Amazon GuardDuty

Amazon GuardDuty API

The Amazon GuardDuty API provides programmatic access to manage detectors, findings, filters, trusted IP sets, and threat intelligence for continuous threat detection across AWS accounts and workloads.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.aws.amazon.com/guardduty/latest/APIReference/Welcome.html
📖
GettingStarted
https://aws.amazon.com/guardduty/getting-started/
📖
APIReference
https://docs.aws.amazon.com/guardduty/latest/APIReference/Welcome.html
📖
Authentication
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/amazon-guardduty/refs/heads/main/openapi/amazon-guardduty-openapi.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/amazon-guardduty/refs/heads/main/json-schema/guardduty-finding-schema.json

Other Resources

🔗
Pricing
https://aws.amazon.com/guardduty/pricing/
🔗
FAQ
https://aws.amazon.com/guardduty/faqs/
🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/amazon-guardduty/refs/heads/main/json-ld/amazon-guardduty-context.jsonld

OpenAPI Specification

amazon-guardduty-openapi.yml Raw ↑ 
openapi: 3.0.0
info:
  version: '2017-11-28'
  x-release: v4
  title: Amazon GuardDuty
  description: '<p>Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC flow logs, Amazon Web Services CloudTrail management event logs,
    CloudTrail S3 data event logs, EKS audit logs, DNS logs, and Amazon EBS volume data. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected,
    potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with
    malicious IPs, domains, or presence of malware on your Amazon EC2 instances and container workloads. For example, GuardDuty can detect compromised EC2 instances and container workloads serving malware,
    or mining bitcoin. </p> <p>GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise, such as unauthorized infrastructure deployments like EC2 instances deployed in
    a Region that has never been used, or unusual API calls like a password policy change to reduce password strength. </p> <p>GuardDuty informs you about the status of your Amazon Web Services environment
    by producing security findings that you can view in the GuardDuty console or through Amazon EventBridge. For more information, see the <i> <a href="https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html">Amazon
    GuardDuty User Guide</a> </i>. </p>'
  x-logo:
    url: https://api.apis.guru/v2/cache/logo/https_twitter.com_awscloud_profile_image.png
    backgroundColor: '#FFFFFF'
  termsOfService: https://aws.amazon.com/service-terms/
  contact:
    name: Mike Ralphson
    email: [email protected]
    url: https://github.com/mermade/aws2openapi
    x-twitter: PermittedSoc
  license:
    name: Apache 2.0 License
    url: http://www.apache.org/licenses/
  x-providerName: amazonaws.com
  x-serviceName: guardduty
  x-aws-signingName: guardduty
  x-origin:
  - contentType: application/json
    url: https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/guardduty-2017-11-28.normal.json
    converter:
      url: https://github.com/mermade/aws2openapi
      version: 1.0.0
    x-apisguru-driver: external
  x-apiClientRegistration:
    url: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct
  x-apisguru-categories:
  - cloud
  x-preferred: true
externalDocs:
  description: Amazon Web Services documentation
  url: https://docs.aws.amazon.com/guardduty/
servers:
- url: http://guardduty.{region}.amazonaws.com
  variables:
    region:
      description: The AWS region
      enum:
      - us-east-1
      - us-east-2
      - us-west-1
      - us-west-2
      - us-gov-west-1
      - us-gov-east-1
      - ca-central-1
      - eu-north-1
      - eu-west-1
      - eu-west-2
      - eu-west-3
      - eu-central-1
      - eu-south-1
      - af-south-1
      - ap-northeast-1
      - ap-northeast-2
      - ap-northeast-3
      - ap-southeast-1
      - ap-southeast-2
      - ap-east-1
      - ap-south-1
      - sa-east-1
      - me-south-1
      default: us-east-1
  description: The Amazon GuardDuty multi-region endpoint
- url: https://guardduty.{region}.amazonaws.com
  variables:
    region:
      description: The AWS region
      enum:
      - us-east-1
      - us-east-2
      - us-west-1
      - us-west-2
      - us-gov-west-1
      - us-gov-east-1
      - ca-central-1
      - eu-north-1
      - eu-west-1
      - eu-west-2
      - eu-west-3
      - eu-central-1
      - eu-south-1
      - af-south-1
      - ap-northeast-1
      - ap-northeast-2
      - ap-northeast-3
      - ap-southeast-1
      - ap-southeast-2
      - ap-east-1
      - ap-south-1
      - sa-east-1
      - me-south-1
      default: us-east-1
  description: The Amazon GuardDuty multi-region endpoint
- url: http://guardduty.{region}.amazonaws.com.cn
  variables:
    region:
      description: The AWS region
      enum:
      - cn-north-1
      - cn-northwest-1
      default: cn-north-1
  description: The Amazon GuardDuty endpoint for China (Beijing) and China (Ningxia)
- url: https://guardduty.{region}.amazonaws.com.cn
  variables:
    region:
      description: The AWS region
      enum:
      - cn-north-1
      - cn-northwest-1
      default: cn-north-1
  description: The Amazon GuardDuty endpoint for China (Beijing) and China (Ningxia)
x-hasEquivalentPaths: true
paths:
  /detector/{detectorId}/administrator:
    post:
      operationId: AcceptAdministratorInvitation
      description: Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AcceptAdministratorInvitationResponse'
              examples:
                AcceptAdministratorInvitation200Example:
                  summary: Default AcceptAdministratorInvitation 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                AcceptAdministratorInvitation480Example:
                  summary: Default AcceptAdministratorInvitation 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                AcceptAdministratorInvitation481Example:
                  summary: Default AcceptAdministratorInvitation 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters:
      - name: detectorId
        in: path
        required: true
        description: The unique ID of the detector of the GuardDuty member account.
        schema:
          type: string
          minLength: 1
          maxLength: 300
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - administratorId
              - invitationId
              properties:
                administratorId:
                  description: The account ID of the GuardDuty administrator account whose invitation you're accepting.
                  type: string
                invitationId:
                  description: The value that is used to validate the administrator account to the member account.
                  type: string
      summary: Amazon GuardDuty Accept Administrator Invitation
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    parameters:
    - $ref: '#/components/parameters/X-Amz-Content-Sha256'
    - $ref: '#/components/parameters/X-Amz-Date'
    - $ref: '#/components/parameters/X-Amz-Algorithm'
    - $ref: '#/components/parameters/X-Amz-Credential'
    - $ref: '#/components/parameters/X-Amz-Security-Token'
    - $ref: '#/components/parameters/X-Amz-Signature'
    - $ref: '#/components/parameters/X-Amz-SignedHeaders'
    get:
      operationId: GetAdministratorAccount
      description: Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GetAdministratorAccountResponse'
              examples:
                GetAdministratorAccount200Example:
                  summary: Default GetAdministratorAccount 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                GetAdministratorAccount480Example:
                  summary: Default GetAdministratorAccount 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                GetAdministratorAccount481Example:
                  summary: Default GetAdministratorAccount 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters:
      - name: detectorId
        in: path
        required: true
        description: The unique ID of the detector of the GuardDuty member account.
        schema:
          type: string
          minLength: 1
          maxLength: 300
      summary: Amazon GuardDuty Get Administrator Account
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /detector/{detectorId}/master:
    post:
      deprecated: true
      operationId: AcceptInvitation
      description: Accepts the invitation to be monitored by a GuardDuty administrator account.
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AcceptInvitationResponse'
              examples:
                AcceptInvitation200Example:
                  summary: Default AcceptInvitation 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                AcceptInvitation480Example:
                  summary: Default AcceptInvitation 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                AcceptInvitation481Example:
                  summary: Default AcceptInvitation 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters:
      - name: detectorId
        in: path
        required: true
        description: The unique ID of the detector of the GuardDuty member account.
        schema:
          type: string
          minLength: 1
          maxLength: 300
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - masterId
              - invitationId
              properties:
                masterId:
                  description: The account ID of the GuardDuty administrator account whose invitation you're accepting.
                  type: string
                invitationId:
                  description: The value that is used to validate the administrator account to the member account.
                  type: string
      summary: Amazon GuardDuty Accept Invitation
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    parameters:
    - $ref: '#/components/parameters/X-Amz-Content-Sha256'
    - $ref: '#/components/parameters/X-Amz-Date'
    - $ref: '#/components/parameters/X-Amz-Algorithm'
    - $ref: '#/components/parameters/X-Amz-Credential'
    - $ref: '#/components/parameters/X-Amz-Security-Token'
    - $ref: '#/components/parameters/X-Amz-Signature'
    - $ref: '#/components/parameters/X-Amz-SignedHeaders'
    get:
      deprecated: true
      operationId: GetMasterAccount
      description: Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GetMasterAccountResponse'
              examples:
                GetMasterAccount200Example:
                  summary: Default GetMasterAccount 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                GetMasterAccount480Example:
                  summary: Default GetMasterAccount 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                GetMasterAccount481Example:
                  summary: Default GetMasterAccount 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters:
      - name: detectorId
        in: path
        required: true
        description: The unique ID of the detector of the GuardDuty member account.
        schema:
          type: string
          minLength: 1
          maxLength: 300
      summary: Amazon GuardDuty Get Master Account
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /detector/{detectorId}/findings/archive:
    post:
      operationId: ArchiveFindings
      description: <p>Archives GuardDuty findings that are specified by the list of finding IDs.</p> <note> <p>Only the administrator account can archive findings. Member accounts don't have 
        permission to archive findings from their accounts.</p> </note>
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ArchiveFindingsResponse'
              examples:
                ArchiveFindings200Example:
                  summary: Default ArchiveFindings 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                ArchiveFindings480Example:
                  summary: Default ArchiveFindings 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                ArchiveFindings481Example:
                  summary: Default ArchiveFindings 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters:
      - name: detectorId
        in: path
        required: true
        description: The ID of the detector that specifies the GuardDuty service whose findings you want to archive.
        schema:
          type: string
          minLength: 1
          maxLength: 300
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - findingIds
              properties:
                findingIds:
                  description: The IDs of the findings that you want to archive.
                  type: array
                  items:
                    $ref: '#/components/schemas/FindingId'
                  minItems: 0
                  maxItems: 50
      summary: Amazon GuardDuty Archive Findings
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    parameters:
    - $ref: '#/components/parameters/X-Amz-Content-Sha256'
    - $ref: '#/components/parameters/X-Amz-Date'
    - $ref: '#/components/parameters/X-Amz-Algorithm'
    - $ref: '#/components/parameters/X-Amz-Credential'
    - $ref: '#/components/parameters/X-Amz-Security-Token'
    - $ref: '#/components/parameters/X-Amz-Signature'
    - $ref: '#/components/parameters/X-Amz-SignedHeaders'
  /detector:
    post:
      operationId: CreateDetector
      description: <p>Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region 
        where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.</p> <p>There might be regional differences 
        because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see <a 
        href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html">Regions and endpoints</a>.</p>
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateDetectorResponse'
              examples:
                CreateDetector200Example:
                  summary: Default CreateDetector 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                CreateDetector480Example:
                  summary: Default CreateDetector 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                CreateDetector481Example:
                  summary: Default CreateDetector 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - enable
              properties:
                enable:
                  description: A Boolean value that specifies whether the detector is to be enabled.
                  type: boolean
                clientToken:
                  description: The idempotency token for the create request.
                  type: string
                  minLength: 0
                  maxLength: 64
                findingPublishingFrequency:
                  description: A value that specifies how frequently updated findings are exported.
                  type: string
                  enum:
                  - FIFTEEN_MINUTES
                  - ONE_HOUR
                  - SIX_HOURS
                dataSources:
                  description: Contains information about which data sources are enabled.
                  type: object
                  properties:
                    S3Logs:
                      allOf:
                      - $ref: '#/components/schemas/S3LogsConfiguration'
                      - xml:
                          name: s3Logs
                        description: Describes whether S3 data event logs are enabled as a data source.
                    Kubernetes:
                      allOf:
                      - $ref: '#/components/schemas/KubernetesConfiguration'
                      - xml:
                          name: kubernetes
                        description: Describes whether any Kubernetes logs are enabled as data sources.
                    MalwareProtection:
                      allOf:
                      - $ref: '#/components/schemas/MalwareProtectionConfiguration'
                      - xml:
                          name: malwareProtection
                        description: Describes whether Malware Protection is enabled as a data source.
                tags:
                  description: The tags to be added to a new detector resource.
                  type: object
                  minProperties: 1
                  maxProperties: 200
                  additionalProperties:
                    $ref: '#/components/schemas/TagValue'
                features:
                  description: A list of features that will be configured for the detector.
                  type: array
                  items:
                    $ref: '#/components/schemas/DetectorFeatureConfiguration'
      summary: Amazon GuardDuty Create Detector
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    parameters:
    - $ref: '#/components/parameters/X-Amz-Content-Sha256'
    - $ref: '#/components/parameters/X-Amz-Date'
    - $ref: '#/components/parameters/X-Amz-Algorithm'
    - $ref: '#/components/parameters/X-Amz-Credential'
    - $ref: '#/components/parameters/X-Amz-Security-Token'
    - $ref: '#/components/parameters/X-Amz-Signature'
    - $ref: '#/components/parameters/X-Amz-SignedHeaders'
    get:
      operationId: ListDetectors
      description: Lists detectorIds of all the existing Amazon GuardDuty detector resources.
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListDetectorsResponse'
              examples:
                ListDetectors200Example:
                  summary: Default ListDetectors 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                ListDetectors480Example:
                  summary: Default ListDetectors 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                ListDetectors481Example:
                  summary: Default ListDetectors 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters:
      - name: maxResults
        in: query
        required: false
        description: You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
        schema:
          type: integer
          minimum: 1
          maximum: 50
      - name: nextToken
        in: query
        required: false
        description: You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill 
          nextToken in the request with the value of NextToken from the previous response to continue listing data.
        schema:
          type: string
      - name: MaxResults
        in: query
        schema:
          type: string
        description: Pagination limit
        required: false
      - name: NextToken
        in: query
        schema:
          type: string
        description: Pagination token
        required: false
      summary: Amazon GuardDuty List Detectors
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /detector/{detectorId}/filter:
    post:
      operationId: CreateFilter
      description: Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see <a 
        href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_limits.html">Quotas for GuardDuty</a>.
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateFilterResponse'
              examples:
                CreateFilter200Example:
                  summary: Default CreateFilter 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                CreateFilter480Example:
                  summary: Default CreateFilter 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                CreateFilter481Example:
                  summary: Default CreateFilter 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters:
      - name: detectorId
        in: path
        required: true
        description: The ID of the detector belonging to the GuardDuty account that you want to create a filter for.
        schema:
          type: string
          minLength: 1
          maxLength: 300
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
              - name
              - findingCriteria
              properties:
                name:
                  description: The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid 
                    character.
                  type: string
                  minLength: 3
                  maxLength: 64
                description:
                  description: The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (<code>{ 
                    }</code>, <code>[ ]</code>, and <code>( )</code>), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
                  type: string
                  minLength: 0
                  maxLength: 512
                action:
                  description: Specifies the action that is to be applied to the findings that match the filter.
                  type: string
                  enum:
                  - NOOP
                  - ARCHIVE
                  minLength: 1
                  maxLength: 300
                rank:
                  description: Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
                  type: integer
                  minimum: 1
                  maximum: 100
                findingCriteria:
                  description: Contains information about the criteria used for querying findings.
                  type: object
                  properties:
                    Criterion:
                      allOf:
                      - $ref: '#/components/schemas/Criterion'
                      - xml:
                          name: criterion
                        description: Represents a map of finding properties that match specified conditions and values when querying findings.
                clientToken:
                  description: The idempotency token for the create request.
                  type: string
                  minLength: 0
                  maxLength: 64
                tags:
                  description: The tags to be added to a new filter resource.
                  type: object
                  minProperties: 1
                  maxProperties: 200
                  additionalProperties:
                    $ref: '#/components/schemas/TagValue'
      summary: Amazon GuardDuty Create Filter
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    parameters:
    - $ref: '#/components/parameters/X-Amz-Content-Sha256'
    - $ref: '#/components/parameters/X-Amz-Date'
    - $ref: '#/components/parameters/X-Amz-Algorithm'
    - $ref: '#/components/parameters/X-Amz-Credential'
    - $ref: '#/components/parameters/X-Amz-Security-Token'
    - $ref: '#/components/parameters/X-Amz-Signature'
    - $ref: '#/components/parameters/X-Amz-SignedHeaders'
    get:
      operationId: ListFilters
      description: Returns a paginated list of the current filters.
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListFiltersResponse'
              examples:
                ListFilters200Example:
                  summary: Default ListFilters 200 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '480':
          description: BadRequestException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BadRequestException'
              examples:
                ListFilters480Example:
                  summary: Default ListFilters 480 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
        '481':
          description: InternalServerErrorException
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InternalServerErrorException'
              examples:
                ListFilters481Example:
                  summary: Default ListFilters 481 response
                  x-microcks-default: true
                  value:
                    detectorId: abc123
                    format: DNS_LOGS
      parameters:
      - name: detectorId
        in: path
        re

# --- truncated at 32 KB (456 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/amazon-guardduty/refs/heads/main/openapi/amazon-guardduty-openapi.yml