Amazon AWS GuardDuty

the amazon aws guardduty connector allows users to manage and automate responses to the threat detection findings directly within the swimlane turbine platform amazon aws guardduty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your aws accounts and workloads with the swimlane turbine aws guardduty connector, users can automate the management of guardduty detectors, ip sets, and threat intel sets this integration empowers security teams to streamline threat detection, enhance visibility, and respond efficiently to potential security threats by automating actions such as archiving findings, creating detectors, and updating threat intelligence, swimlane turbine users can maintain a robust security posture with minimal manual intervention prerequisites to utilize the amazon aws guardduty connector within swimlane turbine, ensure you have the following aws credentials for authentication with the following parameters access key your aws access key id secret key your aws secret access key region name the aws region where your guardduty instance is deployed asset setup this integration authenticates with aws guardduty connector using the following input values aws access key id a long term aws access key id with access to security hub aws secret key id a long term secret access key associated with the above accesskey id region name the aws region role arn an arn of an aws iam role to assume capabilities this connector provides the following capabilities archieve findings create detector create ip set create threat intel set delete detector delete ip set delete threat intel set get all findings get detector get findings get ip set get threat intel set list detectors list findings list ip sets and so on obtaining aws credentials to use this integration, you will need to have an aws account and obtain the necessary aws credentials you can obtain these credentials by following the steps below log in to your aws account and navigate to the iam console in the left navigation pane, click on the users tab and select the user for which you want to create credentials attach policy amazonguarddutyfullaccess to the user click on the security credentials tab, and then click on the create access key make sure to save the access key id and secret access key in a secure location, as you will not be able to see the secret access key again after this step notes https //docs aws amazon com/powershell/latest/userguide/pstools appendix sign up html https //boto3 amazonaws com/v1/documentation/api/latest/reference/services/guardduty html https //docs aws amazon com/guardduty/latest/apireference/welcome html configurations aws guardduty authentication authenticates using aws credentials configuration parameters parameter description type required access key aws access key string required secret key aws secret key string required region name the aws region where you want to create new connections string required role arn optional role arn to assume leave blank unless tasks need to assume a different role string optional external id external id to assume iam role optional value used for assuming roles can be added, or removed in trusted relationships of target role string optional session token use if a session token is provided when switching roles string optional role session name defaults to sessionfromswimlane \<hash> when no value is provide string optional actions archive findings archives specified amazon aws guardduty findings using a detectorid and list of findingids available to administrator accounts input argument name type required description detectorid string required the id of the detector that specifies the guardduty service whose findings you want to archieve findingids array required the ids of the findings that you want to archieve input example {"detectorid" "string","findingids" \["string"]} output parameter type description success boolean whether the operation was successful output example {"success"\ true} create detector creates a new amazon aws guardduty detector to initiate the service with an 'enable' parameter input argument name type required description enable boolean required a boolean value that specifies whether the detector is to be enabled clienttoken string optional the idempotency token for the create request this field is autopopulated if not provided findingpublishingfrequency string optional a value that specifies how frequently updated findings are exported datasources object optional describes which data sources will be enabled for the detector datasources s3logs object optional describes whether s3 data event logs are enabled as a data source datasources s3logs enable boolean required the status of s3 data event logs as a data source datasources kubernetes object optional describes whether any kubernetes logs are enabled as data sources datasources kubernetes auditlogs object required the status of kubernetes audit logs as a data source datasources kubernetes auditlogs enable boolean required the status of kubernetes audit logs as a data source datasources malwareprotection object optional describes whether malware protection is enabled as a data source datasources malwareprotection scanec2instancewithfindings object optional describes the configuration of malware protection for ec2 instances with findings datasources malwareprotection scanec2instancewithfindings ebsvolumes boolean optional describes the configuration for scanning ebs volumes as data source tags object optional the tags to be added to a new detector resource tags string string optional parameter for create detector features array optional a list of features that will be configured for the detector features name string optional the name of the feature features status string optional the status of the feature features additionalconfiguration array optional additional configuration for a resource features additionalconfiguration name string optional name of the additional configuration features additionalconfiguration status string optional status of the additional configuration input example {"enable"\ true,"findingpublishingfrequency" "fifteen minutes","datasources" {"s3logs" {"enable"\ true},"kubernetes" {"auditlogs" {"enable"\ true}},"malwareprotection" {"scanec2instancewithfindings" {"ebsvolumes"\ true}}},"tags" {"string" "string"},"features" \[{"name" "s3 data events","status" "enabled","additionalconfiguration" \[{"name" "eks addon management","status" "enabled"}]}]} output parameter type description detectorid string unique identifier unprocesseddatasources object response data unprocesseddatasources malwareprotection object response data unprocesseddatasources malwareprotection scanec2instancewithfindings object response data unprocesseddatasources malwareprotection scanec2instancewithfindings ebsvolumes object response data unprocesseddatasources malwareprotection scanec2instancewithfindings ebsvolumes status string response data unprocesseddatasources malwareprotection scanec2instancewithfindings ebsvolumes reason string response data unprocesseddatasources malwareprotection servicerole string response data output example {"detectorid" "string","unprocesseddatasources" {"malwareprotection" {"scanec2instancewithfindings" {},"servicerole" "string"}}} create ip set creates a new ip set in amazon aws guardduty to whitelist trusted ips, requiring detectorid, name, format, location, and activate status input argument name type required description detectorid string required the unique id of the detector of the guardduty account that you want to create an ip set for name string required the user friendly name to identify the ip set allowed characters are alphanumeric, whitespace, dash ( ), and underscores ( ) format string required the format of the file that contains the ip set location string required the uri of the file that contains the ip set activate boolean required a boolean value that indicates whether guardduty is to start using the uploaded ip set clienttoken string optional the idempotency token for the create request this field is autopopulated if not provided tags object optional the tags to be added to a new ip set resource tags string string optional parameter for create ip set input example {"format" "txt","activate"\ true,"tags" {"string" "string"}} output parameter type description ipsetid string unique identifier output example {"ipsetid" "string"} create threat intel set creates a new threat intel set in amazon aws guardduty using provided detectorid, name, format, location, and activation status input argument name type required description detectorid string required the unique id of the detector of the guardduty account that you want to create a threatintelset for name string required a user friendly threat intel set name displayed in all findings that are generated by activity that involves ip addresses included in this threat intel set format string required the format of the file that contains the threat intel set location string required the uri of the file that contains the threat intel set activate boolean required a boolean value that indicates whether guardduty is to start using the uploaded threat intel set clienttoken string optional the idempotency token for the create request this field is autopopulated if not provided tags object optional the tags to be added to a new threat list resource tags string string optional parameter for create threat intel set input example {"format" "txt","activate"\ true,"tags" {"string" "string"}} output parameter type description threatintelsetid string unique identifier output example {"threatintelsetid" "string"} delete detector removes a specified amazon aws guardduty detector using the provided detectorid input argument name type required description detectorid string required the unique id of the detector that you want to delete input example {"detectorid" "string"} output parameter type description success boolean whether the operation was successful output example {"success"\ true} delete ip set removes a specified ip set from amazon aws guardduty using the provided detectorid and ipsetid input argument name type required description detectorid string required the unique id of the detector associated with the ip set ipsetid string required the unique id of the ip set to delete input example {"detectorid" "string","ipsetid" "string"} output parameter type description success boolean whether the operation was successful output example {"success"\ true} delete threat intel set removes a specified threat intel set from amazon aws guardduty using the detectorid and threatintelsetid input argument name type required description detectorid string required the unique id of the detector that the threat intel set is associated with threatintelsetid string required the unique id of the threat intel set that you want to delete input example {"detectorid" "string","threatintelsetid" "string"} output parameter type description success boolean whether the operation was successful output example {"success"\ true} get all findings retrieve all detected security threats from amazon aws guardduty for a comprehensive overview input argument name type required description findingcriteria object optional represents the criteria used for querying findings findingcriteria criterion object optional represents a map of finding properties that match specified conditions and values when querying findings findingcriteria criterion string object optional parameter for get all findings findingcriteria criterion string eq array optional represents the equal condition to be applied to a single field when querying for findings findingcriteria criterion string neq array optional represents the not equal condition to be applied to a single field when querying for findings findingcriteria criterion string gt number optional represents a greater than condition to be applied to a single field when querying for findings findingcriteria criterion string gte number optional represents a greater than or equal condition to be applied to a single field when querying for findings findingcriteria criterion string lt number optional represents a less than condition to be applied to a single field when querying for findings findingcriteria criterion string lte number optional represents a less than or equal condition to be applied to a single field when querying for findings findingcriteria criterion string equals array optional represents an equal condition to be applied to a single field when querying for findings findingcriteria criterion string notequals array optional represents a not equal condition to be applied to a single field when querying for findings findingcriteria criterion string greaterthan number optional represents a greater than condition to be applied to a single field when querying for findings findingcriteria criterion string greaterthanorequal number optional represents a greater than or equal condition to be applied to a single field when querying for findings findingcriteria criterion string lessthan number optional represents a less than condition to be applied to a single field when querying for findings findingcriteria criterion string lessthanorequal number optional represents a less than or equal condition to be applied to a single field when querying for findings sortcriteria object optional represents the criteria used for sorting findings sortcriteria attributename string optional represents the finding attribute, such as accountid, that sorts the findings sortcriteria orderby string optional the order by which the sorted findings are to be displayed paginationconfig object optional a dictionary that provides parameters to control pagination paginationconfig maxitems number optional the total number of items to return if the total number of items available is more than the value specified in max items then a nexttoken will be provided in the output that you can use to resume pagination paginationconfig pagesize number optional the size of each page paginationconfig startingtoken string optional a token to specify where to start paginating this is the nexttoken from a previous response input example {"findingcriteria" {"criterion" {"string" {"eq" \["string"],"neq" \["string"],"gt" 123,"gte" 123,"lt" 123,"lte" 123,"equals" \["string"],"notequals" \["string"],"greaterthan" 123,"greaterthanorequal" 123,"lessthan" 123,"lessthanorequal" 123}}},"sortcriteria" {"attributename" "string","orderby" "asc"},"paginationconfig" {"maxitems" 123,"pagesize" 123,"startingtoken" "string"}} output parameter type description findings object output field findings output example {"findings" {}} get detector retrieves details of a specified amazon aws guardduty detector using the provided detectorid input argument name type required description detectorid string required the unique id of the detector that you want to get input example {"detectorid" "string"} output parameter type description createdat string output field createdat findingpublishingfrequency string output field findingpublishingfrequency servicerole string output field servicerole status string status value updatedat string output field updatedat datasources object response data datasources cloudtrail object response data datasources cloudtrail status string response data datasources dnslogs object response data datasources dnslogs status string response data datasources flowlogs object response data datasources flowlogs status string response data datasources s3logs object response data datasources s3logs status string response data datasources kubernetes object response data datasources kubernetes auditlogs object response data datasources kubernetes auditlogs status string response data datasources malwareprotection object response data datasources malwareprotection scanec2instancewithfindings object response data datasources malwareprotection scanec2instancewithfindings ebsvolumes object response data datasources malwareprotection scanec2instancewithfindings ebsvolumes status string response data datasources malwareprotection scanec2instancewithfindings ebsvolumes reason string response data datasources malwareprotection servicerole string response data tags object output field tags tags string string output field tags string output example {"createdat" "string","findingpublishingfrequency" "fifteen minutes","servicerole" "string","status" "enabled","updatedat" "string","datasources" {"cloudtrail" {"status" "enabled"},"dnslogs" {"status" "enabled"},"flowlogs" {"status" "enabled"},"s3logs" {"status" "enabled"},"kubernetes" {"auditlogs" {}},"malwareprotection" {"scanec2instancewithfindings" {},"servicerole" "string"}},"tags" {"string" "string"},"features" \[{"name" "flow logs","status" "enabled","updatedat" "datetime(2015, 1, 1)","add get findings retrieves detailed information for specified findings in amazon aws guardduty using detectorid and findingids input argument name type required description detectorid string required the id of the detector that specifies the guardduty service whose findings you want to retrieve findingids array required the ids of the findings that you want to retrieve sortcriteria object optional represents the criteria used for sorting findings sortcriteria attributename string optional represents the finding attribute, such as accountid, that sorts the findings sortcriteria orderby string optional the order by which the sorted findings are to be displayed input example {"sortcriteria" {"attributename" "string","orderby" "asc"}} output parameter type description findings array output field findings findings accountid string unique identifier findings arn string output field findings arn findings confidence number unique identifier findings createdat string output field findings createdat findings description string output field findings description findings id string unique identifier findings partition string output field findings partition findings region string output field findings region findings resource object output field findings resource findings resource accesskeydetails object output field findings resource accesskeydetails findings resource accesskeydetails accesskeyid string unique identifier findings resource accesskeydetails principalid string unique identifier findings resource accesskeydetails username string name of the resource findings resource accesskeydetails usertype string type of the resource findings resource s3bucketdetails array output field findings resource s3bucketdetails findings resource s3bucketdetails arn string output field findings resource s3bucketdetails arn findings resource s3bucketdetails name string name of the resource findings resource s3bucketdetails type string type of the resource findings resource s3bucketdetails createdat string output field findings resource s3bucketdetails createdat findings resource s3bucketdetails owner object output field findings resource s3bucketdetails owner findings resource s3bucketdetails owner id string unique identifier findings resource s3bucketdetails tags array output field findings resource s3bucketdetails tags findings resource s3bucketdetails tags key string output field findings resource s3bucketdetails tags key findings resource s3bucketdetails tags value string value for the parameter output example {"findings" \[]} get ip set retrieves a specified ip set in amazon aws guardduty using the provided detectorid and ipsetid input argument name type required description detectorid string required the unique id of the detector that the ip set is associated with ipsetid string required the unique id of the ip set to retrieve input example {"detectorid" "string","ipsetid" "string"} output parameter type description name string name of the resource format string output field format location string output field location status string status value tags object output field tags tags string string output field tags string output example {"name" "string","format" "txt","location" "string","status" "inactive","tags" {"string" "string"}} get threat intel set retrieves a specified threat intel set from amazon aws guardduty using detectorid and threatintelsetid input argument name type required description detectorid string required the unique id of the detector that the threat intel set is associated with threatintelsetid string required the unique id of the threat intel set that you want to get input example {"detectorid" "string","threatintelsetid" "string"} output parameter type description name string name of the resource format string output field format location string output field location status string status value tags object output field tags tags string string output field tags string output example {"name" "string","format" "txt","location" "string","status" "inactive","tags" {"string" "string"}} list detectors retrieve a list of detector ids from amazon aws guardduty, enabling identification and management of existing resources input argument name type required description paginationconfig object optional a dictionary that provides parameters to control pagination paginationconfig maxitems number optional the total number of items to return if the total number of items available is more than the value specified in max items then a nexttoken will be provided in the output that you can use to resume pagination paginationconfig pagesize number optional the size of each page paginationconfig startingtoken string optional a token to specify where to start paginating this is the nexttoken from a previous response input example {"paginationconfig" {"maxitems" 123,"pagesize" 123,"startingtoken" "string"}} output parameter type description response array output field response response responsemetadata object response data response responsemetadata requestid string response data response responsemetadata httpstatuscode number response data response responsemetadata httpheaders object response data response responsemetadata httpheaders date string response data response responsemetadata httpheaders content type string response data response responsemetadata httpheaders content length string response data response responsemetadata httpheaders connection string response data response responsemetadata httpheaders x amzn requestid string response data response responsemetadata httpheaders access control allow origin string response data response responsemetadata httpheaders access control allow headers string response data response responsemetadata httpheaders x amz apigw id string response data response responsemetadata httpheaders access control expose headers string response data response responsemetadata httpheaders x amzn trace id string response data response responsemetadata httpheaders access control max age string response data response responsemetadata retryattempts number response data response detectorids array unique identifier output example {"response" \[{"responsemetadata" {},"detectorids" \[]}]} list findings retrieve a summary of potential security threats by listing amazon aws guardduty findings for a specified detectorid input argument name type required description detectorid string required the id of the detector that specifies the guardduty service whose findings you want to list findingcriteria object optional represents the criteria used for querying findings findingcriteria criterion object optional represents a map of finding properties that match specified conditions and values when querying findings findingcriteria criterion string object optional parameter for list findings findingcriteria criterion string eq array optional represents the equal condition to be applied to a single field when querying for findings findingcriteria criterion string neq array optional represents the not equal condition to be applied to a single field when querying for findings findingcriteria criterion string gt number optional represents a greater than condition to be applied to a single field when querying for findings findingcriteria criterion string gte number optional represents a greater than or equal condition to be applied to a single field when querying for findings findingcriteria criterion string lt number optional represents a less than condition to be applied to a single field when querying for findings findingcriteria criterion string lte number optional represents a less than or equal condition to be applied to a single field when querying for findings findingcriteria criterion string equals array optional represents an equal condition to be applied to a single field when querying for findings findingcriteria criterion string notequals array optional represents a not equal condition to be applied to a single field when querying for findings findingcriteria criterion string greaterthan number optional represents a greater than condition to be applied to a single field when querying for findings findingcriteria criterion string greaterthanorequal number optional represents a greater than or equal condition to be applied to a single field when querying for findings findingcriteria criterion string lessthan number optional represents a less than condition to be applied to a single field when querying for findings findingcriteria criterion string lessthanorequal number optional represents a less than or equal condition to be applied to a single field when querying for findings sortcriteria object optional represents the criteria used for sorting findings sortcriteria attributename string optional represents the finding attribute, such as account id, that sorts the findings sortcriteria orderby string optional the order by which the sorted findings are to be displayed paginationconfig object optional a dictionary that provides parameters to control pagination paginationconfig maxitems number optional the total number of items to return if the total number of items available is more than the value specified in max items then a nexttoken will be provided in the output that you can use to resume pagination paginationconfig pagesize number optional the size of each page paginationconfig startingtoken string optional a token to specify where to start paginating this is the nexttoken from a previous response input example {"findingcriteria" {"criterion" {"string" {"eq" \["string"],"neq" \["string"],"gt" 123,"gte" 123,"lt" 123,"lte" 123,"equals" \["string"],"notequals" \["string"],"greaterthan" 123,"greaterthanorequal" 123,"lessthan" 123,"lessthanorequal" 123}}},"sortcriteria" {"attributename" "string","orderby" "asc"},"paginationconfig" {"maxitems" 123,"pagesize" 123,"startingtoken" "string"}} output parameter type description response array output field response response responsemetadata object response data response responsemetadata requestid string response data response responsemetadata httpstatuscode number response data response responsemetadata httpheaders object response data response responsemetadata httpheaders date string response data response responsemetadata httpheaders content type string response data response responsemetadata httpheaders content length string response data response responsemetadata httpheaders connection string response data response responsemetadata httpheaders x amzn requestid string response data response responsemetadata httpheaders access control allow origin string response data response responsemetadata httpheaders access control allow headers string response data response responsemetadata httpheaders x amz apigw id string response data response responsemetadata httpheaders access control expose headers string response data response responsemetadata httpheaders x amzn trace id string response data response responsemetadata httpheaders access control max age string response data response responsemetadata retryattempts number response data response findingids array unique identifier response nexttoken string output field response nexttoken output example {"response" \[{"responsemetadata" {},"findingids" \[],"nexttoken" ""}]} list ip sets retrieves a list of ip sets for a specified amazon aws guardduty detector id, including sets from admin accounts if accessed by a member input argument name type required description detectorid string required the unique id of the detector that the ip set is associated with paginationconfig object optional a dictionary that provides parameters to control pagination paginationconfig maxitems number optional the total number of items to return if the total number of items available is more than the value specified in max items then a nexttoken will be provided in the output that you can use to resume pagination paginationconfig pagesize number optional the size of each page paginationconfig startingtoken string optional a token to specify where to start paginating this is the nexttoken from a previous response input example {"paginationconfig" {"maxitems" 123,"pagesize" 123,"startingtoken" "string"}} output parameter type description response array output field response response responsemetadata object response data response responsemetadata requestid string response data response responsemetadata httpstatuscode number response data response responsemetadata httpheaders object response data response responsemetadata httpheaders date string response data response responsemetadata httpheaders content type string response data response responsemetadata httpheaders content length string response data response responsemetadata httpheaders connection string response data response responsemetadata httpheaders x amzn requestid string response data response responsemetadata httpheaders access control allow origin string response data response responsemetadata httpheaders access control allow headers string response data response responsemetadata httpheaders x amz apigw id string response data response responsemetadata httpheaders access control expose headers string response data response responsemetadata httpheaders x amzn trace id string response data response responsemetadata httpheaders access control max age string response data response responsemetadata retryattempts number response data response ipsetids array unique identifier output example {"response" \[{"responsemetadata" {},"ipsetids" \[]}]} list threat intel sets lists all threat intel sets associated with a given detectorid in amazon aws guardduty, including admin account sets if accessed by a member input argument name type required description detectorid string required the unique id of the detector that the threat intel set is associated with paginationconfig object optional a dictionary that provides parameters to control pagination paginationconfig maxitems number optional the total number of items to return if the total number of items available is more than the value specified in max items then a nexttoken will be provided in the output that you can use to resume pagination paginationconfig pagesize number optional the size of each page paginationconfig startingtoken string optional a token to specify where to start paginating this is the nexttoken from a previous response input example {"paginationconfig" {"maxitems" 123,"pagesize" 123,"startingtoken" "string"}} output parameter type description response array output field response response responsemetadata object response data response responsemetadata requestid string response data response responsemetadata httpstatuscode number response data response responsemetadata httpheaders object response data response responsemetadata httpheaders date string response data response responsemetadata httpheaders content type string response data response responsemetadata httpheaders content length string response data response responsemetadata httpheaders connection string response data response responsemetadata httpheaders x amzn requestid string response data response responsemetadata httpheaders access control allow origin string response data response responsemetadata httpheaders access control allow headers string response data response responsemetadata httpheaders x amz apigw id string response data response responsemetadata httpheaders access control expose headers string response data response responsemetadata httpheaders x amzn trace id string response data response responsemetadata httpheaders access control max age string response data response responsemetadata retryattempts number response data response threatintelsetids array unique identifier output example {"response" \[{"responsemetadata" {},"threatintelsetids" \[]}]} update detector updates the settings of a specified amazon aws guardduty detector using the provided detectorid input argument name type required description detectorid string required the unique id of the detector to update enable boolean optional specifies whether the detector is enabled or not enabled findingpublishingfrequency string optional an enum value that specifies how frequently findings are exported, such as to cloudwatch events datasources object optional describes which data sources will be updated datasources s3logs object optional describes whether s3 data event logs are enabled as a data source datasources s3logs enable boolean required describes whether any kubernetes logs are enabled as data sources datasources kubernetes object optional describes whether any kubernetes logs are enabled as data sources datasources kubernetes auditlogs object optional the status of kubernetes audit logs as a data source datasources kubernetes auditlogs enable boolean required the status of kubernetes audit logs as a data source datasources malwareprotection object optional describes whether malware protection is enabled as a data source datasources malwareprotection scanec2instancewithfindings object optional describes the configuration of malware protection for ec2 instances with findings datasources malwareprotection scanec2instancewithfindings ebsvolumes boolean optional describes the configuration for scanning ebs volumes as data source features array optional provides the features that will be updated for the detector features name string optional the name of the feature features status string optional the status of the feature features additionalconfiguration array optional additional configuration for a resource features additionalconfiguration name string optional name of the additional configuration features additionalconfiguration status string optional status of the additional configuration input example {"enable"\ true,"findingpublishingfrequency" "fifteen minutes","datasources" {"s3logs" {"enable"\ true},"kubernetes" {"auditlogs" {"enable"\ true}},"malwareprotection" {"scanec2instancewithfindings" {"ebsvolumes"\ true}}},"features" \[{"name" "s3 data events","status" "enabled","additionalconfiguration" \[{"name" "eks addon management","status" "enabled"}]}]} output parameter type description success boolean whether the operation was successful output example {"success"\ true} update ip set updates an existing ip set in amazon aws guardduty using specified detectorid and ipsetid input argument name type required description detectorid string required the detector id that specifies the guardduty service whose ip set you want to update ipsetid string required the unique id that specifies the ip set that you want to update name string optional the unique id that specifies the ip set that you want to update location string optional the updated uri of the file that contains the ip set activate boolean optional the updated boolean value that specifies whether the ip set is active or not input example {"detectorid" "string","ipsetid" "string","name" "example name","location" "string","activate"\ true} output parameter type description success boolean whether the operation was successful output example {"success"\ true} update threat intel set updates a specified threat intel set in amazon aws guardduty using the provided detectorid and threatintelsetid input argument name type required description detectorid string required the detector id that specifies the guardduty service whose threat intel set you want to update threatintelsetid string required the unique id that specifies the threatintelset that you want to update name string optional the unique id that specifies the threat intel set that you want to update location string optional the updated uri of the file that contains the threat intel set activate boolean optional the updated boolean value that specifies whether the threat intel set is active or not input example {"activate"\ true} output parameter type description success boolean whether the operation was successful output example {"success"\ true} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt