aws-sdk-detective 1.41.0 → 1.43.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-detective/client.rb +290 -1
- data/lib/aws-sdk-detective/client_api.rb +258 -0
- data/lib/aws-sdk-detective/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-detective/endpoints.rb +70 -0
- data/lib/aws-sdk-detective/plugins/endpoints.rb +10 -0
- data/lib/aws-sdk-detective/types.rb +708 -0
- data/lib/aws-sdk-detective.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 315002ece1abd3d855b0dd92ff42c3ccee11c5a2bb8f11c95c87fe826317f474
|
4
|
+
data.tar.gz: d6e0428c233ec52557442cb8c1f14cacbfcb177a310f6f0f434452d40d1f2b5e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d8d5d194ac12639c977873383f7c989361ac9870bc733b77d247a8f9f7a50ad8edf5d85306fd0aef13d3f3a0f01fc7d62415468022d77799419d104ba608297c
|
7
|
+
data.tar.gz: 5c68470f2041ab132427e78c1f3d30f142f10b94fb296b9c0c1d405e997f1188fe39709067d444e9c198f9b832810360e454e69f20ac1cf30de727a9d8e6f8c9
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.43.0 (2023-11-27)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Added new APIs in Detective to support resource investigations
|
8
|
+
|
9
|
+
1.42.0 (2023-11-22)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
4
14
|
1.41.0 (2023-09-27)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.43.0
|
@@ -877,6 +877,57 @@ module Aws::Detective
|
|
877
877
|
req.send_request(options)
|
878
878
|
end
|
879
879
|
|
880
|
+
# Returns the investigation results of an investigation for a behavior
|
881
|
+
# graph.
|
882
|
+
#
|
883
|
+
# @option params [required, String] :graph_arn
|
884
|
+
# The ARN of the behavior graph.
|
885
|
+
#
|
886
|
+
# @option params [required, String] :investigation_id
|
887
|
+
# The investigation ID of the investigation report.
|
888
|
+
#
|
889
|
+
# @return [Types::GetInvestigationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
890
|
+
#
|
891
|
+
# * {Types::GetInvestigationResponse#graph_arn #graph_arn} => String
|
892
|
+
# * {Types::GetInvestigationResponse#investigation_id #investigation_id} => String
|
893
|
+
# * {Types::GetInvestigationResponse#entity_arn #entity_arn} => String
|
894
|
+
# * {Types::GetInvestigationResponse#entity_type #entity_type} => String
|
895
|
+
# * {Types::GetInvestigationResponse#created_time #created_time} => Time
|
896
|
+
# * {Types::GetInvestigationResponse#scope_start_time #scope_start_time} => Time
|
897
|
+
# * {Types::GetInvestigationResponse#scope_end_time #scope_end_time} => Time
|
898
|
+
# * {Types::GetInvestigationResponse#status #status} => String
|
899
|
+
# * {Types::GetInvestigationResponse#severity #severity} => String
|
900
|
+
# * {Types::GetInvestigationResponse#state #state} => String
|
901
|
+
#
|
902
|
+
# @example Request syntax with placeholder values
|
903
|
+
#
|
904
|
+
# resp = client.get_investigation({
|
905
|
+
# graph_arn: "GraphArn", # required
|
906
|
+
# investigation_id: "InvestigationId", # required
|
907
|
+
# })
|
908
|
+
#
|
909
|
+
# @example Response structure
|
910
|
+
#
|
911
|
+
# resp.graph_arn #=> String
|
912
|
+
# resp.investigation_id #=> String
|
913
|
+
# resp.entity_arn #=> String
|
914
|
+
# resp.entity_type #=> String, one of "IAM_ROLE", "IAM_USER"
|
915
|
+
# resp.created_time #=> Time
|
916
|
+
# resp.scope_start_time #=> Time
|
917
|
+
# resp.scope_end_time #=> Time
|
918
|
+
# resp.status #=> String, one of "RUNNING", "FAILED", "SUCCESSFUL"
|
919
|
+
# resp.severity #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
|
920
|
+
# resp.state #=> String, one of "ACTIVE", "ARCHIVED"
|
921
|
+
#
|
922
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/GetInvestigation AWS API Documentation
|
923
|
+
#
|
924
|
+
# @overload get_investigation(params = {})
|
925
|
+
# @param [Hash] params ({})
|
926
|
+
def get_investigation(params = {}, options = {})
|
927
|
+
req = build_request(:get_investigation, params)
|
928
|
+
req.send_request(options)
|
929
|
+
end
|
930
|
+
|
880
931
|
# Returns the membership details for specified member accounts for a
|
881
932
|
# behavior graph.
|
882
933
|
#
|
@@ -1031,6 +1082,171 @@ module Aws::Detective
|
|
1031
1082
|
req.send_request(options)
|
1032
1083
|
end
|
1033
1084
|
|
1085
|
+
# Get the indicators from an investigation
|
1086
|
+
#
|
1087
|
+
# @option params [required, String] :graph_arn
|
1088
|
+
# The ARN of the behavior graph.
|
1089
|
+
#
|
1090
|
+
# @option params [required, String] :investigation_id
|
1091
|
+
# The investigation ID of the investigation report.
|
1092
|
+
#
|
1093
|
+
# @option params [String] :indicator_type
|
1094
|
+
# See [Detective investigations.][1].
|
1095
|
+
#
|
1096
|
+
#
|
1097
|
+
#
|
1098
|
+
# [1]: https://docs.aws.amazon.com/detective/latest/userguide/detective-investigations.html
|
1099
|
+
#
|
1100
|
+
# @option params [String] :next_token
|
1101
|
+
# List if there are more results available. The value of nextToken is a
|
1102
|
+
# unique pagination token for each page. Repeat the call using the
|
1103
|
+
# returned token to retrieve the next page. Keep all other arguments
|
1104
|
+
# unchanged.
|
1105
|
+
#
|
1106
|
+
# Each pagination token expires after 24 hours. Using an expired
|
1107
|
+
# pagination token will return a Validation Exception error.
|
1108
|
+
#
|
1109
|
+
# @option params [Integer] :max_results
|
1110
|
+
# List the maximum number of indicators in a page.
|
1111
|
+
#
|
1112
|
+
# @return [Types::ListIndicatorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1113
|
+
#
|
1114
|
+
# * {Types::ListIndicatorsResponse#graph_arn #graph_arn} => String
|
1115
|
+
# * {Types::ListIndicatorsResponse#investigation_id #investigation_id} => String
|
1116
|
+
# * {Types::ListIndicatorsResponse#next_token #next_token} => String
|
1117
|
+
# * {Types::ListIndicatorsResponse#indicators #indicators} => Array<Types::Indicator>
|
1118
|
+
#
|
1119
|
+
# @example Request syntax with placeholder values
|
1120
|
+
#
|
1121
|
+
# resp = client.list_indicators({
|
1122
|
+
# graph_arn: "GraphArn", # required
|
1123
|
+
# investigation_id: "InvestigationId", # required
|
1124
|
+
# indicator_type: "TTP_OBSERVED", # accepts TTP_OBSERVED, IMPOSSIBLE_TRAVEL, FLAGGED_IP_ADDRESS, NEW_GEOLOCATION, NEW_ASO, NEW_USER_AGENT, RELATED_FINDING, RELATED_FINDING_GROUP
|
1125
|
+
# next_token: "AiPaginationToken",
|
1126
|
+
# max_results: 1,
|
1127
|
+
# })
|
1128
|
+
#
|
1129
|
+
# @example Response structure
|
1130
|
+
#
|
1131
|
+
# resp.graph_arn #=> String
|
1132
|
+
# resp.investigation_id #=> String
|
1133
|
+
# resp.next_token #=> String
|
1134
|
+
# resp.indicators #=> Array
|
1135
|
+
# resp.indicators[0].indicator_type #=> String, one of "TTP_OBSERVED", "IMPOSSIBLE_TRAVEL", "FLAGGED_IP_ADDRESS", "NEW_GEOLOCATION", "NEW_ASO", "NEW_USER_AGENT", "RELATED_FINDING", "RELATED_FINDING_GROUP"
|
1136
|
+
# resp.indicators[0].indicator_detail.tt_ps_observed_detail.tactic #=> String
|
1137
|
+
# resp.indicators[0].indicator_detail.tt_ps_observed_detail.technique #=> String
|
1138
|
+
# resp.indicators[0].indicator_detail.tt_ps_observed_detail.procedure #=> String
|
1139
|
+
# resp.indicators[0].indicator_detail.tt_ps_observed_detail.ip_address #=> String
|
1140
|
+
# resp.indicators[0].indicator_detail.tt_ps_observed_detail.api_name #=> String
|
1141
|
+
# resp.indicators[0].indicator_detail.tt_ps_observed_detail.api_success_count #=> Integer
|
1142
|
+
# resp.indicators[0].indicator_detail.tt_ps_observed_detail.api_failure_count #=> Integer
|
1143
|
+
# resp.indicators[0].indicator_detail.impossible_travel_detail.starting_ip_address #=> String
|
1144
|
+
# resp.indicators[0].indicator_detail.impossible_travel_detail.ending_ip_address #=> String
|
1145
|
+
# resp.indicators[0].indicator_detail.impossible_travel_detail.starting_location #=> String
|
1146
|
+
# resp.indicators[0].indicator_detail.impossible_travel_detail.ending_location #=> String
|
1147
|
+
# resp.indicators[0].indicator_detail.impossible_travel_detail.hourly_time_delta #=> Integer
|
1148
|
+
# resp.indicators[0].indicator_detail.flagged_ip_address_detail.ip_address #=> String
|
1149
|
+
# resp.indicators[0].indicator_detail.flagged_ip_address_detail.reason #=> String, one of "AWS_THREAT_INTELLIGENCE"
|
1150
|
+
# resp.indicators[0].indicator_detail.new_geolocation_detail.location #=> String
|
1151
|
+
# resp.indicators[0].indicator_detail.new_geolocation_detail.ip_address #=> String
|
1152
|
+
# resp.indicators[0].indicator_detail.new_geolocation_detail.is_new_for_entire_account #=> Boolean
|
1153
|
+
# resp.indicators[0].indicator_detail.new_aso_detail.aso #=> String
|
1154
|
+
# resp.indicators[0].indicator_detail.new_aso_detail.is_new_for_entire_account #=> Boolean
|
1155
|
+
# resp.indicators[0].indicator_detail.new_user_agent_detail.user_agent #=> String
|
1156
|
+
# resp.indicators[0].indicator_detail.new_user_agent_detail.is_new_for_entire_account #=> Boolean
|
1157
|
+
# resp.indicators[0].indicator_detail.related_finding_detail.arn #=> String
|
1158
|
+
# resp.indicators[0].indicator_detail.related_finding_detail.type #=> String
|
1159
|
+
# resp.indicators[0].indicator_detail.related_finding_detail.ip_address #=> String
|
1160
|
+
# resp.indicators[0].indicator_detail.related_finding_group_detail.id #=> String
|
1161
|
+
#
|
1162
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListIndicators AWS API Documentation
|
1163
|
+
#
|
1164
|
+
# @overload list_indicators(params = {})
|
1165
|
+
# @param [Hash] params ({})
|
1166
|
+
def list_indicators(params = {}, options = {})
|
1167
|
+
req = build_request(:list_indicators, params)
|
1168
|
+
req.send_request(options)
|
1169
|
+
end
|
1170
|
+
|
1171
|
+
# List all Investigations.
|
1172
|
+
#
|
1173
|
+
# @option params [required, String] :graph_arn
|
1174
|
+
# The ARN of the behavior graph.
|
1175
|
+
#
|
1176
|
+
# @option params [String] :next_token
|
1177
|
+
# List if there are more results available. The value of nextToken is a
|
1178
|
+
# unique pagination token for each page. Repeat the call using the
|
1179
|
+
# returned token to retrieve the next page. Keep all other arguments
|
1180
|
+
# unchanged.
|
1181
|
+
#
|
1182
|
+
# Each pagination token expires after 24 hours. Using an expired
|
1183
|
+
# pagination token will return a Validation Exception error.
|
1184
|
+
#
|
1185
|
+
# @option params [Integer] :max_results
|
1186
|
+
# List the maximum number of investigations in a page.
|
1187
|
+
#
|
1188
|
+
# @option params [Types::FilterCriteria] :filter_criteria
|
1189
|
+
# Filter the investigation results based on a criteria.
|
1190
|
+
#
|
1191
|
+
# @option params [Types::SortCriteria] :sort_criteria
|
1192
|
+
# Sorts the investigation results based on a criteria.
|
1193
|
+
#
|
1194
|
+
# @return [Types::ListInvestigationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1195
|
+
#
|
1196
|
+
# * {Types::ListInvestigationsResponse#investigation_details #investigation_details} => Array<Types::InvestigationDetail>
|
1197
|
+
# * {Types::ListInvestigationsResponse#next_token #next_token} => String
|
1198
|
+
#
|
1199
|
+
# @example Request syntax with placeholder values
|
1200
|
+
#
|
1201
|
+
# resp = client.list_investigations({
|
1202
|
+
# graph_arn: "GraphArn", # required
|
1203
|
+
# next_token: "AiPaginationToken",
|
1204
|
+
# max_results: 1,
|
1205
|
+
# filter_criteria: {
|
1206
|
+
# severity: {
|
1207
|
+
# value: "Value", # required
|
1208
|
+
# },
|
1209
|
+
# status: {
|
1210
|
+
# value: "Value", # required
|
1211
|
+
# },
|
1212
|
+
# state: {
|
1213
|
+
# value: "Value", # required
|
1214
|
+
# },
|
1215
|
+
# entity_arn: {
|
1216
|
+
# value: "Value", # required
|
1217
|
+
# },
|
1218
|
+
# created_time: {
|
1219
|
+
# start_inclusive: Time.now, # required
|
1220
|
+
# end_inclusive: Time.now, # required
|
1221
|
+
# },
|
1222
|
+
# },
|
1223
|
+
# sort_criteria: {
|
1224
|
+
# field: "SEVERITY", # accepts SEVERITY, STATUS, CREATED_TIME
|
1225
|
+
# sort_order: "ASC", # accepts ASC, DESC
|
1226
|
+
# },
|
1227
|
+
# })
|
1228
|
+
#
|
1229
|
+
# @example Response structure
|
1230
|
+
#
|
1231
|
+
# resp.investigation_details #=> Array
|
1232
|
+
# resp.investigation_details[0].investigation_id #=> String
|
1233
|
+
# resp.investigation_details[0].severity #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
|
1234
|
+
# resp.investigation_details[0].status #=> String, one of "RUNNING", "FAILED", "SUCCESSFUL"
|
1235
|
+
# resp.investigation_details[0].state #=> String, one of "ACTIVE", "ARCHIVED"
|
1236
|
+
# resp.investigation_details[0].created_time #=> Time
|
1237
|
+
# resp.investigation_details[0].entity_arn #=> String
|
1238
|
+
# resp.investigation_details[0].entity_type #=> String, one of "IAM_ROLE", "IAM_USER"
|
1239
|
+
# resp.next_token #=> String
|
1240
|
+
#
|
1241
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListInvestigations AWS API Documentation
|
1242
|
+
#
|
1243
|
+
# @overload list_investigations(params = {})
|
1244
|
+
# @param [Hash] params ({})
|
1245
|
+
def list_investigations(params = {}, options = {})
|
1246
|
+
req = build_request(:list_investigations, params)
|
1247
|
+
req.send_request(options)
|
1248
|
+
end
|
1249
|
+
|
1034
1250
|
# Retrieves the list of open and accepted behavior graph invitations for
|
1035
1251
|
# the member account. This operation can only be called by an invited
|
1036
1252
|
# member account.
|
@@ -1274,6 +1490,48 @@ module Aws::Detective
|
|
1274
1490
|
req.send_request(options)
|
1275
1491
|
end
|
1276
1492
|
|
1493
|
+
# initiate an investigation on an entity in a graph
|
1494
|
+
#
|
1495
|
+
# @option params [required, String] :graph_arn
|
1496
|
+
# The ARN of the behavior graph.
|
1497
|
+
#
|
1498
|
+
# @option params [required, String] :entity_arn
|
1499
|
+
# The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
|
1500
|
+
#
|
1501
|
+
# @option params [required, Time,DateTime,Date,Integer,String] :scope_start_time
|
1502
|
+
# The data and time when the investigation began. The value is an UTC
|
1503
|
+
# ISO8601 formatted string. For example, `2021-08-18T16:35:56.284Z`.
|
1504
|
+
#
|
1505
|
+
# @option params [required, Time,DateTime,Date,Integer,String] :scope_end_time
|
1506
|
+
# The data and time when the investigation began. The value is an UTC
|
1507
|
+
# ISO8601 formatted string. For example, `2021-08-18T16:35:56.284Z`.
|
1508
|
+
#
|
1509
|
+
# @return [Types::StartInvestigationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1510
|
+
#
|
1511
|
+
# * {Types::StartInvestigationResponse#investigation_id #investigation_id} => String
|
1512
|
+
#
|
1513
|
+
# @example Request syntax with placeholder values
|
1514
|
+
#
|
1515
|
+
# resp = client.start_investigation({
|
1516
|
+
# graph_arn: "GraphArn", # required
|
1517
|
+
# entity_arn: "EntityArn", # required
|
1518
|
+
# scope_start_time: Time.now, # required
|
1519
|
+
# scope_end_time: Time.now, # required
|
1520
|
+
# })
|
1521
|
+
#
|
1522
|
+
# @example Response structure
|
1523
|
+
#
|
1524
|
+
# resp.investigation_id #=> String
|
1525
|
+
#
|
1526
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/StartInvestigation AWS API Documentation
|
1527
|
+
#
|
1528
|
+
# @overload start_investigation(params = {})
|
1529
|
+
# @param [Hash] params ({})
|
1530
|
+
def start_investigation(params = {}, options = {})
|
1531
|
+
req = build_request(:start_investigation, params)
|
1532
|
+
req.send_request(options)
|
1533
|
+
end
|
1534
|
+
|
1277
1535
|
# Sends a request to enable data ingest for a member account that has a
|
1278
1536
|
# status of `ACCEPTED_BUT_DISABLED`.
|
1279
1537
|
#
|
@@ -1396,6 +1654,37 @@ module Aws::Detective
|
|
1396
1654
|
req.send_request(options)
|
1397
1655
|
end
|
1398
1656
|
|
1657
|
+
# Update the state of an investigation.
|
1658
|
+
#
|
1659
|
+
# @option params [required, String] :graph_arn
|
1660
|
+
# The ARN of the behavior graph.
|
1661
|
+
#
|
1662
|
+
# @option params [required, String] :investigation_id
|
1663
|
+
# The investigation ID of the investigation report.
|
1664
|
+
#
|
1665
|
+
# @option params [required, String] :state
|
1666
|
+
# The current state of the investigation. An archived investigation
|
1667
|
+
# indicates you have completed reviewing the investigation.
|
1668
|
+
#
|
1669
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1670
|
+
#
|
1671
|
+
# @example Request syntax with placeholder values
|
1672
|
+
#
|
1673
|
+
# resp = client.update_investigation_state({
|
1674
|
+
# graph_arn: "GraphArn", # required
|
1675
|
+
# investigation_id: "InvestigationId", # required
|
1676
|
+
# state: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
1677
|
+
# })
|
1678
|
+
#
|
1679
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateInvestigationState AWS API Documentation
|
1680
|
+
#
|
1681
|
+
# @overload update_investigation_state(params = {})
|
1682
|
+
# @param [Hash] params ({})
|
1683
|
+
def update_investigation_state(params = {}, options = {})
|
1684
|
+
req = build_request(:update_investigation_state, params)
|
1685
|
+
req.send_request(options)
|
1686
|
+
end
|
1687
|
+
|
1399
1688
|
# Updates the configuration for the Organizations integration in the
|
1400
1689
|
# current Region. Can only be called by the Detective administrator
|
1401
1690
|
# account for the organization.
|
@@ -1438,7 +1727,7 @@ module Aws::Detective
|
|
1438
1727
|
params: params,
|
1439
1728
|
config: config)
|
1440
1729
|
context[:gem_name] = 'aws-sdk-detective'
|
1441
|
-
context[:gem_version] = '1.
|
1730
|
+
context[:gem_version] = '1.43.0'
|
1442
1731
|
Seahorse::Client::Request.new(handlers, context)
|
1443
1732
|
end
|
1444
1733
|
|