GUARDDUTY
AcceptAdministratorInvitation
valid {
input.Body.administratorId == STRING
input.Body.invitationId == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AcceptInvitation
valid {
input.Body.masterId == STRING
input.Body.invitationId == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ArchiveFindings
valid {
input.Body.findingIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateDetector
enum_DetectorFeature := [ "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING" ]
enum_FeatureAdditionalConfiguration := [ "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT" ]
enum_FeatureStatus := [ "ENABLED", "DISABLED" ]
enum_FindingPublishingFrequency := [ "FIFTEEN_MINUTES", "ONE_HOUR", "SIX_HOURS" ]
valid {
input.Body.enable == BOOLEAN
input.Body.clientToken == STRING
input.Body.findingPublishingFrequency == enum_FindingPublishingFrequency[_]
input.Body.dataSources.s3Logs.enable == BOOLEAN
input.Body.dataSources.kubernetes.auditLogs.enable == BOOLEAN
input.Body.dataSources.malwareProtection.scanEc2InstanceWithFindings.ebsVolumes == BOOLEAN
input.Body.tags.STRING == STRING
input.Body.features[_].name == enum_DetectorFeature[_]
input.Body.features[_].status == enum_FeatureStatus[_]
input.Body.features[_].additionalConfiguration[_].name == enum_FeatureAdditionalConfiguration[_]
input.Body.features[_].additionalConfiguration[_].status == enum_FeatureStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateFilter
enum_FilterAction := [ "NOOP", "ARCHIVE" ]
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.action == enum_FilterAction[_]
input.Body.rank == INTEGER
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == INTEGER
input.Body.findingCriteria.criterion.STRING.gte == INTEGER
input.Body.findingCriteria.criterion.STRING.lt == INTEGER
input.Body.findingCriteria.criterion.STRING.lte == INTEGER
input.Body.findingCriteria.criterion.STRING.equals[_] == STRING
input.Body.findingCriteria.criterion.STRING.notEquals[_] == STRING
input.Body.findingCriteria.criterion.STRING.greaterThan == LONG
input.Body.findingCriteria.criterion.STRING.greaterThanOrEqual == LONG
input.Body.findingCriteria.criterion.STRING.lessThan == LONG
input.Body.findingCriteria.criterion.STRING.lessThanOrEqual == LONG
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateIPSet
enum_IpSetFormat := [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ]
valid {
input.Body.name == STRING
input.Body.format == enum_IpSetFormat[_]
input.Body.location == STRING
input.Body.activate == BOOLEAN
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateMembers
valid {
input.Body.accountDetails[_].accountId == STRING
input.Body.accountDetails[_].email == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePublishingDestination
enum_DestinationType := [ "S3" ]
valid {
input.Body.destinationType == enum_DestinationType[_]
input.Body.destinationProperties.destinationArn == STRING
input.Body.destinationProperties.kmsKeyArn == STRING
input.Body.clientToken == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateSampleFindings
valid {
input.Body.findingTypes[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateThreatIntelSet
enum_ThreatIntelSetFormat := [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ]
valid {
input.Body.name == STRING
input.Body.format == enum_ThreatIntelSetFormat[_]
input.Body.location == STRING
input.Body.activate == BOOLEAN
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeclineInvitations
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteDetector
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFilter
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.filterName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteIPSet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.ipSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteInvitations
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePublishingDestination
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.destinationId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteThreatIntelSet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.threatIntelSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeMalwareScans
enum_CriterionKey := [ "EC2_INSTANCE_ARN", "SCAN_ID", "ACCOUNT_ID", "GUARDDUTY_FINDING_ID", "SCAN_START_TIME", "SCAN_STATUS", "SCAN_TYPE" ]
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filterCriteria.filterCriterion[_].criterionKey == enum_CriterionKey[_]
input.Body.filterCriteria.filterCriterion[_].filterCondition.equalsValue == STRING
input.Body.filterCriteria.filterCriterion[_].filterCondition.greaterThan == LONG
input.Body.filterCriteria.filterCriterion[_].filterCondition.lessThan == LONG
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeOrganizationConfiguration
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribePublishingDestination
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.destinationId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateFromAdministratorAccount
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateFromMasterAccount
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAdministratorAccount
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCoverageStatistics
enum_CoverageFilterCriterionKey := [ "ACCOUNT_ID", "CLUSTER_NAME", "RESOURCE_TYPE", "COVERAGE_STATUS", "ADDON_VERSION", "MANAGEMENT_TYPE", "EKS_CLUSTER_NAME", "ECS_CLUSTER_NAME", "AGENT_VERSION", "INSTANCE_ID", "CLUSTER_ARN" ]
enum_CoverageStatisticsType := [ "COUNT_BY_RESOURCE_TYPE", "COUNT_BY_COVERAGE_STATUS" ]
valid {
input.Body.filterCriteria.filterCriterion[_].criterionKey == enum_CoverageFilterCriterionKey[_]
input.Body.filterCriteria.filterCriterion[_].filterCondition.equals[_] == STRING
input.Body.filterCriteria.filterCriterion[_].filterCondition.notEquals[_] == STRING
input.Body.statisticsType[_] == enum_CoverageStatisticsType[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetDetector
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFilter
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.filterName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFindings
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.findingIds[_] == STRING
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFindingsStatistics
enum_FindingStatisticType := [ "COUNT_BY_SEVERITY" ]
valid {
input.Body.findingStatisticTypes[_] == enum_FindingStatisticType[_]
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == INTEGER
input.Body.findingCriteria.criterion.STRING.gte == INTEGER
input.Body.findingCriteria.criterion.STRING.lt == INTEGER
input.Body.findingCriteria.criterion.STRING.lte == INTEGER
input.Body.findingCriteria.criterion.STRING.equals[_] == STRING
input.Body.findingCriteria.criterion.STRING.notEquals[_] == STRING
input.Body.findingCriteria.criterion.STRING.greaterThan == LONG
input.Body.findingCriteria.criterion.STRING.greaterThanOrEqual == LONG
input.Body.findingCriteria.criterion.STRING.lessThan == LONG
input.Body.findingCriteria.criterion.STRING.lessThanOrEqual == LONG
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetIPSet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.ipSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetInvitationsCount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMalwareScanSettings
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMasterAccount
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMemberDetectors
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetOrganizationStatistics
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRemainingFreeTrialDays
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetThreatIntelSet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.threatIntelSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUsageStatistics
enum_DataSource := [ "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_LOGS", "KUBERNETES_AUDIT_LOGS", "EC2_MALWARE_SCAN" ]
enum_UsageFeature := [ "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "LAMBDA_NETWORK_LOGS", "EKS_RUNTIME_MONITORING", "FARGATE_RUNTIME_MONITORING", "EC2_RUNTIME_MONITORING", "RDS_DBI_PROTECTION_PROVISIONED", "RDS_DBI_PROTECTION_SERVERLESS" ]
enum_UsageStatisticType := [ "SUM_BY_ACCOUNT", "SUM_BY_DATA_SOURCE", "SUM_BY_RESOURCE", "TOP_RESOURCES", "SUM_BY_FEATURES", "TOP_ACCOUNTS_BY_FEATURE" ]
valid {
input.Body.usageStatisticsType == enum_UsageStatisticType[_]
input.Body.usageCriteria.accountIds[_] == STRING
input.Body.usageCriteria.dataSources[_] == enum_DataSource[_]
input.Body.usageCriteria.resources[_] == STRING
input.Body.usageCriteria.features[_] == enum_UsageFeature[_]
input.Body.unit == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
InviteMembers
valid {
input.Body.accountIds[_] == STRING
input.Body.disableEmailNotification == BOOLEAN
input.Body.message == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCoverage
enum_CoverageFilterCriterionKey := [ "ACCOUNT_ID", "CLUSTER_NAME", "RESOURCE_TYPE", "COVERAGE_STATUS", "ADDON_VERSION", "MANAGEMENT_TYPE", "EKS_CLUSTER_NAME", "ECS_CLUSTER_NAME", "AGENT_VERSION", "INSTANCE_ID", "CLUSTER_ARN" ]
enum_CoverageSortKey := [ "ACCOUNT_ID", "CLUSTER_NAME", "COVERAGE_STATUS", "ISSUE", "ADDON_VERSION", "UPDATED_AT", "EKS_CLUSTER_NAME", "ECS_CLUSTER_NAME", "INSTANCE_ID" ]
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filterCriteria.filterCriterion[_].criterionKey == enum_CoverageFilterCriterionKey[_]
input.Body.filterCriteria.filterCriterion[_].filterCondition.equals[_] == STRING
input.Body.filterCriteria.filterCriterion[_].filterCondition.notEquals[_] == STRING
input.Body.sortCriteria.attributeName == enum_CoverageSortKey[_]
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListDetectors
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFilters
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFindings
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == INTEGER
input.Body.findingCriteria.criterion.STRING.gte == INTEGER
input.Body.findingCriteria.criterion.STRING.lt == INTEGER
input.Body.findingCriteria.criterion.STRING.lte == INTEGER
input.Body.findingCriteria.criterion.STRING.equals[_] == STRING
input.Body.findingCriteria.criterion.STRING.notEquals[_] == STRING
input.Body.findingCriteria.criterion.STRING.greaterThan == LONG
input.Body.findingCriteria.criterion.STRING.greaterThanOrEqual == LONG
input.Body.findingCriteria.criterion.STRING.lessThan == LONG
input.Body.findingCriteria.criterion.STRING.lessThanOrEqual == LONG
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListIPSets
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListInvitations
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListMembers
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.Qs.onlyAssociated == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListOrganizationAdminAccounts
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPublishingDestinations
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListThreatIntelSets
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartMalwareScan
valid {
input.Body.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartMonitoringMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StopMonitoringMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UnarchiveFindings
valid {
input.Body.findingIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateDetector
enum_DetectorFeature := [ "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING" ]
enum_FeatureAdditionalConfiguration := [ "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT" ]
enum_FeatureStatus := [ "ENABLED", "DISABLED" ]
enum_FindingPublishingFrequency := [ "FIFTEEN_MINUTES", "ONE_HOUR", "SIX_HOURS" ]
valid {
input.Body.enable == BOOLEAN
input.Body.findingPublishingFrequency == enum_FindingPublishingFrequency[_]
input.Body.dataSources.s3Logs.enable == BOOLEAN
input.Body.dataSources.kubernetes.auditLogs.enable == BOOLEAN
input.Body.dataSources.malwareProtection.scanEc2InstanceWithFindings.ebsVolumes == BOOLEAN
input.Body.features[_].name == enum_DetectorFeature[_]
input.Body.features[_].status == enum_FeatureStatus[_]
input.Body.features[_].additionalConfiguration[_].name == enum_FeatureAdditionalConfiguration[_]
input.Body.features[_].additionalConfiguration[_].status == enum_FeatureStatus[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFilter
enum_FilterAction := [ "NOOP", "ARCHIVE" ]
valid {
input.Body.description == STRING
input.Body.action == enum_FilterAction[_]
input.Body.rank == INTEGER
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == INTEGER
input.Body.findingCriteria.criterion.STRING.gte == INTEGER
input.Body.findingCriteria.criterion.STRING.lt == INTEGER
input.Body.findingCriteria.criterion.STRING.lte == INTEGER
input.Body.findingCriteria.criterion.STRING.equals[_] == STRING
input.Body.findingCriteria.criterion.STRING.notEquals[_] == STRING
input.Body.findingCriteria.criterion.STRING.greaterThan == LONG
input.Body.findingCriteria.criterion.STRING.greaterThanOrEqual == LONG
input.Body.findingCriteria.criterion.STRING.lessThan == LONG
input.Body.findingCriteria.criterion.STRING.lessThanOrEqual == LONG
input.ReqMap.detectorId == STRING
input.ReqMap.filterName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFindingsFeedback
enum_Feedback := [ "USEFUL", "NOT_USEFUL" ]
valid {
input.Body.findingIds[_] == STRING
input.Body.feedback == enum_Feedback[_]
input.Body.comments == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateIPSet
valid {
input.Body.name == STRING
input.Body.location == STRING
input.Body.activate == BOOLEAN
input.ReqMap.detectorId == STRING
input.ReqMap.ipSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateMalwareScanSettings
enum_EbsSnapshotPreservation := [ "NO_RETENTION", "RETENTION_WITH_FINDING" ]
valid {
input.Body.scanResourceCriteria.include.EC2_INSTANCE_TAG.mapEquals[_].key == STRING
input.Body.scanResourceCriteria.include.EC2_INSTANCE_TAG.mapEquals[_].value == STRING
input.Body.scanResourceCriteria.exclude.EC2_INSTANCE_TAG.mapEquals[_].key == STRING
input.Body.scanResourceCriteria.exclude.EC2_INSTANCE_TAG.mapEquals[_].value == STRING
input.Body.ebsSnapshotPreservation == enum_EbsSnapshotPreservation[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateMemberDetectors
enum_FeatureStatus := [ "ENABLED", "DISABLED" ]
enum_OrgFeature := [ "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING" ]
enum_OrgFeatureAdditionalConfiguration := [ "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT" ]
valid {
input.Body.accountIds[_] == STRING
input.Body.dataSources.s3Logs.enable == BOOLEAN
input.Body.dataSources.kubernetes.auditLogs.enable == BOOLEAN
input.Body.dataSources.malwareProtection.scanEc2InstanceWithFindings.ebsVolumes == BOOLEAN
input.Body.features[_].name == enum_OrgFeature[_]
input.Body.features[_].status == enum_FeatureStatus[_]
input.Body.features[_].additionalConfiguration[_].name == enum_OrgFeatureAdditionalConfiguration[_]
input.Body.features[_].additionalConfiguration[_].status == enum_FeatureStatus[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateOrganizationConfiguration
enum_AutoEnableMembers := [ "NEW", "ALL", "NONE" ]
enum_OrgFeature := [ "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING" ]
enum_OrgFeatureAdditionalConfiguration := [ "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT" ]
enum_OrgFeatureStatus := [ "NEW", "NONE", "ALL" ]
valid {
input.Body.autoEnable == BOOLEAN
input.Body.dataSources.s3Logs.autoEnable == BOOLEAN
input.Body.dataSources.kubernetes.auditLogs.autoEnable == BOOLEAN
input.Body.dataSources.malwareProtection.scanEc2InstanceWithFindings.ebsVolumes.autoEnable == BOOLEAN
input.Body.features[_].name == enum_OrgFeature[_]
input.Body.features[_].autoEnable == enum_OrgFeatureStatus[_]
input.Body.features[_].additionalConfiguration[_].name == enum_OrgFeatureAdditionalConfiguration[_]
input.Body.features[_].additionalConfiguration[_].autoEnable == enum_OrgFeatureStatus[_]
input.Body.autoEnableOrganizationMembers == enum_AutoEnableMembers[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdatePublishingDestination
valid {
input.Body.destinationProperties.destinationArn == STRING
input.Body.destinationProperties.kmsKeyArn == STRING
input.ReqMap.detectorId == STRING
input.ReqMap.destinationId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateThreatIntelSet
valid {
input.Body.name == STRING
input.Body.location == STRING
input.Body.activate == BOOLEAN
input.ReqMap.detectorId == STRING
input.ReqMap.threatIntelSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 7 days ago