GuardDuty Create Detector

Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per region. All data sources are enabled in a new detector by default.

External Documentation

To learn more, visit the AWS documentation.

Basic Parameters

Parameter	Description
AWS Region	Enter the desired AWS Region(s). To execute the action in multiple regions, provide a comma-separated list. For example: `us-east-1,eu-west-2`. If you wish to run the action in all available regions, use the asterisk symbol (`*`) instead.
Enable Detector	Specifies whether the detector is enabled.

Advanced Parameters

Parameter	Description
Client Token	The idempotency token for the create request. It is a unique, case-sensitive string of up to 64 ASCII characters. Idempotency token ensures that an API request completes no more than one time.
Detector Tags	The tags to be added to a new detector resource.
Disable XML To JSON Auto Convert	When checked, XML responses are not automatically converted into JSON format.
Finding Publishing Frequency	Specifies how frequently updated findings are exported to S3.

Example Output

{
    "detectorId": "example",
    "unprocessedDataSources": {
        "malwareProtection": {
            "scanEc2InstanceWithFindings": {
                "ebsVolumes": {
                    "reason": "example",
                    "status": "example"
                }
            },
            "serviceRole": "example"
        }
    }
}

Automation Library Example

Guardduty Create Detector with Aws and Send Results Via Email

Preview this Automation on desktop

GuardDuty Create Detector

Basic Parameters​

Advanced Parameters​

Example Output​

Automation Library Example​

Basic Parameters

Advanced Parameters

Example Output

Automation Library Example