aws-sdk-detective 1.42.0 → 1.43.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7845c434d8baa63dfa7b8805cd24333c1d59b454ca15129ec7f7751414b414e8
-  data.tar.gz: 4257f8b3f03f5199f6fdfdf180803ee130f59608c102ae815286d1fa27e1cf3d
+  metadata.gz: 315002ece1abd3d855b0dd92ff42c3ccee11c5a2bb8f11c95c87fe826317f474
+  data.tar.gz: d6e0428c233ec52557442cb8c1f14cacbfcb177a310f6f0f434452d40d1f2b5e
 SHA512:
-  metadata.gz: 35a2d965e048fb3838d8c6a6b7fc16dee919c29ba07e3a457943d173228b3965e51e7d9c55ea8945ba02daae8d91cf8ed1f2aa54964647fbb800d1847022f5b6
-  data.tar.gz: 77fce78474f94fe3cb95aa080961e9bb3a58997219b8b77147c3b3a846365795fe5b7bae57844d060b284e8b6e6b2f7cfe76a96c98dbcf8915a2e3c0585c0719
+  metadata.gz: d8d5d194ac12639c977873383f7c989361ac9870bc733b77d247a8f9f7a50ad8edf5d85306fd0aef13d3f3a0f01fc7d62415468022d77799419d104ba608297c
+  data.tar.gz: 5c68470f2041ab132427e78c1f3d30f142f10b94fb296b9c0c1d405e997f1188fe39709067d444e9c198f9b832810360e454e69f20ac1cf30de727a9d8e6f8c9

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.43.0 (2023-11-27)
+------------------
+
+* Feature - Added new APIs in Detective to support resource investigations
+
 1.42.0 (2023-11-22)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.42.0
+1.43.0

data/lib/aws-sdk-detective/client.rb

@@ -877,6 +877,57 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Returns the investigation results of an investigation for a behavior
+    # graph.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the behavior graph.
+    #
+    # @option params [required, String] :investigation_id
+    #   The investigation ID of the investigation report.
+    #
+    # @return [Types::GetInvestigationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetInvestigationResponse#graph_arn #graph_arn} => String
+    #   * {Types::GetInvestigationResponse#investigation_id #investigation_id} => String
+    #   * {Types::GetInvestigationResponse#entity_arn #entity_arn} => String
+    #   * {Types::GetInvestigationResponse#entity_type #entity_type} => String
+    #   * {Types::GetInvestigationResponse#created_time #created_time} => Time
+    #   * {Types::GetInvestigationResponse#scope_start_time #scope_start_time} => Time
+    #   * {Types::GetInvestigationResponse#scope_end_time #scope_end_time} => Time
+    #   * {Types::GetInvestigationResponse#status #status} => String
+    #   * {Types::GetInvestigationResponse#severity #severity} => String
+    #   * {Types::GetInvestigationResponse#state #state} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_investigation({
+    #     graph_arn: "GraphArn", # required
+    #     investigation_id: "InvestigationId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.graph_arn #=> String
+    #   resp.investigation_id #=> String
+    #   resp.entity_arn #=> String
+    #   resp.entity_type #=> String, one of "IAM_ROLE", "IAM_USER"
+    #   resp.created_time #=> Time
+    #   resp.scope_start_time #=> Time
+    #   resp.scope_end_time #=> Time
+    #   resp.status #=> String, one of "RUNNING", "FAILED", "SUCCESSFUL"
+    #   resp.severity #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
+    #   resp.state #=> String, one of "ACTIVE", "ARCHIVED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/GetInvestigation AWS API Documentation
+    #
+    # @overload get_investigation(params = {})
+    # @param [Hash] params ({})
+    def get_investigation(params = {}, options = {})
+      req = build_request(:get_investigation, params)
+      req.send_request(options)
+    end
+
     # Returns the membership details for specified member accounts for a
     # behavior graph.
     #
@@ -1031,6 +1082,171 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Get the indicators from an investigation
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the behavior graph.
+    #
+    # @option params [required, String] :investigation_id
+    #   The investigation ID of the investigation report.
+    #
+    # @option params [String] :indicator_type
+    #   See [Detective investigations.][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/detective/latest/userguide/detective-investigations.html
+    #
+    # @option params [String] :next_token
+    #   List if there are more results available. The value of nextToken is a
+    #   unique pagination token for each page. Repeat the call using the
+    #   returned token to retrieve the next page. Keep all other arguments
+    #   unchanged.
+    #
+    #   Each pagination token expires after 24 hours. Using an expired
+    #   pagination token will return a Validation Exception error.
+    #
+    # @option params [Integer] :max_results
+    #   List the maximum number of indicators in a page.
+    #
+    # @return [Types::ListIndicatorsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListIndicatorsResponse#graph_arn #graph_arn} => String
+    #   * {Types::ListIndicatorsResponse#investigation_id #investigation_id} => String
+    #   * {Types::ListIndicatorsResponse#next_token #next_token} => String
+    #   * {Types::ListIndicatorsResponse#indicators #indicators} => Array<Types::Indicator>
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_indicators({
+    #     graph_arn: "GraphArn", # required
+    #     investigation_id: "InvestigationId", # required
+    #     indicator_type: "TTP_OBSERVED", # accepts TTP_OBSERVED, IMPOSSIBLE_TRAVEL, FLAGGED_IP_ADDRESS, NEW_GEOLOCATION, NEW_ASO, NEW_USER_AGENT, RELATED_FINDING, RELATED_FINDING_GROUP
+    #     next_token: "AiPaginationToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.graph_arn #=> String
+    #   resp.investigation_id #=> String
+    #   resp.next_token #=> String
+    #   resp.indicators #=> Array
+    #   resp.indicators[0].indicator_type #=> String, one of "TTP_OBSERVED", "IMPOSSIBLE_TRAVEL", "FLAGGED_IP_ADDRESS", "NEW_GEOLOCATION", "NEW_ASO", "NEW_USER_AGENT", "RELATED_FINDING", "RELATED_FINDING_GROUP"
+    #   resp.indicators[0].indicator_detail.tt_ps_observed_detail.tactic #=> String
+    #   resp.indicators[0].indicator_detail.tt_ps_observed_detail.technique #=> String
+    #   resp.indicators[0].indicator_detail.tt_ps_observed_detail.procedure #=> String
+    #   resp.indicators[0].indicator_detail.tt_ps_observed_detail.ip_address #=> String
+    #   resp.indicators[0].indicator_detail.tt_ps_observed_detail.api_name #=> String
+    #   resp.indicators[0].indicator_detail.tt_ps_observed_detail.api_success_count #=> Integer
+    #   resp.indicators[0].indicator_detail.tt_ps_observed_detail.api_failure_count #=> Integer
+    #   resp.indicators[0].indicator_detail.impossible_travel_detail.starting_ip_address #=> String
+    #   resp.indicators[0].indicator_detail.impossible_travel_detail.ending_ip_address #=> String
+    #   resp.indicators[0].indicator_detail.impossible_travel_detail.starting_location #=> String
+    #   resp.indicators[0].indicator_detail.impossible_travel_detail.ending_location #=> String
+    #   resp.indicators[0].indicator_detail.impossible_travel_detail.hourly_time_delta #=> Integer
+    #   resp.indicators[0].indicator_detail.flagged_ip_address_detail.ip_address #=> String
+    #   resp.indicators[0].indicator_detail.flagged_ip_address_detail.reason #=> String, one of "AWS_THREAT_INTELLIGENCE"
+    #   resp.indicators[0].indicator_detail.new_geolocation_detail.location #=> String
+    #   resp.indicators[0].indicator_detail.new_geolocation_detail.ip_address #=> String
+    #   resp.indicators[0].indicator_detail.new_geolocation_detail.is_new_for_entire_account #=> Boolean
+    #   resp.indicators[0].indicator_detail.new_aso_detail.aso #=> String
+    #   resp.indicators[0].indicator_detail.new_aso_detail.is_new_for_entire_account #=> Boolean
+    #   resp.indicators[0].indicator_detail.new_user_agent_detail.user_agent #=> String
+    #   resp.indicators[0].indicator_detail.new_user_agent_detail.is_new_for_entire_account #=> Boolean
+    #   resp.indicators[0].indicator_detail.related_finding_detail.arn #=> String
+    #   resp.indicators[0].indicator_detail.related_finding_detail.type #=> String
+    #   resp.indicators[0].indicator_detail.related_finding_detail.ip_address #=> String
+    #   resp.indicators[0].indicator_detail.related_finding_group_detail.id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListIndicators AWS API Documentation
+    #
+    # @overload list_indicators(params = {})
+    # @param [Hash] params ({})
+    def list_indicators(params = {}, options = {})
+      req = build_request(:list_indicators, params)
+      req.send_request(options)
+    end
+
+    # List all Investigations.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the behavior graph.
+    #
+    # @option params [String] :next_token
+    #   List if there are more results available. The value of nextToken is a
+    #   unique pagination token for each page. Repeat the call using the
+    #   returned token to retrieve the next page. Keep all other arguments
+    #   unchanged.
+    #
+    #   Each pagination token expires after 24 hours. Using an expired
+    #   pagination token will return a Validation Exception error.
+    #
+    # @option params [Integer] :max_results
+    #   List the maximum number of investigations in a page.
+    #
+    # @option params [Types::FilterCriteria] :filter_criteria
+    #   Filter the investigation results based on a criteria.
+    #
+    # @option params [Types::SortCriteria] :sort_criteria
+    #   Sorts the investigation results based on a criteria.
+    #
+    # @return [Types::ListInvestigationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListInvestigationsResponse#investigation_details #investigation_details} => Array<Types::InvestigationDetail>
+    #   * {Types::ListInvestigationsResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_investigations({
+    #     graph_arn: "GraphArn", # required
+    #     next_token: "AiPaginationToken",
+    #     max_results: 1,
+    #     filter_criteria: {
+    #       severity: {
+    #         value: "Value", # required
+    #       },
+    #       status: {
+    #         value: "Value", # required
+    #       },
+    #       state: {
+    #         value: "Value", # required
+    #       },
+    #       entity_arn: {
+    #         value: "Value", # required
+    #       },
+    #       created_time: {
+    #         start_inclusive: Time.now, # required
+    #         end_inclusive: Time.now, # required
+    #       },
+    #     },
+    #     sort_criteria: {
+    #       field: "SEVERITY", # accepts SEVERITY, STATUS, CREATED_TIME
+    #       sort_order: "ASC", # accepts ASC, DESC
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.investigation_details #=> Array
+    #   resp.investigation_details[0].investigation_id #=> String
+    #   resp.investigation_details[0].severity #=> String, one of "INFORMATIONAL", "LOW", "MEDIUM", "HIGH", "CRITICAL"
+    #   resp.investigation_details[0].status #=> String, one of "RUNNING", "FAILED", "SUCCESSFUL"
+    #   resp.investigation_details[0].state #=> String, one of "ACTIVE", "ARCHIVED"
+    #   resp.investigation_details[0].created_time #=> Time
+    #   resp.investigation_details[0].entity_arn #=> String
+    #   resp.investigation_details[0].entity_type #=> String, one of "IAM_ROLE", "IAM_USER"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListInvestigations AWS API Documentation
+    #
+    # @overload list_investigations(params = {})
+    # @param [Hash] params ({})
+    def list_investigations(params = {}, options = {})
+      req = build_request(:list_investigations, params)
+      req.send_request(options)
+    end
+
     # Retrieves the list of open and accepted behavior graph invitations for
     # the member account. This operation can only be called by an invited
     # member account.
@@ -1274,6 +1490,48 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # initiate an investigation on an entity in a graph
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the behavior graph.
+    #
+    # @option params [required, String] :entity_arn
+    #   The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
+    #
+    # @option params [required, Time,DateTime,Date,Integer,String] :scope_start_time
+    #   The data and time when the investigation began. The value is an UTC
+    #   ISO8601 formatted string. For example, `2021-08-18T16:35:56.284Z`.
+    #
+    # @option params [required, Time,DateTime,Date,Integer,String] :scope_end_time
+    #   The data and time when the investigation began. The value is an UTC
+    #   ISO8601 formatted string. For example, `2021-08-18T16:35:56.284Z`.
+    #
+    # @return [Types::StartInvestigationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartInvestigationResponse#investigation_id #investigation_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_investigation({
+    #     graph_arn: "GraphArn", # required
+    #     entity_arn: "EntityArn", # required
+    #     scope_start_time: Time.now, # required
+    #     scope_end_time: Time.now, # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.investigation_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/StartInvestigation AWS API Documentation
+    #
+    # @overload start_investigation(params = {})
+    # @param [Hash] params ({})
+    def start_investigation(params = {}, options = {})
+      req = build_request(:start_investigation, params)
+      req.send_request(options)
+    end
+
     # Sends a request to enable data ingest for a member account that has a
     # status of `ACCEPTED_BUT_DISABLED`.
     #
@@ -1396,6 +1654,37 @@ module Aws::Detective
       req.send_request(options)
     end
 
+    # Update the state of an investigation.
+    #
+    # @option params [required, String] :graph_arn
+    #   The ARN of the behavior graph.
+    #
+    # @option params [required, String] :investigation_id
+    #   The investigation ID of the investigation report.
+    #
+    # @option params [required, String] :state
+    #   The current state of the investigation. An archived investigation
+    #   indicates you have completed reviewing the investigation.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_investigation_state({
+    #     graph_arn: "GraphArn", # required
+    #     investigation_id: "InvestigationId", # required
+    #     state: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateInvestigationState AWS API Documentation
+    #
+    # @overload update_investigation_state(params = {})
+    # @param [Hash] params ({})
+    def update_investigation_state(params = {}, options = {})
+      req = build_request(:update_investigation_state, params)
+      req.send_request(options)
+    end
+
     # Updates the configuration for the Organizations integration in the
     # current Region. Can only be called by the Detective administrator
     # account for the organization.
@@ -1438,7 +1727,7 @@ module Aws::Detective
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-detective'
-      context[:gem_version] = '1.42.0'
+      context[:gem_version] = '1.43.0'
       Seahorse::Client::Request.new(handlers, context)
     end