De-activating entity list or IP address list
When you no longer want GuardDuty to use a list, you can deactivate it. It might take a few minutes for the process to complete. For more information, see Important considerations for GuardDuty lists. After the list gets deactivated, the entries in the entity list or IP address list will not impact threat detection in GuardDuty.
Choose one of the access methods to deactivate the list.
- Console
-
To deactivate entity list or IP address list
Open the GuardDuty console at https://console.amazonaws.cn/guardduty/
. -
In the navigation pane, choose Lists.
-
On the List page, select the tab in which you want to deactivate the list - Entity lists or IP address list.
-
In the selected tab, select the list that you want to deactivate.
-
Choose Actions, and then choose Deactivate.
-
Confirm the action and choose Deactivate.
- API/CLI
-
To begin with the following procedures, you need the ID, such as
trustedEntitySetId,threatEntitySetId,trustedIpSet, orthreatIpSet, that is associated with the list resource you want to deactivate.To deactivate a trusted entity list
-
Run UpdateTrustedEntitySet. Make sure to provide the
detectorIdof the member account for which you want to deactivate this trusted entity list. To find thedetectorIdfor your account and current Region, see the Settings page in the https://console.amazonaws.cn/guardduty/console, or run the ListDetectors API. -
Alternatively, you can do this by running the following Amazon Command Line Interface command:
aws guardduty update-trusted-entity-set \ --detector-id12abc34d567e8fa901bc2d34e56789f0\ --trusted-entity-set-idd4b94fc952d6912b8f3060768example\ --no-activateReplace
detector-idwith the detector ID of the member account for which you will deactivate the trusted entity list, and other placeholder values that areshown in red.
To deactivate threat entity lists
-
Run UpdateThreatEntitySet. Make sure to provide the
detectorIdof the member account for which you want to deactivate this threat entity list. To find thedetectorIdfor your account and current Region, see the Settings page in the https://console.amazonaws.cn/guardduty/console, or run the ListDetectors API. -
Alternatively, you can do this by running the following Amazon Command Line Interface command:
aws guardduty update-threat-entity-set \ --detector-id12abc34d567e8fa901bc2d34e56789f0\ --threat-entity-set-idd4b94fc952d6912b8f3060768example\ --no-activateReplace
detector-idwith the detector ID of the member account for which you will create the threat entity list, and other placeholder values that areshown in red.
To deactivate a trusted IP address list
-
Run UpdateIPSet. Make sure to provide the
detectorIdof the member account for which you want to deactivate this trusted IP address list. To find thedetectorIdfor your account and current Region, see the Settings page in the https://console.amazonaws.cn/guardduty/console, or run the ListDetectors API. -
Alternatively, you can do this by running the following Amazon Command Line Interface command and make sure to replace the
detector-idwith the detector ID of the member account for which you will deactivate the trusted IP address list.aws guardduty update-ip-set \ --detector-id12abc34d567e8fa901bc2d34e56789f0\ --ip-set-idd4b94fc952d6912b8f3060768example\ --no-activate
To deactivate threat IP list
-
Run UpdateThreatIntelSet. Make sure to provide the
detectorIdof the member account for which you want to deactivate this threat IP address list. To find thedetectorIdfor your account and current Region, see the Settings page in the https://console.amazonaws.cn/guardduty/console, or run the ListDetectors API. -
Alternatively, you can do this by running the following Amazon Command Line Interface command and make sure to replace the
detector-idwith the detector ID of the member account for which you will deactivate the threat IP list.aws guardduty update-threat-intel-set \ --detector-id12abc34d567e8fa901bc2d34e56789f0\ --threat-intel-set-idd4b94fc952d6912b8f3060768example\ --no-activate
-