePublicAcls"],
                restrict_public_buckets=["restrictPublicBuckets"]
            ),
            bucket_policy=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
                allows_public_read_access=["allowsPublicReadAccess"],
                allows_public_write_access=["allowsPublicWriteAccess"]
            )
        )
    )
)

Attributes

effective_permission

(experimental) effectivePermission property.

Specify an array of string values to match this event if the actual value of effectivePermission is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

permission_configuration

(experimental) permissionConfiguration property.

Specify an array of string values to match this event if the actual value of permissionConfiguration is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

RemoteAccountDetails

class DetectorEvents.GuardDutyFinding.RemoteAccountDetails(*, account_id=None, affiliated=None)

Bases: object

(experimental) Type definition for RemoteAccountDetails.

Parameters:

• account_id (Optional[Sequence[str]]) – (experimental) accountId property. Specify an array of string values to match this event if the actual value of accountId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• affiliated (Optional[Sequence[str]]) – (experimental) affiliated property. Specify an array of string values to match this event if the actual value of affiliated is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

remote_account_details = guardduty_events.DetectorEvents.GuardDutyFinding.RemoteAccountDetails(
    account_id=["accountId"],
    affiliated=["affiliated"]
)

Attributes

account_id

(experimental) accountId property.

Specify an array of string values to match this event if the actual value of accountId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

affiliated

(experimental) affiliated property.

Specify an array of string values to match this event if the actual value of affiliated is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

RemoteIpDetails

class DetectorEvents.GuardDutyFinding.RemoteIpDetails(*, city=None, country=None, geo_location=None, ip_address_v4=None, organization=None)

Bases: object

(experimental) Type definition for RemoteIpDetails.

Parameters:

• city (Union[City, Dict[str, Any], None]) – (experimental) city property. Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• country (Union[Country, Dict[str, Any], None]) – (experimental) country property. Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• geo_location (Union[GeoLocation, Dict[str, Any], None]) – (experimental) geoLocation property. Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ip_address_v4 (Optional[Sequence[str]]) – (experimental) ipAddressV4 property. Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• organization (Union[Organization, Dict[str, Any], None]) – (experimental) organization property. Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

remote_ip_details = guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails(
    city=guardduty_events.DetectorEvents.GuardDutyFinding.City(
        city_name=["cityName"]
    ),
    country=guardduty_events.DetectorEvents.GuardDutyFinding.Country(
        country_name=["countryName"]
    ),
    geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
        lat=["lat"],
        lon=["lon"]
    ),
    ip_address_v4=["ipAddressV4"],
    organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization(
        asn=["asn"],
        asn_org=["asnOrg"],
        isp=["isp"],
        org=["org"]
    )
)

Attributes

city

(experimental) city property.

Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

country

(experimental) country property.

Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

geo_location

(experimental) geoLocation property.

Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ip_address_v4

(experimental) ipAddressV4 property.

Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

organization

(experimental) organization property.

Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

RemoteIpDetails1

class DetectorEvents.GuardDutyFinding.RemoteIpDetails1(*, city=None, country=None, geo_location=None, ip_address_v4=None, organization=None)

Bases: object

(experimental) Type definition for RemoteIpDetails_1.

Parameters:

• city (Union[City1, Dict[str, Any], None]) – (experimental) city property. Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• country (Union[Country1, Dict[str, Any], None]) – (experimental) country property. Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• geo_location (Union[GeoLocation, Dict[str, Any], None]) – (experimental) geoLocation property. Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ip_address_v4 (Optional[Sequence[str]]) – (experimental) ipAddressV4 property. Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• organization (Union[Organization1, Dict[str, Any], None]) – (experimental) organization property. Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

remote_ip_details1 = guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails1(
    city=guardduty_events.DetectorEvents.GuardDutyFinding.City1(
        city_name=["cityName"]
    ),
    country=guardduty_events.DetectorEvents.GuardDutyFinding.Country1(
        country_name=["countryName"]
    ),
    geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
        lat=["lat"],
        lon=["lon"]
    ),
    ip_address_v4=["ipAddressV4"],
    organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization1(
        asn=["asn"],
        asn_org=["asnOrg"],
        isp=["isp"],
        org=["org"]
    )
)

Attributes

city

(experimental) city property.

Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

country

(experimental) country property.

Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

geo_location

(experimental) geoLocation property.

Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ip_address_v4

(experimental) ipAddressV4 property.

Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

organization

(experimental) organization property.

Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

RemoteIpDetails2

class DetectorEvents.GuardDutyFinding.RemoteIpDetails2(*, city=None, country=None, geo_location=None, ip_address_v4=None, organization=None)

Bases: object

(experimental) Type definition for RemoteIpDetails_2.

Parameters:

• city (Union[City2, Dict[str, Any], None]) – (experimental) city property. Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• country (Union[Country2, Dict[str, Any], None]) – (experimental) country property. Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• geo_location (Union[GeoLocation, Dict[str, Any], None]) – (experimental) geoLocation property. Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ip_address_v4 (Optional[Sequence[str]]) – (experimental) ipAddressV4 property. Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• organization (Union[Organization2, Dict[str, Any], None]) – (experimental) organization property. Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

remote_ip_details2 = guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails2(
    city=guardduty_events.DetectorEvents.GuardDutyFinding.City2(
        city_name=["cityName"]
    ),
    country=guardduty_events.DetectorEvents.GuardDutyFinding.Country2(
        country_name=["countryName"]
    ),
    geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
        lat=["lat"],
        lon=["lon"]
    ),
    ip_address_v4=["ipAddressV4"],
    organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization2(
        asn=["asn"],
        asn_org=["asnOrg"],
        isp=["isp"],
        org=["org"]
    )
)

Attributes

city

(experimental) city property.

Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

country

(experimental) country property.

Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

geo_location

(experimental) geoLocation property.

Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ip_address_v4

(experimental) ipAddressV4 property.

Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

organization

(experimental) organization property.

Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

RemoteIpDetails3

class DetectorEvents.GuardDutyFinding.RemoteIpDetails3(*, city=None, country=None, geo_location=None, ip_address_v4=None, organization=None)

Bases: object

(experimental) Type definition for RemoteIpDetails_3.

Parameters:

• city (Union[City3, Dict[str, Any], None]) – (experimental) city property. Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• country (Union[Country3, Dict[str, Any], None]) – (experimental) country property. Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• geo_location (Union[GeoLocation, Dict[str, Any], None]) – (experimental) geoLocation property. Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ip_address_v4 (Optional[Sequence[str]]) – (experimental) ipAddressV4 property. Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• organization (Union[Organization3, Dict[str, Any], None]) – (experimental) organization property. Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

remote_ip_details3 = guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails3(
    city=guardduty_events.DetectorEvents.GuardDutyFinding.City3(
        city_name=["cityName"]
    ),
    country=guardduty_events.DetectorEvents.GuardDutyFinding.Country3(
        country_name=["countryName"]
    ),
    geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
        lat=["lat"],
        lon=["lon"]
    ),
    ip_address_v4=["ipAddressV4"],
    organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization3(
        asn=["asn"],
        asn_org=["asnOrg"],
        isp=["isp"],
        org=["org"]
    )
)

Attributes

city

(experimental) city property.

Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

country

(experimental) country property.

Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

geo_location

(experimental) geoLocation property.

Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ip_address_v4

(experimental) ipAddressV4 property.

Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

organization

(experimental) organization property.

Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

RemoteIpDetails4

class DetectorEvents.GuardDutyFinding.RemoteIpDetails4(*, city=None, country=None, geo_location=None, ip_address_v4=None, organization=None)

Bases: object

(experimental) Type definition for RemoteIpDetails_4.

Parameters:

• city (Union[City4, Dict[str, Any], None]) – (experimental) city property. Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• country (Union[Country4, Dict[str, Any], None]) – (experimental) country property. Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• geo_location (Union[GeoLocation1, Dict[str, Any], None]) – (experimental) geoLocation property. Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ip_address_v4 (Optional[Sequence[str]]) – (experimental) ipAddressV4 property. Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• organization (Union[Organization4, Dict[str, Any], None]) – (experimental) organization property. Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

remote_ip_details4 = guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails4(
    city=guardduty_events.DetectorEvents.GuardDutyFinding.City4(
        city_name=["cityName"]
    ),
    country=guardduty_events.DetectorEvents.GuardDutyFinding.Country4(
        country_name=["countryName"]
    ),
    geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation1(
        lat=["lat"],
        lon=["lon"]
    ),
    ip_address_v4=["ipAddressV4"],
    organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization4(
        asn=["asn"],
        asn_org=["asnOrg"],
        isp=["isp"],
        org=["org"]
    )
)

Attributes

city

(experimental) city property.

Specify an array of string values to match this event if the actual value of city is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

country

(experimental) country property.

Specify an array of string values to match this event if the actual value of country is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

geo_location

(experimental) geoLocation property.

Specify an array of string values to match this event if the actual value of geoLocation is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ip_address_v4

(experimental) ipAddressV4 property.

Specify an array of string values to match this event if the actual value of ipAddressV4 is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

organization

(experimental) organization property.

Specify an array of string values to match this event if the actual value of organization is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

RemotePortDetails

class DetectorEvents.GuardDutyFinding.RemotePortDetails(*, port=None, port_name=None)

Bases: object

(experimental) Type definition for RemotePortDetails.

Parameters:

• port (Optional[Sequence[str]]) – (experimental) port property. Specify an array of string values to match this event if the actual value of port is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• port_name (Optional[Sequence[str]]) – (experimental) portName property. Specify an array of string values to match this event if the actual value of portName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

remote_port_details = guardduty_events.DetectorEvents.GuardDutyFinding.RemotePortDetails(
    port=["port"],
    port_name=["portName"]
)

Attributes

port

(experimental) port property.

Specify an array of string values to match this event if the actual value of port is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

port_name

(experimental) portName property.

Specify an array of string values to match this event if the actual value of portName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Resource

class DetectorEvents.GuardDutyFinding.Resource(*, access_key_details=None, container_details=None, ebs_volume_details=None, ecs_cluster_details=None, eks_cluster_details=None, instance_details=None, kubernetes_details=None, resource_type=None, s3_bucket_details=None)

Bases: object

(experimental) Type definition for Resource.

Parameters:

• access_key_details (Union[AccessKeyDetails, Dict[str, Any], None]) – (experimental) accessKeyDetails property. Specify an array of string values to match this event if the actual value of accessKeyDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• container_details (Union[ContainerDetails, Dict[str, Any], None]) – (experimental) containerDetails property. Specify an array of string values to match this event if the actual value of containerDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ebs_volume_details (Union[EbsVolumeDetails, Dict[str, Any], None]) – (experimental) ebsVolumeDetails property. Specify an array of string values to match this event if the actual value of ebsVolumeDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• ecs_cluster_details (Union[EcsClusterDetails, Dict[str, Any], None]) – (experimental) ecsClusterDetails property. Specify an array of string values to match this event if the actual value of ecsClusterDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• eks_cluster_details (Union[EksClusterDetails, Dict[str, Any], None]) – (experimental) eksClusterDetails property. Specify an array of string values to match this event if the actual value of eksClusterDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• instance_details (Union[InstanceDetails, Dict[str, Any], None]) – (experimental) instanceDetails property. Specify an array of string values to match this event if the actual value of instanceDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• kubernetes_details (Union[KubernetesDetails, Dict[str, Any], None]) – (experimental) kubernetesDetails property. Specify an array of string values to match this event if the actual value of kubernetesDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• resource_type (Optional[Sequence[str]]) – (experimental) resourceType property. Specify an array of string values to match this event if the actual value of resourceType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• s3_bucket_details (Optional[Sequence[Union[ResourceItem, Dict[str, Any]]]]) – (experimental) s3BucketDetails property. Specify an array of string values to match this event if the actual value of s3BucketDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

# ipv6_addresses: Any

resource = guardduty_events.DetectorEvents.GuardDutyFinding.Resource(
    access_key_details=guardduty_events.DetectorEvents.GuardDutyFinding.AccessKeyDetails(
        access_key_id=["accessKeyId"],
        principal_id=["principalId"],
        user_name=["userName"],
        user_type=["userType"]
    ),
    container_details=guardduty_events.DetectorEvents.GuardDutyFinding.ContainerDetails(
        id=["id"],
        image=["image"],
        name=["name"]
    ),
    ebs_volume_details=guardduty_events.DetectorEvents.GuardDutyFinding.EbsVolumeDetails(
        scanned_volume_details=[guardduty_events.DetectorEvents.GuardDutyFinding.EbsVolumeDetailsItem(
            device_name=["deviceName"],
            encryption_type=["encryptionType"],
            kms_key_arn=["kmsKeyArn"],
            snapshot_arn=["snapshotArn"],
            volume_arn=["volumeArn"],
            volume_size_in_gb=["volumeSizeInGb"],
            volume_type=["volumeType"]
        )],
        skipped_volume_details=["skippedVolumeDetails"]
    ),
    ecs_cluster_details=guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetails(
        arn=["arn"],
        name=["name"],
        status=["status"],
        tags=[guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
            key=["key"],
            value=["value"]
        )],
        task_details=guardduty_events.DetectorEvents.GuardDutyFinding.TaskDetails(
            arn=["arn"],
            containers=[guardduty_events.DetectorEvents.GuardDutyFinding.TaskDetailsItem(
                image=["image"],
                name=["name"]
            )],
            created_at=["createdAt"],
            definition_arn=["definitionArn"],
            started_at=["startedAt"],
            started_by=["startedBy"],
            version=["version"]
        )
    ),
    eks_cluster_details=guardduty_events.DetectorEvents.GuardDutyFinding.EksClusterDetails(
        arn=["arn"],
        created_at=["createdAt"],
        name=["name"],
        status=["status"],
        tags=[guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
            key=["key"],
            value=["value"]
        )],
        vpc_id=["vpcId"]
    ),
    instance_details=guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetails(
        availability_zone=["availabilityZone"],
        iam_instance_profile=guardduty_events.DetectorEvents.GuardDutyFinding.IamInstanceProfile(
            arn=["arn"],
            id=["id"]
        ),
        image_description=["imageDescription"],
        image_id=["imageId"],
        instance_id=["instanceId"],
        instance_state=["instanceState"],
        instance_type=["instanceType"],
        launch_time=["launchTime"],
        network_interfaces=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItem(
            ipv6_addresses=[ipv6_addresses],
            network_interface_id=["networkInterfaceId"],
            private_dns_name=["privateDnsName"],
            private_ip_address=["privateIpAddress"],
            private_ip_addresses=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem(
                private_dns_name=["privateDnsName"],
                private_ip_address=["privateIpAddress"]
            )],
            public_dns_name=["publicDnsName"],
            public_ip=["publicIp"],
            security_groups=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItemItem1(
                group_id=["groupId"],
                group_name=["groupName"]
            )],
            subnet_id=["subnetId"],
            vpc_id=["vpcId"]
        )],
        outpost_arn=["outpostArn"],
        platform=["platform"],
        product_codes=[guardduty_events.DetectorEvents.GuardDutyFinding.InstanceDetailsItem1(
            product_code_id=["productCodeId"],
            product_code_type=["productCodeType"]
        )],
        tags=[guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
            key=["key"],
            value=["value"]
        )]
    ),
    kubernetes_details=guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesDetails(
        kubernetes_user_details=guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesUserDetails(
            groups=["groups"],
            uid=["uid"],
            username=["username"]
        ),
        kubernetes_workload_details=guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetails(
            containers=[guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesWorkloadDetailsItem(
                image=["image"],
                image_prefix=["imagePrefix"],
                name=["name"],
                security_context=guardduty_events.DetectorEvents.GuardDutyFinding.SecurityContext(
                    privileged=["privileged"]
                )
            )],
            name=["name"],
            namespace=["namespace"],
            type=["type"],
            uid=["uid"]
        )
    ),
    resource_type=["resourceType"],
    s3_bucket_details=[guardduty_events.DetectorEvents.GuardDutyFinding.ResourceItem(
        arn=["arn"],
        created_at=["createdAt"],
        default_server_side_encryption=guardduty_events.DetectorEvents.GuardDutyFinding.DefaultServerSideEncryption(
            encryption_type=["encryptionType"],
            kms_master_key_arn=["kmsMasterKeyArn"]
        ),
        name=["name"],
        owner=guardduty_events.DetectorEvents.GuardDutyFinding.Owner(
            id=["id"]
        ),
        public_access=guardduty_events.DetectorEvents.GuardDutyFinding.PublicAccess(
            effective_permission=["effectivePermission"],
            permission_configuration=guardduty_events.DetectorEvents.GuardDutyFinding.PermissionConfiguration(
                account_level_permissions=guardduty_events.DetectorEvents.GuardDutyFinding.AccountLevelPermissions(
                    block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
                        block_public_acls=["blockPublicAcls"],
                        block_public_policy=["blockPublicPolicy"],
                        ignore_public_acls=["ignorePublicAcls"],
                        restrict_public_buckets=["restrictPublicBuckets"]
                    )
                ),
                bucket_level_permissions=guardduty_events.DetectorEvents.GuardDutyFinding.BucketLevelPermissions(
                    access_control_list=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
                        allows_public_read_access=["allowsPublicReadAccess"],
                        allows_public_write_access=["allowsPublicWriteAccess"]
                    ),
                    block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
                        block_public_acls=["blockPublicAcls"],
                        block_public_policy=["blockPublicPolicy"],
                        ignore_public_acls=["ignorePublicAcls"],
                        restrict_public_buckets=["restrictPublicBuckets"]
                    ),
                    bucket_policy=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
                        allows_public_read_access=["allowsPublicReadAccess"],
                        allows_public_write_access=["allowsPublicWriteAccess"]
                    )
                )
            )
        ),
        tags=[guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
            key=["key"],
            value=["value"]
        )],
        type=["type"]
    )]
)

Attributes

access_key_details

(experimental) accessKeyDetails property.

Specify an array of string values to match this event if the actual value of accessKeyDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

container_details

(experimental) containerDetails property.

Specify an array of string values to match this event if the actual value of containerDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ebs_volume_details

(experimental) ebsVolumeDetails property.

Specify an array of string values to match this event if the actual value of ebsVolumeDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ecs_cluster_details

(experimental) ecsClusterDetails property.

Specify an array of string values to match this event if the actual value of ecsClusterDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

eks_cluster_details

(experimental) eksClusterDetails property.

Specify an array of string values to match this event if the actual value of eksClusterDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

instance_details

(experimental) instanceDetails property.

Specify an array of string values to match this event if the actual value of instanceDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

kubernetes_details

(experimental) kubernetesDetails property.

Specify an array of string values to match this event if the actual value of kubernetesDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

resource_type

(experimental) resourceType property.

Specify an array of string values to match this event if the actual value of resourceType is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

s3_bucket_details

(experimental) s3BucketDetails property.

Specify an array of string values to match this event if the actual value of s3BucketDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ResourceItem

class DetectorEvents.GuardDutyFinding.ResourceItem(*, arn=None, created_at=None, default_server_side_encryption=None, name=None, owner=None, public_access=None, tags=None, type=None)

Bases: object

(experimental) Type definition for ResourceItem.

Parameters:

• arn (Optional[Sequence[str]]) – (experimental) arn property. Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• created_at (Optional[Sequence[str]]) – (experimental) createdAt property. Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• default_server_side_encryption (Union[DefaultServerSideEncryption, Dict[str, Any], None]) – (experimental) defaultServerSideEncryption property. Specify an array of string values to match this event if the actual value of defaultServerSideEncryption is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• owner (Union[Owner, Dict[str, Any], None]) – (experimental) owner property. Specify an array of string values to match this event if the actual value of owner is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• public_access (Union[PublicAccess, Dict[str, Any], None]) – (experimental) publicAccess property. Specify an array of string values to match this event if the actual value of publicAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• tags (Optional[Sequence[Union[EcsClusterDetailsItem, Dict[str, Any]]]]) – (experimental) tags property. Specify an array of string values to match this event if the actual value of tags is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• type (Optional[Sequence[str]]) – (experimental) type property. Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

resource_item = guardduty_events.DetectorEvents.GuardDutyFinding.ResourceItem(
    arn=["arn"],
    created_at=["createdAt"],
    default_server_side_encryption=guardduty_events.DetectorEvents.GuardDutyFinding.DefaultServerSideEncryption(
        encryption_type=["encryptionType"],
        kms_master_key_arn=["kmsMasterKeyArn"]
    ),
    name=["name"],
    owner=guardduty_events.DetectorEvents.GuardDutyFinding.Owner(
        id=["id"]
    ),
    public_access=guardduty_events.DetectorEvents.GuardDutyFinding.PublicAccess(
        effective_permission=["effectivePermission"],
        permission_configuration=guardduty_events.DetectorEvents.GuardDutyFinding.PermissionConfiguration(
            account_level_permissions=guardduty_events.DetectorEvents.GuardDutyFinding.AccountLevelPermissions(
                block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
                    block_public_acls=["blockPublicAcls"],
                    block_public_policy=["blockPublicPolicy"],
                    ignore_public_acls=["ignorePublicAcls"],
                    restrict_public_buckets=["restrictPublicBuckets"]
                )
            ),
            bucket_level_permissions=guardduty_events.DetectorEvents.GuardDutyFinding.BucketLevelPermissions(
                access_control_list=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
                    allows_public_read_access=["allowsPublicReadAccess"],
                    allows_public_write_access=["allowsPublicWriteAccess"]
                ),
                block_public_access=guardduty_events.DetectorEvents.GuardDutyFinding.BlockPublicAccess(
                    block_public_acls=["blockPublicAcls"],
                    block_public_policy=["blockPublicPolicy"],
                    ignore_public_acls=["ignorePublicAcls"],
                    restrict_public_buckets=["restrictPublicBuckets"]
                ),
                bucket_policy=guardduty_events.DetectorEvents.GuardDutyFinding.AccessControlList(
                    allows_public_read_access=["allowsPublicReadAccess"],
                    allows_public_write_access=["allowsPublicWriteAccess"]
                )
            )
        )
    ),
    tags=[guardduty_events.DetectorEvents.GuardDutyFinding.EcsClusterDetailsItem(
        key=["key"],
        value=["value"]
    )],
    type=["type"]
)

Attributes

arn

(experimental) arn property.

Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

created_at

(experimental) createdAt property.

Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

default_server_side_encryption

(experimental) defaultServerSideEncryption property.

Specify an array of string values to match this event if the actual value of defaultServerSideEncryption is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

owner

(experimental) owner property.

Specify an array of string values to match this event if the actual value of owner is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

public_access

(experimental) publicAccess property.

Specify an array of string values to match this event if the actual value of publicAccess is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

tags

(experimental) tags property.

Specify an array of string values to match this event if the actual value of tags is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

type

(experimental) type property.

Specify an array of string values to match this event if the actual value of type is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ScanDetections

class DetectorEvents.GuardDutyFinding.ScanDetections(*, highest_severity_threat_details=None, scanned_item_count=None, threat_detected_by_name=None, threats_detected_item_count=None)

Bases: object

(experimental) Type definition for ScanDetections.

Parameters:

• highest_severity_threat_details (Union[HighestSeverityThreatDetails, Dict[str, Any], None]) – (experimental) highestSeverityThreatDetails property. Specify an array of string values to match this event if the actual value of highestSeverityThreatDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• scanned_item_count (Union[ScannedItemCount, Dict[str, Any], None]) – (experimental) scannedItemCount property. Specify an array of string values to match this event if the actual value of scannedItemCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• threat_detected_by_name (Union[ThreatDetectedByName, Dict[str, Any], None]) – (experimental) threatDetectedByName property. Specify an array of string values to match this event if the actual value of threatDetectedByName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• threats_detected_item_count (Union[ThreatsDetectedItemCount, Dict[str, Any], None]) – (experimental) threatsDetectedItemCount property. Specify an array of string values to match this event if the actual value of threatsDetectedItemCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

scan_detections = guardduty_events.DetectorEvents.GuardDutyFinding.ScanDetections(
    highest_severity_threat_details=guardduty_events.DetectorEvents.GuardDutyFinding.HighestSeverityThreatDetails(
        count=["count"],
        severity=["severity"],
        threat_name=["threatName"]
    ),
    scanned_item_count=guardduty_events.DetectorEvents.GuardDutyFinding.ScannedItemCount(
        files=["files"],
        total_gb=["totalGb"],
        volumes=["volumes"]
    ),
    threat_detected_by_name=guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByName(
        item_count=["itemCount"],
        shortened=["shortened"],
        threat_names=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItem(
            file_paths=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItemItem(
                file_name=["fileName"],
                file_path=["filePath"],
                hash=["hash"],
                volume_arn=["volumeArn"]
            )],
            item_count=["itemCount"],
            name=["name"],
            severity=["severity"]
        )],
        unique_threat_name_count=["uniqueThreatNameCount"]
    ),
    threats_detected_item_count=guardduty_events.DetectorEvents.GuardDutyFinding.ThreatsDetectedItemCount(
        files=["files"]
    )
)

Attributes

highest_severity_threat_details

(experimental) highestSeverityThreatDetails property.

Specify an array of string values to match this event if the actual value of highestSeverityThreatDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

scanned_item_count

(experimental) scannedItemCount property.

Specify an array of string values to match this event if the actual value of scannedItemCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

threat_detected_by_name

(experimental) threatDetectedByName property.

Specify an array of string values to match this event if the actual value of threatDetectedByName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

threats_detected_item_count

(experimental) threatsDetectedItemCount property.

Specify an array of string values to match this event if the actual value of threatsDetectedItemCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ScannedItemCount

class DetectorEvents.GuardDutyFinding.ScannedItemCount(*, files=None, total_gb=None, volumes=None)

Bases: object

(experimental) Type definition for ScannedItemCount.

Parameters:

• files (Optional[Sequence[str]]) – (experimental) files property. Specify an array of string values to match this event if the actual value of files is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• total_gb (Optional[Sequence[str]]) – (experimental) totalGb property. Specify an array of string values to match this event if the actual value of totalGb is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• volumes (Optional[Sequence[str]]) – (experimental) volumes property. Specify an array of string values to match this event if the actual value of volumes is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

scanned_item_count = guardduty_events.DetectorEvents.GuardDutyFinding.ScannedItemCount(
    files=["files"],
    total_gb=["totalGb"],
    volumes=["volumes"]
)

Attributes

files

(experimental) files property.

Specify an array of string values to match this event if the actual value of files is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

total_gb

(experimental) totalGb property.

Specify an array of string values to match this event if the actual value of totalGb is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

volumes

(experimental) volumes property.

Specify an array of string values to match this event if the actual value of volumes is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

SecurityContext

class DetectorEvents.GuardDutyFinding.SecurityContext(*, privileged=None)

Bases: object

(experimental) Type definition for SecurityContext.

Parameters:

privileged (Optional[Sequence[str]]) – (experimental) privileged property. Specify an array of string values to match this event if the actual value of privileged is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

security_context = guardduty_events.DetectorEvents.GuardDutyFinding.SecurityContext(
    privileged=["privileged"]
)

Attributes

privileged

(experimental) privileged property.

Specify an array of string values to match this event if the actual value of privileged is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

Service

class DetectorEvents.GuardDutyFinding.Service(*, action=None, additional_info=None, archived=None, aws_api_call_action=None, count=None, detector_id=None, ebs_volume_scan_details=None, event_first_seen=None, event_last_seen=None, evidence=None, feature_name=None, resource_role=None, service_name=None)

Bases: object

(experimental) Type definition for Service.

Parameters:

• action (Union[Action, Dict[str, Any], None]) – (experimental) action property. Specify an array of string values to match this event if the actual value of action is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• additional_info (Union[AdditionalInfo, Dict[str, Any], None]) – (experimental) additionalInfo property. Specify an array of string values to match this event if the actual value of additionalInfo is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• archived (Optional[Sequence[str]]) – (experimental) archived property. Specify an array of string values to match this event if the actual value of archived is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• aws_api_call_action (Union[AwsApiCallAction, Dict[str, Any], None]) – (experimental) awsApiCallAction property. Specify an array of string values to match this event if the actual value of awsApiCallAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• count (Optional[Sequence[str]]) – (experimental) count property. Specify an array of string values to match this event if the actual value of count is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• detector_id (Optional[Sequence[str]]) – (experimental) detectorId property. Specify an array of string values to match this event if the actual value of detectorId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Filter with the Detector reference

• ebs_volume_scan_details (Union[EbsVolumeScanDetails, Dict[str, Any], None]) – (experimental) ebsVolumeScanDetails property. Specify an array of string values to match this event if the actual value of ebsVolumeScanDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• event_first_seen (Optional[Sequence[str]]) – (experimental) eventFirstSeen property. Specify an array of string values to match this event if the actual value of eventFirstSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• event_last_seen (Optional[Sequence[str]]) – (experimental) eventLastSeen property. Specify an array of string values to match this event if the actual value of eventLastSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• evidence (Union[Evidence, Dict[str, Any], None]) – (experimental) evidence property. Specify an array of string values to match this event if the actual value of evidence is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• feature_name (Optional[Sequence[str]]) – (experimental) featureName property. Specify an array of string values to match this event if the actual value of featureName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• resource_role (Optional[Sequence[str]]) – (experimental) resourceRole property. Specify an array of string values to match this event if the actual value of resourceRole is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• service_name (Optional[Sequence[str]]) – (experimental) serviceName property. Specify an array of string values to match this event if the actual value of serviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

# additional_scanned_ports: Any
# unusual: Any

service = guardduty_events.DetectorEvents.GuardDutyFinding.Service(
    action=guardduty_events.DetectorEvents.GuardDutyFinding.Action(
        action_type=["actionType"],
        aws_api_call_action=guardduty_events.DetectorEvents.GuardDutyFinding.AwsApiCallAction1(
            affected_resources=guardduty_events.DetectorEvents.GuardDutyFinding.AffectedResources1(
                aws_cloud_trail_trail=["awsCloudTrailTrail"],
                aws_ec2_instance=["awsEc2Instance"],
                aws_s3_bucket=["awsS3Bucket"]
            ),
            api=["api"],
            caller_type=["callerType"],
            error_code=["errorCode"],
            remote_account_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteAccountDetails(
                account_id=["accountId"],
                affiliated=["affiliated"]
            ),
            remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails1(
                city=guardduty_events.DetectorEvents.GuardDutyFinding.City1(
                    city_name=["cityName"]
                ),
                country=guardduty_events.DetectorEvents.GuardDutyFinding.Country1(
                    country_name=["countryName"]
                ),
                geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
                    lat=["lat"],
                    lon=["lon"]
                ),
                ip_address_v4=["ipAddressV4"],
                organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization1(
                    asn=["asn"],
                    asn_org=["asnOrg"],
                    isp=["isp"],
                    org=["org"]
                )
            ),
            service_name=["serviceName"]
        ),
        dns_request_action=guardduty_events.DetectorEvents.GuardDutyFinding.DnsRequestAction(
            blocked=["blocked"],
            domain=["domain"],
            protocol=["protocol"]
        ),
        kubernetes_api_call_action=guardduty_events.DetectorEvents.GuardDutyFinding.KubernetesApiCallAction(
            parameters=["parameters"],
            remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails2(
                city=guardduty_events.DetectorEvents.GuardDutyFinding.City2(
                    city_name=["cityName"]
                ),
                country=guardduty_events.DetectorEvents.GuardDutyFinding.Country2(
                    country_name=["countryName"]
                ),
                geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
                    lat=["lat"],
                    lon=["lon"]
                ),
                ip_address_v4=["ipAddressV4"],
                organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization2(
                    asn=["asn"],
                    asn_org=["asnOrg"],
                    isp=["isp"],
                    org=["org"]
                )
            ),
            request_uri=["requestUri"],
            source_iPs=["sourceIPs"],
            status_code=["statusCode"],
            user_agent=["userAgent"],
            verb=["verb"]
        ),
        network_connection_action=guardduty_events.DetectorEvents.GuardDutyFinding.NetworkConnectionAction(
            blocked=["blocked"],
            connection_direction=["connectionDirection"],
            local_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails(
                ip_address_v4=["ipAddressV4"]
            ),
            local_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails(
                port=["port"],
                port_name=["portName"]
            ),
            protocol=["protocol"],
            remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails3(
                city=guardduty_events.DetectorEvents.GuardDutyFinding.City3(
                    city_name=["cityName"]
                ),
                country=guardduty_events.DetectorEvents.GuardDutyFinding.Country3(
                    country_name=["countryName"]
                ),
                geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
                    lat=["lat"],
                    lon=["lon"]
                ),
                ip_address_v4=["ipAddressV4"],
                organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization3(
                    asn=["asn"],
                    asn_org=["asnOrg"],
                    isp=["isp"],
                    org=["org"]
                )
            ),
            remote_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemotePortDetails(
                port=["port"],
                port_name=["portName"]
            )
        ),
        port_probe_action=guardduty_events.DetectorEvents.GuardDutyFinding.PortProbeAction(
            blocked=["blocked"],
            port_probe_details=[guardduty_events.DetectorEvents.GuardDutyFinding.PortProbeActionItem(
                local_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalIpDetails1(
                    ip_address_v4=["ipAddressV4"]
                ),
                local_port_details=guardduty_events.DetectorEvents.GuardDutyFinding.LocalPortDetails1(
                    port=["port"],
                    port_name=["portName"]
                ),
                remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails4(
                    city=guardduty_events.DetectorEvents.GuardDutyFinding.City4(
                        city_name=["cityName"]
                    ),
                    country=guardduty_events.DetectorEvents.GuardDutyFinding.Country4(
                        country_name=["countryName"]
                    ),
                    geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation1(
                        lat=["lat"],
                        lon=["lon"]
                    ),
                    ip_address_v4=["ipAddressV4"],
                    organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization4(
                        asn=["asn"],
                        asn_org=["asnOrg"],
                        isp=["isp"],
                        org=["org"]
                    )
                )
            )]
        )
    ),
    additional_info=guardduty_events.DetectorEvents.GuardDutyFinding.AdditionalInfo(
        additional_scanned_ports=[additional_scanned_ports],
        anomalies=guardduty_events.DetectorEvents.GuardDutyFinding.Anomalies(
            anomalous_ap_is=["anomalousApIs"]
        ),
        api_calls=[guardduty_events.DetectorEvents.GuardDutyFinding.AdditionalInfoItem(
            count=["count"],
            first_seen=["firstSeen"],
            last_seen=["lastSeen"],
            name=["name"]
        )],
        domain=["domain"],
        in_bytes=["inBytes"],
        local_port=["localPort"],
        new_policy=guardduty_events.DetectorEvents.GuardDutyFinding.NewPolicy(
            allow_users_to_change_password=["allowUsersToChangePassword"],
            hard_expiry=["hardExpiry"],
            max_password_age=["maxPasswordAge"],
            minimum_password_length=["minimumPasswordLength"],
            password_reuse_prevention=["passwordReusePrevention"],
            require_lowercase_characters=["requireLowercaseCharacters"],
            require_numbers=["requireNumbers"],
            require_symbols=["requireSymbols"],
            require_uppercase_characters=["requireUppercaseCharacters"]
        ),
        old_policy=guardduty_events.DetectorEvents.GuardDutyFinding.OldPolicy(
            allow_users_to_change_password=["allowUsersToChangePassword"],
            hard_expiry=["hardExpiry"],
            max_password_age=["maxPasswordAge"],
            minimum_password_length=["minimumPasswordLength"],
            password_reuse_prevention=["passwordReusePrevention"],
            require_lowercase_characters=["requireLowercaseCharacters"],
            require_numbers=["requireNumbers"],
            require_symbols=["requireSymbols"],
            require_uppercase_characters=["requireUppercaseCharacters"]
        ),
        out_bytes=["outBytes"],
        ports_scanned_sample=[123],
        profiled_behavior=guardduty_events.DetectorEvents.GuardDutyFinding.ProfiledBehavior(
            frequent_profiled_ap_is_account_profiling=["frequentProfiledApIsAccountProfiling"],
            frequent_profiled_ap_is_user_identity_profiling=["frequentProfiledApIsUserIdentityProfiling"],
            frequent_profiled_as_ns_account_profiling=["frequentProfiledAsNsAccountProfiling"],
            frequent_profiled_as_ns_bucket_profiling=["frequentProfiledAsNsBucketProfiling"],
            frequent_profiled_as_ns_user_identity_profiling=["frequentProfiledAsNsUserIdentityProfiling"],
            frequent_profiled_buckets_account_profiling=["frequentProfiledBucketsAccountProfiling"],
            frequent_profiled_buckets_user_identity_profiling=["frequentProfiledBucketsUserIdentityProfiling"],
            frequent_profiled_user_agents_account_profiling=["frequentProfiledUserAgentsAccountProfiling"],
            frequent_profiled_user_agents_user_identity_profiling=["frequentProfiledUserAgentsUserIdentityProfiling"],
            frequent_profiled_user_names_account_profiling=["frequentProfiledUserNamesAccountProfiling"],
            frequent_profiled_user_names_bucket_profiling=["frequentProfiledUserNamesBucketProfiling"],
            frequent_profiled_user_types_account_profiling=["frequentProfiledUserTypesAccountProfiling"],
            infrequent_profiled_ap_is_account_profiling=["infrequentProfiledApIsAccountProfiling"],
            infrequent_profiled_ap_is_user_identity_profiling=["infrequentProfiledApIsUserIdentityProfiling"],
            infrequent_profiled_as_ns_account_profiling=["infrequentProfiledAsNsAccountProfiling"],
            infrequent_profiled_as_ns_bucket_profiling=["infrequentProfiledAsNsBucketProfiling"],
            infrequent_profiled_as_ns_user_identity_profiling=["infrequentProfiledAsNsUserIdentityProfiling"],
            infrequent_profiled_buckets_account_profiling=["infrequentProfiledBucketsAccountProfiling"],
            infrequent_profiled_buckets_user_identity_profiling=["infrequentProfiledBucketsUserIdentityProfiling"],
            infrequent_profiled_user_agents_account_profiling=["infrequentProfiledUserAgentsAccountProfiling"],
            infrequent_profiled_user_agents_user_identity_profiling=["infrequentProfiledUserAgentsUserIdentityProfiling"],
            infrequent_profiled_user_names_account_profiling=["infrequentProfiledUserNamesAccountProfiling"],
            infrequent_profiled_user_names_bucket_profiling=["infrequentProfiledUserNamesBucketProfiling"],
            infrequent_profiled_user_types_account_profiling=["infrequentProfiledUserTypesAccountProfiling"],
            number_of_historical_daily_avg_ap_is_bucket_profiling=["numberOfHistoricalDailyAvgApIsBucketProfiling"],
            number_of_historical_daily_avg_ap_is_bucket_user_identity_profiling=["numberOfHistoricalDailyAvgApIsBucketUserIdentityProfiling"],
            number_of_historical_daily_avg_ap_is_user_identity_profiling=["numberOfHistoricalDailyAvgApIsUserIdentityProfiling"],
            number_of_historical_daily_max_ap_is_bucket_profiling=["numberOfHistoricalDailyMaxApIsBucketProfiling"],
            number_of_historical_daily_max_ap_is_bucket_user_identity_profiling=["numberOfHistoricalDailyMaxApIsBucketUserIdentityProfiling"],
            number_of_historical_daily_max_ap_is_user_identity_profiling=["numberOfHistoricalDailyMaxApIsUserIdentityProfiling"],
            rare_profiled_ap_is_account_profiling=["rareProfiledApIsAccountProfiling"],
            rare_profiled_ap_is_user_identity_profiling=["rareProfiledApIsUserIdentityProfiling"],
            rare_profiled_as_ns_account_profiling=["rareProfiledAsNsAccountProfiling"],
            rare_profiled_as_ns_bucket_profiling=["rareProfiledAsNsBucketProfiling"],
            rare_profiled_as_ns_user_identity_profiling=["rareProfiledAsNsUserIdentityProfiling"],
            rare_profiled_buckets_account_profiling=["rareProfiledBucketsAccountProfiling"],
            rare_profiled_buckets_user_identity_profiling=["rareProfiledBucketsUserIdentityProfiling"],
            rare_profiled_user_agents_account_profiling=["rareProfiledUserAgentsAccountProfiling"],
            rare_profiled_user_agents_user_identity_profiling=["rareProfiledUserAgentsUserIdentityProfiling"],
            rare_profiled_user_names_account_profiling=["rareProfiledUserNamesAccountProfiling"],
            rare_profiled_user_names_bucket_profiling=["rareProfiledUserNamesBucketProfiling"],
            rare_profiled_user_types_account_profiling=["rareProfiledUserTypesAccountProfiling"]
        ),
        recent_credentials=[guardduty_events.DetectorEvents.GuardDutyFinding.AdditionalInfoItem1(
            access_key_id=["accessKeyId"],
            ip_address_v4=["ipAddressV4"],
            principal_id=["principalId"]
        )],
        sample=["sample"],
        scanned_port=["scannedPort"],
        threat_list_name=["threatListName"],
        threat_name=["threatName"],
        type=["type"],
        unusual=unusual,
        unusual_behavior=guardduty_events.DetectorEvents.GuardDutyFinding.UnusualBehavior(
            is_unusual_user_identity=["isUnusualUserIdentity"],
            number_of_past24_hours_ap_is_bucket_profiling=["numberOfPast24HoursApIsBucketProfiling"],
            number_of_past24_hours_ap_is_bucket_user_identity_profiling=["numberOfPast24HoursApIsBucketUserIdentityProfiling"],
            number_of_past24_hours_ap_is_user_identity_profiling=["numberOfPast24HoursApIsUserIdentityProfiling"],
            unusual_ap_is_account_profiling=["unusualApIsAccountProfiling"],
            unusual_ap_is_user_identity_profiling=["unusualApIsUserIdentityProfiling"],
            unusual_as_ns_account_profiling=["unusualAsNsAccountProfiling"],
            unusual_as_ns_bucket_profiling=["unusualAsNsBucketProfiling"],
            unusual_as_ns_user_identity_profiling=["unusualAsNsUserIdentityProfiling"],
            unusual_buckets_account_profiling=["unusualBucketsAccountProfiling"],
            unusual_buckets_user_identity_profiling=["unusualBucketsUserIdentityProfiling"],
            unusual_user_agents_account_profiling=["unusualUserAgentsAccountProfiling"],
            unusual_user_agents_user_identity_profiling=["unusualUserAgentsUserIdentityProfiling"],
            unusual_user_names_account_profiling=["unusualUserNamesAccountProfiling"],
            unusual_user_names_bucket_profiling=["unusualUserNamesBucketProfiling"],
            unusual_user_types_account_profiling=["unusualUserTypesAccountProfiling"]
        ),
        unusual_protocol=["unusualProtocol"],
        user_agent=guardduty_events.DetectorEvents.GuardDutyFinding.UserAgent(
            full_user_agent=["fullUserAgent"],
            user_agent_category=["userAgentCategory"]
        ),
        value=["value"]
    ),
    archived=["archived"],
    aws_api_call_action=guardduty_events.DetectorEvents.GuardDutyFinding.AwsApiCallAction(
        affected_resources=["affectedResources"],
        api=["api"],
        caller_type=["callerType"],
        error_code=["errorCode"],
        remote_ip_details=guardduty_events.DetectorEvents.GuardDutyFinding.RemoteIpDetails(
            city=guardduty_events.DetectorEvents.GuardDutyFinding.City(
                city_name=["cityName"]
            ),
            country=guardduty_events.DetectorEvents.GuardDutyFinding.Country(
                country_name=["countryName"]
            ),
            geo_location=guardduty_events.DetectorEvents.GuardDutyFinding.GeoLocation(
                lat=["lat"],
                lon=["lon"]
            ),
            ip_address_v4=["ipAddressV4"],
            organization=guardduty_events.DetectorEvents.GuardDutyFinding.Organization(
                asn=["asn"],
                asn_org=["asnOrg"],
                isp=["isp"],
                org=["org"]
            )
        ),
        service_name=["serviceName"]
    ),
    count=["count"],
    detector_id=["detectorId"],
    ebs_volume_scan_details=guardduty_events.DetectorEvents.GuardDutyFinding.EbsVolumeScanDetails(
        scan_completed_at=["scanCompletedAt"],
        scan_detections=guardduty_events.DetectorEvents.GuardDutyFinding.ScanDetections(
            highest_severity_threat_details=guardduty_events.DetectorEvents.GuardDutyFinding.HighestSeverityThreatDetails(
                count=["count"],
                severity=["severity"],
                threat_name=["threatName"]
            ),
            scanned_item_count=guardduty_events.DetectorEvents.GuardDutyFinding.ScannedItemCount(
                files=["files"],
                total_gb=["totalGb"],
                volumes=["volumes"]
            ),
            threat_detected_by_name=guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByName(
                item_count=["itemCount"],
                shortened=["shortened"],
                threat_names=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItem(
                    file_paths=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItemItem(
                        file_name=["fileName"],
                        file_path=["filePath"],
                        hash=["hash"],
                        volume_arn=["volumeArn"]
                    )],
                    item_count=["itemCount"],
                    name=["name"],
                    severity=["severity"]
                )],
                unique_threat_name_count=["uniqueThreatNameCount"]
            ),
            threats_detected_item_count=guardduty_events.DetectorEvents.GuardDutyFinding.ThreatsDetectedItemCount(
                files=["files"]
            )
        ),
        scan_id=["scanId"],
        scan_started_at=["scanStartedAt"],
        sources=["sources"],
        trigger_finding_id=["triggerFindingId"]
    ),
    event_first_seen=["eventFirstSeen"],
    event_last_seen=["eventLastSeen"],
    evidence=guardduty_events.DetectorEvents.GuardDutyFinding.Evidence(
        threat_intelligence_details=[guardduty_events.DetectorEvents.GuardDutyFinding.EvidenceItem(
            threat_list_name=["threatListName"],
            threat_names=["threatNames"]
        )]
    ),
    feature_name=["featureName"],
    resource_role=["resourceRole"],
    service_name=["serviceName"]
)

Attributes

action

(experimental) action property.

Specify an array of string values to match this event if the actual value of action is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

additional_info

(experimental) additionalInfo property.

Specify an array of string values to match this event if the actual value of additionalInfo is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

archived

(experimental) archived property.

Specify an array of string values to match this event if the actual value of archived is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

aws_api_call_action

(experimental) awsApiCallAction property.

Specify an array of string values to match this event if the actual value of awsApiCallAction is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

count

(experimental) count property.

Specify an array of string values to match this event if the actual value of count is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

detector_id

(experimental) detectorId property.

Specify an array of string values to match this event if the actual value of detectorId is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Filter with the Detector reference

Stability:

experimental

ebs_volume_scan_details

(experimental) ebsVolumeScanDetails property.

Specify an array of string values to match this event if the actual value of ebsVolumeScanDetails is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

event_first_seen

(experimental) eventFirstSeen property.

Specify an array of string values to match this event if the actual value of eventFirstSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

event_last_seen

(experimental) eventLastSeen property.

Specify an array of string values to match this event if the actual value of eventLastSeen is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

evidence

(experimental) evidence property.

Specify an array of string values to match this event if the actual value of evidence is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

feature_name

(experimental) featureName property.

Specify an array of string values to match this event if the actual value of featureName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

resource_role

(experimental) resourceRole property.

Specify an array of string values to match this event if the actual value of resourceRole is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

service_name

(experimental) serviceName property.

Specify an array of string values to match this event if the actual value of serviceName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

TaskDetails

class DetectorEvents.GuardDutyFinding.TaskDetails(*, arn=None, containers=None, created_at=None, definition_arn=None, started_at=None, started_by=None, version=None)

Bases: object

(experimental) Type definition for TaskDetails.

Parameters:

• arn (Optional[Sequence[str]]) – (experimental) arn property. Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• containers (Optional[Sequence[Union[TaskDetailsItem, Dict[str, Any]]]]) – (experimental) containers property. Specify an array of string values to match this event if the actual value of containers is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• created_at (Optional[Sequence[str]]) – (experimental) createdAt property. Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• definition_arn (Optional[Sequence[str]]) – (experimental) definitionArn property. Specify an array of string values to match this event if the actual value of definitionArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• started_at (Optional[Sequence[str]]) – (experimental) startedAt property. Specify an array of string values to match this event if the actual value of startedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• started_by (Optional[Sequence[str]]) – (experimental) startedBy property. Specify an array of string values to match this event if the actual value of startedBy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• version (Optional[Sequence[str]]) – (experimental) version property. Specify an array of string values to match this event if the actual value of version is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

task_details = guardduty_events.DetectorEvents.GuardDutyFinding.TaskDetails(
    arn=["arn"],
    containers=[guardduty_events.DetectorEvents.GuardDutyFinding.TaskDetailsItem(
        image=["image"],
        name=["name"]
    )],
    created_at=["createdAt"],
    definition_arn=["definitionArn"],
    started_at=["startedAt"],
    started_by=["startedBy"],
    version=["version"]
)

Attributes

arn

(experimental) arn property.

Specify an array of string values to match this event if the actual value of arn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

containers

(experimental) containers property.

Specify an array of string values to match this event if the actual value of containers is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

created_at

(experimental) createdAt property.

Specify an array of string values to match this event if the actual value of createdAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

definition_arn

(experimental) definitionArn property.

Specify an array of string values to match this event if the actual value of definitionArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

started_at

(experimental) startedAt property.

Specify an array of string values to match this event if the actual value of startedAt is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

started_by

(experimental) startedBy property.

Specify an array of string values to match this event if the actual value of startedBy is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

version

(experimental) version property.

Specify an array of string values to match this event if the actual value of version is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

TaskDetailsItem

class DetectorEvents.GuardDutyFinding.TaskDetailsItem(*, image=None, name=None)

Bases: object

(experimental) Type definition for TaskDetailsItem.

Parameters:

• image (Optional[Sequence[str]]) – (experimental) image property. Specify an array of string values to match this event if the actual value of image is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

task_details_item = guardduty_events.DetectorEvents.GuardDutyFinding.TaskDetailsItem(
    image=["image"],
    name=["name"]
)

Attributes

image

(experimental) image property.

Specify an array of string values to match this event if the actual value of image is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ThreatDetectedByName

class DetectorEvents.GuardDutyFinding.ThreatDetectedByName(*, item_count=None, shortened=None, threat_names=None, unique_threat_name_count=None)

Bases: object

(experimental) Type definition for ThreatDetectedByName.

Parameters:

• item_count (Optional[Sequence[str]]) – (experimental) itemCount property. Specify an array of string values to match this event if the actual value of itemCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• shortened (Optional[Sequence[str]]) – (experimental) shortened property. Specify an array of string values to match this event if the actual value of shortened is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• threat_names (Optional[Sequence[Union[ThreatDetectedByNameItem, Dict[str, Any]]]]) – (experimental) threatNames property. Specify an array of string values to match this event if the actual value of threatNames is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unique_threat_name_count (Optional[Sequence[str]]) – (experimental) uniqueThreatNameCount property. Specify an array of string values to match this event if the actual value of uniqueThreatNameCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

threat_detected_by_name = guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByName(
    item_count=["itemCount"],
    shortened=["shortened"],
    threat_names=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItem(
        file_paths=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItemItem(
            file_name=["fileName"],
            file_path=["filePath"],
            hash=["hash"],
            volume_arn=["volumeArn"]
        )],
        item_count=["itemCount"],
        name=["name"],
        severity=["severity"]
    )],
    unique_threat_name_count=["uniqueThreatNameCount"]
)

Attributes

item_count

(experimental) itemCount property.

Specify an array of string values to match this event if the actual value of itemCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

shortened

(experimental) shortened property.

Specify an array of string values to match this event if the actual value of shortened is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

threat_names

(experimental) threatNames property.

Specify an array of string values to match this event if the actual value of threatNames is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unique_threat_name_count

(experimental) uniqueThreatNameCount property.

Specify an array of string values to match this event if the actual value of uniqueThreatNameCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ThreatDetectedByNameItem

class DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItem(*, file_paths=None, item_count=None, name=None, severity=None)

Bases: object

(experimental) Type definition for ThreatDetectedByNameItem.

Parameters:

• file_paths (Optional[Sequence[Union[ThreatDetectedByNameItemItem, Dict[str, Any]]]]) – (experimental) filePaths property. Specify an array of string values to match this event if the actual value of filePaths is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• item_count (Optional[Sequence[str]]) – (experimental) itemCount property. Specify an array of string values to match this event if the actual value of itemCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• name (Optional[Sequence[str]]) – (experimental) name property. Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• severity (Optional[Sequence[str]]) – (experimental) severity property. Specify an array of string values to match this event if the actual value of severity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

threat_detected_by_name_item = guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItem(
    file_paths=[guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItemItem(
        file_name=["fileName"],
        file_path=["filePath"],
        hash=["hash"],
        volume_arn=["volumeArn"]
    )],
    item_count=["itemCount"],
    name=["name"],
    severity=["severity"]
)

Attributes

file_paths

(experimental) filePaths property.

Specify an array of string values to match this event if the actual value of filePaths is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

item_count

(experimental) itemCount property.

Specify an array of string values to match this event if the actual value of itemCount is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

name

(experimental) name property.

Specify an array of string values to match this event if the actual value of name is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

severity

(experimental) severity property.

Specify an array of string values to match this event if the actual value of severity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ThreatDetectedByNameItemItem

class DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItemItem(*, file_name=None, file_path=None, hash=None, volume_arn=None)

Bases: object

(experimental) Type definition for ThreatDetectedByNameItemItem.

Parameters:

• file_name (Optional[Sequence[str]]) – (experimental) fileName property. Specify an array of string values to match this event if the actual value of fileName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• file_path (Optional[Sequence[str]]) – (experimental) filePath property. Specify an array of string values to match this event if the actual value of filePath is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• hash (Optional[Sequence[str]]) – (experimental) hash property. Specify an array of string values to match this event if the actual value of hash is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• volume_arn (Optional[Sequence[str]]) – (experimental) volumeArn property. Specify an array of string values to match this event if the actual value of volumeArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

threat_detected_by_name_item_item = guardduty_events.DetectorEvents.GuardDutyFinding.ThreatDetectedByNameItemItem(
    file_name=["fileName"],
    file_path=["filePath"],
    hash=["hash"],
    volume_arn=["volumeArn"]
)

Attributes

file_name

(experimental) fileName property.

Specify an array of string values to match this event if the actual value of fileName is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

file_path

(experimental) filePath property.

Specify an array of string values to match this event if the actual value of filePath is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

hash

(experimental) hash property.

Specify an array of string values to match this event if the actual value of hash is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

volume_arn

(experimental) volumeArn property.

Specify an array of string values to match this event if the actual value of volumeArn is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

ThreatsDetectedItemCount

class DetectorEvents.GuardDutyFinding.ThreatsDetectedItemCount(*, files=None)

Bases: object

(experimental) Type definition for ThreatsDetectedItemCount.

Parameters:

files (Optional[Sequence[str]]) – (experimental) files property. Specify an array of string values to match this event if the actual value of files is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

threats_detected_item_count = guardduty_events.DetectorEvents.GuardDutyFinding.ThreatsDetectedItemCount(
    files=["files"]
)

Attributes

files

(experimental) files property.

Specify an array of string values to match this event if the actual value of files is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

UnusualBehavior

class DetectorEvents.GuardDutyFinding.UnusualBehavior(*, is_unusual_user_identity=None, number_of_past24_hours_ap_is_bucket_profiling=None, number_of_past24_hours_ap_is_bucket_user_identity_profiling=None, number_of_past24_hours_ap_is_user_identity_profiling=None, unusual_ap_is_account_profiling=None, unusual_ap_is_user_identity_profiling=None, unusual_as_ns_account_profiling=None, unusual_as_ns_bucket_profiling=None, unusual_as_ns_user_identity_profiling=None, unusual_buckets_account_profiling=None, unusual_buckets_user_identity_profiling=None, unusual_user_agents_account_profiling=None, unusual_user_agents_user_identity_profiling=None, unusual_user_names_account_profiling=None, unusual_user_names_bucket_profiling=None, unusual_user_types_account_profiling=None)

Bases: object

(experimental) Type definition for UnusualBehavior.

Parameters:

• is_unusual_user_identity (Optional[Sequence[str]]) – (experimental) isUnusualUserIdentity property. Specify an array of string values to match this event if the actual value of isUnusualUserIdentity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_past24_hours_ap_is_bucket_profiling (Optional[Sequence[str]]) – (experimental) numberOfPast24HoursAPIsBucketProfiling property. Specify an array of string values to match this event if the actual value of numberOfPast24HoursAPIsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_past24_hours_ap_is_bucket_user_identity_profiling (Optional[Sequence[str]]) – (experimental) numberOfPast24HoursAPIsBucketUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of numberOfPast24HoursAPIsBucketUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• number_of_past24_hours_ap_is_user_identity_profiling (Optional[Sequence[str]]) – (experimental) numberOfPast24HoursAPIsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of numberOfPast24HoursAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_ap_is_account_profiling (Optional[Sequence[str]]) – (experimental) unusualAPIsAccountProfiling property. Specify an array of string values to match this event if the actual value of unusualAPIsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_ap_is_user_identity_profiling (Optional[Sequence[str]]) – (experimental) unusualAPIsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of unusualAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_as_ns_account_profiling (Optional[Sequence[str]]) – (experimental) unusualASNsAccountProfiling property. Specify an array of string values to match this event if the actual value of unusualASNsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_as_ns_bucket_profiling (Optional[Sequence[str]]) – (experimental) unusualASNsBucketProfiling property. Specify an array of string values to match this event if the actual value of unusualASNsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_as_ns_user_identity_profiling (Optional[Sequence[str]]) – (experimental) unusualASNsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of unusualASNsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_buckets_account_profiling (Optional[Sequence[str]]) – (experimental) unusualBucketsAccountProfiling property. Specify an array of string values to match this event if the actual value of unusualBucketsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_buckets_user_identity_profiling (Optional[Sequence[str]]) – (experimental) unusualBucketsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of unusualBucketsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_user_agents_account_profiling (Optional[Sequence[str]]) – (experimental) unusualUserAgentsAccountProfiling property. Specify an array of string values to match this event if the actual value of unusualUserAgentsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_user_agents_user_identity_profiling (Optional[Sequence[str]]) – (experimental) unusualUserAgentsUserIdentityProfiling property. Specify an array of string values to match this event if the actual value of unusualUserAgentsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_user_names_account_profiling (Optional[Sequence[str]]) – (experimental) unusualUserNamesAccountProfiling property. Specify an array of string values to match this event if the actual value of unusualUserNamesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_user_names_bucket_profiling (Optional[Sequence[str]]) – (experimental) unusualUserNamesBucketProfiling property. Specify an array of string values to match this event if the actual value of unusualUserNamesBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• unusual_user_types_account_profiling (Optional[Sequence[str]]) – (experimental) unusualUserTypesAccountProfiling property. Specify an array of string values to match this event if the actual value of unusualUserTypesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

unusual_behavior = guardduty_events.DetectorEvents.GuardDutyFinding.UnusualBehavior(
    is_unusual_user_identity=["isUnusualUserIdentity"],
    number_of_past24_hours_ap_is_bucket_profiling=["numberOfPast24HoursApIsBucketProfiling"],
    number_of_past24_hours_ap_is_bucket_user_identity_profiling=["numberOfPast24HoursApIsBucketUserIdentityProfiling"],
    number_of_past24_hours_ap_is_user_identity_profiling=["numberOfPast24HoursApIsUserIdentityProfiling"],
    unusual_ap_is_account_profiling=["unusualApIsAccountProfiling"],
    unusual_ap_is_user_identity_profiling=["unusualApIsUserIdentityProfiling"],
    unusual_as_ns_account_profiling=["unusualAsNsAccountProfiling"],
    unusual_as_ns_bucket_profiling=["unusualAsNsBucketProfiling"],
    unusual_as_ns_user_identity_profiling=["unusualAsNsUserIdentityProfiling"],
    unusual_buckets_account_profiling=["unusualBucketsAccountProfiling"],
    unusual_buckets_user_identity_profiling=["unusualBucketsUserIdentityProfiling"],
    unusual_user_agents_account_profiling=["unusualUserAgentsAccountProfiling"],
    unusual_user_agents_user_identity_profiling=["unusualUserAgentsUserIdentityProfiling"],
    unusual_user_names_account_profiling=["unusualUserNamesAccountProfiling"],
    unusual_user_names_bucket_profiling=["unusualUserNamesBucketProfiling"],
    unusual_user_types_account_profiling=["unusualUserTypesAccountProfiling"]
)

Attributes

is_unusual_user_identity

(experimental) isUnusualUserIdentity property.

Specify an array of string values to match this event if the actual value of isUnusualUserIdentity is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_past24_hours_ap_is_bucket_profiling

(experimental) numberOfPast24HoursAPIsBucketProfiling property.

Specify an array of string values to match this event if the actual value of numberOfPast24HoursAPIsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_past24_hours_ap_is_bucket_user_identity_profiling

(experimental) numberOfPast24HoursAPIsBucketUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of numberOfPast24HoursAPIsBucketUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

number_of_past24_hours_ap_is_user_identity_profiling

(experimental) numberOfPast24HoursAPIsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of numberOfPast24HoursAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_ap_is_account_profiling

(experimental) unusualAPIsAccountProfiling property.

Specify an array of string values to match this event if the actual value of unusualAPIsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_ap_is_user_identity_profiling

(experimental) unusualAPIsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of unusualAPIsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_as_ns_account_profiling

(experimental) unusualASNsAccountProfiling property.

Specify an array of string values to match this event if the actual value of unusualASNsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_as_ns_bucket_profiling

(experimental) unusualASNsBucketProfiling property.

Specify an array of string values to match this event if the actual value of unusualASNsBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_as_ns_user_identity_profiling

(experimental) unusualASNsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of unusualASNsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_buckets_account_profiling

(experimental) unusualBucketsAccountProfiling property.

Specify an array of string values to match this event if the actual value of unusualBucketsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_buckets_user_identity_profiling

(experimental) unusualBucketsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of unusualBucketsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_user_agents_account_profiling

(experimental) unusualUserAgentsAccountProfiling property.

Specify an array of string values to match this event if the actual value of unusualUserAgentsAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_user_agents_user_identity_profiling

(experimental) unusualUserAgentsUserIdentityProfiling property.

Specify an array of string values to match this event if the actual value of unusualUserAgentsUserIdentityProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_user_names_account_profiling

(experimental) unusualUserNamesAccountProfiling property.

Specify an array of string values to match this event if the actual value of unusualUserNamesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_user_names_bucket_profiling

(experimental) unusualUserNamesBucketProfiling property.

Specify an array of string values to match this event if the actual value of unusualUserNamesBucketProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

unusual_user_types_account_profiling

(experimental) unusualUserTypesAccountProfiling property.

Specify an array of string values to match this event if the actual value of unusualUserTypesAccountProfiling is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

UserAgent

class DetectorEvents.GuardDutyFinding.UserAgent(*, full_user_agent=None, user_agent_category=None)

Bases: object

(experimental) Type definition for UserAgent.

Parameters:

• full_user_agent (Optional[Sequence[str]]) – (experimental) fullUserAgent property. Specify an array of string values to match this event if the actual value of fullUserAgent is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

• user_agent_category (Optional[Sequence[str]]) – (experimental) userAgentCategory property. Specify an array of string values to match this event if the actual value of userAgentCategory is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options. Default: - Do not filter on this field

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_guardduty import events as guardduty_events

user_agent = guardduty_events.DetectorEvents.GuardDutyFinding.UserAgent(
    full_user_agent=["fullUserAgent"],
    user_agent_category=["userAgentCategory"]
)

Attributes

full_user_agent

(experimental) fullUserAgent property.

Specify an array of string values to match this event if the actual value of fullUserAgent is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental

user_agent_category

(experimental) userAgentCategory property.

Specify an array of string values to match this event if the actual value of userAgentCategory is one of the values in the array. Use one of the constructors on the aws_events.Match for more advanced matching options.

Default:

• Do not filter on this field

Stability:

experimental