aws_guardduty_finding
Amazon Web Services GuardDuty Finding
Name | Type | Nullable |
accountId | String | ✗ |
accountName | String | ✓ |
arn | String | ✗ |
confidence | Double | ✓ |
createdAt | String | ✓ |
description | String | ✓ |
findingAccountId | String | ✗ |
id | String | ✓ |
partition | String | ✓ |
region | String | ✓ |
resource | AWSGuardDutyFindingResource | ✓ |
schemaVersion | String | ✓ |
service | Service | ✓ |
severity | Double | ✓ |
title | String | ✓ |
type | String | ✓ |
updatedAt | String | ✓ |
AWSGuardDutyFindingResource
Name | Type | Nullable |
accessKeyDetails | AccessKeyDetails | ✓ |
eksClusterDetails | EksClusterDetails | ✓ |
instanceDetails | InstanceDetails | ✓ |
kubernetesDetails | KubernetesDetails | ✓ |
resourceType | String | ✓ |
s3BucketDetails | List | ✓ |
AccessControlList
Name | Type | Nullable |
allowsPublicReadAccess | Boolean | ✓ |
allowsPublicWriteAccess | Boolean | ✓ |
AccessKeyDetails
Name | Type | Nullable |
accessKeyId | String | ✓ |
principalId | String | ✓ |
userName | String | ✓ |
userType | String | ✓ |
AccountLevelPermissions
Name | Type | Nullable |
blockPublicAccess | BlockPublicAccess | ✓ |
Action
Name | Type | Nullable |
actionType | String | ✓ |
awsApiCallAction | AwsApiCallAction | ✓ |
dnsRequestAction | DnsRequestAction | ✓ |
kubernetesApiCallAction | KubernetesApiCallAction | ✓ |
networkConnectionAction | NetworkConnectionAction | ✓ |
portProbeAction | PortProbeAction | ✓ |
AwsApiCallAction
Name | Type | Nullable |
api | String | ✓ |
callerType | String | ✓ |
domainDetails | DomainDetails | ✓ |
errorCode | String | ✓ |
remoteAccountDetails | RemoteAccountDetails | ✓ |
remoteIpDetails | RemoteIpDetails | ✓ |
serviceName | String | ✓ |
userAgent | String | ✓ |
BlockPublicAccess
Name | Type | Nullable |
blockPublicAcls | Boolean | ✓ |
blockPublicPolicy | Boolean | ✓ |
ignorePublicAcls | Boolean | ✓ |
restrictPublicBuckets | Boolean | ✓ |
BucketLevelPermissions
Name | Type | Nullable |
accessControlList | AccessControlList | ✓ |
blockPublicAccess | BlockPublicAccess | ✓ |
bucketPolicy | BucketPolicy | ✓ |
BucketPolicy
Name | Type | Nullable |
allowsPublicReadAccess | Boolean | ✓ |
allowsPublicWriteAccess | Boolean | ✓ |
City
Name | Type | Nullable |
cityName | String | ✓ |
Container
Name | Type | Nullable |
containerRuntime | String | ✓ |
id | String | ✓ |
image | String | ✓ |
imagePrefix | String | ✓ |
name | String | ✓ |
securityContext | SecurityContext | ✓ |
volumeMounts | List | ✓ |
Country
Name | Type | Nullable |
countryCode | String | ✓ |
countryName | String | ✓ |
DefaultServerSideEncryption
Name | Type | Nullable |
encryptionType | String | ✓ |
kmsMasterKeyArn | String | ✓ |
DnsRequestAction
Name | Type | Nullable |
domain | String | ✓ |
DomainDetails
Name | Type | Nullable |
domain | String | ✓ |
EksClusterDetails
Name | Type | Nullable |
arn | String | ✓ |
createdAt | String | ✓ |
name | String | ✓ |
status | String | ✓ |
tags | Map<String,String> | ✓ |
vpcId | String | ✓ |
Evidence
Name | Type | Nullable |
threatIntelligenceDetails | List | ✓ |
GeoLocation
Name | Type | Nullable |
lat | Double | ✓ |
lon | Double | ✓ |
HostPath
Name | Type | Nullable |
path | String | ✓ |
IamInstanceProfile
Name | Type | Nullable |
arn | String | ✓ |
id | String | ✓ |
InstanceDetails
Name | Type | Nullable |
availabilityZone | String | ✓ |
iamInstanceProfile | IamInstanceProfile | ✓ |
imageDescription | String | ✓ |
imageId | String | ✓ |
instanceId | String | ✓ |
instanceState | String | ✓ |
instanceType | String | ✓ |
launchTime | String | ✓ |
networkInterfaces | List | ✓ |
outpostArn | String | ✓ |
platform | String | ✓ |
productCodes | List | ✓ |
tags | Map<String,String> | ✓ |
KubernetesApiCallAction
Name | Type | Nullable |
parameters | String | ✓ |
remoteIpDetails | RemoteIpDetails | ✓ |
requestUri | String | ✓ |
sourceIps | List | ✓ |
statusCode | Int | ✓ |
userAgent | String | ✓ |
verb | String | ✓ |
KubernetesDetails
Name | Type | Nullable |
kubernetesUserDetails | KubernetesUserDetails | ✓ |
kubernetesWorkloadDetails | KubernetesWorkloadDetails | ✓ |
KubernetesUserDetails
Name | Type | Nullable |
groups | List | ✓ |
uid | String | ✓ |
username | String | ✓ |
KubernetesWorkloadDetails
Name | Type | Nullable |
containers | List | ✓ |
hostNetwork | Boolean | ✓ |
name | String | ✓ |
namespace | String | ✓ |
type | String | ✓ |
uid | String | ✓ |
volumes | List | ✓ |
LocalIpDetails
Name | Type | Nullable |
ipAddressV4 | String | ✓ |
LocalPortDetails
Name | Type | Nullable |
port | Int | ✓ |
portName | String | ✓ |
NetworkConnectionAction
Name | Type | Nullable |
blocked | Boolean | ✓ |
connectionDirection | String | ✓ |
localIpDetails | LocalIpDetails | ✓ |
localPortDetails | LocalPortDetails | ✓ |
protocol | String | ✓ |
remoteIpDetails | RemoteIpDetails | ✓ |
remotePortDetails | RemotePortDetails | ✓ |
NetworkInterface
Name | Type | Nullable |
ipv6Addresses | List | ✓ |
networkInterfaceId | String | ✓ |
privateDnsName | String | ✓ |
privateIpAddress | String | ✓ |
privateIpAddresses | List | ✓ |
publicDnsName | String | ✓ |
publicIp | String | ✓ |
securityGroups | List | ✓ |
subnetId | String | ✓ |
vpcId | String | ✓ |
Organization
Name | Type | Nullable |
asn | String | ✓ |
asnOrg | String | ✓ |
isp | String | ✓ |
org | String | ✓ |
Owner
Name | Type | Nullable |
id | String | ✓ |
PermissionConfiguration
Name | Type | Nullable |
accountLevelPermissions | AccountLevelPermissions | ✓ |
bucketLevelPermissions | BucketLevelPermissions | ✓ |
PortProbeAction
Name | Type | Nullable |
blocked | Boolean | ✓ |
portProbeDetails | List | ✓ |
PortProbeDetail
Name | Type | Nullable |
localIpDetails | LocalIpDetails | ✓ |
localPortDetails | LocalPortDetails | ✓ |
remoteIpDetails | RemoteIpDetails | ✓ |
PrivateIpAddressDetails
Name | Type | Nullable |
privateDnsName | String | ✓ |
privateIpAddress | String | ✓ |
ProductCode
Name | Type | Nullable |
code | String | ✓ |
productType | String | ✓ |
PublicAccess
Name | Type | Nullable |
effectivePermission | String | ✓ |
permissionConfiguration | PermissionConfiguration | ✓ |
RemoteAccountDetails
Name | Type | Nullable |
accountId | String | ✓ |
affiliated | Boolean | ✓ |
RemoteIpDetails
Name | Type | Nullable |
city | City | ✓ |
country | Country | ✓ |
geoLocation | GeoLocation | ✓ |
ipAddressV4 | String | ✓ |
organization | Organization | ✓ |
RemotePortDetails
Name | Type | Nullable |
port | Int | ✓ |
portName | String | ✓ |
S3BucketDetail
Name | Type | Nullable |
arn | String | ✓ |
createdAt | String | ✓ |
defaultServerSideEncryption | DefaultServerSideEncryption | ✓ |
name | String | ✓ |
owner | Owner | ✓ |
publicAccess | PublicAccess | ✓ |
tags | Map<String,String> | ✓ |
type | String | ✓ |
SecurityContext
Name | Type | Nullable |
privileged | Boolean | ✓ |
SecurityGroup
Name | Type | Nullable |
groupId | String | ✓ |
groupName | String | ✓ |
Service
Name | Type | Nullable |
action | Action | ✓ |
archived | Boolean | ✓ |
count | Int | ✓ |
detectorId | String | ✓ |
eventFirstSeen | String | ✓ |
eventLastSeen | String | ✓ |
evidence | Evidence | ✓ |
resourceRole | String | ✓ |
serviceName | String | ✓ |
userFeedback | String | ✓ |
ThreatIntelligenceDetail
Name | Type | Nullable |
threatListName | String | ✓ |
threatNames | List | ✓ |
Volume
Name | Type | Nullable |
hostPath | HostPath | ✓ |
name | String | ✓ |
VolumeMount
Name | Type | Nullable |
mountPath | String | ✓ |
name | String | ✓ |
Last updated