aws-cdk-lib

import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * The `AWS::GuardDuty::Detector` resource specifies a new GuardDuty detector. * * A detector is an object that represents the GuardDuty service. A detector is required for GuardDuty to become operational. * * Make sure you use either `DataSources` or `Features` in a one request, and not both. * * @cloudformationResource AWS::GuardDuty::Detector * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html */ export declare class CfnDetector extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnDetector from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnDetector; /** * The unique ID of the detector. * * @cloudformationAttribute Id */ readonly attrId: string; /** * Describes which data sources will be enabled for the detector. */ dataSources?: CfnDetector.CFNDataSourceConfigurationsProperty | cdk.IResolvable; /** * Specifies whether the detector is to be enabled on creation. */ enable: boolean | cdk.IResolvable; /** * A list of features that will be configured for the detector. */ features?: Array<CfnDetector.CFNFeatureConfigurationProperty | cdk.IResolvable> | cdk.IResolvable; /** * Specifies how frequently updated findings are exported. */ findingPublishingFrequency?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * Specifies tags added to a new detector resource. */ tagsRaw?: Array<CfnDetector.TagItemProperty>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnDetectorProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnDetector { /** * Describes whether S3 data event logs, Kubernetes audit logs, or Malware Protection will be enabled as a data source when the detector is created. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html */ interface CFNDataSourceConfigurationsProperty { /** * Describes which Kubernetes data sources are enabled for a detector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-kubernetes */ readonly kubernetes?: CfnDetector.CFNKubernetesConfigurationProperty | cdk.IResolvable; /** * Describes whether Malware Protection will be enabled as a data source. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-malwareprotection */ readonly malwareProtection?: CfnDetector.CFNMalwareProtectionConfigurationProperty | cdk.IResolvable; /** * Describes whether S3 data event logs are enabled as a data source. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfndatasourceconfigurations.html#cfn-guardduty-detector-cfndatasourceconfigurations-s3logs */ readonly s3Logs?: CfnDetector.CFNS3LogsConfigurationProperty | cdk.IResolvable; } /** * Describes whether Malware Protection will be enabled as a data source. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnmalwareprotectionconfiguration.html */ interface CFNMalwareProtectionConfigurationProperty { /** * Describes the configuration of Malware Protection for EC2 instances with findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnmalwareprotectionconfiguration.html#cfn-guardduty-detector-cfnmalwareprotectionconfiguration-scanec2instancewithfindings */ readonly scanEc2InstanceWithFindings?: CfnDetector.CFNScanEc2InstanceWithFindingsConfigurationProperty | cdk.IResolvable; } /** * Describes whether Malware Protection for EC2 instances with findings will be enabled as a data source. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnscanec2instancewithfindingsconfiguration.html */ interface CFNScanEc2InstanceWithFindingsConfigurationProperty { /** * Describes the configuration for scanning EBS volumes as data source. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnscanec2instancewithfindingsconfiguration.html#cfn-guardduty-detector-cfnscanec2instancewithfindingsconfiguration-ebsvolumes */ readonly ebsVolumes?: boolean | cdk.IResolvable; } /** * Describes whether S3 data event logs will be enabled as a data source when the detector is created. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfns3logsconfiguration.html */ interface CFNS3LogsConfigurationProperty { /** * The status of S3 data event logs as a data source. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfns3logsconfiguration.html#cfn-guardduty-detector-cfns3logsconfiguration-enable */ readonly enable: boolean | cdk.IResolvable; } /** * Describes which Kubernetes protection data sources are enabled for the detector. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesconfiguration.html */ interface CFNKubernetesConfigurationProperty { /** * Describes whether Kubernetes audit logs are enabled as a data source for the detector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesconfiguration.html#cfn-guardduty-detector-cfnkubernetesconfiguration-auditlogs */ readonly auditLogs: CfnDetector.CFNKubernetesAuditLogsConfigurationProperty | cdk.IResolvable; } /** * Describes which optional data sources are enabled for a detector. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesauditlogsconfiguration.html */ interface CFNKubernetesAuditLogsConfigurationProperty { /** * Describes whether Kubernetes audit logs are enabled as a data source for the detector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnkubernetesauditlogsconfiguration.html#cfn-guardduty-detector-cfnkubernetesauditlogsconfiguration-enable */ readonly enable: boolean | cdk.IResolvable; } /** * Information about the configuration of a feature in your account. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html */ interface CFNFeatureConfigurationProperty { /** * Information about the additional configuration of a feature in your account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html#cfn-guardduty-detector-cfnfeatureconfiguration-additionalconfiguration */ readonly additionalConfiguration?: Array<CfnDetector.CFNFeatureAdditionalConfigurationProperty | cdk.IResolvable> | cdk.IResolvable; /** * Name of the feature. * * For a list of allowed values, see [DetectorFeatureConfiguration](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DetectorFeatureConfiguration.html#guardduty-Type-DetectorFeatureConfiguration-name) in the *GuardDuty API Reference* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html#cfn-guardduty-detector-cfnfeatureconfiguration-name */ readonly name: string; /** * Status of the feature configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureconfiguration.html#cfn-guardduty-detector-cfnfeatureconfiguration-status */ readonly status: string; } /** * Information about the additional configuration of a feature in your account. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureadditionalconfiguration.html */ interface CFNFeatureAdditionalConfigurationProperty { /** * Name of the additional configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureadditionalconfiguration.html#cfn-guardduty-detector-cfnfeatureadditionalconfiguration-name */ readonly name?: string; /** * Status of the additional configuration. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-cfnfeatureadditionalconfiguration.html#cfn-guardduty-detector-cfnfeatureadditionalconfiguration-status */ readonly status?: string; } /** * Describes a tag. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html */ interface TagItemProperty { /** * The tag key. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html#cfn-guardduty-detector-tagitem-key */ readonly key: string; /** * The tag value. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-detector-tagitem.html#cfn-guardduty-detector-tagitem-value */ readonly value: string; } } /** * Properties for defining a `CfnDetector` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html */ export interface CfnDetectorProps { /** * Describes which data sources will be enabled for the detector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-datasources */ readonly dataSources?: CfnDetector.CFNDataSourceConfigurationsProperty | cdk.IResolvable; /** * Specifies whether the detector is to be enabled on creation. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-enable */ readonly enable: boolean | cdk.IResolvable; /** * A list of features that will be configured for the detector. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-features */ readonly features?: Array<CfnDetector.CFNFeatureConfigurationProperty | cdk.IResolvable> | cdk.IResolvable; /** * Specifies how frequently updated findings are exported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-findingpublishingfrequency */ readonly findingPublishingFrequency?: string; /** * Specifies tags added to a new detector resource. * * Each tag consists of a key and an optional value, both of which you define. * * Currently, support is available only for creating and deleting a tag. No support exists for updating the tags. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-detector.html#cfn-guardduty-detector-tags */ readonly tags?: Array<CfnDetector.TagItemProperty>; } /** * The `AWS::GuardDuty::Filter` resource specifies a new filter defined by the provided `findingCriteria` . * * @cloudformationResource AWS::GuardDuty::Filter * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html */ export declare class CfnFilter extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnFilter from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnFilter; /** * Specifies the action that is to be applied to the findings that match the filter. */ action?: string; /** * The description of the filter. */ description?: string; /** * The detector ID associated with the GuardDuty account for which you want to create a filter. */ detectorId: string; /** * Represents the criteria to be used in the filter for querying findings. */ findingCriteria: CfnFilter.FindingCriteriaProperty | cdk.IResolvable; /** * The name of the filter. */ name: string; /** * Specifies the position of the filter in the list of current filters. */ rank?: number; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The tags to be added to a new filter resource. */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnFilterProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnFilter { /** * Represents a map of finding properties that match specified conditions and values when querying findings. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html */ interface FindingCriteriaProperty { /** * Represents a map of finding properties that match specified conditions and values when querying findings. * * For information about JSON criterion mapping to their console equivalent, see [Finding criteria](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria) . The following are the available criterion: * * - accountId * - id * - region * - severity * * To filter on the basis of severity, the API and AWS CLI use the following input list for the `FindingCriteria` condition: * * - *Low* : `["1", "2", "3"]` * - *Medium* : `["4", "5", "6"]` * - *High* : `["7", "8", "9"]` * * For more information, see [Severity levels for GuardDuty findings](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity) in the *Amazon GuardDuty User Guide* . * - type * - updatedAt * * Type: ISO 8601 string format: `YYYY-MM-DDTHH:MM:SS.SSSZ` or `YYYY-MM-DDTHH:MM:SSZ` depending on whether the value contains milliseconds. * - resource.accessKeyDetails.accessKeyId * - resource.accessKeyDetails.principalId * - resource.accessKeyDetails.userName * - resource.accessKeyDetails.userType * - resource.instanceDetails.iamInstanceProfile.id * - resource.instanceDetails.imageId * - resource.instanceDetails.instanceId * - resource.instanceDetails.tags.key * - resource.instanceDetails.tags.value * - resource.instanceDetails.networkInterfaces.ipv6Addresses * - resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress * - resource.instanceDetails.networkInterfaces.publicDnsName * - resource.instanceDetails.networkInterfaces.publicIp * - resource.instanceDetails.networkInterfaces.securityGroups.groupId * - resource.instanceDetails.networkInterfaces.securityGroups.groupName * - resource.instanceDetails.networkInterfaces.subnetId * - resource.instanceDetails.networkInterfaces.vpcId * - resource.instanceDetails.outpostArn * - resource.resourceType * - resource.s3BucketDetails.publicAccess.effectivePermissions * - resource.s3BucketDetails.name * - resource.s3BucketDetails.tags.key * - resource.s3BucketDetails.tags.value * - resource.s3BucketDetails.type * - service.action.actionType * - service.action.awsApiCallAction.api * - service.action.awsApiCallAction.callerType * - service.action.awsApiCallAction.errorCode * - service.action.awsApiCallAction.remoteIpDetails.city.cityName * - service.action.awsApiCallAction.remoteIpDetails.country.countryName * - service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 * - service.action.awsApiCallAction.remoteIpDetails.ipAddressV6 * - service.action.awsApiCallAction.remoteIpDetails.organization.asn * - service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg * - service.action.awsApiCallAction.serviceName * - service.action.dnsRequestAction.domain * - service.action.dnsRequestAction.domainWithSuffix * - service.action.networkConnectionAction.blocked * - service.action.networkConnectionAction.connectionDirection * - service.action.networkConnectionAction.localPortDetails.port * - service.action.networkConnectionAction.protocol * - service.action.networkConnectionAction.remoteIpDetails.city.cityName * - service.action.networkConnectionAction.remoteIpDetails.country.countryName * - service.action.networkConnectionAction.remoteIpDetails.ipAddressV4 * - service.action.networkConnectionAction.remoteIpDetails.ipAddressV6 * - service.action.networkConnectionAction.remoteIpDetails.organization.asn * - service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg * - service.action.networkConnectionAction.remotePortDetails.port * - service.action.awsApiCallAction.remoteAccountDetails.affiliated * - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4 * - service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6 * - service.action.kubernetesApiCallAction.namespace * - service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn * - service.action.kubernetesApiCallAction.requestUri * - service.action.kubernetesApiCallAction.statusCode * - service.action.networkConnectionAction.localIpDetails.ipAddressV4 * - service.action.networkConnectionAction.localIpDetails.ipAddressV6 * - service.action.networkConnectionAction.protocol * - service.action.awsApiCallAction.serviceName * - service.action.awsApiCallAction.remoteAccountDetails.accountId * - service.additionalInfo.threatListName * - service.resourceRole * - resource.eksClusterDetails.name * - resource.kubernetesDetails.kubernetesWorkloadDetails.name * - resource.kubernetesDetails.kubernetesWorkloadDetails.namespace * - resource.kubernetesDetails.kubernetesUserDetails.username * - resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image * - resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix * - service.ebsVolumeScanDetails.scanId * - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name * - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity * - service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash * - service.malwareScanDetails.threats.name * - resource.ecsClusterDetails.name * - resource.ecsClusterDetails.taskDetails.containers.image * - resource.ecsClusterDetails.taskDetails.definitionArn * - resource.containerDetails.image * - resource.rdsDbInstanceDetails.dbInstanceIdentifier * - resource.rdsDbInstanceDetails.dbClusterIdentifier * - resource.rdsDbInstanceDetails.engine * - resource.rdsDbUserDetails.user * - resource.rdsDbInstanceDetails.tags.key * - resource.rdsDbInstanceDetails.tags.value * - service.runtimeDetails.process.executableSha256 * - service.runtimeDetails.process.name * - service.runtimeDetails.process.name * - resource.lambdaDetails.functionName * - resource.lambdaDetails.functionArn * - resource.lambdaDetails.tags.key * - resource.lambdaDetails.tags.value * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html#cfn-guardduty-filter-findingcriteria-criterion */ readonly criterion?: any | cdk.IResolvable; /** * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-findingcriteria.html#cfn-guardduty-filter-findingcriteria-itemtype */ readonly itemType?: CfnFilter.ConditionProperty | cdk.IResolvable; } /** * Specifies the condition to apply to a single field when filtering through GuardDuty findings. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html */ interface ConditionProperty { /** * Represents the equal condition to apply to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-eq */ readonly eq?: Array<string>; /** * Represents an *equal* ** condition to be applied to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-equals */ readonly equalTo?: Array<string>; /** * Represents a *greater than* condition to be applied to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-greaterthan */ readonly greaterThan?: number; /** * Represents a *greater than or equal* condition to be applied to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-greaterthanorequal */ readonly greaterThanOrEqual?: number; /** * Represents a *greater than* condition to be applied to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-gt */ readonly gt?: number; /** * Represents the greater than or equal condition to apply to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-gte */ readonly gte?: number; /** * Represents a *less than* condition to be applied to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lessthan */ readonly lessThan?: number; /** * Represents a *less than or equal* condition to be applied to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lessthanorequal */ readonly lessThanOrEqual?: number; /** * Represents the less than condition to apply to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lt */ readonly lt?: number; /** * Represents the less than or equal condition to apply to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-lte */ readonly lte?: number; /** * Represents the not equal condition to apply to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-neq */ readonly neq?: Array<string>; /** * Represents a *not equal* ** condition to be applied to a single field when querying for findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-guardduty-filter-condition.html#cfn-guardduty-filter-condition-notequals */ readonly notEquals?: Array<string>; } } /** * Properties for defining a `CfnFilter` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html */ export interface CfnFilterProps { /** * Specifies the action that is to be applied to the findings that match the filter. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-action */ readonly action?: string; /** * The description of the filter. * * Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ( `{ }` , `[ ]` , and `( )` ), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-description */ readonly description?: string; /** * The detector ID associated with the GuardDuty account for which you want to create a filter. * * To find the `detectorId` in the current Region, see the * Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-detectorid */ readonly detectorId: string; /** * Represents the criteria to be used in the filter for querying findings. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-findingcriteria */ readonly findingCriteria: CfnFilter.FindingCriteriaProperty | cdk.IResolvable; /** * The name of the filter. * * Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-name */ readonly name: string; /** * Specifies the position of the filter in the list of current filters. * * Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100. * * By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, [DependsOn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) , with the following syntax: `"DependsOn":[ "ObjectName" ]` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-rank */ readonly rank?: number; /** * The tags to be added to a new filter resource. * * Each tag consists of a key and an optional value, both of which you define. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-filter.html#cfn-guardduty-filter-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * The `AWS::GuardDuty::IPSet` resource specifies a new `IPSet` . * * An `IPSet` is a list of trusted IP addresses from which secure communication is allowed with AWS infrastructure and applications. * * @cloudformationResource AWS::GuardDuty::IPSet * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html */ export declare class CfnIPSet extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnIPSet from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnIPSet; /** * @cloudformationAttribute Id */ readonly attrId: string; /** * Indicates whether or not GuardDuty uses the `IPSet` . */ activate?: boolean | cdk.IResolvable; /** * The unique ID of the detector of the GuardDuty account for which you want to create an IPSet. */ detectorId?: string; /** * The format of the file that contains the IPSet. */ format: string; /** * The URI of the file that contains the IPSet. */ location: string; /** * The user-friendly name to identify the IPSet. */ name?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The tags to be added to a new IP set resource. */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnIPSetProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnIPSet` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html */ export interface CfnIPSetProps { /** * Indicates whether or not GuardDuty uses the `IPSet` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-activate */ readonly activate?: boolean | cdk.IResolvable; /** * The unique ID of the detector of the GuardDuty account for which you want to create an IPSet. * * To find the `detectorId` in the current Region, see the * Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-detectorid */ readonly detectorId?: string; /** * The format of the file that contains the IPSet. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-format */ readonly format: string; /** * The URI of the file that contains the IPSet. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-location */ readonly location: string; /** * The user-friendly name to identify the IPSet. * * Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-name */ readonly name?: string; /** * The tags to be added to a new IP set resource. * * Each tag consists of a key and an optional value, both of which you define. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-ipset.html#cfn-guardduty-ipset-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * You can use the `AWS::GuardDuty::Master` resource in a GuardDuty member account to accept an invitation from a GuardDuty administrator account. * * The invitation to the member account must be sent prior to using the `AWS::GuardDuty::Master` resource to accept the administrator account's invitation. You can invite a member account by using the `InviteMembers` operation of the GuardDuty API, or by creating an `AWS::GuardDuty::Member` resource. * * @cloudformationResource AWS::GuardDuty::Master * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html */ export declare class CfnMaster extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnMaster from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnMaster; /** * The unique ID of the detector of the GuardDuty member account. */ detectorId: string; /** * The ID of the invitation that is sent to the account designated as a member account. */ invitationId?: string; /** * The AWS account ID of the account designated as the GuardDuty administrator account. */ masterId: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnMasterProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnMaster` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html */ export interface CfnMasterProps { /** * The unique ID of the detector of the GuardDuty member account. * * To find the `detectorId` in the current Region, see the * Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-detectorid */ readonly detectorId: string; /** * The ID of the invitation that is sent to the account designated as a member account. * * You can find the invitation ID by running the [ListInvitations](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListInvitations.html) in the *GuardDuty API Reference* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-invitationid */ readonly invitationId?: string; /** * The AWS account ID of the account designated as the GuardDuty administrator account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-master.html#cfn-guardduty-master-masterid */ readonly masterId: string; } /** * You can use the `AWS::GuardDuty::Member` resource to add an AWS account as a GuardDuty member account to the current GuardDuty administrator account. * * If the value of the `Status` property is not provided or is set to `Created` , a member account is created but not invited. If the value of the `Status` property is set to `Invited` , a member account is created and invited. An `AWS::GuardDuty::Member` resource must be created with the `Status` property set to `Invited` before the `AWS::GuardDuty::Master` resource can be created in a GuardDuty member account. * * @cloudformationResource AWS::GuardDuty::Member * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html */ export declare class CfnMember extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnMember from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnMember; /** * The ID of the detector associated with the GuardDuty service to add the member to. */ detectorId?: string; /** * Specifies whether or not to disable email notification for the member account that you invite. */ disableEmailNotification?: boolean | cdk.IResolvable; /** * The email address associated with the member account. */ email: string; /** * The AWS account ID of the account to designate as a member. */ memberId?: string; /** * The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members. */ message?: string; /** * You can use the `Status` property to update the status of the relationship between the member account and its administrator account. */ status?: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnMemberProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnMember` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html */ export interface CfnMemberProps { /** * The ID of the detector associated with the GuardDuty service to add the member to. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-detectorid */ readonly detectorId?: string; /** * Specifies whether or not to disable email notification for the member account that you invite. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-disableemailnotification */ readonly disableEmailNotification?: boolean | cdk.IResolvable; /** * The email address associated with the member account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-email */ readonly email: string; /** * The AWS account ID of the account to designate as a member. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-memberid */ readonly memberId?: string; /** * The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-message */ readonly message?: string; /** * You can use the `Status` property to update the status of the relationship between the member account and its administrator account. * * Valid values are `Created` and `Invited` when using an `AWS::GuardDuty::Member` resource. If the value for this property is not provided or set to `Created` , a member account is created but not invited. If the value of this property is set to `Invited` , a member account is created and invited. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-member.html#cfn-guardduty-member-status */ readonly status?: string; } /** * The `AWS::GuardDuty::ThreatIntelSet` resource specifies a new `ThreatIntelSet` . * * A `ThreatIntelSet` consists of known malicious IP addresses. GuardDuty generates findings based on the `ThreatIntelSet` after it is activated. * * @cloudformationResource AWS::GuardDuty::ThreatIntelSet * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html */ export declare class CfnThreatIntelSet extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnThreatIntelSet from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnThreatIntelSet; /** * The unique ID of the `threatIntelSet` . * * @cloudformationAttribute Id */ readonly attrId: string; /** * A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet. */ activate?: boolean | cdk.IResolvable; /** * The unique ID of the detector of the GuardDuty account for which you want to create a `ThreatIntelSet` . */ detectorId?: string; /** * The format of the file that contains the ThreatIntelSet. */ format: string; /** * The URI of the file that contains the ThreatIntelSet. */ location: string; /** * A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet. */ name?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The tags to be added to a new threat list resource. */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnThreatIntelSetProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnThreatIntelSet` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html */ export interface CfnThreatIntelSetProps { /** * A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-guardduty-threatintelset.html#cfn-guardduty-threatintelset-activate */ readonly activate?: boolean | cdk.IResolvable; /** * The unique ID of the detector of the GuardDuty account for which you want to create a `ThreatIntelSet` . * * To find the `detectorId` in the curre