CreateThreatEntitySet - Amazon GuardDuty
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

CreateThreatEntitySet

Creates a new threat entity set. In a threat entity set, you can provide known malicious IP addresses and domains for your AWS environment. GuardDuty generates findings based on the entries in the threat entity sets. Only users of the administrator account can manage entity sets, which automatically apply to member accounts.

Request Syntax

POST /detector/detectorId/threatentityset HTTP/1.1
Content-type: application/json

{
   "activate": boolean,
   "clientToken": "string",
   "expectedBucketOwner": "string",
   "format": "string",
   "location": "string",
   "name": "string",
   "tags": { 
      "string" : "string" 
   }
}

URI Request Parameters

The request uses the following URI parameters.

detectorId

The unique ID of the detector of the GuardDuty account for which you want to create a threat entity set.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

Request Body

The request accepts the following data in JSON format.

activate

A boolean value that indicates whether GuardDuty should start using the uploaded threat entity set to generate findings.

Type: Boolean

Required: Yes

clientToken

The idempotency token for the create request.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 64.

Required: No

expectedBucketOwner

The AWS account ID that owns the Amazon S3 bucket specified in the location parameter.

Type: String

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]+$

Required: No

format

The format of the file that contains the threat entity set.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Valid Values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE

Required: Yes

location

The URI of the file that contains the threat entity set.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

name

A user-friendly name to identify the threat entity set.

List naming constraints - The name of your list can include lowercase letters, uppercase letters, numbers, dash (-), and underscore (_).

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

tags

The tags to be added to a new threat entity set resource.

Type: String to string map

Map Entries: Maximum number of 200 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Maximum length of 256.

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "threatEntitySetId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

threatEntitySetId

The ID returned by GuardDuty after creation of the threat entity set resource.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

BadRequestException

A bad request exception object.

HTTP Status Code: 400

InternalServerErrorException

An internal server error exception object.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: