steampipe plugin install aws

Table: aws_guardduty_member - Query AWS GuardDuty Member using SQL

The AWS GuardDuty Member is a component of the Amazon GuardDuty service which is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. A member represents the accounts added to the GuardDuty service from the master account. It helps in managing and organizing multiple AWS accounts for threat detection and notifications.

Table Usage Guide

The aws_guardduty_member table in Steampipe provides you with information about member accounts within AWS GuardDuty. This table allows you, as a security analyst, to query member-specific details, including account details, detector ID, invitation status, and relationship status. You can utilize this table to gather insights on member accounts, such as the status of invitations sent to these accounts, the relationship status between the master and member accounts, and more. The schema outlines the various attributes of the GuardDuty member for you, including the account ID, email, detector ID, and associated tags.

Examples

Basic info

Explore which member accounts are linked to your AWS GuardDuty detectors and when they were invited, to understand the security relationships within your network. This can be useful in assessing the overall security posture and identifying any potential weak points.

select
member_account_id,
detector_id,
invited_at,
relationship_status
from
aws_guardduty_member;
select
member_account_id,
detector_id,
invited_at,
relationship_status
from
aws_guardduty_member;

List members that failed email verification

Uncover the details of members who have not successfully completed the email verification process. This is particularly useful for identifying potential security issues and ensuring all users have been properly validated.

select
member_account_id,
detector_id,
invited_at,
relationship_status
from
aws_guardduty_member
where
relationship_status = 'EmailVerificationFailed';
select
member_account_id,
detector_id,
invited_at,
relationship_status
from
aws_guardduty_member
where
relationship_status = 'EmailVerificationFailed';

List uninvited members

Identify instances where members of the AWS GuardDuty service have not been invited. This is useful for maintaining security and ensuring all members have been properly onboarded.

select
member_account_id,
detector_id,
invited_at,
relationship_status
from
aws_guardduty_member
where
invited_at is null;
select
member_account_id,
detector_id,
invited_at,
relationship_status
from
aws_guardduty_member
where
invited_at is null;

List members which were invited within the last 10 days

Identify newly invited members in the AWS GuardDuty service over the past ten days to monitor recent additions and their relationship status.

select
member_account_id,
detector_id,
invited_at,
relationship_status
from
aws_guardduty_member
where
invited_at >= (now() - interval '10' day);
select
member_account_id,
detector_id,
invited_at,
relationship_status
from
aws_guardduty_member
where
invited_at >= datetime('now', '-10 days');

Schema for aws_guardduty_member

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
administrator_idtextThe administrator account ID.
detector_idtext=The detector ID of the member account.
emailtextThe email address of the member account.
invited_attimestamp with time zoneThe timestamp when the invitation was sent.
master_idtextThe administrator account ID.
member_account_idtext=The ID of the member account.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
relationship_statustextThe status of the relationship between the member and the administrator.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
updated_attimestamp with time zoneThe last-updated timestamp of the member.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_guardduty_member