1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package types 4 5import ( 6 "time" 7) 8 9// Contains information on the current access control policies for the bucket. 10type AccessControlList struct { 11 12 // A value that indicates whether public read access for the bucket is enabled 13 // through an Access Control List (ACL). 14 AllowsPublicReadAccess bool 15 16 // A value that indicates whether public write access for the bucket is enabled 17 // through an Access Control List (ACL). 18 AllowsPublicWriteAccess bool 19} 20 21// Contains information about the access keys. 22type AccessKeyDetails struct { 23 24 // The access key ID of the user. 25 AccessKeyId *string 26 27 // The principal ID of the user. 28 PrincipalId *string 29 30 // The name of the user. 31 UserName *string 32 33 // The type of the user. 34 UserType *string 35} 36 37// Contains information about the account. 38type AccountDetail struct { 39 40 // The member account ID. 41 // 42 // This member is required. 43 AccountId *string 44 45 // The email address of the member account. 46 // 47 // This member is required. 48 Email *string 49} 50 51// Contains information about the account level permissions on the S3 bucket. 52type AccountLevelPermissions struct { 53 54 // Describes the S3 Block Public Access settings of the bucket's parent account. 55 BlockPublicAccess *BlockPublicAccess 56} 57 58// Contains information about actions. 59type Action struct { 60 61 // The GuardDuty finding activity type. 62 ActionType *string 63 64 // Information about the AWS_API_CALL action described in this finding. 65 AwsApiCallAction *AwsApiCallAction 66 67 // Information about the DNS_REQUEST action described in this finding. 68 DnsRequestAction *DnsRequestAction 69 70 // Information about the NETWORK_CONNECTION action described in this finding. 71 NetworkConnectionAction *NetworkConnectionAction 72 73 // Information about the PORT_PROBE action described in this finding. 74 PortProbeAction *PortProbeAction 75} 76 77// The account within the organization specified as the GuardDuty delegated 78// administrator. 79type AdminAccount struct { 80 81 // The AWS account ID for the account. 82 AdminAccountId *string 83 84 // Indicates whether the account is enabled as the delegated administrator. 85 AdminStatus AdminStatus 86} 87 88// Contains information about the API action. 89type AwsApiCallAction struct { 90 91 // The AWS API name. 92 Api *string 93 94 // The AWS API caller type. 95 CallerType *string 96 97 // The domain information for the AWS API call. 98 DomainDetails *DomainDetails 99 100 // The error code of the failed AWS API action. 101 ErrorCode *string 102 103 // The remote IP information of the connection that initiated the AWS API call. 104 RemoteIpDetails *RemoteIpDetails 105 106 // The AWS service name whose API was invoked. 107 ServiceName *string 108} 109 110// Contains information on how the bucker owner's S3 Block Public Access settings 111// are being applied to the S3 bucket. See S3 Block Public Access 112// (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) 113// for more information. 114type BlockPublicAccess struct { 115 116 // Indicates if S3 Block Public Access is set to BlockPublicAcls. 117 BlockPublicAcls bool 118 119 // Indicates if S3 Block Public Access is set to BlockPublicPolicy. 120 BlockPublicPolicy bool 121 122 // Indicates if S3 Block Public Access is set to IgnorePublicAcls. 123 IgnorePublicAcls bool 124 125 // Indicates if S3 Block Public Access is set to RestrictPublicBuckets. 126 RestrictPublicBuckets bool 127} 128 129// Contains information about the bucket level permissions for the S3 bucket. 130type BucketLevelPermissions struct { 131 132 // Contains information on how Access Control Policies are applied to the bucket. 133 AccessControlList *AccessControlList 134 135 // Contains information on which account level S3 Block Public Access settings are 136 // applied to the S3 bucket. 137 BlockPublicAccess *BlockPublicAccess 138 139 // Contains information on the bucket policies for the S3 bucket. 140 BucketPolicy *BucketPolicy 141} 142 143// Contains information on the current bucket policies for the S3 bucket. 144type BucketPolicy struct { 145 146 // A value that indicates whether public read access for the bucket is enabled 147 // through a bucket policy. 148 AllowsPublicReadAccess bool 149 150 // A value that indicates whether public write access for the bucket is enabled 151 // through a bucket policy. 152 AllowsPublicWriteAccess bool 153} 154 155// Contains information about the city associated with the IP address. 156type City struct { 157 158 // The city name of the remote IP address. 159 CityName *string 160} 161 162// Contains information on the status of CloudTrail as a data source for the 163// detector. 164type CloudTrailConfigurationResult struct { 165 166 // Describes whether CloudTrail is enabled as a data source for the detector. 167 // 168 // This member is required. 169 Status DataSourceStatus 170} 171 172// Contains information about the condition. 173type Condition struct { 174 175 // Represents the equal condition to be applied to a single field when querying for 176 // findings. 177 // 178 // Deprecated: This member has been deprecated. 179 Eq []string 180 181 // Represents an equal condition to be applied to a single field when querying for 182 // findings. 183 Equals []string 184 185 // Represents a greater than condition to be applied to a single field when 186 // querying for findings. 187 GreaterThan int64 188 189 // Represents a greater than or equal condition to be applied to a single field 190 // when querying for findings. 191 GreaterThanOrEqual int64 192 193 // Represents a greater than condition to be applied to a single field when 194 // querying for findings. 195 // 196 // Deprecated: This member has been deprecated. 197 Gt int32 198 199 // Represents a greater than or equal condition to be applied to a single field 200 // when querying for findings. 201 // 202 // Deprecated: This member has been deprecated. 203 Gte int32 204 205 // Represents a less than condition to be applied to a single field when querying 206 // for findings. 207 LessThan int64 208 209 // Represents a less than or equal condition to be applied to a single field when 210 // querying for findings. 211 LessThanOrEqual int64 212 213 // Represents a less than condition to be applied to a single field when querying 214 // for findings. 215 // 216 // Deprecated: This member has been deprecated. 217 Lt int32 218 219 // Represents a less than or equal condition to be applied to a single field when 220 // querying for findings. 221 // 222 // Deprecated: This member has been deprecated. 223 Lte int32 224 225 // Represents the not equal condition to be applied to a single field when querying 226 // for findings. 227 // 228 // Deprecated: This member has been deprecated. 229 Neq []string 230 231 // Represents a not equal condition to be applied to a single field when querying 232 // for findings. 233 NotEquals []string 234} 235 236// Contains information about the country where the remote IP address is located. 237type Country struct { 238 239 // The country code of the remote IP address. 240 CountryCode *string 241 242 // The country name of the remote IP address. 243 CountryName *string 244} 245 246// Contains information about which data sources are enabled. 247type DataSourceConfigurations struct { 248 249 // Describes whether S3 data event logs are enabled as a data source. 250 S3Logs *S3LogsConfiguration 251} 252 253// Contains information on the status of data sources for the detector. 254type DataSourceConfigurationsResult struct { 255 256 // An object that contains information on the status of CloudTrail as a data 257 // source. 258 // 259 // This member is required. 260 CloudTrail *CloudTrailConfigurationResult 261 262 // An object that contains information on the status of DNS logs as a data source. 263 // 264 // This member is required. 265 DNSLogs *DNSLogsConfigurationResult 266 267 // An object that contains information on the status of VPC flow logs as a data 268 // source. 269 // 270 // This member is required. 271 FlowLogs *FlowLogsConfigurationResult 272 273 // An object that contains information on the status of S3 Data event logs as a 274 // data source. 275 // 276 // This member is required. 277 S3Logs *S3LogsConfigurationResult 278} 279 280// Contains information on the server side encryption method used in the S3 bucket. 281// See S3 Server-Side Encryption 282// (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) for 283// more information. 284type DefaultServerSideEncryption struct { 285 286 // The type of encryption used for objects within the S3 bucket. 287 EncryptionType *string 288 289 // The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the 290 // bucket EncryptionType is aws:kms. 291 KmsMasterKeyArn *string 292} 293 294// Contains information about the publishing destination, including the ID, type, 295// and status. 296type Destination struct { 297 298 // The unique ID of the publishing destination. 299 // 300 // This member is required. 301 DestinationId *string 302 303 // The type of resource used for the publishing destination. Currently, only Amazon 304 // S3 buckets are supported. 305 // 306 // This member is required. 307 DestinationType DestinationType 308 309 // The status of the publishing destination. 310 // 311 // This member is required. 312 Status PublishingStatus 313} 314 315// Contains the Amazon Resource Name (ARN) of the resource to publish to, such as 316// an S3 bucket, and the ARN of the KMS key to use to encrypt published findings. 317type DestinationProperties struct { 318 319 // The ARN of the resource to publish to. 320 DestinationArn *string 321 322 // The ARN of the KMS key to use for encryption. 323 KmsKeyArn *string 324} 325 326// Contains information on the status of DNS logs as a data source. 327type DNSLogsConfigurationResult struct { 328 329 // Denotes whether DNS logs is enabled as a data source. 330 // 331 // This member is required. 332 Status DataSourceStatus 333} 334 335// Contains information about the DNS_REQUEST action described in this finding. 336type DnsRequestAction struct { 337 338 // The domain information for the API request. 339 Domain *string 340} 341 342// Contains information about the domain. 343type DomainDetails struct { 344 345 // The domain information for the AWS API call. 346 Domain *string 347} 348 349// Contains information about the reason that the finding was generated. 350type Evidence struct { 351 352 // A list of threat intelligence details related to the evidence. 353 ThreatIntelligenceDetails []ThreatIntelligenceDetail 354} 355 356// Contains information about the finding, which is generated when abnormal or 357// suspicious activity is detected. 358type Finding struct { 359 360 // The ID of the account in which the finding was generated. 361 // 362 // This member is required. 363 AccountId *string 364 365 // The ARN of the finding. 366 // 367 // This member is required. 368 Arn *string 369 370 // The time and date when the finding was created. 371 // 372 // This member is required. 373 CreatedAt *string 374 375 // The ID of the finding. 376 // 377 // This member is required. 378 Id *string 379 380 // The Region where the finding was generated. 381 // 382 // This member is required. 383 Region *string 384 385 // Contains information about the AWS resource associated with the activity that 386 // prompted GuardDuty to generate a finding. 387 // 388 // This member is required. 389 Resource *Resource 390 391 // The version of the schema used for the finding. 392 // 393 // This member is required. 394 SchemaVersion *string 395 396 // The severity of the finding. 397 // 398 // This member is required. 399 Severity float64 400 401 // The type of finding. 402 // 403 // This member is required. 404 Type *string 405 406 // The time and date when the finding was last updated. 407 // 408 // This member is required. 409 UpdatedAt *string 410 411 // The confidence score for the finding. 412 Confidence float64 413 414 // The description of the finding. 415 Description *string 416 417 // The partition associated with the finding. 418 Partition *string 419 420 // Contains additional information about the generated finding. 421 Service *Service 422 423 // The title of the finding. 424 Title *string 425} 426 427// Contains information about the criteria used for querying findings. 428type FindingCriteria struct { 429 430 // Represents a map of finding properties that match specified conditions and 431 // values when querying findings. 432 Criterion map[string]Condition 433} 434 435// Contains information about finding statistics. 436type FindingStatistics struct { 437 438 // Represents a map of severity to count statistics for a set of findings. 439 CountBySeverity map[string]int32 440} 441 442// Contains information on the status of VPC flow logs as a data source. 443type FlowLogsConfigurationResult struct { 444 445 // Denotes whether VPC flow logs is enabled as a data source. 446 // 447 // This member is required. 448 Status DataSourceStatus 449} 450 451// Contains information about the location of the remote IP address. 452type GeoLocation struct { 453 454 // The latitude information of the remote IP address. 455 Lat float64 456 457 // The longitude information of the remote IP address. 458 Lon float64 459} 460 461// Contains information about the EC2 instance profile. 462type IamInstanceProfile struct { 463 464 // The profile ARN of the EC2 instance. 465 Arn *string 466 467 // The profile ID of the EC2 instance. 468 Id *string 469} 470 471// Contains information about the details of an instance. 472type InstanceDetails struct { 473 474 // The Availability Zone of the EC2 instance. 475 AvailabilityZone *string 476 477 // The profile information of the EC2 instance. 478 IamInstanceProfile *IamInstanceProfile 479 480 // The image description of the EC2 instance. 481 ImageDescription *string 482 483 // The image ID of the EC2 instance. 484 ImageId *string 485 486 // The ID of the EC2 instance. 487 InstanceId *string 488 489 // The state of the EC2 instance. 490 InstanceState *string 491 492 // The type of the EC2 instance. 493 InstanceType *string 494 495 // The launch time of the EC2 instance. 496 LaunchTime *string 497 498 // The elastic network interface information of the EC2 instance. 499 NetworkInterfaces []NetworkInterface 500 501 // The Amazon Resource Name (ARN) of the AWS Outpost. Only applicable to AWS 502 // Outposts instances. 503 OutpostArn *string 504 505 // The platform of the EC2 instance. 506 Platform *string 507 508 // The product code of the EC2 instance. 509 ProductCodes []ProductCode 510 511 // The tags of the EC2 instance. 512 Tags []Tag 513} 514 515// Contains information about the invitation to become a member account. 516type Invitation struct { 517 518 // The ID of the account that the invitation was sent from. 519 AccountId *string 520 521 // The ID of the invitation. This value is used to validate the inviter account to 522 // the member account. 523 InvitationId *string 524 525 // The timestamp when the invitation was sent. 526 InvitedAt *string 527 528 // The status of the relationship between the inviter and invitee accounts. 529 RelationshipStatus *string 530} 531 532// Contains information about the local IP address of the connection. 533type LocalIpDetails struct { 534 535 // The IPv4 local address of the connection. 536 IpAddressV4 *string 537} 538 539// Contains information about the port for the local connection. 540type LocalPortDetails struct { 541 542 // The port number of the local connection. 543 Port int32 544 545 // The port name of the local connection. 546 PortName *string 547} 548 549// Contains information about the administrator account and invitation. 550type Master struct { 551 552 // The ID of the account used as the administrator account. 553 AccountId *string 554 555 // The value used to validate the administrator account to the member account. 556 InvitationId *string 557 558 // The timestamp when the invitation was sent. 559 InvitedAt *string 560 561 // The status of the relationship between the administrator and member accounts. 562 RelationshipStatus *string 563} 564 565// Contains information about the member account. 566type Member struct { 567 568 // The ID of the member account. 569 // 570 // This member is required. 571 AccountId *string 572 573 // The email address of the member account. 574 // 575 // This member is required. 576 Email *string 577 578 // The administrator account ID. 579 // 580 // This member is required. 581 MasterId *string 582 583 // The status of the relationship between the member and the administrator. 584 // 585 // This member is required. 586 RelationshipStatus *string 587 588 // The last-updated timestamp of the member. 589 // 590 // This member is required. 591 UpdatedAt *string 592 593 // The detector ID of the member account. 594 DetectorId *string 595 596 // The timestamp when the invitation was sent. 597 InvitedAt *string 598} 599 600// Contains information on which data sources are enabled for a member account. 601type MemberDataSourceConfiguration struct { 602 603 // The account ID for the member account. 604 // 605 // This member is required. 606 AccountId *string 607 608 // Contains information on the status of data sources for the account. 609 // 610 // This member is required. 611 DataSources *DataSourceConfigurationsResult 612} 613 614// Contains information about the NETWORK_CONNECTION action described in the 615// finding. 616type NetworkConnectionAction struct { 617 618 // Indicates whether EC2 blocked the network connection to your instance. 619 Blocked bool 620 621 // The network connection direction. 622 ConnectionDirection *string 623 624 // The local IP information of the connection. 625 LocalIpDetails *LocalIpDetails 626 627 // The local port information of the connection. 628 LocalPortDetails *LocalPortDetails 629 630 // The network connection protocol. 631 Protocol *string 632 633 // The remote IP information of the connection. 634 RemoteIpDetails *RemoteIpDetails 635 636 // The remote port information of the connection. 637 RemotePortDetails *RemotePortDetails 638} 639 640// Contains information about the elastic network interface of the EC2 instance. 641type NetworkInterface struct { 642 643 // A list of IPv6 addresses for the EC2 instance. 644 Ipv6Addresses []string 645 646 // The ID of the network interface. 647 NetworkInterfaceId *string 648 649 // The private DNS name of the EC2 instance. 650 PrivateDnsName *string 651 652 // The private IP address of the EC2 instance. 653 PrivateIpAddress *string 654 655 // Other private IP address information of the EC2 instance. 656 PrivateIpAddresses []PrivateIpAddressDetails 657 658 // The public DNS name of the EC2 instance. 659 PublicDnsName *string 660 661 // The public IP address of the EC2 instance. 662 PublicIp *string 663 664 // The security groups associated with the EC2 instance. 665 SecurityGroups []SecurityGroup 666 667 // The subnet ID of the EC2 instance. 668 SubnetId *string 669 670 // The VPC ID of the EC2 instance. 671 VpcId *string 672} 673 674// Contains information about the ISP organization of the remote IP address. 675type Organization struct { 676 677 // The Autonomous System Number (ASN) of the internet provider of the remote IP 678 // address. 679 Asn *string 680 681 // The organization that registered this ASN. 682 AsnOrg *string 683 684 // The ISP information for the internet provider. 685 Isp *string 686 687 // The name of the internet provider. 688 Org *string 689} 690 691// An object that contains information on which data sources will be configured to 692// be automatically enabled for new members within the organization. 693type OrganizationDataSourceConfigurations struct { 694 695 // Describes whether S3 data event logs are enabled for new members of the 696 // organization. 697 S3Logs *OrganizationS3LogsConfiguration 698} 699 700// An object that contains information on which data sources are automatically 701// enabled for new members within the organization. 702type OrganizationDataSourceConfigurationsResult struct { 703 704 // Describes whether S3 data event logs are enabled as a data source. 705 // 706 // This member is required. 707 S3Logs *OrganizationS3LogsConfigurationResult 708} 709 710// Describes whether S3 data event logs will be automatically enabled for new 711// members of the organization. 712type OrganizationS3LogsConfiguration struct { 713 714 // A value that contains information on whether S3 data event logs will be enabled 715 // automatically as a data source for the organization. 716 // 717 // This member is required. 718 AutoEnable bool 719} 720 721// The current configuration of S3 data event logs as a data source for the 722// organization. 723type OrganizationS3LogsConfigurationResult struct { 724 725 // A value that describes whether S3 data event logs are automatically enabled for 726 // new members of the organization. 727 // 728 // This member is required. 729 AutoEnable bool 730} 731 732// Contains information on the owner of the bucket. 733type Owner struct { 734 735 // The canonical user ID of the bucket owner. For information about locating your 736 // canonical user ID see Finding Your Account Canonical User ID. 737 // (https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId) 738 Id *string 739} 740 741// Contains information about how permissions are configured for the S3 bucket. 742type PermissionConfiguration struct { 743 744 // Contains information about the account level permissions on the S3 bucket. 745 AccountLevelPermissions *AccountLevelPermissions 746 747 // Contains information about the bucket level permissions for the S3 bucket. 748 BucketLevelPermissions *BucketLevelPermissions 749} 750 751// Contains information about the PORT_PROBE action described in the finding. 752type PortProbeAction struct { 753 754 // Indicates whether EC2 blocked the port probe to the instance, such as with an 755 // ACL. 756 Blocked bool 757 758 // A list of objects related to port probe details. 759 PortProbeDetails []PortProbeDetail 760} 761 762// Contains information about the port probe details. 763type PortProbeDetail struct { 764 765 // The local IP information of the connection. 766 LocalIpDetails *LocalIpDetails 767 768 // The local port information of the connection. 769 LocalPortDetails *LocalPortDetails 770 771 // The remote IP information of the connection. 772 RemoteIpDetails *RemoteIpDetails 773} 774 775// Contains other private IP address information of the EC2 instance. 776type PrivateIpAddressDetails struct { 777 778 // The private DNS name of the EC2 instance. 779 PrivateDnsName *string 780 781 // The private IP address of the EC2 instance. 782 PrivateIpAddress *string 783} 784 785// Contains information about the product code for the EC2 instance. 786type ProductCode struct { 787 788 // The product code information. 789 Code *string 790 791 // The product code type. 792 ProductType *string 793} 794 795// Describes the public access policies that apply to the S3 bucket. 796type PublicAccess struct { 797 798 // Describes the effective permission on this bucket after factoring all attached 799 // policies. 800 EffectivePermission *string 801 802 // Contains information about how permissions are configured for the S3 bucket. 803 PermissionConfiguration *PermissionConfiguration 804} 805 806// Contains information about the remote IP address of the connection. 807type RemoteIpDetails struct { 808 809 // The city information of the remote IP address. 810 City *City 811 812 // The country code of the remote IP address. 813 Country *Country 814 815 // The location information of the remote IP address. 816 GeoLocation *GeoLocation 817 818 // The IPv4 remote address of the connection. 819 IpAddressV4 *string 820 821 // The ISP organization information of the remote IP address. 822 Organization *Organization 823} 824 825// Contains information about the remote port. 826type RemotePortDetails struct { 827 828 // The port number of the remote connection. 829 Port int32 830 831 // The port name of the remote connection. 832 PortName *string 833} 834 835// Contains information about the AWS resource associated with the activity that 836// prompted GuardDuty to generate a finding. 837type Resource struct { 838 839 // The IAM access key details (IAM user information) of a user that engaged in the 840 // activity that prompted GuardDuty to generate a finding. 841 AccessKeyDetails *AccessKeyDetails 842 843 // The information about the EC2 instance associated with the activity that 844 // prompted GuardDuty to generate a finding. 845 InstanceDetails *InstanceDetails 846 847 // The type of AWS resource. 848 ResourceType *string 849 850 // Contains information on the S3 bucket. 851 S3BucketDetails []S3BucketDetail 852} 853 854// Contains information on the S3 bucket. 855type S3BucketDetail struct { 856 857 // The Amazon Resource Name (ARN) of the S3 bucket. 858 Arn *string 859 860 // The date and time the bucket was created at. 861 CreatedAt *time.Time 862 863 // Describes the server side encryption method used in the S3 bucket. 864 DefaultServerSideEncryption *DefaultServerSideEncryption 865 866 // The name of the S3 bucket. 867 Name *string 868 869 // The owner of the S3 bucket. 870 Owner *Owner 871 872 // Describes the public access policies that apply to the S3 bucket. 873 PublicAccess *PublicAccess 874 875 // All tags attached to the S3 bucket 876 Tags []Tag 877 878 // Describes whether the bucket is a source or destination bucket. 879 Type *string 880} 881 882// Describes whether S3 data event logs will be enabled as a data source. 883type S3LogsConfiguration struct { 884 885 // The status of S3 data event logs as a data source. 886 // 887 // This member is required. 888 Enable bool 889} 890 891// Describes whether S3 data event logs will be enabled as a data source. 892type S3LogsConfigurationResult struct { 893 894 // A value that describes whether S3 data event logs are automatically enabled for 895 // new members of the organization. 896 // 897 // This member is required. 898 Status DataSourceStatus 899} 900 901// Contains information about the security groups associated with the EC2 instance. 902type SecurityGroup struct { 903 904 // The security group ID of the EC2 instance. 905 GroupId *string 906 907 // The security group name of the EC2 instance. 908 GroupName *string 909} 910 911// Contains additional information about the generated finding. 912type Service struct { 913 914 // Information about the activity that is described in a finding. 915 Action *Action 916 917 // Indicates whether this finding is archived. 918 Archived bool 919 920 // The total count of the occurrences of this finding type. 921 Count int32 922 923 // The detector ID for the GuardDuty service. 924 DetectorId *string 925 926 // The first-seen timestamp of the activity that prompted GuardDuty to generate 927 // this finding. 928 EventFirstSeen *string 929 930 // The last-seen timestamp of the activity that prompted GuardDuty to generate this 931 // finding. 932 EventLastSeen *string 933 934 // An evidence object associated with the service. 935 Evidence *Evidence 936 937 // The resource role information for this finding. 938 ResourceRole *string 939 940 // The name of the AWS service (GuardDuty) that generated a finding. 941 ServiceName *string 942 943 // Feedback that was submitted about the finding. 944 UserFeedback *string 945} 946 947// Contains information about the criteria used for sorting findings. 948type SortCriteria struct { 949 950 // Represents the finding attribute (for example, accountId) to sort findings by. 951 AttributeName *string 952 953 // The order by which the sorted findings are to be displayed. 954 OrderBy OrderBy 955} 956 957// Contains information about a tag associated with the EC2 instance. 958type Tag struct { 959 960 // The EC2 instance tag key. 961 Key *string 962 963 // The EC2 instance tag value. 964 Value *string 965} 966 967// An instance of a threat intelligence detail that constitutes evidence for the 968// finding. 969type ThreatIntelligenceDetail struct { 970 971 // The name of the threat intelligence list that triggered the finding. 972 ThreatListName *string 973 974 // A list of names of the threats in the threat intelligence list that triggered 975 // the finding. 976 ThreatNames []string 977} 978 979// Contains the total usage with the corresponding currency unit for that value. 980type Total struct { 981 982 // The total usage. 983 Amount *string 984 985 // The currency unit that the amount is given in. 986 Unit *string 987} 988 989// Contains information about the accounts that weren't processed. 990type UnprocessedAccount struct { 991 992 // The AWS account ID. 993 // 994 // This member is required. 995 AccountId *string 996 997 // A reason why the account hasn't been processed. 998 // 999 // This member is required. 1000 Result *string 1001} 1002 1003// Contains information on the total of usage based on account IDs. 1004type UsageAccountResult struct { 1005 1006 // The Account ID that generated usage. 1007 AccountId *string 1008 1009 // Represents the total of usage for the Account ID. 1010 Total *Total 1011} 1012 1013// Contains information about the criteria used to query usage statistics. 1014type UsageCriteria struct { 1015 1016 // The data sources to aggregate usage statistics from. 1017 // 1018 // This member is required. 1019 DataSources []DataSource 1020 1021 // The account IDs to aggregate usage statistics from. 1022 AccountIds []string 1023 1024 // The resources to aggregate usage statistics from. Only accepts exact resource 1025 // names. 1026 Resources []string 1027} 1028 1029// Contains information on the result of usage based on data source type. 1030type UsageDataSourceResult struct { 1031 1032 // The data source type that generated usage. 1033 DataSource DataSource 1034 1035 // Represents the total of usage for the specified data source. 1036 Total *Total 1037} 1038 1039// Contains information on the sum of usage based on an AWS resource. 1040type UsageResourceResult struct { 1041 1042 // The AWS resource that generated usage. 1043 Resource *string 1044 1045 // Represents the sum total of usage for the specified resource type. 1046 Total *Total 1047} 1048 1049// Contains the result of GuardDuty usage. If a UsageStatisticType is provided the 1050// result for other types will be null. 1051type UsageStatistics struct { 1052 1053 // The usage statistic sum organized by account ID. 1054 SumByAccount []UsageAccountResult 1055 1056 // The usage statistic sum organized by on data source. 1057 SumByDataSource []UsageDataSourceResult 1058 1059 // The usage statistic sum organized by resource. 1060 SumByResource []UsageResourceResult 1061 1062 // Lists the top 50 resources that have generated the most GuardDuty usage, in 1063 // order from most to least expensive. 1064 TopResources []UsageResourceResult 1065} 1066