Skip to main content
← back to extensions

Aws/guardduty

@webframp/aws/guarddutyv2026.04.28.1· 6d agoMODELS
01README

Query and inspect GuardDuty findings from a delegated administrator account, covering all member accounts in an AWS Organization.

Authentication

Uses the default AWS credential chain. Point at the delegated admin account (e.g. via AWS_PROFILE) to see findings across all member accounts.

Required IAM Permissions

  • guardduty:ListDetectors
  • guardduty:ListFindings
  • guardduty:GetFindings
  • guardduty:ListMembers

Usage

# Create guardduty model (assumes credentials for delegated admin account)
swamp model create @webframp/aws/guardduty gd --global-arg region=us-east-1

# List recent high-severity findings
swamp model method run gd list_findings --input severityMin=7 --input startTime=7d

# List findings by type
swamp model method run gd list_findings --input typePrefix=UnauthorizedAccess

# Filter to a specific account
swamp model method run gd list_findings --input accountId=238297461743

# Get full details for specific findings
swamp model method run gd get_finding_details --input 'findingIds=["abc123"]'

# List enrolled member accounts
swamp model method run gd list_members

Methods

  • list_findings - List findings with filters for type, severity, time window, and account
  • get_finding_details - Get full resource and service action details for specific findings
  • list_members - List member accounts and their enrollment status
02Models1
@webframp/aws/guarddutyv2026.04.28.1aws/guardduty.ts
fn list_findings()
List GuardDuty findings with optional filters for type, severity, time window, and account
fn get_finding_details()
Get full details for specific findings by ID, including resource and service action data
fn list_members()
List GuardDuty member accounts and their enrollment status

Resources

finding_list(30m)— List of GuardDuty finding summaries
finding_details(1h)— Full GuardDuty finding details
member_list(1h)— GuardDuty member account enrollment
03Stats
A
100 / 100
Downloads
1
Archive size
297.2 KB
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/webframp/swamp-extensions
04Platforms
05Labels
#aws#guardduty#security#threat-detection#incident-response