GuardDuty / Client / create_threat_intel_set

create_threat_intel_set

GuardDuty.Client.create_threat_intel_set(**kwargs)

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

See also: AWS API Documentation

Request Syntax

response = client.create_threat_intel_set(
    DetectorId='string',
    Name='string',
    Format='TXT'|'STIX'|'OTX_CSV'|'ALIEN_VAULT'|'PROOF_POINT'|'FIRE_EYE',
    Location='string',
    Activate=True|False,
    ClientToken='string',
    Tags={
        'string': 'string'
    }
)

Parameters:

• DetectorId (string) –

  [REQUIRED]

  The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.

• Name (string) –

  [REQUIRED]

  A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

• Format (string) –

  [REQUIRED]

  The format of the file that contains the ThreatIntelSet.

• Location (string) –

  [REQUIRED]

  The URI of the file that contains the ThreatIntelSet.

• Activate (boolean) –

  [REQUIRED]

  A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

• ClientToken (string) –

  The idempotency token for the create request.

  This field is autopopulated if not provided.

• Tags (dict) –

  The tags to be added to a new threat list resource.

  • (string) –

    • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'ThreatIntelSetId': 'string'
}

Response Structure

• (dict) –

  • ThreatIntelSetId (string) –

    The ID of the ThreatIntelSet resource.

Exceptions

• GuardDuty.Client.exceptions.BadRequestException

• GuardDuty.Client.exceptions.InternalServerErrorException