CreateDetector - Amazon GuardDuty
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

CreateDetector

Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.

Request Syntax

POST /detector HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "dataSources": { 
      "kubernetes": { 
         "auditLogs": { 
            "enable": boolean
         }
      },
      "s3Logs": { 
         "enable": boolean
      }
   },
   "enable": boolean,
   "findingPublishingFrequency": "string",
   "tags": { 
      "string" : "string" 
   }
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientToken

The idempotency token for the create request.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 64.

Required: No

dataSources

Describes which data sources will be enabled for the detector.

Type: DataSourceConfigurations object

Required: No

enable

A Boolean value that specifies whether the detector is to be enabled.

Type: Boolean

Required: Yes

findingPublishingFrequency

A value that specifies how frequently updated findings are exported.

Type: String

Valid Values: FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS

Required: No

tags

The tags to be added to a new detector resource.

Type: String to string map

Map Entries: Maximum number of 200 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Maximum length of 256.

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "detectorId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

detectorId

The unique ID of the created detector.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Errors

For information about the errors that are common to all actions, see Common Errors.

BadRequestException

A bad request exception object.

HTTP Status Code: 400

InternalServerErrorException

An internal server error exception object.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: