Skip to main content
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per region. All data sources are enabled in a new detector by default.
External DocumentationTo learn more, visit the AWS documentation.

Basic Parameters

ParameterDescription
AWS RegionEnter the desired AWS Region(s).

To execute the action in multiple regions, provide a comma-separated list.
For example: us-east-1,eu-west-2.

If you wish to run the action in all available regions, use the asterisk symbol (*) instead.
Enable DetectorSpecifies whether the detector is enabled.

Advanced Parameters

ParameterDescription
Client TokenThe idempotency token for the create request.
It is a unique, case-sensitive string of up to 64 ASCII characters.
Idempotency token ensures that an API request completes no more than one time.
Detector TagsThe tags to be added to a new detector resource.
Disable XML To JSON Auto ConvertWhen checked, XML responses are not automatically converted into JSON format.
Finding Publishing FrequencySpecifies how frequently updated findings are exported to S3.

Example Output

{
	"detectorId": "example",
	"unprocessedDataSources": {
		"malwareProtection": {
			"scanEc2InstanceWithFindings": {
				"ebsVolumes": {
					"reason": "example",
					"status": "example"
				}
			},
			"serviceRole": "example"
		}
	}
}

Workflow Library Example

Guardduty Create Detector with Aws and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop