This product is not supported for your selected Datadog site. ().

aws_guardduty_detector

account_id

Type: STRING

coverage_statistics

Type: STRUCT
Provider name: CoverageStatistics
Description: Represents the count aggregated by the statusCode and resourceType.

  • count_by_coverage_status
    Type: STRING
    Provider name: CountByCoverageStatus
    Description: Represents coverage statistics for EKS clusters aggregated by coverage status.
  • count_by_resource_type
    Type: STRING
    Provider name: CountByResourceType
    Description: Represents coverage statistics for EKS clusters aggregated by resource type.

created_at

Type: STRING
Provider name: CreatedAt
Description: The timestamp of when the detector was created.

data_sources

Type: STRUCT
Provider name: DataSources
Description: Describes which data sources are enabled for the detector.

  • cloud_trail
    Type: STRUCT
    Provider name: CloudTrail
    Description: An object that contains information on the status of CloudTrail as a data source.
    • status
      Type: STRING
      Provider name: Status
      Description: Describes whether CloudTrail is enabled as a data source for the detector.
  • dns_logs
    Type: STRUCT
    Provider name: DNSLogs
    Description: An object that contains information on the status of DNS logs as a data source.
    • status
      Type: STRING
      Provider name: Status
      Description: Denotes whether DNS logs is enabled as a data source.
  • flow_logs
    Type: STRUCT
    Provider name: FlowLogs
    Description: An object that contains information on the status of VPC flow logs as a data source.
    • status
      Type: STRING
      Provider name: Status
      Description: Denotes whether VPC flow logs is enabled as a data source.
  • kubernetes
    Type: STRUCT
    Provider name: Kubernetes
    Description: An object that contains information on the status of all Kubernetes data sources.
    • audit_logs
      Type: STRUCT
      Provider name: AuditLogs
      Description: Describes whether Kubernetes audit logs are enabled as a data source.
      • status
        Type: STRING
        Provider name: Status
        Description: A value that describes whether Kubernetes audit logs are enabled as a data source.
  • malware_protection
    Type: STRUCT
    Provider name: MalwareProtection
    Description: Describes the configuration of Malware Protection data sources.
    • scan_ec2_instance_with_findings
      Type: STRUCT
      Provider name: ScanEc2InstanceWithFindings
      Description: Describes the configuration of Malware Protection for EC2 instances with findings.
      • ebs_volumes
        Type: STRUCT
        Provider name: EbsVolumes
        Description: Describes the configuration of scanning EBS volumes as a data source.
        • reason
          Type: STRING
          Provider name: Reason
          Description: Specifies the reason why scanning EBS volumes (Malware Protection) was not enabled as a data source.
        • status
          Type: STRING
          Provider name: Status
          Description: Describes whether scanning EBS volumes is enabled as a data source.
    • service_role
      Type: STRING
      Provider name: ServiceRole
      Description: The GuardDuty Malware Protection service role.
  • s3_logs
    Type: STRUCT
    Provider name: S3Logs
    Description: An object that contains information on the status of S3 Data event logs as a data source.
    • status
      Type: STRING
      Provider name: Status
      Description: A value that describes whether S3 data event logs are automatically enabled for new members of the organization.

features

Type: UNORDERED_LIST_STRUCT
Provider name: Features
Description: Describes the features that have been enabled for the detector.

  • additional_configuration
    Type: UNORDERED_LIST_STRUCT
    Provider name: AdditionalConfiguration
    Description: Additional configuration for a resource.
    • name
      Type: STRING
      Provider name: Name
      Description: Name of the additional configuration.
    • status
      Type: STRING
      Provider name: Status
      Description: Status of the additional configuration.
    • updated_at
      Type: TIMESTAMP
      Provider name: UpdatedAt
      Description: The timestamp at which the additional configuration was last updated. This is in UTC format.
  • name
    Type: STRING
    Provider name: Name
    Description: Indicates the name of the feature that can be enabled for the detector.
  • status
    Type: STRING
    Provider name: Status
    Description: Indicates the status of the feature that is enabled for the detector.
  • updated_at
    Type: TIMESTAMP
    Provider name: UpdatedAt
    Description: The timestamp at which the feature object was updated.

finding_publishing_frequency

Type: STRING
Provider name: FindingPublishingFrequency
Description: The publishing frequency of the finding.

service_role

Type: STRING
Provider name: ServiceRole
Description: The GuardDuty service role.

status

Type: STRING
Provider name: Status
Description: The detector status.

tags

Type: UNORDERED_LIST_STRING

updated_at

Type: STRING
Provider name: UpdatedAt
Description: The last-updated timestamp for the detector.