steampipe plugin install aws

Table: aws_guardduty_ipset - Query AWS GuardDuty IPSet using SQL

The AWS GuardDuty IPSet is a component of Amazon GuardDuty that allows you to manage and use lists of trusted IP addresses. It can help you to more effectively detect and respond to potential security threats by defining IP conditions and filtering findings. This contributes to the overall security and integrity of your AWS environment by providing an additional layer of protection against unauthorized or malicious activity.

Table Usage Guide

The aws_guardduty_ipset table in Steampipe provides you with information about IPSet within AWS GuardDuty. This table allows you, as a security analyst, to query IPSet-specific details, including the detector ID, IPSet ID, name, format, location, and status. You can utilize this table to gather insights on IPSet, such as the list of IP addresses used by GuardDuty to simulate trusted IP addresses when generating test findings. The schema outlines the various attributes of the IPSet for you, including the detector ID, IPSet ID, name, format, location, and status.

Examples

Basic info

Determine the areas in which potential security threats can be identified within the AWS GuardDuty service. This query is useful for gaining insights into the specific locations and formats of these threats, helping to enhance your overall security posture.

select
detector_id,
ipset_id,
name,
format,
location
from
aws_guardduty_ipset;
select
detector_id,
ipset_id,
name,
format,
location
from
aws_guardduty_ipset;

List IPSets which are not active

Identify instances where certain IP sets within the AWS GuardDuty service are inactive. This is useful for maintaining network security by ensuring all necessary IP sets are active and functioning as expected.

select
ipset_id,
name,
status
from
aws_guardduty_ipset
where
status = 'INACTIVE';
select
ipset_id,
name,
status
from
aws_guardduty_ipset
where
status = 'INACTIVE';

Schema for aws_guardduty_ipset

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
detector_idtext=The ID of the detector.
formattextThe format of the file that contains the IPSet.
ipset_idtext=The ID of the IPSet.
locationtextThe URI of the file that contains the IPSet.
nametextThe name for the IPSet.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
statustextThe status of IPSet.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_guardduty_ipset