If you are adding accounts by invitation, before using InviteMembers, use
- * CreateMembers after GuardDuty has been enabled in potential member accounts.
If you disassociate a member from a GuardDuty - * delegated administrator, the member account details + *
If you disassociate a member account that was added by invitation, the member account details * obtained from this API, including the associated email addresses, will be retained. * This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To * remove the details associated with a member account, the delegated administrator must invoke the * DeleteMembers API.
+ *When the member accounts added through Organizations are later disassociated, you (administrator) + * can't invite them by calling the InviteMembers API. You can create an association with these + * member accounts again only by calling the CreateMembers API.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-guardduty/src/commands/DescribeOrganizationConfigurationCommand.ts b/clients/client-guardduty/src/commands/DescribeOrganizationConfigurationCommand.ts index dfad67ee24ac..3eeeda943a2e 100644 --- a/clients/client-guardduty/src/commands/DescribeOrganizationConfigurationCommand.ts +++ b/clients/client-guardduty/src/commands/DescribeOrganizationConfigurationCommand.ts @@ -79,7 +79,7 @@ export interface DescribeOrganizationConfigurationCommandOutput * // AutoEnable: "NEW" || "NONE" || "ALL", * // AdditionalConfiguration: [ // OrganizationAdditionalConfigurationResults * // { // OrganizationAdditionalConfigurationResult - * // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT", + * // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT", * // AutoEnable: "NEW" || "NONE" || "ALL", * // }, * // ], diff --git a/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts b/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts index 4f59649d3845..61e30841d4a9 100644 --- a/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts +++ b/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts @@ -38,6 +38,14 @@ export interface DisassociateMembersCommandOutput extends DisassociateMembersRes *With autoEnableOrganizationMembers configuration for your organization set to
* ALL, you'll receive an error if you attempt to disassociate a member account
* before removing them from your organization.
If you disassociate a member account that was added by invitation, the member account details + * obtained from this API, including the associated email addresses, will be retained. + * This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To + * remove the details associated with a member account, the delegated administrator must invoke the + * DeleteMembers API.
+ *When the member accounts added through Organizations are later disassociated, you (administrator) + * can't invite them by calling the InviteMembers API. You can create an association with these + * member accounts again only by calling the CreateMembers API.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-guardduty/src/commands/GetDetectorCommand.ts b/clients/client-guardduty/src/commands/GetDetectorCommand.ts index 217834757f4a..84a40d489cac 100644 --- a/clients/client-guardduty/src/commands/GetDetectorCommand.ts +++ b/clients/client-guardduty/src/commands/GetDetectorCommand.ts @@ -86,7 +86,7 @@ export interface GetDetectorCommandOutput extends GetDetectorResponse, __Metadat * // UpdatedAt: new Date("TIMESTAMP"), * // AdditionalConfiguration: [ // DetectorAdditionalConfigurationResults * // { // DetectorAdditionalConfigurationResult - * // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT", + * // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT", * // Status: "ENABLED" || "DISABLED", * // UpdatedAt: new Date("TIMESTAMP"), * // }, diff --git a/clients/client-guardduty/src/commands/GetFindingsCommand.ts b/clients/client-guardduty/src/commands/GetFindingsCommand.ts index aa625821f0fd..6bea8dce05ab 100644 --- a/clients/client-guardduty/src/commands/GetFindingsCommand.ts +++ b/clients/client-guardduty/src/commands/GetFindingsCommand.ts @@ -578,6 +578,7 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * // ThreatNames: [ // ThreatNames * // "STRING_VALUE", * // ], + * // ThreatFileSha256: "STRING_VALUE", * // }, * // ], * // }, @@ -744,6 +745,11 @@ export interface GetFindingsCommandOutput extends GetFindingsResponse, __Metadat * // MemoryRegions: [ // MemoryRegionsList * // "STRING_VALUE", * // ], + * // ToolName: "STRING_VALUE", + * // ToolCategory: "STRING_VALUE", + * // ServiceName: "STRING_VALUE", + * // CommandLineExample: "STRING_VALUE", + * // ThreatFilePath: "STRING_VALUE", * // }, * // }, * // Detection: { // Detection diff --git a/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts b/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts index 455b61f89210..3d54332923c9 100644 --- a/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts +++ b/clients/client-guardduty/src/commands/GetMemberDetectorsCommand.ts @@ -84,7 +84,7 @@ export interface GetMemberDetectorsCommandOutput extends GetMemberDetectorsRespo * // UpdatedAt: new Date("TIMESTAMP"), * // AdditionalConfiguration: [ // MemberAdditionalConfigurationResults * // { // MemberAdditionalConfigurationResult - * // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT", + * // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT", * // Status: "ENABLED" || "DISABLED", * // UpdatedAt: new Date("TIMESTAMP"), * // }, diff --git a/clients/client-guardduty/src/commands/GetOrganizationStatisticsCommand.ts b/clients/client-guardduty/src/commands/GetOrganizationStatisticsCommand.ts index 5a43a623802c..b4188c52262d 100644 --- a/clients/client-guardduty/src/commands/GetOrganizationStatisticsCommand.ts +++ b/clients/client-guardduty/src/commands/GetOrganizationStatisticsCommand.ts @@ -54,7 +54,7 @@ export interface GetOrganizationStatisticsCommandOutput extends GetOrganizationS * // EnabledAccountsCount: Number("int"), * // AdditionalConfiguration: [ // OrganizationFeatureStatisticsAdditionalConfigurations * // { // OrganizationFeatureStatisticsAdditionalConfiguration - * // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT", + * // Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT", * // EnabledAccountsCount: Number("int"), * // }, * // ], diff --git a/clients/client-guardduty/src/commands/InviteMembersCommand.ts b/clients/client-guardduty/src/commands/InviteMembersCommand.ts index eb46f4b9d461..0440e018a5b6 100644 --- a/clients/client-guardduty/src/commands/InviteMembersCommand.ts +++ b/clients/client-guardduty/src/commands/InviteMembersCommand.ts @@ -45,6 +45,14 @@ export interface InviteMembersCommandOutput extends InviteMembersResponse, __Met * CreateMembers again. To * remove the details associated with a member account, you must also invoke * DeleteMembers. + *If you disassociate a member account that was added by invitation, the member account details + * obtained from this API, including the associated email addresses, will be retained. + * This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To + * remove the details associated with a member account, the delegated administrator must invoke the + * DeleteMembers API.
+ *When the member accounts added through Organizations are later disassociated, you (administrator) + * can't invite them by calling the InviteMembers API. You can create an association with these + * member accounts again only by calling the CreateMembers API.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-guardduty/src/commands/UpdateDetectorCommand.ts b/clients/client-guardduty/src/commands/UpdateDetectorCommand.ts index 64680f96cc81..e5e5027b76bd 100644 --- a/clients/client-guardduty/src/commands/UpdateDetectorCommand.ts +++ b/clients/client-guardduty/src/commands/UpdateDetectorCommand.ts @@ -67,7 +67,7 @@ export interface UpdateDetectorCommandOutput extends UpdateDetectorResponse, __M * Status: "ENABLED" || "DISABLED", * AdditionalConfiguration: [ // DetectorAdditionalConfigurations * { // DetectorAdditionalConfiguration - * Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT", + * Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT", * Status: "ENABLED" || "DISABLED", * }, * ], diff --git a/clients/client-guardduty/src/commands/UpdateMemberDetectorsCommand.ts b/clients/client-guardduty/src/commands/UpdateMemberDetectorsCommand.ts index ac96ae02de00..5a3782e38f58 100644 --- a/clients/client-guardduty/src/commands/UpdateMemberDetectorsCommand.ts +++ b/clients/client-guardduty/src/commands/UpdateMemberDetectorsCommand.ts @@ -68,7 +68,7 @@ export interface UpdateMemberDetectorsCommandOutput extends UpdateMemberDetector * Status: "ENABLED" || "DISABLED", * AdditionalConfiguration: [ // MemberAdditionalConfigurations * { // MemberAdditionalConfiguration - * Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT", + * Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT", * Status: "ENABLED" || "DISABLED", * }, * ], diff --git a/clients/client-guardduty/src/commands/UpdateOrganizationConfigurationCommand.ts b/clients/client-guardduty/src/commands/UpdateOrganizationConfigurationCommand.ts index 3b179f81b138..a331a5e69403 100644 --- a/clients/client-guardduty/src/commands/UpdateOrganizationConfigurationCommand.ts +++ b/clients/client-guardduty/src/commands/UpdateOrganizationConfigurationCommand.ts @@ -74,7 +74,7 @@ export interface UpdateOrganizationConfigurationCommandOutput * AutoEnable: "NEW" || "NONE" || "ALL", * AdditionalConfiguration: [ // OrganizationAdditionalConfigurations * { // OrganizationAdditionalConfiguration - * Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT", + * Name: "EKS_ADDON_MANAGEMENT" || "ECS_FARGATE_AGENT_MANAGEMENT" || "EC2_AGENT_MANAGEMENT", * AutoEnable: "NEW" || "NONE" || "ALL", * }, * ], diff --git a/clients/client-guardduty/src/models/models_0.ts b/clients/client-guardduty/src/models/models_0.ts index b99b56769b2f..90caba805717 100644 --- a/clients/client-guardduty/src/models/models_0.ts +++ b/clients/client-guardduty/src/models/models_0.ts @@ -659,7 +659,8 @@ export interface DnsRequestAction { /** *The second and top level domain involved in the - * activity that prompted GuardDuty to generate this finding.
+ * activity that potentially prompted GuardDuty to generate this finding. + * For a list of top-level and second-level domains, see public suffix list. * @public */ DomainWithSuffix?: string; @@ -1673,13 +1674,7 @@ export const ManagementType = { export type ManagementType = (typeof ManagementType)[keyof typeof ManagementType]; /** - *This API is also used when you use GuardDuty Runtime Monitoring - * for your Amazon EC2 instances (currently in preview - * release) and is subject to change. The use of this API is subject to Section 2 of the - * Amazon Web Services Service Terms ("Betas and Previews").
- *Contains information about the Amazon EC2 instance runtime + *
Contains information about the Amazon EC2 instance runtime * coverage details.
* @public */ @@ -1936,13 +1931,7 @@ export interface CoverageResourceDetails { EcsClusterDetails?: CoverageEcsClusterDetails; /** - *This API is also used when you use GuardDuty Runtime Monitoring - * for your Amazon EC2 instances (currently in preview - * release) and is subject to change. The use of this API is subject to Section 2 of the - * Amazon Web Services Service Terms ("Betas and Previews").
- *Information about the Amazon EC2 instance assessed + *
Information about the Amazon EC2 instance assessed * for runtime coverage.
* @public */ @@ -2178,6 +2167,7 @@ export interface DataSourceConfigurations { * @enum */ export const FeatureAdditionalConfiguration = { + EC2_AGENT_MANAGEMENT: "EC2_AGENT_MANAGEMENT", ECS_FARGATE_AGENT_MANAGEMENT: "ECS_FARGATE_AGENT_MANAGEMENT", EKS_ADDON_MANAGEMENT: "EKS_ADDON_MANAGEMENT", } as const; @@ -3991,6 +3981,7 @@ export type OrgFeatureStatus = (typeof OrgFeatureStatus)[keyof typeof OrgFeature * @enum */ export const OrgFeatureAdditionalConfiguration = { + EC2_AGENT_MANAGEMENT: "EC2_AGENT_MANAGEMENT", ECS_FARGATE_AGENT_MANAGEMENT: "ECS_FARGATE_AGENT_MANAGEMENT", EKS_ADDON_MANAGEMENT: "EKS_ADDON_MANAGEMENT", } as const; @@ -4986,6 +4977,12 @@ export interface ThreatIntelligenceDetail { * @public */ ThreatNames?: string[]; + + /** + *SHA256 of the file that generated the finding.
+ * @public + */ + ThreatFileSha256?: string; } /** @@ -6029,6 +6026,37 @@ export interface RuntimeContext { * @public */ MemoryRegions?: string[]; + + /** + *Name of the potentially suspicious tool.
+ * @public + */ + ToolName?: string; + + /** + *Category that the tool belongs to. Some of the examples + * are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.
+ * @public + */ + ToolCategory?: string; + + /** + *Name of the security service that has been potentially disabled.
+ * @public + */ + ServiceName?: string; + + /** + *Example of the command line involved in the suspicious activity.
+ * @public + */ + CommandLineExample?: string; + + /** + *The suspicious file path for which the threat intelligence details were found.
+ * @public + */ + ThreatFilePath?: string; } /** diff --git a/clients/client-guardduty/src/protocols/Aws_restJson1.ts b/clients/client-guardduty/src/protocols/Aws_restJson1.ts index 7215bb1450d5..571d3368d6f0 100644 --- a/clients/client-guardduty/src/protocols/Aws_restJson1.ts +++ b/clients/client-guardduty/src/protocols/Aws_restJson1.ts @@ -5854,6 +5854,7 @@ const de_ResourceDetails = (output: any, context: __SerdeContext): ResourceDetai const de_RuntimeContext = (output: any, context: __SerdeContext): RuntimeContext => { return take(output, { AddressFamily: [, __expectString, `addressFamily`], + CommandLineExample: [, __expectString, `commandLineExample`], FileSystemType: [, __expectString, `fileSystemType`], Flags: [, _json, `flags`], IanaProtocolNumber: [, __expectInt32, `ianaProtocolNumber`], @@ -5870,9 +5871,13 @@ const de_RuntimeContext = (output: any, context: __SerdeContext): RuntimeContext ReleaseAgentPath: [, __expectString, `releaseAgentPath`], RuncBinaryPath: [, __expectString, `runcBinaryPath`], ScriptPath: [, __expectString, `scriptPath`], + ServiceName: [, __expectString, `serviceName`], ShellHistoryFilePath: [, __expectString, `shellHistoryFilePath`], SocketPath: [, __expectString, `socketPath`], TargetProcess: [, (_: any) => de_ProcessDetails(_, context), `targetProcess`], + ThreatFilePath: [, __expectString, `threatFilePath`], + ToolCategory: [, __expectString, `toolCategory`], + ToolName: [, __expectString, `toolName`], }) as any; }; @@ -6205,6 +6210,7 @@ const de_ThreatDetectedByName = (output: any, context: __SerdeContext): ThreatDe */ const de_ThreatIntelligenceDetail = (output: any, context: __SerdeContext): ThreatIntelligenceDetail => { return take(output, { + ThreatFileSha256: [, __expectString, `threatFileSha256`], ThreatListName: [, __expectString, `threatListName`], ThreatNames: [, _json, `threatNames`], }) as any; diff --git a/codegen/sdk-codegen/aws-models/guardduty.json b/codegen/sdk-codegen/aws-models/guardduty.json index 60b61f6c999e..00ced16bd31b 100644 --- a/codegen/sdk-codegen/aws-models/guardduty.json +++ b/codegen/sdk-codegen/aws-models/guardduty.json @@ -1294,7 +1294,7 @@ } }, "traits": { - "smithy.api#documentation": "This API is also used when you use GuardDuty Runtime Monitoring \n for your Amazon EC2 instances (currently in preview\n release) and is subject to change. The use of this API is subject to Section 2 of the \n Amazon Web Services Service Terms (\"Betas and Previews\").
\nContains information about the Amazon EC2 instance runtime \n coverage details.
" + "smithy.api#documentation": "Contains information about the Amazon EC2 instance runtime \n coverage details.
" } }, "com.amazonaws.guardduty#CoverageEcsClusterDetails": { @@ -1595,7 +1595,7 @@ "Ec2InstanceDetails": { "target": "com.amazonaws.guardduty#CoverageEc2InstanceDetails", "traits": { - "smithy.api#documentation": "This API is also used when you use GuardDuty Runtime Monitoring \n for your Amazon EC2 instances (currently in preview\n release) and is subject to change. The use of this API is subject to Section 2 of the \n Amazon Web Services Service Terms (\"Betas and Previews\").
\nInformation about the Amazon EC2 instance assessed \n for runtime coverage.
", + "smithy.api#documentation": "Information about the Amazon EC2 instance assessed \n for runtime coverage.
", "smithy.api#jsonName": "ec2InstanceDetails" } } @@ -2096,7 +2096,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account\n IDs. This step is a prerequisite for managing the associated member accounts either by\n invitation or through an organization.
\nAs a delegated administrator, using CreateMembers will enable GuardDuty in \n the added member accounts, with the exception of the\n organization delegated administrator account. A delegated administrator must enable GuardDuty \n prior to being added as a member.
When you use CreateMembers as an Organizations delegated \n administrator, GuardDuty applies your organization's auto-enable settings to the member\n accounts in this request, irrespective of the accounts being new or existing members. For \n more information about the existing auto-enable settings for your organization, see\n DescribeOrganizationConfiguration.
\nIf you are adding accounts by invitation, before using InviteMembers, use \n CreateMembers after GuardDuty has been enabled in potential member accounts.
If you disassociate a member from a GuardDuty \n delegated administrator, the member account details \n obtained from this API, including the associated email addresses, will be retained. \n This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.
", + "smithy.api#documentation": "Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account\n IDs. This step is a prerequisite for managing the associated member accounts either by\n invitation or through an organization.
\nAs a delegated administrator, using CreateMembers will enable GuardDuty in \n the added member accounts, with the exception of the\n organization delegated administrator account. A delegated administrator must enable GuardDuty \n prior to being added as a member.
When you use CreateMembers as an Organizations delegated \n administrator, GuardDuty applies your organization's auto-enable settings to the member\n accounts in this request, irrespective of the accounts being new or existing members. For \n more information about the existing auto-enable settings for your organization, see\n DescribeOrganizationConfiguration.
\nIf you disassociate a member account that was added by invitation, the member account details \n obtained from this API, including the associated email addresses, will be retained. \n This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.
\nWhen the member accounts added through Organizations are later disassociated, you (administrator)\n can't invite them by calling the InviteMembers API. You can create an association with these\n member accounts again only by calling the CreateMembers API.
", "smithy.api#http": { "method": "POST", "uri": "/detector/{DetectorId}/member", @@ -4071,7 +4071,7 @@ } ], "traits": { - "smithy.api#documentation": "Disassociates GuardDuty member accounts (from the current administrator account) specified\n by the account IDs.
\nWhen you \n disassociate an invited member from a GuardDuty delegated administrator, the member account details \n obtained from the CreateMembers API, including the associated email addresses, are retained. This is \n done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.
\nWith autoEnableOrganizationMembers configuration for your organization set to\n ALL, you'll receive an error if you attempt to disassociate a member account\n before removing them from your organization.
Disassociates GuardDuty member accounts (from the current administrator account) specified\n by the account IDs.
\nWhen you \n disassociate an invited member from a GuardDuty delegated administrator, the member account details \n obtained from the CreateMembers API, including the associated email addresses, are retained. This is \n done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.
\nWith autoEnableOrganizationMembers configuration for your organization set to\n ALL, you'll receive an error if you attempt to disassociate a member account\n before removing them from your organization.
If you disassociate a member account that was added by invitation, the member account details \n obtained from this API, including the associated email addresses, will be retained. \n This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.
\nWhen the member accounts added through Organizations are later disassociated, you (administrator)\n can't invite them by calling the InviteMembers API. You can create an association with these\n member accounts again only by calling the CreateMembers API.
", "smithy.api#http": { "method": "POST", "uri": "/detector/{DetectorId}/member/disassociate", @@ -4149,7 +4149,7 @@ "DomainWithSuffix": { "target": "com.amazonaws.guardduty#String", "traits": { - "smithy.api#documentation": "The second and top level domain involved in the \n activity that prompted GuardDuty to generate this finding.
", + "smithy.api#documentation": "The second and top level domain involved in the \n activity that potentially prompted GuardDuty to generate this finding.\n For a list of top-level and second-level domains, see public suffix list.
", "smithy.api#jsonName": "domainWithSuffix" } } @@ -4608,6 +4608,12 @@ "traits": { "smithy.api#enumValue": "ECS_FARGATE_AGENT_MANAGEMENT" } + }, + "EC2_AGENT_MANAGEMENT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "EC2_AGENT_MANAGEMENT" + } } } }, @@ -7992,7 +7998,7 @@ } ], "traits": { - "smithy.api#documentation": "Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account \n that invokes this API. If you are using Amazon Web Services Organizations to manage your GuardDuty environment, this step is not\n needed. For more information, see Managing accounts with organizations.
\nTo invite Amazon Web Services accounts, the first step is \n to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API\n to add accounts by invitation. The \n invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can \n choose to accept the invitation from only one Amazon Web Services account. For more information, see \n Managing GuardDuty accounts \n by invitation.
\nAfter the invite has been accepted and you choose to disassociate a member account \n (by using DisassociateMembers) from your account, \n the details of the member account obtained by invoking CreateMembers, including the \n associated email addresses, will be retained. \n This is done so that you can invoke InviteMembers without the need to invoke \n CreateMembers again. To \n remove the details associated with a member account, you must also invoke \n DeleteMembers.
", + "smithy.api#documentation": "Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account \n that invokes this API. If you are using Amazon Web Services Organizations to manage your GuardDuty environment, this step is not\n needed. For more information, see Managing accounts with organizations.
\nTo invite Amazon Web Services accounts, the first step is \n to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API\n to add accounts by invitation. The \n invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can \n choose to accept the invitation from only one Amazon Web Services account. For more information, see \n Managing GuardDuty accounts \n by invitation.
\nAfter the invite has been accepted and you choose to disassociate a member account \n (by using DisassociateMembers) from your account, \n the details of the member account obtained by invoking CreateMembers, including the \n associated email addresses, will be retained. \n This is done so that you can invoke InviteMembers without the need to invoke \n CreateMembers again. To \n remove the details associated with a member account, you must also invoke \n DeleteMembers.
\nIf you disassociate a member account that was added by invitation, the member account details \n obtained from this API, including the associated email addresses, will be retained. \n This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.
\nWhen the member accounts added through Organizations are later disassociated, you (administrator)\n can't invite them by calling the InviteMembers API. You can create an association with these\n member accounts again only by calling the CreateMembers API.
", "smithy.api#http": { "method": "POST", "uri": "/detector/{DetectorId}/member/invite", @@ -10459,6 +10465,12 @@ "traits": { "smithy.api#enumValue": "ECS_FARGATE_AGENT_MANAGEMENT" } + }, + "EC2_AGENT_MANAGEMENT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "EC2_AGENT_MANAGEMENT" + } } } }, @@ -11864,6 +11876,41 @@ "smithy.api#documentation": "Specifies the Region of a process's address space such as stack and heap.
", "smithy.api#jsonName": "memoryRegions" } + }, + "ToolName": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "Name of the potentially suspicious tool.
", + "smithy.api#jsonName": "toolName" + } + }, + "ToolCategory": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "Category that the tool belongs to. Some of the examples\n are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.
", + "smithy.api#jsonName": "toolCategory" + } + }, + "ServiceName": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "Name of the security service that has been potentially disabled.
", + "smithy.api#jsonName": "serviceName" + } + }, + "CommandLineExample": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "Example of the command line involved in the suspicious activity.
", + "smithy.api#jsonName": "commandLineExample" + } + }, + "ThreatFilePath": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "The suspicious file path for which the threat intelligence details were found.
", + "smithy.api#jsonName": "threatFilePath" + } } }, "traits": { @@ -13190,6 +13237,13 @@ "smithy.api#documentation": "A list of names of the threats in the threat intelligence list that triggered the\n finding.
", "smithy.api#jsonName": "threatNames" } + }, + "ThreatFileSha256": { + "target": "com.amazonaws.guardduty#String", + "traits": { + "smithy.api#documentation": "SHA256 of the file that generated the finding.
", + "smithy.api#jsonName": "threatFileSha256" + } } }, "traits": {