CreateDetector
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
Request Syntax
POST /detector HTTP/1.1
Content-type: application/json
{
"clientToken": "string
",
"dataSources": {
"kubernetes": {
"auditLogs": {
"enable": boolean
}
},
"s3Logs": {
"enable": boolean
}
},
"enable": boolean
,
"findingPublishingFrequency": "string
",
"tags": {
"string
" : "string
"
}
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- clientToken
-
The idempotency token for the create request.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 64.
Required: No
- dataSources
-
Describes which data sources will be enabled for the detector.
Type: DataSourceConfigurations object
Required: No
- enable
-
A Boolean value that specifies whether the detector is to be enabled.
Type: Boolean
Required: Yes
- findingPublishingFrequency
-
A value that specifies how frequently updated findings are exported.
Type: String
Valid Values:
FIFTEEN_MINUTES | ONE_HOUR | SIX_HOURS
Required: No
- tags
-
The tags to be added to a new detector resource.
Type: String to string map
Map Entries: Maximum number of 200 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Key Pattern:
^(?!aws:)[a-zA-Z+-=._:/]+$
Value Length Constraints: Maximum length of 256.
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"detectorId": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- detectorId
-
The unique ID of the created detector.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 300.
Errors
For information about the errors that are common to all actions, see Common Errors.
- BadRequestException
-
A bad request exception object.
HTTP Status Code: 400
- InternalServerErrorException
-
An internal server error exception object.
HTTP Status Code: 500
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: