// Code generated by smithy-go-codegen DO NOT EDIT.

package types

import (
	smithydocument "github.com/aws/smithy-go/document"
	"time"
)

// Contains information on the current access control policies for the bucket.
type AccessControlList struct {

	// A value that indicates whether public read access for the bucket is enabled
	// through an Access Control List (ACL).
	AllowsPublicReadAccess *bool

	// A value that indicates whether public write access for the bucket is enabled
	// through an Access Control List (ACL).
	AllowsPublicWriteAccess *bool

	noSmithyDocumentSerde
}

// Contains information about the access keys.
type AccessKeyDetails struct {

	// The access key ID of the user.
	AccessKeyId *string

	// The principal ID of the user.
	PrincipalId *string

	// The name of the user.
	UserName *string

	// The type of the user.
	UserType *string

	noSmithyDocumentSerde
}

// Contains information about the account.
type AccountDetail struct {

	// The member account ID.
	//
	// This member is required.
	AccountId *string

	// The email address of the member account.
	//
	// This member is required.
	Email *string

	noSmithyDocumentSerde
}

// Provides details of the GuardDuty member account that uses a free trial service.
type AccountFreeTrialInfo struct {

	// The account identifier of the GuardDuty member account.
	AccountId *string

	// Describes the data source enabled for the GuardDuty member account.
	//
	// Deprecated: This parameter is deprecated, use Features instead
	DataSources *DataSourcesFreeTrial

	// A list of features enabled for the GuardDuty account.
	Features []FreeTrialFeatureConfigurationResult

	noSmithyDocumentSerde
}

// Contains information about the account level permissions on the S3 bucket.
type AccountLevelPermissions struct {

	// Describes the S3 Block Public Access settings of the bucket's parent account.
	BlockPublicAccess *BlockPublicAccess

	noSmithyDocumentSerde
}

// Contains information about actions.
type Action struct {

	// The GuardDuty finding activity type.
	ActionType *string

	// Information about the AWS_API_CALL action described in this finding.
	AwsApiCallAction *AwsApiCallAction

	// Information about the DNS_REQUEST action described in this finding.
	DnsRequestAction *DnsRequestAction

	// Information about the Kubernetes API call action described in this finding.
	KubernetesApiCallAction *KubernetesApiCallAction

	// Information whether the user has the permission to use a specific Kubernetes
	// API.
	KubernetesPermissionCheckedDetails *KubernetesPermissionCheckedDetails

	// Information about the role binding that grants the permission defined in a
	// Kubernetes role.
	KubernetesRoleBindingDetails *KubernetesRoleBindingDetails

	// Information about the Kubernetes role name and role type.
	KubernetesRoleDetails *KubernetesRoleDetails

	// Information about the NETWORK_CONNECTION action described in this finding.
	NetworkConnectionAction *NetworkConnectionAction

	// Information about the PORT_PROBE action described in this finding.
	PortProbeAction *PortProbeAction

	// Information about RDS_LOGIN_ATTEMPT action described in this finding.
	RdsLoginAttemptAction *RdsLoginAttemptAction

	noSmithyDocumentSerde
}

// Information about the installed EKS add-on (GuardDuty security agent).
type AddonDetails struct {

	// Status of the installed EKS add-on.
	AddonStatus *string

	// Version of the installed EKS add-on.
	AddonVersion *string

	noSmithyDocumentSerde
}

// The account within the organization specified as the GuardDuty delegated
// administrator.
type AdminAccount struct {

	// The Amazon Web Services account ID for the account.
	AdminAccountId *string

	// Indicates whether the account is enabled as the delegated administrator.
	AdminStatus AdminStatus

	noSmithyDocumentSerde
}

// Contains information about the administrator account and invitation.
type Administrator struct {

	// The ID of the account used as the administrator account.
	AccountId *string

	// The value that is used to validate the administrator account to the member
	// account.
	InvitationId *string

	// The timestamp when the invitation was sent.
	InvitedAt *string

	// The status of the relationship between the administrator and member accounts.
	RelationshipStatus *string

	noSmithyDocumentSerde
}

// Information about the installed GuardDuty security agent.
type AgentDetails struct {

	// Version of the installed GuardDuty security agent.
	Version *string

	noSmithyDocumentSerde
}

// Contains information about the anomalies.
type Anomaly struct {

	// Information about the types of profiles.
	Profiles map[string]map[string][]AnomalyObject

	// Information about the behavior of the anomalies.
	Unusual *AnomalyUnusual

	noSmithyDocumentSerde
}

// Contains information about the unusual anomalies.
type AnomalyObject struct {

	// The recorded value.
	Observations *Observations

	// The frequency of the anomaly.
	ProfileSubtype ProfileSubtype

	// The type of behavior of the profile.
	ProfileType ProfileType

	noSmithyDocumentSerde
}

// Contains information about the behavior of the anomaly that is new to GuardDuty.
type AnomalyUnusual struct {

	// The behavior of the anomalous activity that caused GuardDuty to generate the
	// finding.
	Behavior map[string]map[string]AnomalyObject

	noSmithyDocumentSerde
}

// Contains information about the API action.
type AwsApiCallAction struct {

	// The details of the Amazon Web Services account that made the API call. This
	// field identifies the resources that were affected by this API call.
	AffectedResources map[string]string

	// The Amazon Web Services API name.
	Api *string

	// The Amazon Web Services API caller type.
	CallerType *string

	// The domain information for the Amazon Web Services API call.
	DomainDetails *DomainDetails

	// The error code of the failed Amazon Web Services API action.
	ErrorCode *string

	// The details of the Amazon Web Services account that made the API call. This
	// field appears if the call was made from outside your account.
	RemoteAccountDetails *RemoteAccountDetails

	// The remote IP information of the connection that initiated the Amazon Web
	// Services API call.
	RemoteIpDetails *RemoteIpDetails

	// The Amazon Web Services service name whose API was invoked.
	ServiceName *string

	// The agent through which the API request was made.
	UserAgent *string

	noSmithyDocumentSerde
}

// Contains information on how the bucker owner's S3 Block Public Access settings
// are being applied to the S3 bucket. See [S3 Block Public Access]for more information.
//
// [S3 Block Public Access]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
type BlockPublicAccess struct {

	// Indicates if S3 Block Public Access is set to BlockPublicAcls .
	BlockPublicAcls *bool

	// Indicates if S3 Block Public Access is set to BlockPublicPolicy .
	BlockPublicPolicy *bool

	// Indicates if S3 Block Public Access is set to IgnorePublicAcls .
	IgnorePublicAcls *bool

	// Indicates if S3 Block Public Access is set to RestrictPublicBuckets .
	RestrictPublicBuckets *bool

	noSmithyDocumentSerde
}

// Contains information about the bucket level permissions for the S3 bucket.
type BucketLevelPermissions struct {

	// Contains information on how Access Control Policies are applied to the bucket.
	AccessControlList *AccessControlList

	// Contains information on which account level S3 Block Public Access settings are
	// applied to the S3 bucket.
	BlockPublicAccess *BlockPublicAccess

	// Contains information on the bucket policies for the S3 bucket.
	BucketPolicy *BucketPolicy

	noSmithyDocumentSerde
}

// Contains information on the current bucket policies for the S3 bucket.
type BucketPolicy struct {

	// A value that indicates whether public read access for the bucket is enabled
	// through a bucket policy.
	AllowsPublicReadAccess *bool

	// A value that indicates whether public write access for the bucket is enabled
	// through a bucket policy.
	AllowsPublicWriteAccess *bool

	noSmithyDocumentSerde
}

// Contains information about the city associated with the IP address.
type City struct {

	// The city name of the remote IP address.
	CityName *string

	noSmithyDocumentSerde
}

// Contains information on the status of CloudTrail as a data source for the
// detector.
type CloudTrailConfigurationResult struct {

	// Describes whether CloudTrail is enabled as a data source for the detector.
	//
	// This member is required.
	Status DataSourceStatus

	noSmithyDocumentSerde
}

// Contains information about the condition.
type Condition struct {

	// Represents the equal condition to be applied to a single field when querying
	// for findings.
	//
	// Deprecated: This member has been deprecated.
	Eq []string

	// Represents an equal condition to be applied to a single field when querying for
	// findings.
	Equals []string

	// Represents a greater than condition to be applied to a single field when
	// querying for findings.
	GreaterThan *int64

	// Represents a greater than or equal condition to be applied to a single field
	// when querying for findings.
	GreaterThanOrEqual *int64

	// Represents a greater than condition to be applied to a single field when
	// querying for findings.
	//
	// Deprecated: This member has been deprecated.
	Gt *int32

	// Represents a greater than or equal condition to be applied to a single field
	// when querying for findings.
	//
	// Deprecated: This member has been deprecated.
	Gte *int32

	// Represents a less than condition to be applied to a single field when querying
	// for findings.
	LessThan *int64

	// Represents a less than or equal condition to be applied to a single field when
	// querying for findings.
	LessThanOrEqual *int64

	// Represents a less than condition to be applied to a single field when querying
	// for findings.
	//
	// Deprecated: This member has been deprecated.
	Lt *int32

	// Represents a less than or equal condition to be applied to a single field when
	// querying for findings.
	//
	// Deprecated: This member has been deprecated.
	Lte *int32

	// Represents the not equal condition to be applied to a single field when
	// querying for findings.
	//
	// Deprecated: This member has been deprecated.
	Neq []string

	// Represents a not equal condition to be applied to a single field when querying
	// for findings.
	NotEquals []string

	noSmithyDocumentSerde
}

// Details of a container.
type Container struct {

	// The container runtime (such as, Docker or containerd) used to run the container.
	ContainerRuntime *string

	// Container ID.
	Id *string

	// Container image.
	Image *string

	// Part of the image name before the last slash. For example, imagePrefix for
	// public.ecr.aws/amazonlinux/amazonlinux:latest would be
	// public.ecr.aws/amazonlinux. If the image name is relative and does not have a
	// slash, this field is empty.
	ImagePrefix *string

	// Container name.
	Name *string

	// Container security context.
	SecurityContext *SecurityContext

	// Container volume mounts.
	VolumeMounts []VolumeMount

	noSmithyDocumentSerde
}

// Contains information about the Amazon EC2 instance that is running the Amazon
// ECS container.
type ContainerInstanceDetails struct {

	// Represents total number of nodes in the Amazon ECS cluster.
	CompatibleContainerInstances *int64

	// Represents the nodes in the Amazon ECS cluster that has a HEALTHY coverage
	// status.
	CoveredContainerInstances *int64

	noSmithyDocumentSerde
}

// Contains information about the country where the remote IP address is located.
type Country struct {

	// The country code of the remote IP address.
	CountryCode *string

	// The country name of the remote IP address.
	CountryName *string

	noSmithyDocumentSerde
}

// Contains information about the Amazon EC2 instance runtime coverage details.
type CoverageEc2InstanceDetails struct {

	// Information about the installed security agent.
	AgentDetails *AgentDetails

	// The cluster ARN of the Amazon ECS cluster running on the Amazon EC2 instance.
	ClusterArn *string

	// The Amazon EC2 instance ID.
	InstanceId *string

	// The instance type of the Amazon EC2 instance.
	InstanceType *string

	// Indicates how the GuardDuty security agent is managed for this resource.
	//
	//   - AUTO_MANAGED indicates that GuardDuty deploys and manages updates for this
	//   resource.
	//
	//   - MANUAL indicates that you are responsible to deploy, update, and manage the
	//   GuardDuty security agent updates for this resource.
	//
	// The DISABLED status doesn't apply to Amazon EC2 instances and Amazon EKS
	// clusters.
	ManagementType ManagementType

	noSmithyDocumentSerde
}

// Contains information about Amazon ECS cluster runtime coverage details.
type CoverageEcsClusterDetails struct {

	// The name of the Amazon ECS cluster.
	ClusterName *string

	// Information about the Amazon ECS container running on Amazon EC2 instance.
	ContainerInstanceDetails *ContainerInstanceDetails

	// Information about the Fargate details associated with the Amazon ECS cluster.
	FargateDetails *FargateDetails

	noSmithyDocumentSerde
}

// Information about the EKS cluster that has a coverage status.
type CoverageEksClusterDetails struct {

	// Information about the installed EKS add-on.
	AddonDetails *AddonDetails

	// Name of the EKS cluster.
	ClusterName *string

	// Represents all the nodes within the EKS cluster in your account.
	CompatibleNodes *int64

	// Represents the nodes within the EKS cluster that have a HEALTHY coverage status.
	CoveredNodes *int64

	// Indicates how the Amazon EKS add-on GuardDuty agent is managed for this EKS
	// cluster.
	//
	// AUTO_MANAGED indicates GuardDuty deploys and manages updates for this resource.
	//
	// MANUAL indicates that you are responsible to deploy, update, and manage the
	// Amazon EKS add-on GuardDuty agent for this resource.
	ManagementType ManagementType

	noSmithyDocumentSerde
}

// Represents a condition that when matched will be added to the response of the
// operation.
type CoverageFilterCondition struct {

	// Represents an equal condition that is applied to a single field while
	// retrieving the coverage details.
	Equals []string

	// Represents a not equal condition that is applied to a single field while
	// retrieving the coverage details.
	NotEquals []string

	noSmithyDocumentSerde
}

// Represents the criteria used in the filter.
type CoverageFilterCriteria struct {

	// Represents a condition that when matched will be added to the response of the
	// operation.
	FilterCriterion []CoverageFilterCriterion

	noSmithyDocumentSerde
}

// Represents a condition that when matched will be added to the response of the
// operation.
type CoverageFilterCriterion struct {

	// An enum value representing possible filter fields.
	//
	// Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME . CLUSTER_NAME has
	// been deprecated.
	CriterionKey CoverageFilterCriterionKey

	// Contains information about the condition.
	FilterCondition *CoverageFilterCondition

	noSmithyDocumentSerde
}

// Information about the resource of the GuardDuty account.
type CoverageResource struct {

	// The unique ID of the Amazon Web Services account.
	AccountId *string

	// Represents the status of the EKS cluster coverage.
	CoverageStatus CoverageStatus

	// The unique ID of the GuardDuty detector associated with the resource.
	DetectorId *string

	// Represents the reason why a coverage status was UNHEALTHY for the EKS cluster.
	Issue *string

	// Information about the resource for which the coverage statistics are retrieved.
	ResourceDetails *CoverageResourceDetails

	// The unique ID of the resource.
	ResourceId *string

	// The timestamp at which the coverage details for the resource were last updated.
	// This is in UTC format.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Information about the resource for each individual EKS cluster.
type CoverageResourceDetails struct {

	// Information about the Amazon EC2 instance assessed for runtime coverage.
	Ec2InstanceDetails *CoverageEc2InstanceDetails

	// Information about the Amazon ECS cluster that is assessed for runtime coverage.
	EcsClusterDetails *CoverageEcsClusterDetails

	// EKS cluster details involved in the coverage statistics.
	EksClusterDetails *CoverageEksClusterDetails

	// The type of Amazon Web Services resource.
	ResourceType ResourceType

	noSmithyDocumentSerde
}

// Information about the sorting criteria used in the coverage statistics.
type CoverageSortCriteria struct {

	// Represents the field name used to sort the coverage details.
	//
	// Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME . CLUSTER_NAME has
	// been deprecated.
	AttributeName CoverageSortKey

	// The order in which the sorted findings are to be displayed.
	OrderBy OrderBy

	noSmithyDocumentSerde
}

// Information about the coverage statistics for a resource.
type CoverageStatistics struct {

	// Represents coverage statistics for EKS clusters aggregated by coverage status.
	CountByCoverageStatus map[string]int64

	// Represents coverage statistics for EKS clusters aggregated by resource type.
	CountByResourceType map[string]int64

	noSmithyDocumentSerde
}

// Information about the protected resource that is associated with the created
// Malware Protection plan. Presently, S3Bucket is the only supported protected
// resource.
type CreateProtectedResource struct {

	// Information about the protected S3 bucket resource.
	S3Bucket *CreateS3BucketResource

	noSmithyDocumentSerde
}

// Information about the protected S3 bucket resource.
type CreateS3BucketResource struct {

	// Name of the S3 bucket.
	BucketName *string

	// Information about the specified object prefixes. The S3 object will be scanned
	// only if it belongs to any of the specified object prefixes.
	ObjectPrefixes []string

	noSmithyDocumentSerde
}

// Contains information about which data sources are enabled.
type DataSourceConfigurations struct {

	// Describes whether any Kubernetes logs are enabled as data sources.
	Kubernetes *KubernetesConfiguration

	// Describes whether Malware Protection is enabled as a data source.
	MalwareProtection *MalwareProtectionConfiguration

	// Describes whether S3 data event logs are enabled as a data source.
	S3Logs *S3LogsConfiguration

	noSmithyDocumentSerde
}

// Contains information on the status of data sources for the detector.
type DataSourceConfigurationsResult struct {

	// An object that contains information on the status of CloudTrail as a data
	// source.
	//
	// This member is required.
	CloudTrail *CloudTrailConfigurationResult

	// An object that contains information on the status of DNS logs as a data source.
	//
	// This member is required.
	DNSLogs *DNSLogsConfigurationResult

	// An object that contains information on the status of VPC flow logs as a data
	// source.
	//
	// This member is required.
	FlowLogs *FlowLogsConfigurationResult

	// An object that contains information on the status of S3 Data event logs as a
	// data source.
	//
	// This member is required.
	S3Logs *S3LogsConfigurationResult

	// An object that contains information on the status of all Kubernetes data
	// sources.
	Kubernetes *KubernetesConfigurationResult

	// Describes the configuration of Malware Protection data sources.
	MalwareProtection *MalwareProtectionConfigurationResult

	noSmithyDocumentSerde
}

// Contains information about which data sources are enabled for the GuardDuty
// member account.
type DataSourceFreeTrial struct {

	// A value that specifies the number of days left to use each enabled data source.
	FreeTrialDaysRemaining *int32

	noSmithyDocumentSerde
}

// Contains information about which data sources are enabled for the GuardDuty
// member account.
type DataSourcesFreeTrial struct {

	// Describes whether any Amazon Web Services CloudTrail management event logs are
	// enabled as data sources.
	CloudTrail *DataSourceFreeTrial

	// Describes whether any DNS logs are enabled as data sources.
	DnsLogs *DataSourceFreeTrial

	// Describes whether any VPC Flow logs are enabled as data sources.
	FlowLogs *DataSourceFreeTrial

	// Describes whether any Kubernetes logs are enabled as data sources.
	Kubernetes *KubernetesDataSourceFreeTrial

	// Describes whether Malware Protection is enabled as a data source.
	MalwareProtection *MalwareProtectionDataSourceFreeTrial

	// Describes whether any S3 data event logs are enabled as data sources.
	S3Logs *DataSourceFreeTrial

	noSmithyDocumentSerde
}

// Contains information on the server side encryption method used in the S3
// bucket. See [S3 Server-Side Encryption]for more information.
//
// [S3 Server-Side Encryption]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
type DefaultServerSideEncryption struct {

	// The type of encryption used for objects within the S3 bucket.
	EncryptionType *string

	// The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the
	// bucket EncryptionType is aws:kms .
	KmsMasterKeyArn *string

	noSmithyDocumentSerde
}

// Contains information about the publishing destination, including the ID, type,
// and status.
type Destination struct {

	// The unique ID of the publishing destination.
	//
	// This member is required.
	DestinationId *string

	// The type of resource used for the publishing destination. Currently, only
	// Amazon S3 buckets are supported.
	//
	// This member is required.
	DestinationType DestinationType

	// The status of the publishing destination.
	//
	// This member is required.
	Status PublishingStatus

	noSmithyDocumentSerde
}

// Contains the Amazon Resource Name (ARN) of the resource to publish to, such as
// an S3 bucket, and the ARN of the KMS key to use to encrypt published findings.
type DestinationProperties struct {

	// The ARN of the resource to publish to.
	//
	// To specify an S3 bucket folder use the following format:
	// arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/
	DestinationArn *string

	// The ARN of the KMS key to use for encryption.
	KmsKeyArn *string

	noSmithyDocumentSerde
}

// Contains information about the detected behavior.
type Detection struct {

	// The details about the anomalous activity that caused GuardDuty to generate the
	// finding.
	Anomaly *Anomaly

	noSmithyDocumentSerde
}

// Information about the additional configuration for a feature in your GuardDuty
// account.
type DetectorAdditionalConfiguration struct {

	// Name of the additional configuration.
	Name FeatureAdditionalConfiguration

	// Status of the additional configuration.
	Status FeatureStatus

	noSmithyDocumentSerde
}

// Information about the additional configuration.
type DetectorAdditionalConfigurationResult struct {

	// Name of the additional configuration.
	Name FeatureAdditionalConfiguration

	// Status of the additional configuration.
	Status FeatureStatus

	// The timestamp at which the additional configuration was last updated. This is
	// in UTC format.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Contains information about a GuardDuty feature.
//
// Specifying both EKS Runtime Monitoring ( EKS_RUNTIME_MONITORING ) and Runtime
// Monitoring ( RUNTIME_MONITORING ) will cause an error. You can add only one of
// these two features because Runtime Monitoring already includes the threat
// detection for Amazon EKS resources. For more information, see [Runtime Monitoring].
//
// [Runtime Monitoring]: https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html
type DetectorFeatureConfiguration struct {

	// Additional configuration for a resource.
	AdditionalConfiguration []DetectorAdditionalConfiguration

	// The name of the feature.
	Name DetectorFeature

	// The status of the feature.
	Status FeatureStatus

	noSmithyDocumentSerde
}

// Contains information about a GuardDuty feature.
//
// Specifying both EKS Runtime Monitoring ( EKS_RUNTIME_MONITORING ) and Runtime
// Monitoring ( RUNTIME_MONITORING ) will cause an error. You can add only one of
// these two features because Runtime Monitoring already includes the threat
// detection for Amazon EKS resources. For more information, see [Runtime Monitoring].
//
// [Runtime Monitoring]: https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html
type DetectorFeatureConfigurationResult struct {

	// Additional configuration for a resource.
	AdditionalConfiguration []DetectorAdditionalConfigurationResult

	// Indicates the name of the feature that can be enabled for the detector.
	Name DetectorFeatureResult

	// Indicates the status of the feature that is enabled for the detector.
	Status FeatureStatus

	// The timestamp at which the feature object was updated.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Contains information on the status of DNS logs as a data source.
type DNSLogsConfigurationResult struct {

	// Denotes whether DNS logs is enabled as a data source.
	//
	// This member is required.
	Status DataSourceStatus

	noSmithyDocumentSerde
}

// Contains information about the DNS_REQUEST action described in this finding.
type DnsRequestAction struct {

	// Indicates whether the targeted port is blocked.
	Blocked *bool

	// The domain information for the DNS query.
	Domain *string

	// The second and top level domain involved in the activity that potentially
	// prompted GuardDuty to generate this finding. For a list of top-level and
	// second-level domains, see [public suffix list].
	//
	// [public suffix list]: https://publicsuffix.org/
	DomainWithSuffix *string

	// The network connection protocol observed in the activity that prompted
	// GuardDuty to generate the finding.
	Protocol *string

	noSmithyDocumentSerde
}

// Contains information about the domain.
type DomainDetails struct {

	// The domain information for the Amazon Web Services API call.
	Domain *string

	noSmithyDocumentSerde
}

// Contains list of scanned and skipped EBS volumes with details.
type EbsVolumeDetails struct {

	// List of EBS volumes that were scanned.
	ScannedVolumeDetails []VolumeDetail

	// List of EBS volumes that were skipped from the malware scan.
	SkippedVolumeDetails []VolumeDetail

	noSmithyDocumentSerde
}

// Contains details from the malware scan that created a finding.
type EbsVolumeScanDetails struct {

	// Returns the completion date and time of the malware scan.
	ScanCompletedAt *time.Time

	// Contains a complete view providing malware scan result details.
	ScanDetections *ScanDetections

	// Unique Id of the malware scan that generated the finding.
	ScanId *string

	// Returns the start date and time of the malware scan.
	ScanStartedAt *time.Time

	// Specifies the scan type that invoked the malware scan.
	ScanType ScanType

	// Contains list of threat intelligence sources used to detect threats.
	Sources []string

	// GuardDuty finding ID that triggered a malware scan.
	TriggerFindingId *string

	noSmithyDocumentSerde
}

// Describes the configuration of scanning EBS volumes as a data source.
type EbsVolumesResult struct {

	// Specifies the reason why scanning EBS volumes (Malware Protection) was not
	// enabled as a data source.
	Reason *string

	// Describes whether scanning EBS volumes is enabled as a data source.
	Status DataSourceStatus

	noSmithyDocumentSerde
}

// Contains information about the details of the ECS Cluster.
type EcsClusterDetails struct {

	// The number of services that are running on the cluster in an ACTIVE state.
	ActiveServicesCount *int32

	// The Amazon Resource Name (ARN) that identifies the cluster.
	Arn *string

	// The name of the ECS Cluster.
	Name *string

	// The number of container instances registered into the cluster.
	RegisteredContainerInstancesCount *int32

	// The number of tasks in the cluster that are in the RUNNING state.
	RunningTasksCount *int32

	// The status of the ECS cluster.
	Status *string

	// The tags of the ECS Cluster.
	Tags []Tag

	// Contains information about the details of the ECS Task.
	TaskDetails *EcsTaskDetails

	noSmithyDocumentSerde
}

// Contains information about the task in an ECS cluster.
type EcsTaskDetails struct {

	// The Amazon Resource Name (ARN) of the task.
	Arn *string

	// The containers that's associated with the task.
	Containers []Container

	// The ARN of the task definition that creates the task.
	DefinitionArn *string

	// The name of the task group that's associated with the task.
	Group *string

	// The Unix timestamp for the time when the task started.
	StartedAt *time.Time

	// Contains the tag specified when a task is started.
	StartedBy *string

	// The tags of the ECS Task.
	Tags []Tag

	// The Unix timestamp for the time when the task was created.
	TaskCreatedAt *time.Time

	// The version counter for the task.
	Version *string

	// The list of data volume definitions for the task.
	Volumes []Volume

	noSmithyDocumentSerde
}

// Details about the EKS cluster involved in a Kubernetes finding.
type EksClusterDetails struct {

	// EKS cluster ARN.
	Arn *string

	// The timestamp when the EKS cluster was created.
	CreatedAt *time.Time

	// EKS cluster name.
	Name *string

	// The EKS cluster status.
	Status *string

	// The EKS cluster tags.
	Tags []Tag

	// The VPC ID to which the EKS cluster is attached.
	VpcId *string

	noSmithyDocumentSerde
}

// Contains information about the reason that the finding was generated.
type Evidence struct {

	// A list of threat intelligence details related to the evidence.
	ThreatIntelligenceDetails []ThreatIntelligenceDetail

	noSmithyDocumentSerde
}

// Contains information about Amazon Web Services Fargate details associated with
// an Amazon ECS cluster.
type FargateDetails struct {

	// Runtime coverage issues identified for the resource running on Amazon Web
	// Services Fargate.
	Issues []string

	// Indicates how the GuardDuty security agent is managed for this resource.
	//
	//   - AUTO_MANAGED indicates that GuardDuty deploys and manages updates for this
	//   resource.
	//
	//   - DISABLED indicates that the deployment of the GuardDuty security agent is
	//   disabled for this resource.
	//
	// The MANUAL status doesn't apply to the Amazon Web Services Fargate (Amazon ECS
	// only) woprkloads.
	ManagementType ManagementType

	noSmithyDocumentSerde
}

// Contains information about the condition.
type FilterCondition struct {

	// Represents an equal condition to be applied to a single field when querying for
	// scan entries.
	EqualsValue *string

	// Represents a greater than condition to be applied to a single field when
	// querying for scan entries.
	GreaterThan *int64

	// Represents a less than condition to be applied to a single field when querying
	// for scan entries.
	LessThan *int64

	noSmithyDocumentSerde
}

// Represents the criteria to be used in the filter for describing scan entries.
type FilterCriteria struct {

	// Represents a condition that when matched will be added to the response of the
	// operation.
	FilterCriterion []FilterCriterion

	noSmithyDocumentSerde
}

// Represents a condition that when matched will be added to the response of the
// operation. Irrespective of using any filter criteria, an administrator account
// can view the scan entries for all of its member accounts. However, each member
// account can view the scan entries only for their own account.
type FilterCriterion struct {

	// An enum value representing possible scan properties to match with given scan
	// entries.
	//
	// Replace the enum value CLUSTER_NAME with EKS_CLUSTER_NAME . CLUSTER_NAME has
	// been deprecated.
	CriterionKey CriterionKey

	// Contains information about the condition.
	FilterCondition *FilterCondition

	noSmithyDocumentSerde
}

// Contains information about the finding that is generated when abnormal or
// suspicious activity is detected.
type Finding struct {

	// The ID of the account in which the finding was generated.
	//
	// This member is required.
	AccountId *string

	// The ARN of the finding.
	//
	// This member is required.
	Arn *string

	// The time and date when the finding was created.
	//
	// This member is required.
	CreatedAt *string

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Region where the finding was generated.
	//
	// This member is required.
	Region *string

	// Contains information about the Amazon Web Services resource associated with the
	// activity that prompted GuardDuty to generate a finding.
	//
	// This member is required.
	Resource *Resource

	// The version of the schema used for the finding.
	//
	// This member is required.
	SchemaVersion *string

	// The severity of the finding.
	//
	// This member is required.
	Severity *float64

	// The type of finding.
	//
	// This member is required.
	Type *string

	// The time and date when the finding was last updated.
	//
	// This member is required.
	UpdatedAt *string

	// The confidence score for the finding.
	Confidence *float64

	// The description of the finding.
	Description *string

	// The partition associated with the finding.
	Partition *string

	// Contains additional information about the generated finding.
	Service *Service

	// The title of the finding.
	Title *string

	noSmithyDocumentSerde
}

// Contains information about the criteria used for querying findings.
type FindingCriteria struct {

	// Represents a map of finding properties that match specified conditions and
	// values when querying findings.
	Criterion map[string]Condition

	noSmithyDocumentSerde
}

// Contains information about finding statistics.
type FindingStatistics struct {

	// Represents a map of severity to count statistics for a set of findings.
	CountBySeverity map[string]int32

	noSmithyDocumentSerde
}

// Contains information on the status of VPC flow logs as a data source.
type FlowLogsConfigurationResult struct {

	// Denotes whether VPC flow logs is enabled as a data source.
	//
	// This member is required.
	Status DataSourceStatus

	noSmithyDocumentSerde
}

// Contains information about the free trial period for a feature.
type FreeTrialFeatureConfigurationResult struct {

	// The number of the remaining free trial days for the feature.
	FreeTrialDaysRemaining *int32

	// The name of the feature for which the free trial is configured.
	Name FreeTrialFeatureResult

	noSmithyDocumentSerde
}

// Contains information about the location of the remote IP address.
type GeoLocation struct {

	// The latitude information of the remote IP address.
	Lat *float64

	// The longitude information of the remote IP address.
	Lon *float64

	noSmithyDocumentSerde
}

// Contains details of the highest severity threat detected during scan and number
// of infected files.
type HighestSeverityThreatDetails struct {

	// Total number of infected files with the highest severity threat detected.
	Count *int32

	// Severity level of the highest severity threat detected.
	Severity *string

	// Threat name of the highest severity threat detected as part of the malware scan.
	ThreatName *string

	noSmithyDocumentSerde
}

// Represents a pre-existing file or directory on the host machine that the volume
// maps to.
type HostPath struct {

	// Path of the file or directory on the host that the volume maps to.
	Path *string

	noSmithyDocumentSerde
}

// Contains information about the EC2 instance profile.
type IamInstanceProfile struct {

	// The profile ARN of the EC2 instance.
	Arn *string

	// The profile ID of the EC2 instance.
	Id *string

	noSmithyDocumentSerde
}

// Contains information about the impersonated user.
type ImpersonatedUser struct {

	// The group to which the user name belongs.
	Groups []string

	// Information about the username that was being impersonated.
	Username *string

	noSmithyDocumentSerde
}

// Contains information about the details of an instance.
type InstanceDetails struct {

	// The Availability Zone of the EC2 instance.
	AvailabilityZone *string

	// The profile information of the EC2 instance.
	IamInstanceProfile *IamInstanceProfile

	// The image description of the EC2 instance.
	ImageDescription *string

	// The image ID of the EC2 instance.
	ImageId *string

	// The ID of the EC2 instance.
	InstanceId *string

	// The state of the EC2 instance.
	InstanceState *string

	// The type of the EC2 instance.
	InstanceType *string

	// The launch time of the EC2 instance.
	LaunchTime *string

	// The elastic network interface information of the EC2 instance.
	NetworkInterfaces []NetworkInterface

	// The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only
	// applicable to Amazon Web Services Outposts instances.
	OutpostArn *string

	// The platform of the EC2 instance.
	Platform *string

	// The product code of the EC2 instance.
	ProductCodes []ProductCode

	// The tags of the EC2 instance.
	Tags []Tag

	noSmithyDocumentSerde
}

// Contains information about the invitation to become a member account.
type Invitation struct {

	// The ID of the account that the invitation was sent from.
	AccountId *string

	// The ID of the invitation. This value is used to validate the inviter account to
	// the member account.
	InvitationId *string

	// The timestamp when the invitation was sent.
	InvitedAt *string

	// The status of the relationship between the inviter and invitee accounts.
	RelationshipStatus *string

	noSmithyDocumentSerde
}

// Information about the nested item path and hash of the protected resource.
type ItemPath struct {

	// The hash value of the infected resource.
	Hash *string

	// The nested item path where the infected file was found.
	NestedItemPath *string

	noSmithyDocumentSerde
}

// Information about the Kubernetes API call action described in this finding.
type KubernetesApiCallAction struct {

	// The name of the namespace where the Kubernetes API call action takes place.
	Namespace *string

	// Parameters related to the Kubernetes API call action.
	Parameters *string

	// Contains information about the remote IP address of the connection.
	RemoteIpDetails *RemoteIpDetails

	// The Kubernetes API request URI.
	RequestUri *string

	// The resource component in the Kubernetes API call action.
	Resource *string

	// The name of the resource in the Kubernetes API call action.
	ResourceName *string

	// The IP of the Kubernetes API caller and the IPs of any proxies or load
	// balancers between the caller and the API endpoint.
	SourceIps []string

	// The resulting HTTP response code of the Kubernetes API call action.
	StatusCode *int32

	// The name of the sub-resource in the Kubernetes API call action.
	Subresource *string

	// The user agent of the caller of the Kubernetes API.
	UserAgent *string

	// The Kubernetes API request HTTP verb.
	Verb *string

	noSmithyDocumentSerde
}

// Describes whether Kubernetes audit logs are enabled as a data source.
type KubernetesAuditLogsConfiguration struct {

	// The status of Kubernetes audit logs as a data source.
	//
	// This member is required.
	Enable *bool

	noSmithyDocumentSerde
}

// Describes whether Kubernetes audit logs are enabled as a data source.
type KubernetesAuditLogsConfigurationResult struct {

	// A value that describes whether Kubernetes audit logs are enabled as a data
	// source.
	//
	// This member is required.
	Status DataSourceStatus

	noSmithyDocumentSerde
}

// Describes whether any Kubernetes data sources are enabled.
type KubernetesConfiguration struct {

	// The status of Kubernetes audit logs as a data source.
	//
	// This member is required.
	AuditLogs *KubernetesAuditLogsConfiguration

	noSmithyDocumentSerde
}

// Describes whether any Kubernetes logs will be enabled as a data source.
type KubernetesConfigurationResult struct {

	// Describes whether Kubernetes audit logs are enabled as a data source.
	//
	// This member is required.
	AuditLogs *KubernetesAuditLogsConfigurationResult

	noSmithyDocumentSerde
}

// Provides details about the Kubernetes resources when it is enabled as a data
// source.
type KubernetesDataSourceFreeTrial struct {

	// Describes whether Kubernetes audit logs are enabled as a data source.
	AuditLogs *DataSourceFreeTrial

	noSmithyDocumentSerde
}

// Details about Kubernetes resources such as a Kubernetes user or workload
// resource involved in a Kubernetes finding.
type KubernetesDetails struct {

	// Details about the Kubernetes user involved in a Kubernetes finding.
	KubernetesUserDetails *KubernetesUserDetails

	// Details about the Kubernetes workload involved in a Kubernetes finding.
	KubernetesWorkloadDetails *KubernetesWorkloadDetails

	noSmithyDocumentSerde
}

// Information about the Kubernetes API for which you check if you have permission
// to call.
type KubernetesPermissionCheckedDetails struct {

	// Information whether the user has the permission to call the Kubernetes API.
	Allowed *bool

	// The namespace where the Kubernetes API action will take place.
	Namespace *string

	// The Kubernetes resource with which your Kubernetes API call will interact.
	Resource *string

	// The verb component of the Kubernetes API call. For example, when you check
	// whether or not you have the permission to call the CreatePod API, the verb
	// component will be Create .
	Verb *string

	noSmithyDocumentSerde
}

// Contains information about the role binding that grants the permission defined
// in a Kubernetes role.
type KubernetesRoleBindingDetails struct {

	// The kind of the role. For role binding, this value will be RoleBinding .
	Kind *string

	// The name of the RoleBinding .
	Name *string

	// The type of the role being referenced. This could be either Role or ClusterRole .
	RoleRefKind *string

	// The name of the role being referenced. This must match the name of the Role or
	// ClusterRole that you want to bind to.
	RoleRefName *string

	// The unique identifier of the role binding.
	Uid *string

	noSmithyDocumentSerde
}

// Information about the Kubernetes role name and role type.
type KubernetesRoleDetails struct {

	// The kind of role. For this API, the value of kind will be Role .
	Kind *string

	// The name of the Kubernetes role.
	Name *string

	// The unique identifier of the Kubernetes role name.
	Uid *string

	noSmithyDocumentSerde
}

// Details about the Kubernetes user involved in a Kubernetes finding.
type KubernetesUserDetails struct {

	// The groups that include the user who called the Kubernetes API.
	Groups []string

	// Information about the impersonated user.
	ImpersonatedUser *ImpersonatedUser

	// Entity that assumes the IAM role when Kubernetes RBAC permissions are assigned
	// to that role.
	SessionName []string

	// The user ID of the user who called the Kubernetes API.
	Uid *string

	// The username of the user who called the Kubernetes API.
	Username *string

	noSmithyDocumentSerde
}

// Details about the Kubernetes workload involved in a Kubernetes finding.
type KubernetesWorkloadDetails struct {

	// Containers running as part of the Kubernetes workload.
	Containers []Container

	// Whether the host IPC flag is enabled for the pods in the workload.
	HostIPC *bool

	// Whether the hostNetwork flag is enabled for the pods included in the workload.
	HostNetwork *bool

	// Whether the host PID flag is enabled for the pods in the workload.
	HostPID *bool

	// Kubernetes workload name.
	Name *string

	// Kubernetes namespace that the workload is part of.
	Namespace *string

	// The service account name that is associated with a Kubernetes workload.
	ServiceAccountName *string

	// Kubernetes workload type (e.g. Pod, Deployment, etc.).
	Type *string

	// Kubernetes workload ID.
	Uid *string

	// Volumes used by the Kubernetes workload.
	Volumes []Volume

	noSmithyDocumentSerde
}

// Information about the Lambda function involved in the finding.
type LambdaDetails struct {

	// Description of the Lambda function.
	Description *string

	// Amazon Resource Name (ARN) of the Lambda function.
	FunctionArn *string

	// Name of the Lambda function.
	FunctionName *string

	// The version of the Lambda function.
	FunctionVersion *string

	// The timestamp when the Lambda function was last modified. This field is in the
	// UTC date string format (2023-03-22T19:37:20.168Z) .
	LastModifiedAt *time.Time

	// The revision ID of the Lambda function version.
	RevisionId *string

	// The execution role of the Lambda function.
	Role *string

	// A list of tags attached to this resource, listed in the format of key : value
	// pair.
	Tags []Tag

	// Amazon Virtual Private Cloud configuration details associated with your Lambda
	// function.
	VpcConfig *VpcConfig

	noSmithyDocumentSerde
}

// Information about the runtime process details.
type LineageObject struct {

	// The effective user ID that was used to execute the process.
	Euid *int32

	// The absolute path of the process executable file.
	ExecutablePath *string

	// The name of the process.
	Name *string

	// The process ID of the child process.
	NamespacePid *int32

	// The unique ID of the parent process. This ID is assigned to the parent process
	// by GuardDuty.
	ParentUuid *string

	// The ID of the process.
	Pid *int32

	// The time when the process started. This is in UTC format.
	StartTime *time.Time

	// The user ID of the user that executed the process.
	UserId *int32

	// The unique ID assigned to the process by GuardDuty.
	Uuid *string

	noSmithyDocumentSerde
}

// Contains information about the local IP address of the connection.
type LocalIpDetails struct {

	// The IPv4 local address of the connection.
	IpAddressV4 *string

	// The IPv6 local address of the connection.
	IpAddressV6 *string

	noSmithyDocumentSerde
}

// Contains information about the port for the local connection.
type LocalPortDetails struct {

	// The port number of the local connection.
	Port *int32

	// The port name of the local connection.
	PortName *string

	noSmithyDocumentSerde
}

// Information about the login attempts.
type LoginAttribute struct {

	// Indicates the application name used to attempt log in.
	Application *string

	// Represents the sum of failed (unsuccessful) login attempts made to establish a
	// connection to the database instance.
	FailedLoginAttempts *int32

	// Represents the sum of successful connections (a correct combination of login
	// attributes) made to the database instance by the actor.
	SuccessfulLoginAttempts *int32

	// Indicates the user name which attempted to log in.
	User *string

	noSmithyDocumentSerde
}

// Describes whether Malware Protection will be enabled as a data source.
type MalwareProtectionConfiguration struct {

	// Describes the configuration of Malware Protection for EC2 instances with
	// findings.
	ScanEc2InstanceWithFindings *ScanEc2InstanceWithFindings

	noSmithyDocumentSerde
}

// An object that contains information on the status of all Malware Protection
// data sources.
type MalwareProtectionConfigurationResult struct {

	// Describes the configuration of Malware Protection for EC2 instances with
	// findings.
	ScanEc2InstanceWithFindings *ScanEc2InstanceWithFindingsResult

	// The GuardDuty Malware Protection service role.
	ServiceRole *string

	noSmithyDocumentSerde
}

// Provides details about Malware Protection when it is enabled as a data source.
type MalwareProtectionDataSourceFreeTrial struct {

	// Describes whether Malware Protection for EC2 instances with findings is enabled
	// as a data source.
	ScanEc2InstanceWithFindings *DataSourceFreeTrial

	noSmithyDocumentSerde
}

// Information about whether the tags will be added to the S3 object after
// scanning.
type MalwareProtectionPlanActions struct {

	// Indicates whether the scanned S3 object will have tags about the scan result.
	Tagging *MalwareProtectionPlanTaggingAction

	noSmithyDocumentSerde
}

// Information about the issue code and message associated to the status of your
// Malware Protection plan.
type MalwareProtectionPlanStatusReason struct {

	// Issue code.
	Code *string

	// Issue message that specifies the reason. For information about potential
	// troubleshooting steps, see [Troubleshooting Malware Protection for S3 status issues]in the GuardDuty User Guide.
	//
	// [Troubleshooting Malware Protection for S3 status issues]: https://docs.aws.amazon.com/guardduty/latest/ug/troubleshoot-s3-malware-protection-status-errors.html
	Message *string

	noSmithyDocumentSerde
}

// Information about the Malware Protection plan resource.
type MalwareProtectionPlanSummary struct {

	// A unique identifier associated with Malware Protection plan.
	MalwareProtectionPlanId *string

	noSmithyDocumentSerde
}

// Information about adding tags to the scanned S3 object after the scan result.
type MalwareProtectionPlanTaggingAction struct {

	// Indicates whether or not the tags will added.
	Status MalwareProtectionPlanTaggingActionStatus

	noSmithyDocumentSerde
}

// Information about the malware scan that generated a GuardDuty finding.
type MalwareScanDetails struct {

	// Information about the detected threats associated with the generated GuardDuty
	// finding.
	Threats []Threat

	noSmithyDocumentSerde
}

// Contains information about the administrator account and invitation.
type Master struct {

	// The ID of the account used as the administrator account.
	AccountId *string

	// The value used to validate the administrator account to the member account.
	InvitationId *string

	// The timestamp when the invitation was sent.
	InvitedAt *string

	// The status of the relationship between the administrator and member accounts.
	RelationshipStatus *string

	noSmithyDocumentSerde
}

// Contains information about the member account.
type Member struct {

	// The ID of the member account.
	//
	// This member is required.
	AccountId *string

	// The email address of the member account.
	//
	// This member is required.
	Email *string

	// The administrator account ID.
	//
	// This member is required.
	MasterId *string

	// The status of the relationship between the member and the administrator.
	//
	// This member is required.
	RelationshipStatus *string

	// The last-updated timestamp of the member.
	//
	// This member is required.
	UpdatedAt *string

	// The administrator account ID.
	AdministratorId *string

	// The detector ID of the member account.
	DetectorId *string

	// The timestamp when the invitation was sent.
	InvitedAt *string

	noSmithyDocumentSerde
}

// Information about the additional configuration for the member account.
type MemberAdditionalConfiguration struct {

	// Name of the additional configuration.
	Name OrgFeatureAdditionalConfiguration

	// Status of the additional configuration.
	Status FeatureStatus

	noSmithyDocumentSerde
}

// Information about the additional configuration for the member account.
type MemberAdditionalConfigurationResult struct {

	// Indicates the name of the additional configuration that is set for the member
	// account.
	Name OrgFeatureAdditionalConfiguration

	// Indicates the status of the additional configuration that is set for the member
	// account.
	Status FeatureStatus

	// The timestamp at which the additional configuration was set for the member
	// account. This is in UTC format.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Contains information on which data sources are enabled for a member account.
type MemberDataSourceConfiguration struct {

	// The account ID for the member account.
	//
	// This member is required.
	AccountId *string

	// Contains information on the status of data sources for the account.
	//
	// Deprecated: This parameter is deprecated, use Features instead
	DataSources *DataSourceConfigurationsResult

	// Contains information about the status of the features for the member account.
	Features []MemberFeaturesConfigurationResult

	noSmithyDocumentSerde
}

// Contains information about the features for the member account.
type MemberFeaturesConfiguration struct {

	// Additional configuration of the feature for the member account.
	AdditionalConfiguration []MemberAdditionalConfiguration

	// The name of the feature.
	Name OrgFeature

	// The status of the feature.
	Status FeatureStatus

	noSmithyDocumentSerde
}

// Contains information about the features for the member account.
type MemberFeaturesConfigurationResult struct {

	// Indicates the additional configuration of the feature that is configured for
	// the member account.
	AdditionalConfiguration []MemberAdditionalConfigurationResult

	// Indicates the name of the feature that is enabled for the detector.
	Name OrgFeature

	// Indicates the status of the feature that is enabled for the detector.
	Status FeatureStatus

	// The timestamp at which the feature object was updated.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Contains information about the NETWORK_CONNECTION action described in the
// finding.
type NetworkConnectionAction struct {

	// Indicates whether EC2 blocked the network connection to your instance.
	Blocked *bool

	// The network connection direction.
	ConnectionDirection *string

	// The local IP information of the connection.
	LocalIpDetails *LocalIpDetails

	// The local port information of the connection.
	LocalPortDetails *LocalPortDetails

	// The network connection protocol.
	Protocol *string

	// The remote IP information of the connection.
	RemoteIpDetails *RemoteIpDetails

	// The remote port information of the connection.
	RemotePortDetails *RemotePortDetails

	noSmithyDocumentSerde
}

// Contains information about the elastic network interface of the EC2 instance.
type NetworkInterface struct {

	// A list of IPv6 addresses for the EC2 instance.
	Ipv6Addresses []string

	// The ID of the network interface.
	NetworkInterfaceId *string

	// The private DNS name of the EC2 instance.
	PrivateDnsName *string

	// The private IP address of the EC2 instance.
	PrivateIpAddress *string

	// Other private IP address information of the EC2 instance.
	PrivateIpAddresses []PrivateIpAddressDetails

	// The public DNS name of the EC2 instance.
	PublicDnsName *string

	// The public IP address of the EC2 instance.
	PublicIp *string

	// The security groups associated with the EC2 instance.
	SecurityGroups []SecurityGroup

	// The subnet ID of the EC2 instance.
	SubnetId *string

	// The VPC ID of the EC2 instance.
	VpcId *string

	noSmithyDocumentSerde
}

// Contains information about the observed behavior.
type Observations struct {

	// The text that was unusual.
	Text []string

	noSmithyDocumentSerde
}

// Contains information about the ISP organization of the remote IP address.
type Organization struct {

	// The Autonomous System Number (ASN) of the internet provider of the remote IP
	// address.
	Asn *string

	// The organization that registered this ASN.
	AsnOrg *string

	// The ISP information for the internet provider.
	Isp *string

	// The name of the internet provider.
	Org *string

	noSmithyDocumentSerde
}

// A list of additional configurations which will be configured for the
// organization.
type OrganizationAdditionalConfiguration struct {

	// The status of the additional configuration that will be configured for the
	// organization. Use one of the following values to configure the feature status
	// for the entire organization:
	//
	//   - NEW : Indicates that when a new account joins the organization, they will
	//   have the additional configuration enabled automatically.
	//
	//   - ALL : Indicates that all accounts in the organization have the additional
	//   configuration enabled automatically. This includes NEW accounts that join the
	//   organization and accounts that may have been suspended or removed from the
	//   organization in GuardDuty.
	//
	// It may take up to 24 hours to update the configuration for all the member
	//   accounts.
	//
	//   - NONE : Indicates that the additional configuration will not be automatically
	//   enabled for any account in the organization. The administrator must manage the
	//   additional configuration for each account individually.
	AutoEnable OrgFeatureStatus

	// The name of the additional configuration that will be configured for the
	// organization.
	Name OrgFeatureAdditionalConfiguration

	noSmithyDocumentSerde
}

// A list of additional configuration which will be configured for the
// organization.
type OrganizationAdditionalConfigurationResult struct {

	// Describes the status of the additional configuration that is configured for the
	// member accounts within the organization. One of the following values is the
	// status for the entire organization:
	//
	//   - NEW : Indicates that when a new account joins the organization, they will
	//   have the additional configuration enabled automatically.
	//
	//   - ALL : Indicates that all accounts in the organization have the additional
	//   configuration enabled automatically. This includes NEW accounts that join the
	//   organization and accounts that may have been suspended or removed from the
	//   organization in GuardDuty.
	//
	// It may take up to 24 hours to update the configuration for all the member
	//   accounts.
	//
	//   - NONE : Indicates that the additional configuration will not be automatically
	//   enabled for any account in the organization. The administrator must manage the
	//   additional configuration for each account individually.
	AutoEnable OrgFeatureStatus

	// The name of the additional configuration that is configured for the member
	// accounts within the organization.
	Name OrgFeatureAdditionalConfiguration

	noSmithyDocumentSerde
}

// An object that contains information on which data sources will be configured to
// be automatically enabled for new members within the organization.
type OrganizationDataSourceConfigurations struct {

	// Describes the configuration of Kubernetes data sources for new members of the
	// organization.
	Kubernetes *OrganizationKubernetesConfiguration

	// Describes the configuration of Malware Protection for new members of the
	// organization.
	MalwareProtection *OrganizationMalwareProtectionConfiguration

	// Describes whether S3 data event logs are enabled for new members of the
	// organization.
	S3Logs *OrganizationS3LogsConfiguration

	noSmithyDocumentSerde
}

// An object that contains information on which data sources are automatically
// enabled for new members within the organization.
type OrganizationDataSourceConfigurationsResult struct {

	// Describes whether S3 data event logs are enabled as a data source.
	//
	// This member is required.
	S3Logs *OrganizationS3LogsConfigurationResult

	// Describes the configuration of Kubernetes data sources.
	Kubernetes *OrganizationKubernetesConfigurationResult

	// Describes the configuration of Malware Protection data source for an
	// organization.
	MalwareProtection *OrganizationMalwareProtectionConfigurationResult

	noSmithyDocumentSerde
}

// Information about GuardDuty coverage statistics for members in your Amazon Web
// Services organization.
type OrganizationDetails struct {

	// Information about the GuardDuty coverage statistics for members in your Amazon
	// Web Services organization.
	OrganizationStatistics *OrganizationStatistics

	// The timestamp at which the organization statistics was last updated. This is in
	// UTC format.
	UpdatedAt *time.Time

	noSmithyDocumentSerde
}

// Organization-wide EBS volumes scan configuration.
type OrganizationEbsVolumes struct {

	// Whether scanning EBS volumes should be auto-enabled for new members joining the
	// organization.
	AutoEnable *bool

	noSmithyDocumentSerde
}

// An object that contains information on the status of whether EBS volumes
// scanning will be enabled as a data source for an organization.
type OrganizationEbsVolumesResult struct {

	// An object that contains the status of whether scanning EBS volumes should be
	// auto-enabled for new members joining the organization.
	AutoEnable *bool

	noSmithyDocumentSerde
}

// A list of features which will be configured for the organization.
type OrganizationFeatureConfiguration struct {

	// The additional information that will be configured for the organization.
	AdditionalConfiguration []OrganizationAdditionalConfiguration

	// Describes the status of the feature that is configured for the member accounts
	// within the organization. One of the following values is the status for the
	// entire organization:
	//
	//   - NEW : Indicates that when a new account joins the organization, they will
	//   have the feature enabled automatically.
	//
	//   - ALL : Indicates that all accounts in the organization have the feature
	//   enabled automatically. This includes NEW accounts that join the organization
	//   and accounts that may have been suspended or removed from the organization in
	//   GuardDuty.
	//
	// It may take up to 24 hours to update the configuration for all the member
	//   accounts.
	//
	//   - NONE : Indicates that the feature will not be automatically enabled for any
	//   account in the organization. The administrator must manage the feature for each
	//   account individually.
	AutoEnable OrgFeatureStatus

	// The name of the feature that will be configured for the organization.
	Name OrgFeature

	noSmithyDocumentSerde
}

// A list of features which will be configured for the organization.
type OrganizationFeatureConfigurationResult struct {

	// The additional configuration that is configured for the member accounts within
	// the organization.
	AdditionalConfiguration []OrganizationAdditionalConfigurationResult

	// Describes the status of the feature that is configured for the member accounts
	// within the organization.
	//
	//   - NEW : Indicates that when a new account joins the organization, they will
	//   have the feature enabled automatically.
	//
	//   - ALL : Indicates that all accounts in the organization have the feature
	//   enabled automatically. This includes NEW accounts that join the organization
	//   and accounts that may have been suspended or removed from the organization in
	//   GuardDuty.
	//
	//   - NONE : Indicates that the feature will not be automatically enabled for any
	//   account in the organization. In this case, each account will be managed
	//   individually by the administrator.
	AutoEnable OrgFeatureStatus

	// The name of the feature that is configured for the member accounts within the
	// organization.
	Name OrgFeature

	noSmithyDocumentSerde
}

// Information about the number of accounts that have enabled a specific feature.
type OrganizationFeatureStatistics struct {

	// Name of the additional configuration.
	AdditionalConfiguration []OrganizationFeatureStatisticsAdditionalConfiguration

	// Total number of accounts that have enabled a specific feature.
	EnabledAccountsCount *int32

	// Name of the feature.
	Name OrgFeature

	noSmithyDocumentSerde
}

// Information about the coverage statistic for the additional configuration of
// the feature.
type OrganizationFeatureStatisticsAdditionalConfiguration struct {

	// Total number of accounts that have enabled the additional configuration.
	EnabledAccountsCount *int32

	// Name of the additional configuration within a feature.
	Name OrgFeatureAdditionalConfiguration

	noSmithyDocumentSerde
}

// Organization-wide Kubernetes audit logs configuration.
type OrganizationKubernetesAuditLogsConfiguration struct {

	// A value that contains information on whether Kubernetes audit logs should be
	// enabled automatically as a data source for the organization.
	//
	// This member is required.
	AutoEnable *bool

	noSmithyDocumentSerde
}

// The current configuration of Kubernetes audit logs as a data source for the
// organization.
type OrganizationKubernetesAuditLogsConfigurationResult struct {

	// Whether Kubernetes audit logs data source should be auto-enabled for new
	// members joining the organization.
	//
	// This member is required.
	AutoEnable *bool

	noSmithyDocumentSerde
}

// Organization-wide Kubernetes data sources configurations.
type OrganizationKubernetesConfiguration struct {

	// Whether Kubernetes audit logs data source should be auto-enabled for new
	// members joining the organization.
	//
	// This member is required.
	AuditLogs *OrganizationKubernetesAuditLogsConfiguration

	noSmithyDocumentSerde
}

// The current configuration of all Kubernetes data sources for the organization.
type OrganizationKubernetesConfigurationResult struct {

	// The current configuration of Kubernetes audit logs as a data source for the
	// organization.
	//
	// This member is required.
	AuditLogs *OrganizationKubernetesAuditLogsConfigurationResult

	noSmithyDocumentSerde
}

// Organization-wide Malware Protection configurations.
type OrganizationMalwareProtectionConfiguration struct {

	// Whether Malware Protection for EC2 instances with findings should be
	// auto-enabled for new members joining the organization.
	ScanEc2InstanceWithFindings *OrganizationScanEc2InstanceWithFindings

	noSmithyDocumentSerde
}

// An object that contains information on the status of all Malware Protection
// data source for an organization.
type OrganizationMalwareProtectionConfigurationResult struct {

	// Describes the configuration for scanning EC2 instances with findings for an
	// organization.
	ScanEc2InstanceWithFindings *OrganizationScanEc2InstanceWithFindingsResult

	noSmithyDocumentSerde
}

// Describes whether S3 data event logs will be automatically enabled for new
// members of the organization.
type OrganizationS3LogsConfiguration struct {

	// A value that contains information on whether S3 data event logs will be enabled
	// automatically as a data source for the organization.
	//
	// This member is required.
	AutoEnable *bool

	noSmithyDocumentSerde
}

// The current configuration of S3 data event logs as a data source for the
// organization.
type OrganizationS3LogsConfigurationResult struct {

	// A value that describes whether S3 data event logs are automatically enabled for
	// new members of the organization.
	//
	// This member is required.
	AutoEnable *bool

	noSmithyDocumentSerde
}

// Organization-wide EC2 instances with findings scan configuration.
type OrganizationScanEc2InstanceWithFindings struct {

	// Whether scanning EBS volumes should be auto-enabled for new members joining the
	// organization.
	EbsVolumes *OrganizationEbsVolumes

	noSmithyDocumentSerde
}

// An object that contains information on the status of scanning EC2 instances
// with findings for an organization.
type OrganizationScanEc2InstanceWithFindingsResult struct {

	// Describes the configuration for scanning EBS volumes for an organization.
	EbsVolumes *OrganizationEbsVolumesResult

	noSmithyDocumentSerde
}

// Information about the coverage statistics of the features for the entire Amazon
// Web Services organization.
//
// When you create a new Amazon Web Services organization, it might take up to 24
// hours to generate the statistics summary for this organization.
type OrganizationStatistics struct {

	// Total number of active accounts in your Amazon Web Services organization that
	// are associated with GuardDuty.
	ActiveAccountsCount *int32

	// Retrieves the coverage statistics for each feature.
	CountByFeature []OrganizationFeatureStatistics

	// Total number of accounts that have enabled GuardDuty.
	EnabledAccountsCount *int32

	// Total number of accounts in your Amazon Web Services organization that are
	// associated with GuardDuty.
	MemberAccountsCount *int32

	// Total number of accounts in your Amazon Web Services organization.
	TotalAccountsCount *int32

	noSmithyDocumentSerde
}

// Contains information on the owner of the bucket.
type Owner struct {

	// The canonical user ID of the bucket owner. For information about locating your
	// canonical user ID see [Finding Your Account Canonical User ID.]
	//
	// [Finding Your Account Canonical User ID.]: https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId
	Id *string

	noSmithyDocumentSerde
}

// Contains information about how permissions are configured for the S3 bucket.
type PermissionConfiguration struct {

	// Contains information about the account level permissions on the S3 bucket.
	AccountLevelPermissions *AccountLevelPermissions

	// Contains information about the bucket level permissions for the S3 bucket.
	BucketLevelPermissions *BucketLevelPermissions

	noSmithyDocumentSerde
}

// Contains information about the PORT_PROBE action described in the finding.
type PortProbeAction struct {

	// Indicates whether EC2 blocked the port probe to the instance, such as with an
	// ACL.
	Blocked *bool

	// A list of objects related to port probe details.
	PortProbeDetails []PortProbeDetail

	noSmithyDocumentSerde
}

// Contains information about the port probe details.
type PortProbeDetail struct {

	// The local IP information of the connection.
	LocalIpDetails *LocalIpDetails

	// The local port information of the connection.
	LocalPortDetails *LocalPortDetails

	// The remote IP information of the connection.
	RemoteIpDetails *RemoteIpDetails

	noSmithyDocumentSerde
}

// Contains other private IP address information of the EC2 instance.
type PrivateIpAddressDetails struct {

	// The private DNS name of the EC2 instance.
	PrivateDnsName *string

	// The private IP address of the EC2 instance.
	PrivateIpAddress *string

	noSmithyDocumentSerde
}

// Information about the observed process.
type ProcessDetails struct {

	// The effective user ID of the user that executed the process.
	Euid *int32

	// The absolute path of the process executable file.
	ExecutablePath *string

	// The SHA256 hash of the process executable.
	ExecutableSha256 *string

	// Information about the process's lineage.
	Lineage []LineageObject

	// The name of the process.
	Name *string

	// The ID of the child process.
	NamespacePid *int32

	// The unique ID of the parent process. This ID is assigned to the parent process
	// by GuardDuty.
	ParentUuid *string

	// The ID of the process.
	Pid *int32

	// The present working directory of the process.
	Pwd *string

	// The time when the process started. This is in UTC format.
	StartTime *time.Time

	// The user that executed the process.
	User *string

	// The unique ID of the user that executed the process.
	UserId *int32

	// The unique ID assigned to the process by GuardDuty.
	Uuid *string

	noSmithyDocumentSerde
}

// Contains information about the product code for the EC2 instance.
type ProductCode struct {

	// The product code information.
	Code *string

	// The product code type.
	ProductType *string

	noSmithyDocumentSerde
}

// Describes the public access policies that apply to the S3 bucket.
type PublicAccess struct {

	// Describes the effective permission on this bucket after factoring all attached
	// policies.
	EffectivePermission *string

	// Contains information about how permissions are configured for the S3 bucket.
	PermissionConfiguration *PermissionConfiguration

	noSmithyDocumentSerde
}

// Contains information about the resource type RDSDBInstance involved in a
// GuardDuty finding.
type RdsDbInstanceDetails struct {

	// The identifier of the database cluster that contains the database instance ID
	// involved in the finding.
	DbClusterIdentifier *string

	// The Amazon Resource Name (ARN) that identifies the database instance involved
	// in the finding.
	DbInstanceArn *string

	// The identifier associated to the database instance that was involved in the
	// finding.
	DbInstanceIdentifier *string

	// The database engine of the database instance involved in the finding.
	Engine *string

	// The version of the database engine that was involved in the finding.
	EngineVersion *string

	// Instance tag key-value pairs associated with the database instance ID.
	Tags []Tag

	noSmithyDocumentSerde
}

// Contains information about the user and authentication details for a database
// instance involved in the finding.
type RdsDbUserDetails struct {

	// The application name used in the anomalous login attempt.
	Application *string

	// The authentication method used by the user involved in the finding.
	AuthMethod *string

	// The name of the database instance involved in the anomalous login attempt.
	Database *string

	// The version of the Secure Socket Layer (SSL) used for the network.
	Ssl *string

	// The user name used in the anomalous login attempt.
	User *string

	noSmithyDocumentSerde
}

// Indicates that a login attempt was made to the potentially compromised database
// from a remote IP address.
type RdsLoginAttemptAction struct {

	// Indicates the login attributes used in the login attempt.
	LoginAttributes []LoginAttribute

	// Contains information about the remote IP address of the connection.
	RemoteIpDetails *RemoteIpDetails

	noSmithyDocumentSerde
}

// Contains details about the remote Amazon Web Services account that made the API
// call.
type RemoteAccountDetails struct {

	// The Amazon Web Services account ID of the remote API caller.
	AccountId *string

	// Details on whether the Amazon Web Services account of the remote API caller is
	// related to your GuardDuty environment. If this value is True the API caller is
	// affiliated to your account in some way. If it is False the API caller is from
	// outside your environment.
	Affiliated *bool

	noSmithyDocumentSerde
}

// Contains information about the remote IP address of the connection.
type RemoteIpDetails struct {

	// The city information of the remote IP address.
	City *City

	// The country code of the remote IP address.
	Country *Country

	// The location information of the remote IP address.
	GeoLocation *GeoLocation

	// The IPv4 remote address of the connection.
	IpAddressV4 *string

	// The IPv6 remote address of the connection.
	IpAddressV6 *string

	// The ISP organization information of the remote IP address.
	Organization *Organization

	noSmithyDocumentSerde
}

// Contains information about the remote port.
type RemotePortDetails struct {

	// The port number of the remote connection.
	Port *int32

	// The port name of the remote connection.
	PortName *string

	noSmithyDocumentSerde
}

// Contains information about the Amazon Web Services resource associated with the
// activity that prompted GuardDuty to generate a finding.
type Resource struct {

	// The IAM access key details (user information) of a user that engaged in the
	// activity that prompted GuardDuty to generate a finding.
	AccessKeyDetails *AccessKeyDetails

	// Details of a container.
	ContainerDetails *Container

	// Contains list of scanned and skipped EBS volumes with details.
	EbsVolumeDetails *EbsVolumeDetails

	// Contains information about the details of the ECS Cluster.
	EcsClusterDetails *EcsClusterDetails

	// Details about the EKS cluster involved in a Kubernetes finding.
	EksClusterDetails *EksClusterDetails

	// The information about the EC2 instance associated with the activity that
	// prompted GuardDuty to generate a finding.
	InstanceDetails *InstanceDetails

	// Details about the Kubernetes user and workload involved in a Kubernetes finding.
	KubernetesDetails *KubernetesDetails

	// Contains information about the Lambda function that was involved in a finding.
	LambdaDetails *LambdaDetails

	// Contains information about the database instance to which an anomalous login
	// attempt was made.
	RdsDbInstanceDetails *RdsDbInstanceDetails

	// Contains information about the user details through which anomalous login
	// attempt was made.
	RdsDbUserDetails *RdsDbUserDetails

	// The type of Amazon Web Services resource.
	ResourceType *string

	// Contains information on the S3 bucket.
	S3BucketDetails []S3BucketDetail

	noSmithyDocumentSerde
}

// Represents the resources that were scanned in the scan entry.
type ResourceDetails struct {

	// Instance ARN that was scanned in the scan entry.
	InstanceArn *string

	noSmithyDocumentSerde
}

// Additional information about the suspicious activity.
type RuntimeContext struct {

	// Represents the communication protocol associated with the address. For example,
	// the address family AF_INET is used for IP version of 4 protocol.
	AddressFamily *string

	// Example of the command line involved in the suspicious activity.
	CommandLineExample *string

	// Represents the type of mounted fileSystem.
	FileSystemType *string

	// Represents options that control the behavior of a runtime operation or action.
	// For example, a filesystem mount operation may contain a read-only flag.
	Flags []string

	// Specifies a particular protocol within the address family. Usually there is a
	// single protocol in address families. For example, the address family AF_INET
	// only has the IP protocol.
	IanaProtocolNumber *int32

	// The value of the LD_PRELOAD environment variable.
	LdPreloadValue *string

	// The path to the new library that was loaded.
	LibraryPath *string

	// Specifies the Region of a process's address space such as stack and heap.
	MemoryRegions []string

	// The timestamp at which the process modified the current process. The timestamp
	// is in UTC date string format.
	ModifiedAt *time.Time

	// Information about the process that modified the current process. This is
	// available for multiple finding types.
	ModifyingProcess *ProcessDetails

	// The path to the module loaded into the kernel.
	ModuleFilePath *string

	// The name of the module loaded into the kernel.
	ModuleName *string

	// The SHA256 hash of the module.
	ModuleSha256 *string

	// The path on the host that is mounted by the container.
	MountSource *string

	// The path in the container that is mapped to the host directory.
	MountTarget *string

	// The path in the container that modified the release agent file.
	ReleaseAgentPath *string

	// The path to the leveraged runc implementation.
	RuncBinaryPath *string

	// The path to the script that was executed.
	ScriptPath *string

	// Name of the security service that has been potentially disabled.
	ServiceName *string

	// The path to the modified shell history file.
	ShellHistoryFilePath *string

	// The path to the docket socket that was accessed.
	SocketPath *string

	// Information about the process that had its memory overwritten by the current
	// process.
	TargetProcess *ProcessDetails

	// The suspicious file path for which the threat intelligence details were found.
	ThreatFilePath *string

	// Category that the tool belongs to. Some of the examples are Backdoor Tool,
	// Pentest Tool, Network Scanner, and Network Sniffer.
	ToolCategory *string

	// Name of the potentially suspicious tool.
	ToolName *string

	noSmithyDocumentSerde
}

// Information about the process and any required context values for a specific
// finding.
type RuntimeDetails struct {

	// Additional information about the suspicious activity.
	Context *RuntimeContext

	// Information about the observed process.
	Process *ProcessDetails

	noSmithyDocumentSerde
}

// Contains information on the S3 bucket.
type S3BucketDetail struct {

	// The Amazon Resource Name (ARN) of the S3 bucket.
	Arn *string

	// The date and time the bucket was created at.
	CreatedAt *time.Time

	// Describes the server side encryption method used in the S3 bucket.
	DefaultServerSideEncryption *DefaultServerSideEncryption

	// The name of the S3 bucket.
	Name *string

	// The owner of the S3 bucket.
	Owner *Owner

	// Describes the public access policies that apply to the S3 bucket.
	PublicAccess *PublicAccess

	// Information about the S3 object that was scanned.
	S3ObjectDetails []S3ObjectDetail

	// All tags attached to the S3 bucket
	Tags []Tag

	// Describes whether the bucket is a source or destination bucket.
	Type *string

	noSmithyDocumentSerde
}

// Describes whether S3 data event logs will be enabled as a data source.
type S3LogsConfiguration struct {

	//  The status of S3 data event logs as a data source.
	//
	// This member is required.
	Enable *bool

	noSmithyDocumentSerde
}

// Describes whether S3 data event logs will be enabled as a data source.
type S3LogsConfigurationResult struct {

	// A value that describes whether S3 data event logs are automatically enabled for
	// new members of the organization.
	//
	// This member is required.
	Status DataSourceStatus

	noSmithyDocumentSerde
}

// Information about the S3 object that was scanned
type S3ObjectDetail struct {

	// The entity tag is a hash of the S3 object. The ETag reflects changes only to
	// the contents of an object, and not its metadata.
	ETag *string

	// Hash of the threat detected in this finding.
	Hash *string

	// Key of the S3 object.
	Key *string

	// Amazon Resource Name (ARN) of the S3 object.
	ObjectArn *string

	// Version ID of the object.
	VersionId *string

	noSmithyDocumentSerde
}

// Contains information about a malware scan.
type Scan struct {

	// The ID for the account that belongs to the scan.
	AccountId *string

	// The unique detector ID of the administrator account that the request is
	// associated with. Note that this value will be the same as the one used for
	// DetectorId if the account is an administrator.
	AdminDetectorId *string

	// List of volumes that were attached to the original instance to be scanned.
	AttachedVolumes []VolumeDetail

	// The unique ID of the detector that the request is associated with.
	DetectorId *string

	// Represents the reason for FAILED scan status.
	FailureReason *string

	// Represents the number of files that were scanned.
	FileCount *int64

	// Represents the resources that were scanned in the scan entry.
	ResourceDetails *ResourceDetails

	// The timestamp of when the scan was finished.
	ScanEndTime *time.Time

	// The unique scan ID associated with a scan entry.
	ScanId *string

	// Represents the result of the scan.
	ScanResultDetails *ScanResultDetails

	// The timestamp of when the scan was triggered.
	ScanStartTime *time.Time

	// An enum value representing possible scan statuses.
	ScanStatus ScanStatus

	// Specifies the scan type that invoked the malware scan.
	ScanType ScanType

	// Represents total bytes that were scanned.
	TotalBytes *int64

	// Specifies the reason why the scan was initiated.
	TriggerDetails *TriggerDetails

	noSmithyDocumentSerde
}

// Contains information about the condition.
type ScanCondition struct {

	// Represents an mapEqual condition to be applied to a single field when
	// triggering for malware scan.
	//
	// This member is required.
	MapEquals []ScanConditionPair

	noSmithyDocumentSerde
}

// Represents the key:value pair to be matched against given resource property.
type ScanConditionPair struct {

	// Represents the key in the map condition.
	//
	// This member is required.
	Key *string

	// Represents optional value in the map condition. If not specified, only the key
	// will be matched.
	Value *string

	noSmithyDocumentSerde
}

// Contains a complete view providing malware scan result details.
type ScanDetections struct {

	// Details of the highest severity threat detected during malware scan and number
	// of infected files.
	HighestSeverityThreatDetails *HighestSeverityThreatDetails

	// Total number of scanned files.
	ScannedItemCount *ScannedItemCount

	// Contains details about identified threats organized by threat name.
	ThreatDetectedByName *ThreatDetectedByName

	// Total number of infected files.
	ThreatsDetectedItemCount *ThreatsDetectedItemCount

	noSmithyDocumentSerde
}

// Describes whether Malware Protection for EC2 instances with findings will be
// enabled as a data source.
type ScanEc2InstanceWithFindings struct {

	// Describes the configuration for scanning EBS volumes as data source.
	EbsVolumes *bool

	noSmithyDocumentSerde
}

// An object that contains information on the status of whether Malware Protection
// for EC2 instances with findings will be enabled as a data source.
type ScanEc2InstanceWithFindingsResult struct {

	// Describes the configuration of scanning EBS volumes as a data source.
	EbsVolumes *EbsVolumesResult

	noSmithyDocumentSerde
}

// Contains details of infected file including name, file path and hash.
type ScanFilePath struct {

	// File name of the infected file.
	FileName *string

	// The file path of the infected file.
	FilePath *string

	// The hash value of the infected file.
	Hash *string

	// EBS volume ARN details of the infected file.
	VolumeArn *string

	noSmithyDocumentSerde
}

// Total number of scanned files.
type ScannedItemCount struct {

	// Number of files scanned.
	Files *int32

	// Total GB of files scanned for malware.
	TotalGb *int32

	// Total number of scanned volumes.
	Volumes *int32

	noSmithyDocumentSerde
}

// Contains information about criteria used to filter resources before triggering
// malware scan.
type ScanResourceCriteria struct {

	// Represents condition that when matched will prevent a malware scan for a
	// certain resource.
	Exclude map[string]ScanCondition

	// Represents condition that when matched will allow a malware scan for a certain
	// resource.
	Include map[string]ScanCondition

	noSmithyDocumentSerde
}

// Represents the result of the scan.
type ScanResultDetails struct {

	// An enum value representing possible scan results.
	ScanResult ScanResult

	noSmithyDocumentSerde
}

// Contains files infected with the given threat providing details of malware name
// and severity.
type ScanThreatName struct {

	// List of infected files in EBS volume with details.
	FilePaths []ScanFilePath

	// Total number of files infected with given threat.
	ItemCount *int32

	// The name of the identified threat.
	Name *string

	// Severity of threat identified as part of the malware scan.
	Severity *string

	noSmithyDocumentSerde
}

// Container security context.
type SecurityContext struct {

	// Whether or not a container or a Kubernetes pod is allowed to gain more
	// privileges than its parent process.
	AllowPrivilegeEscalation *bool

	// Whether the container is privileged.
	Privileged *bool

	noSmithyDocumentSerde
}

// Contains information about the security groups associated with the EC2 instance.
type SecurityGroup struct {

	// The security group ID of the EC2 instance.
	GroupId *string

	// The security group name of the EC2 instance.
	GroupName *string

	noSmithyDocumentSerde
}

// Contains additional information about the generated finding.
type Service struct {

	// Information about the activity that is described in a finding.
	Action *Action

	// Contains additional information about the generated finding.
	AdditionalInfo *ServiceAdditionalInfo

	// Indicates whether this finding is archived.
	Archived *bool

	// The total count of the occurrences of this finding type.
	Count *int32

	// Contains information about the detected unusual behavior.
	Detection *Detection

	// The detector ID for the GuardDuty service.
	DetectorId *string

	// Returns details from the malware scan that created a finding.
	EbsVolumeScanDetails *EbsVolumeScanDetails

	// The first-seen timestamp of the activity that prompted GuardDuty to generate
	// this finding.
	EventFirstSeen *string

	// The last-seen timestamp of the activity that prompted GuardDuty to generate
	// this finding.
	EventLastSeen *string

	// An evidence object associated with the service.
	Evidence *Evidence

	// The name of the feature that generated a finding.
	FeatureName *string

	// Returns details from the malware scan that generated a GuardDuty finding.
	MalwareScanDetails *MalwareScanDetails

	// The resource role information for this finding.
	ResourceRole *string

	// Information about the process and any required context values for a specific
	// finding
	RuntimeDetails *RuntimeDetails

	// The name of the Amazon Web Services service (GuardDuty) that generated a
	// finding.
	ServiceName *string

	// Feedback that was submitted about the finding.
	UserFeedback *string

	noSmithyDocumentSerde
}

// Additional information about the generated finding.
type ServiceAdditionalInfo struct {

	// Describes the type of the additional information.
	Type *string

	// This field specifies the value of the additional information.
	Value *string

	noSmithyDocumentSerde
}

// Contains information about the criteria used for sorting findings.
type SortCriteria struct {

	// Represents the finding attribute, such as accountId , that sorts the findings.
	AttributeName *string

	// The order by which the sorted findings are to be displayed.
	OrderBy OrderBy

	noSmithyDocumentSerde
}

// Contains information about a tag associated with the EC2 instance.
type Tag struct {

	// The EC2 instance tag key.
	Key *string

	// The EC2 instance tag value.
	Value *string

	noSmithyDocumentSerde
}

// Information about the detected threats associated with the generated finding.
type Threat struct {

	// Information about the nested item path and hash of the protected resource.
	ItemPaths []ItemPath

	// Name of the detected threat that caused GuardDuty to generate this finding.
	Name *string

	// Source of the threat that generated this finding.
	Source *string

	noSmithyDocumentSerde
}

// Contains details about identified threats organized by threat name.
type ThreatDetectedByName struct {

	// Total number of infected files identified.
	ItemCount *int32

	// Flag to determine if the finding contains every single infected file-path
	// and/or every threat.
	Shortened *bool

	// List of identified threats with details, organized by threat name.
	ThreatNames []ScanThreatName

	// Total number of unique threats by name identified, as part of the malware scan.
	UniqueThreatNameCount *int32

	noSmithyDocumentSerde
}

// An instance of a threat intelligence detail that constitutes evidence for the
// finding.
type ThreatIntelligenceDetail struct {

	// SHA256 of the file that generated the finding.
	ThreatFileSha256 *string

	// The name of the threat intelligence list that triggered the finding.
	ThreatListName *string

	// A list of names of the threats in the threat intelligence list that triggered
	// the finding.
	ThreatNames []string

	noSmithyDocumentSerde
}

// Contains total number of infected files.
type ThreatsDetectedItemCount struct {

	// Total number of infected files.
	Files *int32

	noSmithyDocumentSerde
}

// Contains the total usage with the corresponding currency unit for that value.
type Total struct {

	// The total usage.
	Amount *string

	// The currency unit that the amount is given in.
	Unit *string

	noSmithyDocumentSerde
}

// Represents the reason the scan was triggered.
type TriggerDetails struct {

	// The description of the scan trigger.
	Description *string

	// The ID of the GuardDuty finding that triggered the malware scan.
	GuardDutyFindingId *string

	noSmithyDocumentSerde
}

// Contains information about the accounts that weren't processed.
type UnprocessedAccount struct {

	// The Amazon Web Services account ID.
	//
	// This member is required.
	AccountId *string

	// A reason why the account hasn't been processed.
	//
	// This member is required.
	Result *string

	noSmithyDocumentSerde
}

// Specifies the names of the data sources that couldn't be enabled.
type UnprocessedDataSourcesResult struct {

	// An object that contains information on the status of all Malware Protection
	// data sources.
	MalwareProtection *MalwareProtectionConfigurationResult

	noSmithyDocumentSerde
}

// Information about the protected resource that is associated with the created
// Malware Protection plan. Presently, S3Bucket is the only supported protected
// resource.
type UpdateProtectedResource struct {

	// Information about the protected S3 bucket resource.
	S3Bucket *UpdateS3BucketResource

	noSmithyDocumentSerde
}

// Information about the protected S3 bucket resource.
type UpdateS3BucketResource struct {

	// Information about the specified object prefixes. The S3 object will be scanned
	// only if it belongs to any of the specified object prefixes.
	ObjectPrefixes []string

	noSmithyDocumentSerde
}

// Contains information on the total of usage based on account IDs.
type UsageAccountResult struct {

	// The Account ID that generated usage.
	AccountId *string

	// Represents the total of usage for the Account ID.
	Total *Total

	noSmithyDocumentSerde
}

// Contains information about the criteria used to query usage statistics.
type UsageCriteria struct {

	// The account IDs to aggregate usage statistics from.
	AccountIds []string

	// The data sources to aggregate usage statistics from.
	//
	// Deprecated: This parameter is deprecated, use Features instead
	DataSources []DataSource

	// The features to aggregate usage statistics from.
	Features []UsageFeature

	// The resources to aggregate usage statistics from. Only accepts exact resource
	// names.
	Resources []string

	noSmithyDocumentSerde
}

// Contains information on the result of usage based on data source type.
type UsageDataSourceResult struct {

	// The data source type that generated usage.
	DataSource DataSource

	// Represents the total of usage for the specified data source.
	Total *Total

	noSmithyDocumentSerde
}

// Contains information about the result of the total usage based on the feature.
type UsageFeatureResult struct {

	// The feature that generated the usage cost.
	Feature UsageFeature

	// Contains the total usage with the corresponding currency unit for that value.
	Total *Total

	noSmithyDocumentSerde
}

// Contains information on the sum of usage based on an Amazon Web Services
// resource.
type UsageResourceResult struct {

	// The Amazon Web Services resource that generated usage.
	Resource *string

	// Represents the sum total of usage for the specified resource type.
	Total *Total

	noSmithyDocumentSerde
}

// Contains the result of GuardDuty usage. If a UsageStatisticType is provided the
// result for other types will be null.
type UsageStatistics struct {

	// The usage statistic sum organized by account ID.
	SumByAccount []UsageAccountResult

	// The usage statistic sum organized by on data source.
	SumByDataSource []UsageDataSourceResult

	// The usage statistic sum organized by feature.
	SumByFeature []UsageFeatureResult

	// The usage statistic sum organized by resource.
	SumByResource []UsageResourceResult

	// Lists the top 50 accounts by feature that have generated the most GuardDuty
	// usage, in the order from most to least expensive.
	//
	// Currently, this doesn't support RDS_LOGIN_EVENTS .
	TopAccountsByFeature []UsageTopAccountsResult

	// Lists the top 50 resources that have generated the most GuardDuty usage, in
	// order from most to least expensive.
	TopResources []UsageResourceResult

	noSmithyDocumentSerde
}

// Contains information on the total of usage based on the topmost 50 account IDs.
type UsageTopAccountResult struct {

	// The unique account ID.
	AccountId *string

	// Contains the total usage with the corresponding currency unit for that value.
	Total *Total

	noSmithyDocumentSerde
}

// Information about the usage statistics, calculated by top accounts by feature.
type UsageTopAccountsResult struct {

	// The accounts that contributed to the total usage cost.
	Accounts []UsageTopAccountResult

	// Features by which you can generate the usage statistics.
	//
	// RDS_LOGIN_EVENTS is currently not supported with topAccountsByFeature .
	Feature UsageFeature

	noSmithyDocumentSerde
}

// Volume used by the Kubernetes workload.
type Volume struct {

	// Represents a pre-existing file or directory on the host machine that the volume
	// maps to.
	HostPath *HostPath

	// Volume name.
	Name *string

	noSmithyDocumentSerde
}

// Contains EBS volume details.
type VolumeDetail struct {

	// The device name for the EBS volume.
	DeviceName *string

	// EBS volume encryption type.
	EncryptionType *string

	// KMS key ARN used to encrypt the EBS volume.
	KmsKeyArn *string

	// Snapshot ARN of the EBS volume.
	SnapshotArn *string

	// EBS volume ARN information.
	VolumeArn *string

	// EBS volume size in GB.
	VolumeSizeInGB *int32

	// The EBS volume type.
	VolumeType *string

	noSmithyDocumentSerde
}

// Container volume mount.
type VolumeMount struct {

	// Volume mount path.
	MountPath *string

	// Volume mount name.
	Name *string

	noSmithyDocumentSerde
}

// Amazon Virtual Private Cloud configuration details associated with your Lambda
// function.
type VpcConfig struct {

	// The identifier of the security group attached to the Lambda function.
	SecurityGroups []SecurityGroup

	// The identifiers of the subnets that are associated with your Lambda function.
	SubnetIds []string

	// The identifier of the Amazon Virtual Private Cloud.
	VpcId *string

	noSmithyDocumentSerde
}

type noSmithyDocumentSerde = smithydocument.NoSerde