GUARDDUTY
AcceptAdministratorInvitation
valid {
input.Body.administratorId == STRING
input.Body.invitationId == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AcceptInvitation
valid {
input.Body.masterId == STRING
input.Body.invitationId == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ArchiveFindings
valid {
input.Body.findingIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateDetector
enum_DetectorFeature := [ "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING" ]
enum_FeatureAdditionalConfiguration := [ "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT" ]
enum_FeatureStatus := [ "ENABLED", "DISABLED" ]
enum_FindingPublishingFrequency := [ "FIFTEEN_MINUTES", "ONE_HOUR", "SIX_HOURS" ]
valid {
input.Body.enable == BOOLEAN
input.Body.clientToken == STRING
input.Body.findingPublishingFrequency == enum_FindingPublishingFrequency[_]
input.Body.dataSources.s3Logs.enable == BOOLEAN
input.Body.dataSources.kubernetes.auditLogs.enable == BOOLEAN
input.Body.dataSources.malwareProtection.scanEc2InstanceWithFindings.ebsVolumes == BOOLEAN
input.Body.tags.STRING == STRING
input.Body.features[_].name == enum_DetectorFeature[_]
input.Body.features[_].status == enum_FeatureStatus[_]
input.Body.features[_].additionalConfiguration[_].name == enum_FeatureAdditionalConfiguration[_]
input.Body.features[_].additionalConfiguration[_].status == enum_FeatureStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateFilter
enum_FilterAction := [ "NOOP", "ARCHIVE" ]
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.action == enum_FilterAction[_]
input.Body.rank == INTEGER
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == INTEGER
input.Body.findingCriteria.criterion.STRING.gte == INTEGER
input.Body.findingCriteria.criterion.STRING.lt == INTEGER
input.Body.findingCriteria.criterion.STRING.lte == INTEGER
input.Body.findingCriteria.criterion.STRING.equals[_] == STRING
input.Body.findingCriteria.criterion.STRING.notEquals[_] == STRING
input.Body.findingCriteria.criterion.STRING.greaterThan == LONG
input.Body.findingCriteria.criterion.STRING.greaterThanOrEqual == LONG
input.Body.findingCriteria.criterion.STRING.lessThan == LONG
input.Body.findingCriteria.criterion.STRING.lessThanOrEqual == LONG
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateIPSet
enum_IpSetFormat := [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ]
valid {
input.Body.name == STRING
input.Body.format == enum_IpSetFormat[_]
input.Body.location == STRING
input.Body.activate == BOOLEAN
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.Body.expectedBucketOwner == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateMalwareProtectionPlan
enum_MalwareProtectionPlanTaggingActionStatus := [ "ENABLED", "DISABLED" ]
valid {
input.Body.clientToken == STRING
input.Body.role == STRING
input.Body.protectedResource.s3Bucket.bucketName == STRING
input.Body.protectedResource.s3Bucket.objectPrefixes[_] == STRING
input.Body.actions.tagging.status == enum_MalwareProtectionPlanTaggingActionStatus[_]
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateMembers
valid {
input.Body.accountDetails[_].accountId == STRING
input.Body.accountDetails[_].email == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreatePublishingDestination
enum_DestinationType := [ "S3" ]
valid {
input.Body.destinationType == enum_DestinationType[_]
input.Body.destinationProperties.destinationArn == STRING
input.Body.destinationProperties.kmsKeyArn == STRING
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateSampleFindings
valid {
input.Body.findingTypes[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateThreatEntitySet
enum_ThreatEntitySetFormat := [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ]
valid {
input.Body.name == STRING
input.Body.format == enum_ThreatEntitySetFormat[_]
input.Body.location == STRING
input.Body.expectedBucketOwner == STRING
input.Body.activate == BOOLEAN
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateThreatIntelSet
enum_ThreatIntelSetFormat := [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ]
valid {
input.Body.name == STRING
input.Body.format == enum_ThreatIntelSetFormat[_]
input.Body.location == STRING
input.Body.activate == BOOLEAN
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.Body.expectedBucketOwner == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateTrustedEntitySet
enum_TrustedEntitySetFormat := [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ]
valid {
input.Body.name == STRING
input.Body.format == enum_TrustedEntitySetFormat[_]
input.Body.location == STRING
input.Body.expectedBucketOwner == STRING
input.Body.activate == BOOLEAN
input.Body.clientToken == STRING
input.Body.tags.STRING == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeclineInvitations
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteDetector
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteFilter
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.filterName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteIPSet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.ipSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteInvitations
valid {
input.Body.accountIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteMalwareProtectionPlan
valid {
input.ReqMap.malwareProtectionPlanId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeletePublishingDestination
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.destinationId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteThreatEntitySet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.threatEntitySetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteThreatIntelSet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.threatIntelSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteTrustedEntitySet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.trustedEntitySetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeMalwareScans
enum_CriterionKey := [ "EC2_INSTANCE_ARN", "SCAN_ID", "ACCOUNT_ID", "GUARDDUTY_FINDING_ID", "SCAN_START_TIME", "SCAN_STATUS", "SCAN_TYPE" ]
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filterCriteria.filterCriterion[_].criterionKey == enum_CriterionKey[_]
input.Body.filterCriteria.filterCriterion[_].filterCondition.equalsValue == STRING
input.Body.filterCriteria.filterCriterion[_].filterCondition.greaterThan == LONG
input.Body.filterCriteria.filterCriterion[_].filterCondition.lessThan == LONG
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeOrganizationConfiguration
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribePublishingDestination
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.destinationId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisableOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisassociateFromAdministratorAccount
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisassociateFromMasterAccount
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisassociateMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}EnableOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetAdministratorAccount
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetCoverageStatistics
enum_CoverageFilterCriterionKey := [ "ACCOUNT_ID", "CLUSTER_NAME", "RESOURCE_TYPE", "COVERAGE_STATUS", "ADDON_VERSION", "MANAGEMENT_TYPE", "EKS_CLUSTER_NAME", "ECS_CLUSTER_NAME", "AGENT_VERSION", "INSTANCE_ID", "CLUSTER_ARN" ]
enum_CoverageStatisticsType := [ "COUNT_BY_RESOURCE_TYPE", "COUNT_BY_COVERAGE_STATUS" ]
valid {
input.Body.filterCriteria.filterCriterion[_].criterionKey == enum_CoverageFilterCriterionKey[_]
input.Body.filterCriteria.filterCriterion[_].filterCondition.equals[_] == STRING
input.Body.filterCriteria.filterCriterion[_].filterCondition.notEquals[_] == STRING
input.Body.statisticsType[_] == enum_CoverageStatisticsType[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetDetector
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetFilter
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.filterName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetFindings
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.findingIds[_] == STRING
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetFindingsStatistics
enum_FindingStatisticType := [ "COUNT_BY_SEVERITY" ]
enum_GroupByType := [ "ACCOUNT", "DATE", "FINDING_TYPE", "RESOURCE", "SEVERITY" ]
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.findingStatisticTypes[_] == enum_FindingStatisticType[_]
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == INTEGER
input.Body.findingCriteria.criterion.STRING.gte == INTEGER
input.Body.findingCriteria.criterion.STRING.lt == INTEGER
input.Body.findingCriteria.criterion.STRING.lte == INTEGER
input.Body.findingCriteria.criterion.STRING.equals[_] == STRING
input.Body.findingCriteria.criterion.STRING.notEquals[_] == STRING
input.Body.findingCriteria.criterion.STRING.greaterThan == LONG
input.Body.findingCriteria.criterion.STRING.greaterThanOrEqual == LONG
input.Body.findingCriteria.criterion.STRING.lessThan == LONG
input.Body.findingCriteria.criterion.STRING.lessThanOrEqual == LONG
input.Body.groupBy == enum_GroupByType[_]
input.Body.orderBy == enum_OrderBy[_]
input.Body.maxResults == INTEGER
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetIPSet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.ipSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetInvitationsCount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetMalwareProtectionPlan
valid {
input.ReqMap.malwareProtectionPlanId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetMalwareScanSettings
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetMasterAccount
valid {
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetMemberDetectors
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetOrganizationStatistics
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetRemainingFreeTrialDays
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetThreatEntitySet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.threatEntitySetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetThreatIntelSet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.threatIntelSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetTrustedEntitySet
valid {
input.ReqMap.detectorId == STRING
input.ReqMap.trustedEntitySetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetUsageStatistics
enum_DataSource := [ "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_LOGS", "KUBERNETES_AUDIT_LOGS", "EC2_MALWARE_SCAN" ]
enum_UsageFeature := [ "FLOW_LOGS", "CLOUD_TRAIL", "DNS_LOGS", "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "LAMBDA_NETWORK_LOGS", "EKS_RUNTIME_MONITORING", "FARGATE_RUNTIME_MONITORING", "EC2_RUNTIME_MONITORING", "RDS_DBI_PROTECTION_PROVISIONED", "RDS_DBI_PROTECTION_SERVERLESS" ]
enum_UsageStatisticType := [ "SUM_BY_ACCOUNT", "SUM_BY_DATA_SOURCE", "SUM_BY_RESOURCE", "TOP_RESOURCES", "SUM_BY_FEATURES", "TOP_ACCOUNTS_BY_FEATURE" ]
valid {
input.Body.usageStatisticsType == enum_UsageStatisticType[_]
input.Body.usageCriteria.accountIds[_] == STRING
input.Body.usageCriteria.dataSources[_] == enum_DataSource[_]
input.Body.usageCriteria.resources[_] == STRING
input.Body.usageCriteria.features[_] == enum_UsageFeature[_]
input.Body.unit == STRING
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}InviteMembers
valid {
input.Body.accountIds[_] == STRING
input.Body.disableEmailNotification == BOOLEAN
input.Body.message == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListCoverage
enum_CoverageFilterCriterionKey := [ "ACCOUNT_ID", "CLUSTER_NAME", "RESOURCE_TYPE", "COVERAGE_STATUS", "ADDON_VERSION", "MANAGEMENT_TYPE", "EKS_CLUSTER_NAME", "ECS_CLUSTER_NAME", "AGENT_VERSION", "INSTANCE_ID", "CLUSTER_ARN" ]
enum_CoverageSortKey := [ "ACCOUNT_ID", "CLUSTER_NAME", "COVERAGE_STATUS", "ISSUE", "ADDON_VERSION", "UPDATED_AT", "EKS_CLUSTER_NAME", "ECS_CLUSTER_NAME", "INSTANCE_ID" ]
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.Body.filterCriteria.filterCriterion[_].criterionKey == enum_CoverageFilterCriterionKey[_]
input.Body.filterCriteria.filterCriterion[_].filterCondition.equals[_] == STRING
input.Body.filterCriteria.filterCriterion[_].filterCondition.notEquals[_] == STRING
input.Body.sortCriteria.attributeName == enum_CoverageSortKey[_]
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListDetectors
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListFilters
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListFindings
enum_OrderBy := [ "ASC", "DESC" ]
valid {
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == INTEGER
input.Body.findingCriteria.criterion.STRING.gte == INTEGER
input.Body.findingCriteria.criterion.STRING.lt == INTEGER
input.Body.findingCriteria.criterion.STRING.lte == INTEGER
input.Body.findingCriteria.criterion.STRING.equals[_] == STRING
input.Body.findingCriteria.criterion.STRING.notEquals[_] == STRING
input.Body.findingCriteria.criterion.STRING.greaterThan == LONG
input.Body.findingCriteria.criterion.STRING.greaterThanOrEqual == LONG
input.Body.findingCriteria.criterion.STRING.lessThan == LONG
input.Body.findingCriteria.criterion.STRING.lessThanOrEqual == LONG
input.Body.sortCriteria.attributeName == STRING
input.Body.sortCriteria.orderBy == enum_OrderBy[_]
input.Body.maxResults == INTEGER
input.Body.nextToken == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListIPSets
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListInvitations
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListMalwareProtectionPlans
valid {
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListMembers
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.Qs.onlyAssociated == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListOrganizationAdminAccounts
valid {
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListPublishingDestinations
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListThreatEntitySets
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListThreatIntelSets
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTrustedEntitySets
valid {
input.ReqMap.detectorId == STRING
input.Qs.maxResults == INTEGER
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartMalwareScan
valid {
input.Body.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartMonitoringMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StopMonitoringMembers
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UnarchiveFindings
valid {
input.Body.findingIds[_] == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateDetector
enum_DetectorFeature := [ "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING" ]
enum_FeatureAdditionalConfiguration := [ "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT" ]
enum_FeatureStatus := [ "ENABLED", "DISABLED" ]
enum_FindingPublishingFrequency := [ "FIFTEEN_MINUTES", "ONE_HOUR", "SIX_HOURS" ]
valid {
input.Body.enable == BOOLEAN
input.Body.findingPublishingFrequency == enum_FindingPublishingFrequency[_]
input.Body.dataSources.s3Logs.enable == BOOLEAN
input.Body.dataSources.kubernetes.auditLogs.enable == BOOLEAN
input.Body.dataSources.malwareProtection.scanEc2InstanceWithFindings.ebsVolumes == BOOLEAN
input.Body.features[_].name == enum_DetectorFeature[_]
input.Body.features[_].status == enum_FeatureStatus[_]
input.Body.features[_].additionalConfiguration[_].name == enum_FeatureAdditionalConfiguration[_]
input.Body.features[_].additionalConfiguration[_].status == enum_FeatureStatus[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateFilter
enum_FilterAction := [ "NOOP", "ARCHIVE" ]
valid {
input.Body.description == STRING
input.Body.action == enum_FilterAction[_]
input.Body.rank == INTEGER
input.Body.findingCriteria.criterion.STRING.eq[_] == STRING
input.Body.findingCriteria.criterion.STRING.neq[_] == STRING
input.Body.findingCriteria.criterion.STRING.gt == INTEGER
input.Body.findingCriteria.criterion.STRING.gte == INTEGER
input.Body.findingCriteria.criterion.STRING.lt == INTEGER
input.Body.findingCriteria.criterion.STRING.lte == INTEGER
input.Body.findingCriteria.criterion.STRING.equals[_] == STRING
input.Body.findingCriteria.criterion.STRING.notEquals[_] == STRING
input.Body.findingCriteria.criterion.STRING.greaterThan == LONG
input.Body.findingCriteria.criterion.STRING.greaterThanOrEqual == LONG
input.Body.findingCriteria.criterion.STRING.lessThan == LONG
input.Body.findingCriteria.criterion.STRING.lessThanOrEqual == LONG
input.ReqMap.detectorId == STRING
input.ReqMap.filterName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateFindingsFeedback
enum_Feedback := [ "USEFUL", "NOT_USEFUL" ]
valid {
input.Body.findingIds[_] == STRING
input.Body.feedback == enum_Feedback[_]
input.Body.comments == STRING
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateIPSet
valid {
input.Body.name == STRING
input.Body.location == STRING
input.Body.activate == BOOLEAN
input.Body.expectedBucketOwner == STRING
input.ReqMap.detectorId == STRING
input.ReqMap.ipSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateMalwareProtectionPlan
enum_MalwareProtectionPlanTaggingActionStatus := [ "ENABLED", "DISABLED" ]
valid {
input.Body.role == STRING
input.Body.actions.tagging.status == enum_MalwareProtectionPlanTaggingActionStatus[_]
input.Body.protectedResource.s3Bucket.objectPrefixes[_] == STRING
input.ReqMap.malwareProtectionPlanId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateMalwareScanSettings
enum_EbsSnapshotPreservation := [ "NO_RETENTION", "RETENTION_WITH_FINDING" ]
valid {
input.Body.scanResourceCriteria.include.EC2_INSTANCE_TAG.mapEquals[_].key == STRING
input.Body.scanResourceCriteria.include.EC2_INSTANCE_TAG.mapEquals[_].value == STRING
input.Body.scanResourceCriteria.exclude.EC2_INSTANCE_TAG.mapEquals[_].key == STRING
input.Body.scanResourceCriteria.exclude.EC2_INSTANCE_TAG.mapEquals[_].value == STRING
input.Body.ebsSnapshotPreservation == enum_EbsSnapshotPreservation[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateMemberDetectors
enum_FeatureStatus := [ "ENABLED", "DISABLED" ]
enum_OrgFeature := [ "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING" ]
enum_OrgFeatureAdditionalConfiguration := [ "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT" ]
valid {
input.Body.accountIds[_] == STRING
input.Body.dataSources.s3Logs.enable == BOOLEAN
input.Body.dataSources.kubernetes.auditLogs.enable == BOOLEAN
input.Body.dataSources.malwareProtection.scanEc2InstanceWithFindings.ebsVolumes == BOOLEAN
input.Body.features[_].name == enum_OrgFeature[_]
input.Body.features[_].status == enum_FeatureStatus[_]
input.Body.features[_].additionalConfiguration[_].name == enum_OrgFeatureAdditionalConfiguration[_]
input.Body.features[_].additionalConfiguration[_].status == enum_FeatureStatus[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateOrganizationConfiguration
enum_AutoEnableMembers := [ "NEW", "ALL", "NONE" ]
enum_OrgFeature := [ "S3_DATA_EVENTS", "EKS_AUDIT_LOGS", "EBS_MALWARE_PROTECTION", "RDS_LOGIN_EVENTS", "EKS_RUNTIME_MONITORING", "LAMBDA_NETWORK_LOGS", "RUNTIME_MONITORING" ]
enum_OrgFeatureAdditionalConfiguration := [ "EKS_ADDON_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EC2_AGENT_MANAGEMENT" ]
enum_OrgFeatureStatus := [ "NEW", "NONE", "ALL" ]
valid {
input.Body.autoEnable == BOOLEAN
input.Body.dataSources.s3Logs.autoEnable == BOOLEAN
input.Body.dataSources.kubernetes.auditLogs.autoEnable == BOOLEAN
input.Body.dataSources.malwareProtection.scanEc2InstanceWithFindings.ebsVolumes.autoEnable == BOOLEAN
input.Body.features[_].name == enum_OrgFeature[_]
input.Body.features[_].autoEnable == enum_OrgFeatureStatus[_]
input.Body.features[_].additionalConfiguration[_].name == enum_OrgFeatureAdditionalConfiguration[_]
input.Body.features[_].additionalConfiguration[_].autoEnable == enum_OrgFeatureStatus[_]
input.Body.autoEnableOrganizationMembers == enum_AutoEnableMembers[_]
input.ReqMap.detectorId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdatePublishingDestination
valid {
input.Body.destinationProperties.destinationArn == STRING
input.Body.destinationProperties.kmsKeyArn == STRING
input.ReqMap.detectorId == STRING
input.ReqMap.destinationId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateThreatEntitySet
valid {
input.Body.name == STRING
input.Body.location == STRING
input.Body.expectedBucketOwner == STRING
input.Body.activate == BOOLEAN
input.ReqMap.detectorId == STRING
input.ReqMap.threatEntitySetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateThreatIntelSet
valid {
input.Body.name == STRING
input.Body.location == STRING
input.Body.activate == BOOLEAN
input.Body.expectedBucketOwner == STRING
input.ReqMap.detectorId == STRING
input.ReqMap.threatIntelSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateTrustedEntitySet
valid {
input.Body.name == STRING
input.Body.location == STRING
input.Body.expectedBucketOwner == STRING
input.Body.activate == BOOLEAN
input.ReqMap.detectorId == STRING
input.ReqMap.trustedEntitySetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 21 days ago