L1 ConstructAWS::GuardDuty::ThreatEntitySet

CfnThreatEntitySet

The `AWS::GuardDuty::ThreatEntitySet` resource helps you create a list of known malicious IP addresses and domain names in your AWS environment. Once you activate this list, GuardDuty will use the entries in this list as an additional source of threat detection and generate findings when there is an activity associated with these known malicious IP addresses and domain names. GuardDuty continues to monitor independently of this custom threat entity set. Only the users of the GuardDuty administrator account can manage this list. These settings automatically apply to the member accounts.

Import

import { CfnThreatEntitySet } from 'aws-cdk-lib/aws-guardduty';

Or use the module namespace:

import * as guardduty from 'aws-cdk-lib/aws-guardduty';
// guardduty.CfnThreatEntitySet

Properties

Configuration passed to the constructor as CfnThreatEntitySetProps.

formatRequired

string

The format of the file that contains the threat entity set. For information about supported formats, see [List formats](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_upload-lists.html#prepare_list) in the *Amazon GuardDuty User Guide* .

locationRequired

string

The URI of the file that contains the threat entity set.

activateOptional

boolean | IResolvable

A boolean value that determines if GuardDuty can start using this list for custom threat detection. For GuardDuty to consider the entries in this list and generate findings based on associated activity, this list must be active.

detectorIdOptional

string

The unique regional detector ID of the GuardDuty account for which you want to create a threat entity set. To find the `detectorId` in the current Region, see the Settings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.

expectedBucketOwnerOptional

string

The AWS account ID that owns the Amazon S3 bucket specified in the *Location* field. Whether or not you provide the account ID for this optional field, GuardDuty validates that the account ID associated with the `DetectorId` owns the S3 bucket in the `Location` field. If GuardDuty finds that this S3 bucket doesn't belong to the specified account ID, you will get an error at the time of activating this list.

nameOptional

string

The user-friendly name to identify the threat entity set. Valid characters are alphanumeric, whitespace, dash (-), and underscores (_).

tagsOptional

TagItemProperty[]

The tags to be added to a new threat entity set resource. Each tag consists of a key and an optional value, both of which you define. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::GuardDuty::ThreatEntitySetView in CloudFormation Explorer

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL1 (CloudFormation)

Moduleaws-guardduty

CFN TypeAWS::GuardDuty::ThreatEntitySet

Properties7

Related Constructs

Explore This Service

External Links

CDK API Documentation