feat(client-guardduty): Add EC2 support for GuardDuty Runtime Monitor…

…ing auto management.
aws · Mar 28, 2024 · 11a2340 · 11a2340
1 parent 790018d
commit 11a2340
Show file tree

Hide file tree

Showing 15 changed files with 143 additions and 33 deletions.
diff --git a/clients/client-guardduty/src/commands/CreateDetectorCommand.ts b/clients/client-guardduty/src/commands/CreateDetectorCommand.ts
@@ -84,7 +84,7 @@ export interface CreateDetectorCommandOutput extends CreateDetectorResponse, __M
  *       Status: "ENABLED" || "DISABLED",
  *       AdditionalConfiguration: [ // DetectorAdditionalConfigurations
  *         { // DetectorAdditionalConfiguration
- *           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
+ *           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
  *           Status: "ENABLED" || "DISABLED",
  *         },
  *       ],

diff --git a/clients/client-guardduty/src/commands/CreateMembersCommand.ts b/clients/client-guardduty/src/commands/CreateMembersCommand.ts
@@ -43,14 +43,14 @@ export interface CreateMembersCommandOutput extends CreateMembersResponse, __Met
  *       accounts in this request, irrespective of the accounts being new or existing members. For
  *       more information about the existing auto-enable settings for your organization, see
  *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DescribeOrganizationConfiguration.html">DescribeOrganizationConfiguration</a>.</p>
- *          <p>If you are adding accounts by invitation, before using <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a>, use
- *       <code>CreateMembers</code> after GuardDuty has been enabled in potential member accounts.</p>
- *          <p>If you disassociate a member from a GuardDuty
- *       delegated administrator, the member account details
+ *          <p>If you disassociate a member account that was added by invitation, the member account details
  *       obtained from this API, including the associated email addresses, will be retained.
  *       This is done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
  *       remove the details associated with a member account, the delegated administrator must invoke the
  *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
+ *          <p>When the member accounts added through Organizations are later disassociated, you (administrator)
+ *       can't invite them by calling the InviteMembers API. You can create an association with these
+ *       member accounts again only by calling the CreateMembers API.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-guardduty/src/commands/DescribeOrganizationConfigurationCommand.ts b/clients/client-guardduty/src/commands/DescribeOrganizationConfigurationCommand.ts
@@ -79,7 +79,7 @@ export interface DescribeOrganizationConfigurationCommandOutput
  * //       AutoEnable: "NEW" || "NONE" || "ALL",
  * //       AdditionalConfiguration: [ // OrganizationAdditionalConfigurationResults
  * //         { // OrganizationAdditionalConfigurationResult
- * //           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
+ * //           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
  * //           AutoEnable: "NEW" || "NONE" || "ALL",
  * //         },
  * //       ],

diff --git a/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts b/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts
@@ -38,6 +38,14 @@ export interface DisassociateMembersCommandOutput extends DisassociateMembersRes
  *          <p>With <code>autoEnableOrganizationMembers</code> configuration for your organization set to
  *         <code>ALL</code>, you'll receive an error if you attempt to disassociate a member account
  *       before removing them from your organization.</p>
+ *          <p>If you disassociate a member account that was added by invitation, the member account details
+ *       obtained from this API, including the associated email addresses, will be retained.
+ *       This is done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
+ *       remove the details associated with a member account, the delegated administrator must invoke the
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
+ *          <p>When the member accounts added through Organizations are later disassociated, you (administrator)
+ *       can't invite them by calling the InviteMembers API. You can create an association with these
+ *       member accounts again only by calling the CreateMembers API.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-guardduty/src/commands/GetDetectorCommand.ts b/clients/client-guardduty/src/commands/GetDetectorCommand.ts
@@ -86,7 +86,7 @@ export interface GetDetectorCommandOutput extends GetDetectorResponse, __Metadat
  * //       UpdatedAt: new Date("TIMESTAMP"),
  * //       AdditionalConfiguration: [ // DetectorAdditionalConfigurationResults
  * //         { // DetectorAdditionalConfigurationResult
- * //           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
+ * //           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
  * //           Status: "ENABLED" || "DISABLED",
  * //           UpdatedAt: new Date("TIMESTAMP"),
  * //         },

diff --git a/clients/client-guardduty/src/commands/GetFindingsCommand.ts b/clients/client-guardduty/src/commands/GetFindingsCommand.ts
@@ -578,6 +578,7 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat
  * //               ThreatNames: [ // ThreatNames
  * //                 "STRING_VALUE",
  * //               ],
+ * //               ThreatFileSha256: "STRING_VALUE",
  * //             },
  * //           ],
  * //         },
@@ -744,6 +745,11 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat
  * //             MemoryRegions: [ // MemoryRegionsList
  * //               "STRING_VALUE",
  * //             ],
+ * //             ToolName: "STRING_VALUE",
+ * //             ToolCategory: "STRING_VALUE",
+ * //             ServiceName: "STRING_VALUE",
+ * //             CommandLineExample: "STRING_VALUE",
+ * //             ThreatFilePath: "STRING_VALUE",
  * //           },
  * //         },
  * //         Detection: { // Detection

diff --git a/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts b/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts
@@ -84,7 +84,7 @@ export interface GetMemberDetectorsCommandOutput extends GetMemberDetectorsRespo
  * //           UpdatedAt: new Date("TIMESTAMP"),
  * //           AdditionalConfiguration: [ // MemberAdditionalConfigurationResults
  * //             { // MemberAdditionalConfigurationResult
- * //               Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
+ * //               Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
  * //               Status: "ENABLED" || "DISABLED",
  * //               UpdatedAt: new Date("TIMESTAMP"),
  * //             },

diff --git a/clients/client-guardduty/src/commands/GetOrganizationStatisticsCommand.ts b/clients/client-guardduty/src/commands/GetOrganizationStatisticsCommand.ts
@@ -54,7 +54,7 @@ export interface GetOrganizationStatisticsCommandOutput extends GetOrganizationS
  * //           EnabledAccountsCount: Number("int"),
  * //           AdditionalConfiguration: [ // OrganizationFeatureStatisticsAdditionalConfigurations
  * //             { // OrganizationFeatureStatisticsAdditionalConfiguration
- * //               Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
+ * //               Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
  * //               EnabledAccountsCount: Number("int"),
  * //             },
  * //           ],

diff --git a/clients/client-guardduty/src/commands/InviteMembersCommand.ts b/clients/client-guardduty/src/commands/InviteMembersCommand.ts
@@ -45,6 +45,14 @@ export interface InviteMembersCommandOutput extends InviteMembersResponse, __Met
  *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html">CreateMembers</a> again. To
  *       remove the details associated with a member account, you must also invoke
  *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a>. </p>
+ *          <p>If you disassociate a member account that was added by invitation, the member account details
+ *       obtained from this API, including the associated email addresses, will be retained.
+ *       This is done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
+ *       remove the details associated with a member account, the delegated administrator must invoke the
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
+ *          <p>When the member accounts added through Organizations are later disassociated, you (administrator)
+ *       can't invite them by calling the InviteMembers API. You can create an association with these
+ *       member accounts again only by calling the CreateMembers API.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-guardduty/src/commands/UpdateDetectorCommand.ts b/clients/client-guardduty/src/commands/UpdateDetectorCommand.ts
@@ -67,7 +67,7 @@ export interface UpdateDetectorCommandOutput extends UpdateDetectorResponse, __M
  *       Status: "ENABLED" || "DISABLED",
  *       AdditionalConfiguration: [ // DetectorAdditionalConfigurations
  *         { // DetectorAdditionalConfiguration
- *           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
+ *           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
  *           Status: "ENABLED" || "DISABLED",
  *         },
  *       ],

diff --git a/clients/client-guardduty/src/commands/UpdateMemberDetectorsCommand.ts b/clients/client-guardduty/src/commands/UpdateMemberDetectorsCommand.ts
@@ -68,7 +68,7 @@ export interface UpdateMemberDetectorsCommandOutput extends UpdateMemberDetector
  *       Status: "ENABLED" || "DISABLED",
  *       AdditionalConfiguration: [ // MemberAdditionalConfigurations
  *         { // MemberAdditionalConfiguration
- *           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
+ *           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
  *           Status: "ENABLED" || "DISABLED",
  *         },
  *       ],

diff --git a/clients/client-guardduty/src/commands/UpdateOrganizationConfigurationCommand.ts b/clients/client-guardduty/src/commands/UpdateOrganizationConfigurationCommand.ts
@@ -74,7 +74,7 @@ export interface UpdateOrganizationConfigurationCommandOutput
  *       AutoEnable: "NEW" || "NONE" || "ALL",
  *       AdditionalConfiguration: [ // OrganizationAdditionalConfigurations
  *         { // OrganizationAdditionalConfiguration
- *           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT",
+ *           Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT",
  *           AutoEnable: "NEW" || "NONE" || "ALL",
  *         },
  *       ],

diff --git a/clients/client-guardduty/src/models/models_0.ts b/clients/client-guardduty/src/models/models_0.ts
@@ -659,7 +659,8 @@ export interface DnsRequestAction {
 
   /**
    * <p>The second and top level domain involved in the
-   *       activity that prompted GuardDuty to generate this finding.</p>
+   *       activity that potentially prompted GuardDuty to generate this finding.
+   *       For a list of top-level and second-level domains, see <a href="https://publicsuffix.org/">public suffix list</a>.</p>
    * @public
    */
   DomainWithSuffix?: string;
@@ -1673,13 +1674,7 @@ export const ManagementType = {
 export type ManagementType = (typeof ManagementType)[keyof typeof ManagementType];
 
 /**
- * <note>
- *             <p>This API is also used when you use GuardDuty Runtime Monitoring
- *       for your Amazon EC2 instances (currently in preview
- *       release) and is subject to change. The use of this API is subject to Section 2 of the
- *       <a href="http://aws.amazon.com/service-terms/">Amazon Web Services Service Terms</a> ("Betas and Previews").</p>
- *          </note>
- *          <p>Contains information about the Amazon EC2 instance runtime
+ * <p>Contains information about the Amazon EC2 instance runtime
  *     coverage details.</p>
  * @public
  */
@@ -1936,13 +1931,7 @@ export interface CoverageResourceDetails {
   EcsClusterDetails?: CoverageEcsClusterDetails;
 
   /**
-   * <note>
-   *             <p>This API is also used when you use GuardDuty Runtime Monitoring
-   *       for your Amazon EC2 instances (currently in preview
-   *       release) and is subject to change. The use of this API is subject to Section 2 of the
-   *       <a href="http://aws.amazon.com/service-terms/">Amazon Web Services Service Terms</a> ("Betas and Previews").</p>
-   *          </note>
-   *          <p>Information about the Amazon EC2 instance assessed
+   * <p>Information about the Amazon EC2 instance assessed
    *       for runtime coverage.</p>
    * @public
    */
@@ -2178,6 +2167,7 @@ export interface DataSourceConfigurations {
  * @enum
  */
 export const FeatureAdditionalConfiguration = {
+  EC2_AGENT_MANAGEMENT: "EC2_AGENT_MANAGEMENT",
   ECS_FARGATE_AGENT_MANAGEMENT: "ECS_FARGATE_AGENT_MANAGEMENT",
   EKS_ADDON_MANAGEMENT: "EKS_ADDON_MANAGEMENT",
 } as const;
@@ -3991,6 +3981,7 @@ export type OrgFeatureStatus = (typeof OrgFeatureStatus)[keyof typeof OrgFeature
  * @enum
  */
 export const OrgFeatureAdditionalConfiguration = {
+  EC2_AGENT_MANAGEMENT: "EC2_AGENT_MANAGEMENT",
   ECS_FARGATE_AGENT_MANAGEMENT: "ECS_FARGATE_AGENT_MANAGEMENT",
   EKS_ADDON_MANAGEMENT: "EKS_ADDON_MANAGEMENT",
 } as const;
@@ -4986,6 +4977,12 @@ export interface ThreatIntelligenceDetail {
    * @public
    */
   ThreatNames?: string[];
+
+  /**
+   * <p>SHA256 of the file that generated the finding.</p>
+   * @public
+   */
+  ThreatFileSha256?: string;
 }
 
 /**
@@ -6029,6 +6026,37 @@ export interface RuntimeContext {
    * @public
    */
   MemoryRegions?: string[];
+
+  /**
+   * <p>Name of the potentially suspicious tool.</p>
+   * @public
+   */
+  ToolName?: string;
+
+  /**
+   * <p>Category that the tool belongs to. Some of the examples
+   *     are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.</p>
+   * @public
+   */
+  ToolCategory?: string;
+
+  /**
+   * <p>Name of the security service that has been potentially disabled.</p>
+   * @public
+   */
+  ServiceName?: string;
+
+  /**
+   * <p>Example of the command line involved in the suspicious activity.</p>
+   * @public
+   */
+  CommandLineExample?: string;
+
+  /**
+   * <p>The suspicious file path for which the threat intelligence details were found.</p>
+   * @public
+   */
+  ThreatFilePath?: string;
 }
 
 /**

diff --git a/clients/client-guardduty/src/protocols/Aws_restJson1.ts b/clients/client-guardduty/src/protocols/Aws_restJson1.ts
@@ -5854,6 +5854,7 @@ const de_ResourceDetails = (output: any, context: __SerdeContext): ResourceDetai
 const de_RuntimeContext = (output: any, context: __SerdeContext): RuntimeContext => {
   return take(output, {
     AddressFamily: [, __expectString, `addressFamily`],
+    CommandLineExample: [, __expectString, `commandLineExample`],
     FileSystemType: [, __expectString, `fileSystemType`],
     Flags: [, _json, `flags`],
     IanaProtocolNumber: [, __expectInt32, `ianaProtocolNumber`],
@@ -5870,9 +5871,13 @@ const de_RuntimeContext = (output: any, context: __SerdeContext): RuntimeContext
     ReleaseAgentPath: [, __expectString, `releaseAgentPath`],
     RuncBinaryPath: [, __expectString, `runcBinaryPath`],
     ScriptPath: [, __expectString, `scriptPath`],
+    ServiceName: [, __expectString, `serviceName`],
     ShellHistoryFilePath: [, __expectString, `shellHistoryFilePath`],
     SocketPath: [, __expectString, `socketPath`],
     TargetProcess: [, (_: any) => de_ProcessDetails(_, context), `targetProcess`],
+    ThreatFilePath: [, __expectString, `threatFilePath`],
+    ToolCategory: [, __expectString, `toolCategory`],
+    ToolName: [, __expectString, `toolName`],
   }) as any;
 };
 
@@ -6205,6 +6210,7 @@ const de_ThreatDetectedByName = (output: any, context: __SerdeContext): ThreatDe
  */
 const de_ThreatIntelligenceDetail = (output: any, context: __SerdeContext): ThreatIntelligenceDetail => {
   return take(output, {
+    ThreatFileSha256: [, __expectString, `threatFileSha256`],
     ThreatListName: [, __expectString, `threatListName`],
     ThreatNames: [, _json, `threatNames`],
   }) as any;