cognitect.aws.guardduty.docs.edn Maven / Gradle / Ivy

Go to download
{:GetFilter {:documentation "Returns the details of the filter specified by the filter name.
", :request {:DetectorId string, :FilterName string}, :required [:DetectorId :FilterName], :response {:Name string, :Description string, :Action [:one-of ["NOOP" "ARCHIVE"]], :Rank integer, :FindingCriteria {:Criterion [:map-of string {:Neq [:seq-of string], :Eq [:seq-of string], :GreaterThanOrEqual long, :NotEquals [:seq-of string], :LessThanOrEqual long, :Gt integer, :LessThan long, :Gte integer, :GreaterThan long, :Lte integer, :Equals [:seq-of string], :Lt integer}]}, :Tags [:map-of string string]}}, :StopMonitoringMembers {:documentation "Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers operation to restart monitoring for those accounts.
 With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to stop monitoring the member accounts in your organization.
", :request {:DetectorId string, :AccountIds [:seq-of string]}, :required [:DetectorId :AccountIds], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :DeclineInvitations {:documentation "Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
", :request {:AccountIds [:seq-of string]}, :required [:AccountIds], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :ListPublishingDestinations {:documentation "Returns a list of publishing destinations associated with the specified detectorId.
", :request {:DetectorId string, :MaxResults integer, :NextToken string}, :required [:DetectorId], :response {:Destinations [:seq-of {:DestinationId string, :DestinationType [:one-of ["S3"]], :Status [:one-of ["PENDING_VERIFICATION" "PUBLISHING" "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY" "STOPPED"]]}], :NextToken string}}, :ListIPSets {:documentation "Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.
", :request {:DetectorId string, :MaxResults integer, :NextToken string}, :required [:DetectorId], :response {:IpSetIds [:seq-of string], :NextToken string}}, :ListOrganizationAdminAccounts {:documentation "Lists the accounts configured as GuardDuty delegated administrators.
", :request {:MaxResults integer, :NextToken string}, :response {:AdminAccounts [:seq-of {:AdminAccountId string, :AdminStatus [:one-of ["ENABLED" "DISABLE_IN_PROGRESS"]]}], :NextToken string}}, :ListDetectors {:documentation "Lists detectorIds of all the existing Amazon GuardDuty detector resources.
", :request {:MaxResults integer, :NextToken string}, :response {:DetectorIds [:seq-of string], :NextToken string}}, :ListMembers {:documentation "Lists details about all member accounts for the current GuardDuty administrator account.
", :request {:DetectorId string, :MaxResults integer, :NextToken string, :OnlyAssociated string}, :required [:DetectorId], :response {:Members [:seq-of {:AccountId string, :DetectorId string, :MasterId string, :Email string, :RelationshipStatus string, :InvitedAt string, :UpdatedAt string, :AdministratorId string}], :NextToken string}}, :UpdateThreatIntelSet {:documentation "Updates the ThreatIntelSet specified by the ThreatIntelSet ID.
", :request {:DetectorId string, :ThreatIntelSetId string, :Name string, :Location string, :Activate boolean}, :required [:DetectorId :ThreatIntelSetId]}, :ListTagsForResource {:documentation "Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.
", :request {:ResourceArn string}, :required [:ResourceArn], :response {:Tags [:map-of string string]}}, :InviteMembers {:documentation "Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.
", :request {:DetectorId string, :AccountIds [:seq-of string], :DisableEmailNotification boolean, :Message string}, :required [:DetectorId :AccountIds], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :UpdateOrganizationConfiguration {:documentation "Configures the delegated administrator account with the provided values. You must provide the value for either autoEnableOrganizationMembers or autoEnable. 
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string, :AutoEnable boolean, :DataSources {:S3Logs {:AutoEnable boolean}, :Kubernetes {:AuditLogs {:AutoEnable boolean}}, :MalwareProtection {:ScanEc2InstanceWithFindings {:EbsVolumes {:AutoEnable boolean}}}}, :Features [:seq-of {:Name [:one-of ["S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "EKS_RUNTIME_MONITORING" "LAMBDA_NETWORK_LOGS"]], :AutoEnable [:one-of ["NEW" "NONE"]], :AdditionalConfiguration [:seq-of {:Name [:one-of ["EKS_ADDON_MANAGEMENT"]], :AutoEnable [:one-of ["NEW" "NONE"]]}]}], :AutoEnableOrganizationMembers [:one-of ["NEW" "ALL" "NONE"]]}, :required [:DetectorId]}, :TagResource {:documentation "Adds tags to a resource.
", :request {:ResourceArn string, :Tags [:map-of string string]}, :required [:ResourceArn :Tags]}, :DeleteMembers {:documentation "Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
 With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.
", :request {:DetectorId string, :AccountIds [:seq-of string]}, :required [:DetectorId :AccountIds], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :StartMalwareScan {:documentation "Initiates the malware scan. Invoking this API will automatically create the Service-linked role  in the corresponding account.
", :request {:ResourceArn string}, :required [:ResourceArn], :response {:ScanId string}}, :UntagResource {:documentation "Removes tags from a resource.
", :request {:ResourceArn string, :TagKeys [:seq-of string]}, :required [:ResourceArn :TagKeys]}, :UpdateFindingsFeedback {:documentation "Marks the specified GuardDuty findings as useful or not useful.
", :request {:DetectorId string, :FindingIds [:seq-of string], :Feedback [:one-of ["USEFUL" "NOT_USEFUL"]], :Comments string}, :required [:DetectorId :FindingIds :Feedback]}, :UpdateMemberDetectors {:documentation "Contains information on member accounts to be updated.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string, :AccountIds [:seq-of string], :DataSources {:S3Logs {:Enable boolean}, :Kubernetes {:AuditLogs {:Enable boolean}}, :MalwareProtection {:ScanEc2InstanceWithFindings {:EbsVolumes boolean}}}, :Features [:seq-of {:Name [:one-of ["S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "EKS_RUNTIME_MONITORING" "LAMBDA_NETWORK_LOGS"]], :Status [:one-of ["ENABLED" "DISABLED"]], :AdditionalConfiguration [:seq-of {:Name [:one-of ["EKS_ADDON_MANAGEMENT"]], :Status [:one-of ["ENABLED" "DISABLED"]]}]}]}, :required [:DetectorId :AccountIds], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :ListFilters {:documentation "Returns a paginated list of the current filters.
", :request {:DetectorId string, :MaxResults integer, :NextToken string}, :required [:DetectorId], :response {:FilterNames [:seq-of string], :NextToken string}}, :UnarchiveFindings {:documentation "Unarchives GuardDuty findings specified by the findingIds.
", :request {:DetectorId string, :FindingIds [:seq-of string]}, :required [:DetectorId :FindingIds]}, :DisassociateMembers {:documentation "Disassociates GuardDuty member accounts (to the current administrator account) specified by the account IDs.
 With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disassociate a member account before removing them from your Amazon Web Services organization.
", :request {:DetectorId string, :AccountIds [:seq-of string]}, :required [:DetectorId :AccountIds], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :GetMembers {:documentation "Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.
", :request {:DetectorId string, :AccountIds [:seq-of string]}, :required [:DetectorId :AccountIds], :response {:Members [:seq-of {:AccountId string, :DetectorId string, :MasterId string, :Email string, :RelationshipStatus string, :InvitedAt string, :UpdatedAt string, :AdministratorId string}], :UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :DisassociateFromAdministratorAccount {:documentation "Disassociates the current GuardDuty member account from its administrator account.
 With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty in a member account.
", :request {:DetectorId string}, :required [:DetectorId]}, :UpdateDetector {:documentation "Updates the Amazon GuardDuty detector specified by the detectorId.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string, :Enable boolean, :FindingPublishingFrequency [:one-of ["FIFTEEN_MINUTES" "ONE_HOUR" "SIX_HOURS"]], :DataSources {:S3Logs {:Enable boolean}, :Kubernetes {:AuditLogs {:Enable boolean}}, :MalwareProtection {:ScanEc2InstanceWithFindings {:EbsVolumes boolean}}}, :Features [:seq-of {:Name [:one-of ["S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "EKS_RUNTIME_MONITORING" "LAMBDA_NETWORK_LOGS"]], :Status [:one-of ["ENABLED" "DISABLED"]], :AdditionalConfiguration [:seq-of {:Name [:one-of ["EKS_ADDON_MANAGEMENT"]], :Status [:one-of ["ENABLED" "DISABLED"]]}]}]}, :required [:DetectorId]}, :UpdateFilter {:documentation "Updates the filter specified by the filter name.
", :request {:DetectorId string, :FilterName string, :Description string, :Action [:one-of ["NOOP" "ARCHIVE"]], :Rank integer, :FindingCriteria {:Criterion [:map-of string {:Neq [:seq-of string], :Eq [:seq-of string], :GreaterThanOrEqual long, :NotEquals [:seq-of string], :LessThanOrEqual long, :Gt integer, :LessThan long, :Gte integer, :GreaterThan long, :Lte integer, :Equals [:seq-of string], :Lt integer}]}}, :required [:DetectorId :FilterName], :response {:Name string}}, :GetCoverageStatistics {:documentation "Retrieves aggregated statistics for your account. If you are a GuardDuty administrator, you can retrieve the statistics for all the resources associated with the active member accounts in your organization who have enabled EKS Runtime Monitoring and have the GuardDuty agent running on their EKS nodes.
", :request {:DetectorId string, :FilterCriteria {:FilterCriterion [:seq-of {:CriterionKey [:one-of ["ACCOUNT_ID" "CLUSTER_NAME" "RESOURCE_TYPE" "COVERAGE_STATUS" "ADDON_VERSION"]], :FilterCondition {:Equals [:seq-of string], :NotEquals [:seq-of string]}}]}, :StatisticsType [:seq-of [:one-of ["COUNT_BY_RESOURCE_TYPE" "COUNT_BY_COVERAGE_STATUS"]]]}, :required [:DetectorId :StatisticsType], :response {:CoverageStatistics {:CountByResourceType [:map-of [:one-of ["EKS"]] long], :CountByCoverageStatus [:map-of [:one-of ["HEALTHY" "UNHEALTHY"]] long]}}}, :CreateFilter {:documentation "Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty.
", :request {:DetectorId string, :Name string, :Description string, :Action [:one-of ["NOOP" "ARCHIVE"]], :Rank integer, :FindingCriteria {:Criterion [:map-of string {:Neq [:seq-of string], :Eq [:seq-of string], :GreaterThanOrEqual long, :NotEquals [:seq-of string], :LessThanOrEqual long, :Gt integer, :LessThan long, :Gte integer, :GreaterThan long, :Lte integer, :Equals [:seq-of string], :Lt integer}]}, :ClientToken string, :Tags [:map-of string string]}, :required [:DetectorId :Name :FindingCriteria], :response {:Name string}}, :ListFindings {:documentation "Lists Amazon GuardDuty findings for the specified detector ID.
", :request {:DetectorId string, :FindingCriteria {:Criterion [:map-of string {:Neq [:seq-of string], :Eq [:seq-of string], :GreaterThanOrEqual long, :NotEquals [:seq-of string], :LessThanOrEqual long, :Gt integer, :LessThan long, :Gte integer, :GreaterThan long, :Lte integer, :Equals [:seq-of string], :Lt integer}]}, :SortCriteria {:AttributeName string, :OrderBy [:one-of ["ASC" "DESC"]]}, :MaxResults integer, :NextToken string}, :required [:DetectorId], :response {:FindingIds [:seq-of string], :NextToken string}}, :GetThreatIntelSet {:documentation "Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
", :request {:DetectorId string, :ThreatIntelSetId string}, :required [:DetectorId :ThreatIntelSetId], :response {:Name string, :Format [:one-of ["TXT" "STIX" "OTX_CSV" "ALIEN_VAULT" "PROOF_POINT" "FIRE_EYE"]], :Location string, :Status [:one-of ["INACTIVE" "ACTIVATING" "ACTIVE" "DEACTIVATING" "ERROR" "DELETE_PENDING" "DELETED"]], :Tags [:map-of string string]}}, :CreateMembers {:documentation "Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
 When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member.
 If you are adding accounts by invitation, use this action after GuardDuty has bee enabled in potential member accounts and before using InviteMembers.
", :request {:DetectorId string, :AccountDetails [:seq-of {:AccountId string, :Email string}]}, :required [:DetectorId :AccountDetails], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :GetMalwareScanSettings {:documentation "Returns the details of the malware scan settings.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string}, :required [:DetectorId], :response {:ScanResourceCriteria {:Include [:map-of [:one-of ["EC2_INSTANCE_TAG"]] {:MapEquals [:seq-of {:Key string, :Value string}]}], :Exclude [:map-of [:one-of ["EC2_INSTANCE_TAG"]] {:MapEquals [:seq-of {:Key string, :Value string}]}]}, :EbsSnapshotPreservation [:one-of ["NO_RETENTION" "RETENTION_WITH_FINDING"]]}}, :GetMemberDetectors {:documentation "Describes which data sources are enabled for the member account's detector.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string, :AccountIds [:seq-of string]}, :required [:DetectorId :AccountIds], :response {:MemberDataSourceConfigurations [:seq-of {:AccountId string, :DataSources {:CloudTrail {:Status [:one-of ["ENABLED" "DISABLED"]]}, :DNSLogs {:Status [:one-of ["ENABLED" "DISABLED"]]}, :FlowLogs {:Status [:one-of ["ENABLED" "DISABLED"]]}, :S3Logs {:Status [:one-of ["ENABLED" "DISABLED"]]}, :Kubernetes {:AuditLogs {:Status [:one-of ["ENABLED" "DISABLED"]]}}, :MalwareProtection {:ScanEc2InstanceWithFindings {:EbsVolumes {:Status [:one-of ["ENABLED" "DISABLED"]], :Reason string}}, :ServiceRole string}}, :Features [:seq-of {:Name [:one-of ["S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "EKS_RUNTIME_MONITORING" "LAMBDA_NETWORK_LOGS"]], :Status [:one-of ["ENABLED" "DISABLED"]], :UpdatedAt timestamp, :AdditionalConfiguration [:seq-of {:Name [:one-of ["EKS_ADDON_MANAGEMENT"]], :Status [:one-of ["ENABLED" "DISABLED"]], :UpdatedAt timestamp}]}]}], :UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :EnableOrganizationAdminAccount {:documentation "Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator.
", :request {:AdminAccountId string}, :required [:AdminAccountId]}, :ListInvitations {:documentation "Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.
", :request {:MaxResults integer, :NextToken string}, :response {:Invitations [:seq-of {:AccountId string, :InvitationId string, :RelationshipStatus string, :InvitedAt string}], :NextToken string}}, :DeleteIPSet {:documentation "Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.
", :request {:DetectorId string, :IpSetId string}, :required [:DetectorId :IpSetId]}, :GetUsageStatistics {:documentation "Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated.
", :request {:DetectorId string, :UsageStatisticType [:one-of ["SUM_BY_ACCOUNT" "SUM_BY_DATA_SOURCE" "SUM_BY_RESOURCE" "TOP_RESOURCES" "SUM_BY_FEATURES"]], :UsageCriteria {:AccountIds [:seq-of string], :DataSources [:seq-of [:one-of ["FLOW_LOGS" "CLOUD_TRAIL" "DNS_LOGS" "S3_LOGS" "KUBERNETES_AUDIT_LOGS" "EC2_MALWARE_SCAN"]]], :Resources [:seq-of string], :Features [:seq-of [:one-of ["FLOW_LOGS" "CLOUD_TRAIL" "DNS_LOGS" "S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "LAMBDA_NETWORK_LOGS" "EKS_RUNTIME_MONITORING"]]]}, :Unit string, :MaxResults integer, :NextToken string}, :required [:DetectorId :UsageStatisticType :UsageCriteria], :response {:UsageStatistics {:SumByAccount [:seq-of {:AccountId string, :Total {:Amount string, :Unit string}}], :SumByDataSource [:seq-of {:DataSource [:one-of ["FLOW_LOGS" "CLOUD_TRAIL" "DNS_LOGS" "S3_LOGS" "KUBERNETES_AUDIT_LOGS" "EC2_MALWARE_SCAN"]], :Total {:Amount string, :Unit string}}], :SumByResource [:seq-of {:Resource string, :Total {:Amount string, :Unit string}}], :TopResources [:seq-of {:Resource string, :Total {:Amount string, :Unit string}}], :SumByFeature [:seq-of {:Feature [:one-of ["FLOW_LOGS" "CLOUD_TRAIL" "DNS_LOGS" "S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "LAMBDA_NETWORK_LOGS" "EKS_RUNTIME_MONITORING"]], :Total {:Amount string, :Unit string}}]}, :NextToken string}}, :ArchiveFindings {:documentation "Archives GuardDuty findings that are specified by the list of finding IDs.
  Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.
 ", :request {:DetectorId string, :FindingIds [:seq-of string]}, :required [:DetectorId :FindingIds]}, :GetAdministratorAccount {:documentation "Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
", :request {:DetectorId string}, :required [:DetectorId], :response {:Administrator {:AccountId string, :InvitationId string, :RelationshipStatus string, :InvitedAt string}}}, :DescribeMalwareScans {:documentation "Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string, :NextToken string, :MaxResults integer, :FilterCriteria {:FilterCriterion [:seq-of {:CriterionKey [:one-of ["EC2_INSTANCE_ARN" "SCAN_ID" "ACCOUNT_ID" "GUARDDUTY_FINDING_ID" "SCAN_START_TIME" "SCAN_STATUS" "SCAN_TYPE"]], :FilterCondition {:EqualsValue string, :GreaterThan long, :LessThan long}}]}, :SortCriteria {:AttributeName string, :OrderBy [:one-of ["ASC" "DESC"]]}}, :required [:DetectorId], :response {:Scans [:seq-of {:ScanStartTime timestamp, :ScanResultDetails {:ScanResult [:one-of ["CLEAN" "INFECTED"]]}, :ScanStatus [:one-of ["RUNNING" "COMPLETED" "FAILED" "SKIPPED"]], :AccountId string, :AttachedVolumes [:seq-of {:VolumeArn string, :VolumeType string, :DeviceName string, :VolumeSizeInGB integer, :EncryptionType string, :SnapshotArn string, :KmsKeyArn string}], :TriggerDetails {:GuardDutyFindingId string, :Description string}, :ScanType [:one-of ["GUARDDUTY_INITIATED" "ON_DEMAND"]], :ResourceDetails {:InstanceArn string}, :TotalBytes long, :ScanId string, :ScanEndTime timestamp, :FileCount long, :AdminDetectorId string, :FailureReason string, :DetectorId string}], :NextToken string}}, :GetFindingsStatistics {:documentation "Lists Amazon GuardDuty findings statistics for the specified detector ID.
", :request {:DetectorId string, :FindingStatisticTypes [:seq-of [:one-of ["COUNT_BY_SEVERITY"]]], :FindingCriteria {:Criterion [:map-of string {:Neq [:seq-of string], :Eq [:seq-of string], :GreaterThanOrEqual long, :NotEquals [:seq-of string], :LessThanOrEqual long, :Gt integer, :LessThan long, :Gte integer, :GreaterThan long, :Lte integer, :Equals [:seq-of string], :Lt integer}]}}, :required [:DetectorId :FindingStatisticTypes], :response {:FindingStatistics {:CountBySeverity [:map-of string integer]}}}, :ListCoverage {:documentation "Lists coverage details for your GuardDuty account. If you're a GuardDuty administrator, you can retrieve all resources associated with the active member accounts in your organization.
 Make sure the accounts have EKS Runtime Monitoring enabled and GuardDuty agent running on their EKS nodes.
", :request {:DetectorId string, :NextToken string, :MaxResults integer, :FilterCriteria {:FilterCriterion [:seq-of {:CriterionKey [:one-of ["ACCOUNT_ID" "CLUSTER_NAME" "RESOURCE_TYPE" "COVERAGE_STATUS" "ADDON_VERSION"]], :FilterCondition {:Equals [:seq-of string], :NotEquals [:seq-of string]}}]}, :SortCriteria {:AttributeName [:one-of ["ACCOUNT_ID" "CLUSTER_NAME" "COVERAGE_STATUS" "ISSUE" "ADDON_VERSION" "UPDATED_AT"]], :OrderBy [:one-of ["ASC" "DESC"]]}}, :required [:DetectorId], :response {:Resources [:seq-of {:ResourceId string, :DetectorId string, :AccountId string, :ResourceDetails {:EksClusterDetails {:ClusterName string, :CoveredNodes long, :CompatibleNodes long, :AddonDetails {:AddonVersion string, :AddonStatus string}}, :ResourceType [:one-of ["EKS"]]}, :CoverageStatus [:one-of ["HEALTHY" "UNHEALTHY"]], :Issue string, :UpdatedAt timestamp}], :NextToken string}}, :GetDetector {:documentation "Retrieves an Amazon GuardDuty detector specified by the detectorId.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string}, :required [:DetectorId], :response {:CreatedAt string, :FindingPublishingFrequency [:one-of ["FIFTEEN_MINUTES" "ONE_HOUR" "SIX_HOURS"]], :ServiceRole string, :Status [:one-of ["ENABLED" "DISABLED"]], :UpdatedAt string, :DataSources {:CloudTrail {:Status [:one-of ["ENABLED" "DISABLED"]]}, :DNSLogs {:Status [:one-of ["ENABLED" "DISABLED"]]}, :FlowLogs {:Status [:one-of ["ENABLED" "DISABLED"]]}, :S3Logs {:Status [:one-of ["ENABLED" "DISABLED"]]}, :Kubernetes {:AuditLogs {:Status [:one-of ["ENABLED" "DISABLED"]]}}, :MalwareProtection {:ScanEc2InstanceWithFindings {:EbsVolumes {:Status [:one-of ["ENABLED" "DISABLED"]], :Reason string}}, :ServiceRole string}}, :Tags [:map-of string string], :Features [:seq-of {:Name [:one-of ["FLOW_LOGS" "CLOUD_TRAIL" "DNS_LOGS" "S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "EKS_RUNTIME_MONITORING" "LAMBDA_NETWORK_LOGS"]], :Status [:one-of ["ENABLED" "DISABLED"]], :UpdatedAt timestamp, :AdditionalConfiguration [:seq-of {:Name [:one-of ["EKS_ADDON_MANAGEMENT"]], :Status [:one-of ["ENABLED" "DISABLED"]], :UpdatedAt timestamp}]}]}}, :GetIPSet {:documentation "Retrieves the IPSet specified by the ipSetId.
", :request {:DetectorId string, :IpSetId string}, :required [:DetectorId :IpSetId], :response {:Name string, :Format [:one-of ["TXT" "STIX" "OTX_CSV" "ALIEN_VAULT" "PROOF_POINT" "FIRE_EYE"]], :Location string, :Status [:one-of ["INACTIVE" "ACTIVATING" "ACTIVE" "DEACTIVATING" "ERROR" "DELETE_PENDING" "DELETED"]], :Tags [:map-of string string]}}, :CreateThreatIntelSet {:documentation "Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.
", :request {:DetectorId string, :Name string, :Format [:one-of ["TXT" "STIX" "OTX_CSV" "ALIEN_VAULT" "PROOF_POINT" "FIRE_EYE"]], :Location string, :Activate boolean, :ClientToken string, :Tags [:map-of string string]}, :required [:DetectorId :Name :Format :Location :Activate], :response {:ThreatIntelSetId string}}, :UpdatePublishingDestination {:documentation "Updates information about the publishing destination specified by the destinationId.
", :request {:DetectorId string, :DestinationId string, :DestinationProperties {:DestinationArn string, :KmsKeyArn string}}, :required [:DetectorId :DestinationId]}, :DeleteThreatIntelSet {:documentation "Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.
", :request {:DetectorId string, :ThreatIntelSetId string}, :required [:DetectorId :ThreatIntelSetId]}, :DisassociateFromMasterAccount {:documentation "Disassociates the current GuardDuty member account from its administrator account.
", :request {:DetectorId string}, :required [:DetectorId]}, :CreateSampleFindings {:documentation "Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates sample findings of all supported finding types.
", :request {:DetectorId string, :FindingTypes [:seq-of string]}, :required [:DetectorId]}, :DeletePublishingDestination {:documentation "Deletes the publishing definition with the specified destinationId.
", :request {:DetectorId string, :DestinationId string}, :required [:DetectorId :DestinationId]}, :DeleteDetector {:documentation "Deletes an Amazon GuardDuty detector that is specified by the detector ID.
", :request {:DetectorId string}, :required [:DetectorId]}, :ListThreatIntelSets {:documentation "Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.
", :request {:DetectorId string, :MaxResults integer, :NextToken string}, :required [:DetectorId], :response {:ThreatIntelSetIds [:seq-of string], :NextToken string}}, :CreateIPSet {:documentation "Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.
", :request {:DetectorId string, :Name string, :Format [:one-of ["TXT" "STIX" "OTX_CSV" "ALIEN_VAULT" "PROOF_POINT" "FIRE_EYE"]], :Location string, :Activate boolean, :ClientToken string, :Tags [:map-of string string]}, :required [:DetectorId :Name :Format :Location :Activate], :response {:IpSetId string}}, :DeleteInvitations {:documentation "Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
", :request {:AccountIds [:seq-of string]}, :required [:AccountIds], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :DisableOrganizationAdminAccount {:documentation "Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator.
", :request {:AdminAccountId string}, :required [:AdminAccountId]}, :CreatePublishingDestination {:documentation "Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.
", :request {:DetectorId string, :DestinationType [:one-of ["S3"]], :DestinationProperties {:DestinationArn string, :KmsKeyArn string}, :ClientToken string}, :required [:DetectorId :DestinationType :DestinationProperties], :response {:DestinationId string}}, :AcceptInvitation {:documentation "Accepts the invitation to be monitored by a GuardDuty administrator account.
", :request {:DetectorId string, :MasterId string, :InvitationId string}, :required [:DetectorId :MasterId :InvitationId]}, :DescribeOrganizationConfiguration {:documentation "Returns information about the account selected as the delegated administrator for GuardDuty.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string, :MaxResults integer, :NextToken string}, :required [:DetectorId], :response {:AutoEnable boolean, :MemberAccountLimitReached boolean, :DataSources {:S3Logs {:AutoEnable boolean}, :Kubernetes {:AuditLogs {:AutoEnable boolean}}, :MalwareProtection {:ScanEc2InstanceWithFindings {:EbsVolumes {:AutoEnable boolean}}}}, :Features [:seq-of {:Name [:one-of ["S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "EKS_RUNTIME_MONITORING" "LAMBDA_NETWORK_LOGS"]], :AutoEnable [:one-of ["NEW" "NONE"]], :AdditionalConfiguration [:seq-of {:Name [:one-of ["EKS_ADDON_MANAGEMENT"]], :AutoEnable [:one-of ["NEW" "NONE"]]}]}], :NextToken string, :AutoEnableOrganizationMembers [:one-of ["NEW" "ALL" "NONE"]]}}, :DeleteFilter {:documentation "Deletes the filter specified by the filter name.
", :request {:DetectorId string, :FilterName string}, :required [:DetectorId :FilterName]}, :StartMonitoringMembers {:documentation "Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.
", :request {:DetectorId string, :AccountIds [:seq-of string]}, :required [:DetectorId :AccountIds], :response {:UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}, :GetMasterAccount {:documentation "Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
", :request {:DetectorId string}, :required [:DetectorId], :response {:Master {:AccountId string, :InvitationId string, :RelationshipStatus string, :InvitedAt string}}}, :GetInvitationsCount {:documentation "Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
", :response {:InvitationsCount integer}}, :UpdateIPSet {:documentation "Updates the IPSet specified by the IPSet ID.
", :request {:DetectorId string, :IpSetId string, :Name string, :Location string, :Activate boolean}, :required [:DetectorId :IpSetId]}, :AcceptAdministratorInvitation {:documentation "Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.
", :request {:DetectorId string, :AdministratorId string, :InvitationId string}, :required [:DetectorId :AdministratorId :InvitationId]}, :CreateDetector {:documentation "Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:Enable boolean, :ClientToken string, :FindingPublishingFrequency [:one-of ["FIFTEEN_MINUTES" "ONE_HOUR" "SIX_HOURS"]], :DataSources {:S3Logs {:Enable boolean}, :Kubernetes {:AuditLogs {:Enable boolean}}, :MalwareProtection {:ScanEc2InstanceWithFindings {:EbsVolumes boolean}}}, :Tags [:map-of string string], :Features [:seq-of {:Name [:one-of ["S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "EKS_RUNTIME_MONITORING" "LAMBDA_NETWORK_LOGS"]], :Status [:one-of ["ENABLED" "DISABLED"]], :AdditionalConfiguration [:seq-of {:Name [:one-of ["EKS_ADDON_MANAGEMENT"]], :Status [:one-of ["ENABLED" "DISABLED"]]}]}]}, :required [:Enable], :response {:DetectorId string, :UnprocessedDataSources {:MalwareProtection {:ScanEc2InstanceWithFindings {:EbsVolumes {:Status [:one-of ["ENABLED" "DISABLED"]], :Reason string}}, :ServiceRole string}}}}, :GetFindings {:documentation "Describes Amazon GuardDuty findings specified by finding IDs.
", :request {:DetectorId string, :FindingIds [:seq-of string], :SortCriteria {:AttributeName string, :OrderBy [:one-of ["ASC" "DESC"]]}}, :required [:DetectorId :FindingIds], :response {:Findings [:seq-of {:SchemaVersion string, :Severity double, :Service {:Evidence {:ThreatIntelligenceDetails [:seq-of {:ThreatListName string, :ThreatNames [:seq-of string]}]}, :RuntimeDetails {:Process {:Lineage [:seq-of {:ExecutablePath string, :Uuid string, :Pid integer, :UserId integer, :StartTime timestamp, :ParentUuid string, :Name string, :NamespacePid integer, :Euid integer}], :ExecutablePath string, :Uuid string, :Pid integer, :UserId integer, :User string, :StartTime timestamp, :ParentUuid string, :Pwd string, :ExecutableSha256 string, :Name string, :NamespacePid integer, :Euid integer}, :Context {:RuncBinaryPath string, :ModuleName string, :ReleaseAgentPath string, :MemoryRegions [:seq-of string], :ScriptPath string, :ShellHistoryFilePath string, :ModifyingProcess {:Lineage [:seq-of {:ExecutablePath string, :Uuid string, :Pid integer, :UserId integer, :StartTime timestamp, :ParentUuid string, :Name string, :NamespacePid integer, :Euid integer}], :ExecutablePath string, :Uuid string, :Pid integer, :UserId integer, :User string, :StartTime timestamp, :ParentUuid string, :Pwd string, :ExecutableSha256 string, :Name string, :NamespacePid integer, :Euid integer}, :AddressFamily string, :ModuleFilePath string, :MountTarget string, :ModuleSha256 string, :MountSource string, :LdPreloadValue string, :Flags [:seq-of string], :FileSystemType string, :ModifiedAt timestamp, :LibraryPath string, :SocketPath string, :TargetProcess {:Lineage [:seq-of {:ExecutablePath string, :Uuid string, :Pid integer, :UserId integer, :StartTime timestamp, :ParentUuid string, :Name string, :NamespacePid integer, :Euid integer}], :ExecutablePath string, :Uuid string, :Pid integer, :UserId integer, :User string, :StartTime timestamp, :ParentUuid string, :Pwd string, :ExecutableSha256 string, :Name string, :NamespacePid integer, :Euid integer}, :IanaProtocolNumber integer}}, :EventLastSeen string, :EbsVolumeScanDetails {:ScanId string, :ScanStartedAt timestamp, :ScanCompletedAt timestamp, :TriggerFindingId string, :Sources [:seq-of string], :ScanDetections {:ScannedItemCount {:TotalGb integer, :Files integer, :Volumes integer}, :ThreatsDetectedItemCount {:Files integer}, :HighestSeverityThreatDetails {:Severity string, :ThreatName string, :Count integer}, :ThreatDetectedByName {:ItemCount integer, :UniqueThreatNameCount integer, :Shortened boolean, :ThreatNames [:seq-of {:Name string, :Severity string, :ItemCount integer, :FilePaths [:seq-of {:FilePath string, :VolumeArn string, :Hash string, :FileName string}]}]}}, :ScanType [:one-of ["GUARDDUTY_INITIATED" "ON_DEMAND"]]}, :Archived boolean, :EventFirstSeen string, :FeatureName string, :Action {:ActionType string, :AwsApiCallAction {:ErrorCode string, :Api string, :CallerType string, :AffectedResources [:map-of string string], :RemoteAccountDetails {:AccountId string, :Affiliated boolean}, :RemoteIpDetails {:City {:CityName string}, :Country {:CountryCode string, :CountryName string}, :GeoLocation {:Lat double, :Lon double}, :IpAddressV4 string, :Organization {:Asn string, :AsnOrg string, :Isp string, :Org string}}, :DomainDetails {:Domain string}, :UserAgent string, :ServiceName string}, :DnsRequestAction {:Domain string, :Protocol string, :Blocked boolean}, :NetworkConnectionAction {:Blocked boolean, :ConnectionDirection string, :LocalPortDetails {:Port integer, :PortName string}, :Protocol string, :LocalIpDetails {:IpAddressV4 string}, :RemoteIpDetails {:City {:CityName string}, :Country {:CountryCode string, :CountryName string}, :GeoLocation {:Lat double, :Lon double}, :IpAddressV4 string, :Organization {:Asn string, :AsnOrg string, :Isp string, :Org string}}, :RemotePortDetails {:Port integer, :PortName string}}, :PortProbeAction {:Blocked boolean, :PortProbeDetails [:seq-of {:LocalPortDetails {:Port integer, :PortName string}, :LocalIpDetails {:IpAddressV4 string}, :RemoteIpDetails {:City {:CityName string}, :Country {:CountryCode string, :CountryName string}, :GeoLocation {:Lat double, :Lon double}, :IpAddressV4 string, :Organization {:Asn string, :AsnOrg string, :Isp string, :Org string}}}]}, :KubernetesApiCallAction {:RequestUri string, :Verb string, :SourceIps [:seq-of string], :UserAgent string, :RemoteIpDetails {:City {:CityName string}, :Country {:CountryCode string, :CountryName string}, :GeoLocation {:Lat double, :Lon double}, :IpAddressV4 string, :Organization {:Asn string, :AsnOrg string, :Isp string, :Org string}}, :StatusCode integer, :Parameters string}, :RdsLoginAttemptAction {:RemoteIpDetails {:City {:CityName string}, :Country {:CountryCode string, :CountryName string}, :GeoLocation {:Lat double, :Lon double}, :IpAddressV4 string, :Organization {:Asn string, :AsnOrg string, :Isp string, :Org string}}, :LoginAttributes [:seq-of {:User string, :Application string, :FailedLoginAttempts integer, :SuccessfulLoginAttempts integer}]}}, :UserFeedback string, :AdditionalInfo {:Value string, :Type string}, :Count integer, :DetectorId string, :ResourceRole string, :ServiceName string}, :CreatedAt string, :UpdatedAt string, :AccountId string, :Id string, :Title string, :Region string, :Arn string, :Resource {:ResourceType string, :ContainerDetails {:ContainerRuntime string, :Id string, :Name string, :Image string, :ImagePrefix string, :VolumeMounts [:seq-of {:Name string, :MountPath string}], :SecurityContext {:Privileged boolean}}, :RdsDbInstanceDetails {:DbInstanceIdentifier string, :Engine string, :EngineVersion string, :DbClusterIdentifier string, :DbInstanceArn string, :Tags [:seq-of {:Key string, :Value string}]}, :InstanceDetails {:AvailabilityZone string, :LaunchTime string, :ImageId string, :Tags [:seq-of {:Key string, :Value string}], :InstanceId string, :InstanceType string, :OutpostArn string, :ProductCodes [:seq-of {:Code string, :ProductType string}], :Platform string, :ImageDescription string, :IamInstanceProfile {:Arn string, :Id string}, :InstanceState string, :NetworkInterfaces [:seq-of {:PrivateIpAddress string, :PrivateIpAddresses [:seq-of {:PrivateDnsName string, :PrivateIpAddress string}], :PublicIp string, :SubnetId string, :SecurityGroups [:seq-of {:GroupId string, :GroupName string}], :PrivateDnsName string, :PublicDnsName string, :VpcId string, :Ipv6Addresses [:seq-of string], :NetworkInterfaceId string}]}, :EcsClusterDetails {:Name string, :Arn string, :Status string, :ActiveServicesCount integer, :RegisteredContainerInstancesCount integer, :RunningTasksCount integer, :Tags [:seq-of {:Key string, :Value string}], :TaskDetails {:Group string, :DefinitionArn string, :Tags [:seq-of {:Key string, :Value string}], :Containers [:seq-of {:ContainerRuntime string, :Id string, :Name string, :Image string, :ImagePrefix string, :VolumeMounts [:seq-of {:Name string, :MountPath string}], :SecurityContext {:Privileged boolean}}], :StartedBy string, :TaskCreatedAt timestamp, :StartedAt timestamp, :Arn string, :Volumes [:seq-of {:Name string, :HostPath {:Path string}}], :Version string}}, :S3BucketDetails [:seq-of {:Arn string, :Name string, :Type string, :CreatedAt timestamp, :Owner {:Id string}, :Tags [:seq-of {:Key string, :Value string}], :DefaultServerSideEncryption {:EncryptionType string, :KmsMasterKeyArn string}, :PublicAccess {:PermissionConfiguration {:BucketLevelPermissions {:AccessControlList {:AllowsPublicReadAccess boolean, :AllowsPublicWriteAccess boolean}, :BucketPolicy {:AllowsPublicReadAccess boolean, :AllowsPublicWriteAccess boolean}, :BlockPublicAccess {:IgnorePublicAcls boolean, :RestrictPublicBuckets boolean, :BlockPublicAcls boolean, :BlockPublicPolicy boolean}}, :AccountLevelPermissions {:BlockPublicAccess {:IgnorePublicAcls boolean, :RestrictPublicBuckets boolean, :BlockPublicAcls boolean, :BlockPublicPolicy boolean}}}, :EffectivePermission string}}], :RdsDbUserDetails {:User string, :Application string, :Database string, :Ssl string, :AuthMethod string}, :AccessKeyDetails {:AccessKeyId string, :PrincipalId string, :UserName string, :UserType string}, :KubernetesDetails {:KubernetesUserDetails {:Username string, :Uid string, :Groups [:seq-of string]}, :KubernetesWorkloadDetails {:Name string, :Type string, :Uid string, :Namespace string, :HostNetwork boolean, :Containers [:seq-of {:ContainerRuntime string, :Id string, :Name string, :Image string, :ImagePrefix string, :VolumeMounts [:seq-of {:Name string, :MountPath string}], :SecurityContext {:Privileged boolean}}], :Volumes [:seq-of {:Name string, :HostPath {:Path string}}]}}, :LambdaDetails {:VpcConfig {:SubnetIds [:seq-of string], :VpcId string, :SecurityGroups [:seq-of {:GroupId string, :GroupName string}]}, :Tags [:seq-of {:Key string, :Value string}], :LastModifiedAt timestamp, :FunctionName string, :FunctionArn string, :RevisionId string, :Description string, :FunctionVersion string, :Role string}, :EbsVolumeDetails {:ScannedVolumeDetails [:seq-of {:VolumeArn string, :VolumeType string, :DeviceName string, :VolumeSizeInGB integer, :EncryptionType string, :SnapshotArn string, :KmsKeyArn string}], :SkippedVolumeDetails [:seq-of {:VolumeArn string, :VolumeType string, :DeviceName string, :VolumeSizeInGB integer, :EncryptionType string, :SnapshotArn string, :KmsKeyArn string}]}, :EksClusterDetails {:Name string, :Arn string, :VpcId string, :Status string, :Tags [:seq-of {:Key string, :Value string}], :CreatedAt timestamp}}, :Description string, :Type string, :Partition string, :Confidence double}]}}, :DescribePublishingDestination {:documentation "Returns information about the publishing destination specified by the provided destinationId.
", :request {:DetectorId string, :DestinationId string}, :required [:DetectorId :DestinationId], :response {:DestinationId string, :DestinationType [:one-of ["S3"]], :Status [:one-of ["PENDING_VERIFICATION" "PUBLISHING" "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY" "STOPPED"]], :PublishingFailureStartTimestamp long, :DestinationProperties {:DestinationArn string, :KmsKeyArn string}}}, :UpdateMalwareScanSettings {:documentation "Updates the malware scan settings.
 There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", :request {:DetectorId string, :ScanResourceCriteria {:Include [:map-of [:one-of ["EC2_INSTANCE_TAG"]] {:MapEquals [:seq-of {:Key string, :Value string}]}], :Exclude [:map-of [:one-of ["EC2_INSTANCE_TAG"]] {:MapEquals [:seq-of {:Key string, :Value string}]}]}, :EbsSnapshotPreservation [:one-of ["NO_RETENTION" "RETENTION_WITH_FINDING"]]}, :required [:DetectorId]}, :GetRemainingFreeTrialDays {:documentation "Provides the number of days left for each data source used in the free trial period.
", :request {:DetectorId string, :AccountIds [:seq-of string]}, :required [:DetectorId], :response {:Accounts [:seq-of {:AccountId string, :DataSources {:CloudTrail {:FreeTrialDaysRemaining integer}, :DnsLogs {:FreeTrialDaysRemaining integer}, :FlowLogs {:FreeTrialDaysRemaining integer}, :S3Logs {:FreeTrialDaysRemaining integer}, :Kubernetes {:AuditLogs {:FreeTrialDaysRemaining integer}}, :MalwareProtection {:ScanEc2InstanceWithFindings {:FreeTrialDaysRemaining integer}}}, :Features [:seq-of {:Name [:one-of ["FLOW_LOGS" "CLOUD_TRAIL" "DNS_LOGS" "S3_DATA_EVENTS" "EKS_AUDIT_LOGS" "EBS_MALWARE_PROTECTION" "RDS_LOGIN_EVENTS" "EKS_RUNTIME_MONITORING" "LAMBDA_NETWORK_LOGS"]], :FreeTrialDaysRemaining integer}]}], :UnprocessedAccounts [:seq-of {:AccountId string, :Result string}]}}}