Skip to content

Create Threat Intel Set

guardduty_create_threat_intel_set R Documentation

Creates a new ThreatIntelSet

Description

Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.

Usage

guardduty_create_threat_intel_set(DetectorId, Name, Format, Location,
  Activate, ClientToken, Tags)

Arguments

DetectorId

[required] The unique ID of the detector of the GuardDuty account for which you want to create a ThreatIntelSet.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the list_detectors API.
Name

[required] A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
Format

[required] The format of the file that contains the ThreatIntelSet.
Location

[required] The URI of the file that contains the ThreatIntelSet.
Activate

[required] A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
ClientToken

The idempotency token for the create request.
Tags

The tags to be added to a new threat list resource.

Value

A list with the following syntax:

list(
  ThreatIntelSetId = "string"
)

Request syntax

svc$create_threat_intel_set(
  DetectorId = "string",
  Name = "string",
  Format = "TXT"|"STIX"|"OTX_CSV"|"ALIEN_VAULT"|"PROOF_POINT"|"FIRE_EYE",
  Location = "string",
  Activate = TRUE|FALSE,
  ClientToken = "string",
  Tags = list(
    "string"
  )
)