aws-sdk-detective 1.42.0 → 1.43.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-detective/client.rb +290 -1
- data/lib/aws-sdk-detective/client_api.rb +258 -0
- data/lib/aws-sdk-detective/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-detective/endpoints.rb +70 -0
- data/lib/aws-sdk-detective/plugins/endpoints.rb +10 -0
- data/lib/aws-sdk-detective/types.rb +708 -0
- data/lib/aws-sdk-detective.rb +1 -1
- metadata +2 -2
@@ -323,6 +323,27 @@ module Aws::Detective
|
|
323
323
|
include Aws::Structure
|
324
324
|
end
|
325
325
|
|
326
|
+
# Contains details on the time range used to filter data.
|
327
|
+
#
|
328
|
+
# @!attribute [rw] start_inclusive
|
329
|
+
# A timestamp representing the start of the time period from when data
|
330
|
+
# is filtered, including the start date.
|
331
|
+
# @return [Time]
|
332
|
+
#
|
333
|
+
# @!attribute [rw] end_inclusive
|
334
|
+
# A timestamp representing the end date of the time period until when
|
335
|
+
# data is filtered , including the end date.
|
336
|
+
# @return [Time]
|
337
|
+
#
|
338
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/DateFilter AWS API Documentation
|
339
|
+
#
|
340
|
+
class DateFilter < Struct.new(
|
341
|
+
:start_inclusive,
|
342
|
+
:end_inclusive)
|
343
|
+
SENSITIVE = []
|
344
|
+
include Aws::Structure
|
345
|
+
end
|
346
|
+
|
326
347
|
# @!attribute [rw] graph_arn
|
327
348
|
# The ARN of the behavior graph to disable.
|
328
349
|
# @return [String]
|
@@ -429,6 +450,143 @@ module Aws::Detective
|
|
429
450
|
include Aws::Structure
|
430
451
|
end
|
431
452
|
|
453
|
+
# Details on the criteria used to define the filter for investigation
|
454
|
+
# results.
|
455
|
+
#
|
456
|
+
# @!attribute [rw] severity
|
457
|
+
# Filter the investigation results based on the severity.
|
458
|
+
# @return [Types::StringFilter]
|
459
|
+
#
|
460
|
+
# @!attribute [rw] status
|
461
|
+
# Filter the investigation results based on the status.
|
462
|
+
# @return [Types::StringFilter]
|
463
|
+
#
|
464
|
+
# @!attribute [rw] state
|
465
|
+
# Filter the investigation results based on the state.
|
466
|
+
# @return [Types::StringFilter]
|
467
|
+
#
|
468
|
+
# @!attribute [rw] entity_arn
|
469
|
+
# Filter the investigation results based on the Amazon Resource Name
|
470
|
+
# (ARN) of the entity.
|
471
|
+
# @return [Types::StringFilter]
|
472
|
+
#
|
473
|
+
# @!attribute [rw] created_time
|
474
|
+
# Filter the investigation results based on when the investigation was
|
475
|
+
# created.
|
476
|
+
# @return [Types::DateFilter]
|
477
|
+
#
|
478
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/FilterCriteria AWS API Documentation
|
479
|
+
#
|
480
|
+
class FilterCriteria < Struct.new(
|
481
|
+
:severity,
|
482
|
+
:status,
|
483
|
+
:state,
|
484
|
+
:entity_arn,
|
485
|
+
:created_time)
|
486
|
+
SENSITIVE = []
|
487
|
+
include Aws::Structure
|
488
|
+
end
|
489
|
+
|
490
|
+
# Contains information on suspicious IP addresses identified as
|
491
|
+
# indicators of compromise. This indicator is derived from Amazon Web
|
492
|
+
# Services threat intelligence.
|
493
|
+
#
|
494
|
+
# @!attribute [rw] ip_address
|
495
|
+
# IP address of the suspicious entity.
|
496
|
+
# @return [String]
|
497
|
+
#
|
498
|
+
# @!attribute [rw] reason
|
499
|
+
# Details the reason the IP address was flagged as suspicious.
|
500
|
+
# @return [String]
|
501
|
+
#
|
502
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/FlaggedIpAddressDetail AWS API Documentation
|
503
|
+
#
|
504
|
+
class FlaggedIpAddressDetail < Struct.new(
|
505
|
+
:ip_address,
|
506
|
+
:reason)
|
507
|
+
SENSITIVE = []
|
508
|
+
include Aws::Structure
|
509
|
+
end
|
510
|
+
|
511
|
+
# @!attribute [rw] graph_arn
|
512
|
+
# The ARN of the behavior graph.
|
513
|
+
# @return [String]
|
514
|
+
#
|
515
|
+
# @!attribute [rw] investigation_id
|
516
|
+
# The investigation ID of the investigation report.
|
517
|
+
# @return [String]
|
518
|
+
#
|
519
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/GetInvestigationRequest AWS API Documentation
|
520
|
+
#
|
521
|
+
class GetInvestigationRequest < Struct.new(
|
522
|
+
:graph_arn,
|
523
|
+
:investigation_id)
|
524
|
+
SENSITIVE = []
|
525
|
+
include Aws::Structure
|
526
|
+
end
|
527
|
+
|
528
|
+
# @!attribute [rw] graph_arn
|
529
|
+
# The ARN of the behavior graph.
|
530
|
+
# @return [String]
|
531
|
+
#
|
532
|
+
# @!attribute [rw] investigation_id
|
533
|
+
# The investigation ID of the investigation report.
|
534
|
+
# @return [String]
|
535
|
+
#
|
536
|
+
# @!attribute [rw] entity_arn
|
537
|
+
# The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
|
538
|
+
# @return [String]
|
539
|
+
#
|
540
|
+
# @!attribute [rw] entity_type
|
541
|
+
# Type of entity. For example, Amazon Web Services accounts, such as
|
542
|
+
# IAM user and role.
|
543
|
+
# @return [String]
|
544
|
+
#
|
545
|
+
# @!attribute [rw] created_time
|
546
|
+
# The UTC time stamp of the creation time of the investigation report.
|
547
|
+
# @return [Time]
|
548
|
+
#
|
549
|
+
# @!attribute [rw] scope_start_time
|
550
|
+
# The start date and time for the scope time set to generate the
|
551
|
+
# investigation report.
|
552
|
+
# @return [Time]
|
553
|
+
#
|
554
|
+
# @!attribute [rw] scope_end_time
|
555
|
+
# The data and time when the investigation began. The value is an UTC
|
556
|
+
# ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.
|
557
|
+
# @return [Time]
|
558
|
+
#
|
559
|
+
# @!attribute [rw] status
|
560
|
+
# Status based on the completion status of the investigation.
|
561
|
+
# @return [String]
|
562
|
+
#
|
563
|
+
# @!attribute [rw] severity
|
564
|
+
# Severity based on the likelihood and impact of the indicators of
|
565
|
+
# compromise discovered in the investigation.
|
566
|
+
# @return [String]
|
567
|
+
#
|
568
|
+
# @!attribute [rw] state
|
569
|
+
# The current state of the investigation. An archived investigation
|
570
|
+
# indicates you have completed reviewing the investigation.
|
571
|
+
# @return [String]
|
572
|
+
#
|
573
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/GetInvestigationResponse AWS API Documentation
|
574
|
+
#
|
575
|
+
class GetInvestigationResponse < Struct.new(
|
576
|
+
:graph_arn,
|
577
|
+
:investigation_id,
|
578
|
+
:entity_arn,
|
579
|
+
:entity_type,
|
580
|
+
:created_time,
|
581
|
+
:scope_start_time,
|
582
|
+
:scope_end_time,
|
583
|
+
:status,
|
584
|
+
:severity,
|
585
|
+
:state)
|
586
|
+
SENSITIVE = []
|
587
|
+
include Aws::Structure
|
588
|
+
end
|
589
|
+
|
432
590
|
# @!attribute [rw] graph_arn
|
433
591
|
# The ARN of the behavior graph for which to request the member
|
434
592
|
# details.
|
@@ -495,6 +653,116 @@ module Aws::Detective
|
|
495
653
|
include Aws::Structure
|
496
654
|
end
|
497
655
|
|
656
|
+
# Contains information on unusual and impossible travel in an account.
|
657
|
+
#
|
658
|
+
# @!attribute [rw] starting_ip_address
|
659
|
+
# IP address where the resource was first used in the impossible
|
660
|
+
# travel
|
661
|
+
# @return [String]
|
662
|
+
#
|
663
|
+
# @!attribute [rw] ending_ip_address
|
664
|
+
# IP address where the resource was last used in the impossible
|
665
|
+
# travel.
|
666
|
+
# @return [String]
|
667
|
+
#
|
668
|
+
# @!attribute [rw] starting_location
|
669
|
+
# Location where the resource was first used in the impossible travel
|
670
|
+
# @return [String]
|
671
|
+
#
|
672
|
+
# @!attribute [rw] ending_location
|
673
|
+
# Location where the resource was last used in the impossible travel.
|
674
|
+
# @return [String]
|
675
|
+
#
|
676
|
+
# @!attribute [rw] hourly_time_delta
|
677
|
+
# Returns the time difference between the first and last timestamp the
|
678
|
+
# resource was used.
|
679
|
+
# @return [Integer]
|
680
|
+
#
|
681
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ImpossibleTravelDetail AWS API Documentation
|
682
|
+
#
|
683
|
+
class ImpossibleTravelDetail < Struct.new(
|
684
|
+
:starting_ip_address,
|
685
|
+
:ending_ip_address,
|
686
|
+
:starting_location,
|
687
|
+
:ending_location,
|
688
|
+
:hourly_time_delta)
|
689
|
+
SENSITIVE = []
|
690
|
+
include Aws::Structure
|
691
|
+
end
|
692
|
+
|
693
|
+
# Investigations triages indicators of compromises such as a finding and
|
694
|
+
# surfaces only the most critical and suspicious issues, so you can
|
695
|
+
# focus on high-level investigations.
|
696
|
+
#
|
697
|
+
# @!attribute [rw] indicator_type
|
698
|
+
# The type of indicator.
|
699
|
+
# @return [String]
|
700
|
+
#
|
701
|
+
# @!attribute [rw] indicator_detail
|
702
|
+
# Details about the indicator of compromise.
|
703
|
+
# @return [Types::IndicatorDetail]
|
704
|
+
#
|
705
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/Indicator AWS API Documentation
|
706
|
+
#
|
707
|
+
class Indicator < Struct.new(
|
708
|
+
:indicator_type,
|
709
|
+
:indicator_detail)
|
710
|
+
SENSITIVE = []
|
711
|
+
include Aws::Structure
|
712
|
+
end
|
713
|
+
|
714
|
+
# Details about the indicators of compromise which are used to determine
|
715
|
+
# if a resource is involved in a security incident.
|
716
|
+
#
|
717
|
+
# @!attribute [rw] tt_ps_observed_detail
|
718
|
+
# Details about the indicator of compromise.
|
719
|
+
# @return [Types::TTPsObservedDetail]
|
720
|
+
#
|
721
|
+
# @!attribute [rw] impossible_travel_detail
|
722
|
+
# Identifies unusual and impossible user activity for an account.
|
723
|
+
# @return [Types::ImpossibleTravelDetail]
|
724
|
+
#
|
725
|
+
# @!attribute [rw] flagged_ip_address_detail
|
726
|
+
# Suspicious IP addresses that are flagged, which indicates critical
|
727
|
+
# or severe threats based on threat intelligence by Detective. This
|
728
|
+
# indicator is derived from AWS threat intelligence.
|
729
|
+
# @return [Types::FlaggedIpAddressDetail]
|
730
|
+
#
|
731
|
+
# @!attribute [rw] new_geolocation_detail
|
732
|
+
# Contains details about the new geographic location.
|
733
|
+
# @return [Types::NewGeolocationDetail]
|
734
|
+
#
|
735
|
+
# @!attribute [rw] new_aso_detail
|
736
|
+
# Contains details about the new Autonomous System Organization (ASO).
|
737
|
+
# @return [Types::NewAsoDetail]
|
738
|
+
#
|
739
|
+
# @!attribute [rw] new_user_agent_detail
|
740
|
+
# Contains details about the new user agent.
|
741
|
+
# @return [Types::NewUserAgentDetail]
|
742
|
+
#
|
743
|
+
# @!attribute [rw] related_finding_detail
|
744
|
+
# Contains details about related findings.
|
745
|
+
# @return [Types::RelatedFindingDetail]
|
746
|
+
#
|
747
|
+
# @!attribute [rw] related_finding_group_detail
|
748
|
+
# Contains details about related finding groups.
|
749
|
+
# @return [Types::RelatedFindingGroupDetail]
|
750
|
+
#
|
751
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/IndicatorDetail AWS API Documentation
|
752
|
+
#
|
753
|
+
class IndicatorDetail < Struct.new(
|
754
|
+
:tt_ps_observed_detail,
|
755
|
+
:impossible_travel_detail,
|
756
|
+
:flagged_ip_address_detail,
|
757
|
+
:new_geolocation_detail,
|
758
|
+
:new_aso_detail,
|
759
|
+
:new_user_agent_detail,
|
760
|
+
:related_finding_detail,
|
761
|
+
:related_finding_group_detail)
|
762
|
+
SENSITIVE = []
|
763
|
+
include Aws::Structure
|
764
|
+
end
|
765
|
+
|
498
766
|
# The request was valid but failed because of a problem with the
|
499
767
|
# service.
|
500
768
|
#
|
@@ -509,6 +777,54 @@ module Aws::Detective
|
|
509
777
|
include Aws::Structure
|
510
778
|
end
|
511
779
|
|
780
|
+
# Details about the investigation related to a potential security event
|
781
|
+
# identified by Detective
|
782
|
+
#
|
783
|
+
# @!attribute [rw] investigation_id
|
784
|
+
# The investigation ID of the investigation report.
|
785
|
+
# @return [String]
|
786
|
+
#
|
787
|
+
# @!attribute [rw] severity
|
788
|
+
# Severity based on the likelihood and impact of the indicators of
|
789
|
+
# compromise discovered in the investigation.
|
790
|
+
# @return [String]
|
791
|
+
#
|
792
|
+
# @!attribute [rw] status
|
793
|
+
# Status based on the completion status of the investigation.
|
794
|
+
# @return [String]
|
795
|
+
#
|
796
|
+
# @!attribute [rw] state
|
797
|
+
# The current state of the investigation. An archived investigation
|
798
|
+
# indicates you have completed reviewing the investigation.
|
799
|
+
# @return [String]
|
800
|
+
#
|
801
|
+
# @!attribute [rw] created_time
|
802
|
+
# The UTC time stamp of the creation time of the investigation report.
|
803
|
+
# @return [Time]
|
804
|
+
#
|
805
|
+
# @!attribute [rw] entity_arn
|
806
|
+
# The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
|
807
|
+
# @return [String]
|
808
|
+
#
|
809
|
+
# @!attribute [rw] entity_type
|
810
|
+
# Type of entity. For example, Amazon Web Services accounts, such as
|
811
|
+
# IAM user and role.
|
812
|
+
# @return [String]
|
813
|
+
#
|
814
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/InvestigationDetail AWS API Documentation
|
815
|
+
#
|
816
|
+
class InvestigationDetail < Struct.new(
|
817
|
+
:investigation_id,
|
818
|
+
:severity,
|
819
|
+
:status,
|
820
|
+
:state,
|
821
|
+
:created_time,
|
822
|
+
:entity_arn,
|
823
|
+
:entity_type)
|
824
|
+
SENSITIVE = []
|
825
|
+
include Aws::Structure
|
826
|
+
end
|
827
|
+
|
512
828
|
# @!attribute [rw] graph_arn
|
513
829
|
# The ARN of the behavior graph.
|
514
830
|
# @return [String]
|
@@ -593,6 +909,143 @@ module Aws::Detective
|
|
593
909
|
include Aws::Structure
|
594
910
|
end
|
595
911
|
|
912
|
+
# @!attribute [rw] graph_arn
|
913
|
+
# The ARN of the behavior graph.
|
914
|
+
# @return [String]
|
915
|
+
#
|
916
|
+
# @!attribute [rw] investigation_id
|
917
|
+
# The investigation ID of the investigation report.
|
918
|
+
# @return [String]
|
919
|
+
#
|
920
|
+
# @!attribute [rw] indicator_type
|
921
|
+
# See [Detective investigations.][1].
|
922
|
+
#
|
923
|
+
#
|
924
|
+
#
|
925
|
+
# [1]: https://docs.aws.amazon.com/detective/latest/userguide/detective-investigations.html
|
926
|
+
# @return [String]
|
927
|
+
#
|
928
|
+
# @!attribute [rw] next_token
|
929
|
+
# List if there are more results available. The value of nextToken is
|
930
|
+
# a unique pagination token for each page. Repeat the call using the
|
931
|
+
# returned token to retrieve the next page. Keep all other arguments
|
932
|
+
# unchanged.
|
933
|
+
#
|
934
|
+
# Each pagination token expires after 24 hours. Using an expired
|
935
|
+
# pagination token will return a Validation Exception error.
|
936
|
+
# @return [String]
|
937
|
+
#
|
938
|
+
# @!attribute [rw] max_results
|
939
|
+
# List the maximum number of indicators in a page.
|
940
|
+
# @return [Integer]
|
941
|
+
#
|
942
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListIndicatorsRequest AWS API Documentation
|
943
|
+
#
|
944
|
+
class ListIndicatorsRequest < Struct.new(
|
945
|
+
:graph_arn,
|
946
|
+
:investigation_id,
|
947
|
+
:indicator_type,
|
948
|
+
:next_token,
|
949
|
+
:max_results)
|
950
|
+
SENSITIVE = []
|
951
|
+
include Aws::Structure
|
952
|
+
end
|
953
|
+
|
954
|
+
# @!attribute [rw] graph_arn
|
955
|
+
# The ARN of the behavior graph.
|
956
|
+
# @return [String]
|
957
|
+
#
|
958
|
+
# @!attribute [rw] investigation_id
|
959
|
+
# The investigation ID of the investigation report.
|
960
|
+
# @return [String]
|
961
|
+
#
|
962
|
+
# @!attribute [rw] next_token
|
963
|
+
# List if there are more results available. The value of nextToken is
|
964
|
+
# a unique pagination token for each page. Repeat the call using the
|
965
|
+
# returned token to retrieve the next page. Keep all other arguments
|
966
|
+
# unchanged.
|
967
|
+
#
|
968
|
+
# Each pagination token expires after 24 hours. Using an expired
|
969
|
+
# pagination token will return a Validation Exception error.
|
970
|
+
# @return [String]
|
971
|
+
#
|
972
|
+
# @!attribute [rw] indicators
|
973
|
+
# Indicators of compromise listed based on severity.
|
974
|
+
# @return [Array<Types::Indicator>]
|
975
|
+
#
|
976
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListIndicatorsResponse AWS API Documentation
|
977
|
+
#
|
978
|
+
class ListIndicatorsResponse < Struct.new(
|
979
|
+
:graph_arn,
|
980
|
+
:investigation_id,
|
981
|
+
:next_token,
|
982
|
+
:indicators)
|
983
|
+
SENSITIVE = []
|
984
|
+
include Aws::Structure
|
985
|
+
end
|
986
|
+
|
987
|
+
# @!attribute [rw] graph_arn
|
988
|
+
# The ARN of the behavior graph.
|
989
|
+
# @return [String]
|
990
|
+
#
|
991
|
+
# @!attribute [rw] next_token
|
992
|
+
# List if there are more results available. The value of nextToken is
|
993
|
+
# a unique pagination token for each page. Repeat the call using the
|
994
|
+
# returned token to retrieve the next page. Keep all other arguments
|
995
|
+
# unchanged.
|
996
|
+
#
|
997
|
+
# Each pagination token expires after 24 hours. Using an expired
|
998
|
+
# pagination token will return a Validation Exception error.
|
999
|
+
# @return [String]
|
1000
|
+
#
|
1001
|
+
# @!attribute [rw] max_results
|
1002
|
+
# List the maximum number of investigations in a page.
|
1003
|
+
# @return [Integer]
|
1004
|
+
#
|
1005
|
+
# @!attribute [rw] filter_criteria
|
1006
|
+
# Filter the investigation results based on a criteria.
|
1007
|
+
# @return [Types::FilterCriteria]
|
1008
|
+
#
|
1009
|
+
# @!attribute [rw] sort_criteria
|
1010
|
+
# Sorts the investigation results based on a criteria.
|
1011
|
+
# @return [Types::SortCriteria]
|
1012
|
+
#
|
1013
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListInvestigationsRequest AWS API Documentation
|
1014
|
+
#
|
1015
|
+
class ListInvestigationsRequest < Struct.new(
|
1016
|
+
:graph_arn,
|
1017
|
+
:next_token,
|
1018
|
+
:max_results,
|
1019
|
+
:filter_criteria,
|
1020
|
+
:sort_criteria)
|
1021
|
+
SENSITIVE = []
|
1022
|
+
include Aws::Structure
|
1023
|
+
end
|
1024
|
+
|
1025
|
+
# @!attribute [rw] investigation_details
|
1026
|
+
# Investigations details lists the summary of uncommon behavior or
|
1027
|
+
# malicious activity which indicates a compromise.
|
1028
|
+
# @return [Array<Types::InvestigationDetail>]
|
1029
|
+
#
|
1030
|
+
# @!attribute [rw] next_token
|
1031
|
+
# List if there are more results available. The value of nextToken is
|
1032
|
+
# a unique pagination token for each page. Repeat the call using the
|
1033
|
+
# returned token to retrieve the next page. Keep all other arguments
|
1034
|
+
# unchanged.
|
1035
|
+
#
|
1036
|
+
# Each pagination token expires after 24 hours. Using an expired
|
1037
|
+
# pagination token will return an HTTP 400 InvalidToken error.
|
1038
|
+
# @return [String]
|
1039
|
+
#
|
1040
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/ListInvestigationsResponse AWS API Documentation
|
1041
|
+
#
|
1042
|
+
class ListInvestigationsResponse < Struct.new(
|
1043
|
+
:investigation_details,
|
1044
|
+
:next_token)
|
1045
|
+
SENSITIVE = []
|
1046
|
+
include Aws::Structure
|
1047
|
+
end
|
1048
|
+
|
596
1049
|
# @!attribute [rw] next_token
|
597
1050
|
# For requests to retrieve the next page of results, the pagination
|
598
1051
|
# token that was returned with the previous page of results. The
|
@@ -939,6 +1392,71 @@ module Aws::Detective
|
|
939
1392
|
include Aws::Structure
|
940
1393
|
end
|
941
1394
|
|
1395
|
+
# Details new Autonomous System Organizations (ASOs) used either at the
|
1396
|
+
# resource or account level.
|
1397
|
+
#
|
1398
|
+
# @!attribute [rw] aso
|
1399
|
+
# Details about the new Autonomous System Organization (ASO).
|
1400
|
+
# @return [String]
|
1401
|
+
#
|
1402
|
+
# @!attribute [rw] is_new_for_entire_account
|
1403
|
+
# Checks if the ASO is for new for the entire account.
|
1404
|
+
# @return [Boolean]
|
1405
|
+
#
|
1406
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/NewAsoDetail AWS API Documentation
|
1407
|
+
#
|
1408
|
+
class NewAsoDetail < Struct.new(
|
1409
|
+
:aso,
|
1410
|
+
:is_new_for_entire_account)
|
1411
|
+
SENSITIVE = []
|
1412
|
+
include Aws::Structure
|
1413
|
+
end
|
1414
|
+
|
1415
|
+
# Details new geolocations used either at the resource or account level.
|
1416
|
+
# For example, lists an observed geolocation that is an infrequent or
|
1417
|
+
# unused location based on previous user activity.
|
1418
|
+
#
|
1419
|
+
# @!attribute [rw] location
|
1420
|
+
# Location where the resource was accessed.
|
1421
|
+
# @return [String]
|
1422
|
+
#
|
1423
|
+
# @!attribute [rw] ip_address
|
1424
|
+
# IP address using which the resource was accessed.
|
1425
|
+
# @return [String]
|
1426
|
+
#
|
1427
|
+
# @!attribute [rw] is_new_for_entire_account
|
1428
|
+
# Checks if the gelocation is new for the entire account.
|
1429
|
+
# @return [Boolean]
|
1430
|
+
#
|
1431
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/NewGeolocationDetail AWS API Documentation
|
1432
|
+
#
|
1433
|
+
class NewGeolocationDetail < Struct.new(
|
1434
|
+
:location,
|
1435
|
+
:ip_address,
|
1436
|
+
:is_new_for_entire_account)
|
1437
|
+
SENSITIVE = []
|
1438
|
+
include Aws::Structure
|
1439
|
+
end
|
1440
|
+
|
1441
|
+
# Details new user agents used either at the resource or account level.
|
1442
|
+
#
|
1443
|
+
# @!attribute [rw] user_agent
|
1444
|
+
# New user agent which accessed the resource.
|
1445
|
+
# @return [String]
|
1446
|
+
#
|
1447
|
+
# @!attribute [rw] is_new_for_entire_account
|
1448
|
+
# Checks if the user agent is new for the entire account.
|
1449
|
+
# @return [Boolean]
|
1450
|
+
#
|
1451
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/NewUserAgentDetail AWS API Documentation
|
1452
|
+
#
|
1453
|
+
class NewUserAgentDetail < Struct.new(
|
1454
|
+
:user_agent,
|
1455
|
+
:is_new_for_entire_account)
|
1456
|
+
SENSITIVE = []
|
1457
|
+
include Aws::Structure
|
1458
|
+
end
|
1459
|
+
|
942
1460
|
# @!attribute [rw] graph_arn
|
943
1461
|
# The ARN of the behavior graph to reject the invitation to.
|
944
1462
|
#
|
@@ -954,6 +1472,49 @@ module Aws::Detective
|
|
954
1472
|
include Aws::Structure
|
955
1473
|
end
|
956
1474
|
|
1475
|
+
# Details related activities associated with a potential security event.
|
1476
|
+
# Lists all distinct categories of evidence that are connected to the
|
1477
|
+
# resource or the finding group.
|
1478
|
+
#
|
1479
|
+
# @!attribute [rw] arn
|
1480
|
+
# The ARN of the related finding.
|
1481
|
+
# @return [String]
|
1482
|
+
#
|
1483
|
+
# @!attribute [rw] type
|
1484
|
+
# The type of finding.
|
1485
|
+
# @return [String]
|
1486
|
+
#
|
1487
|
+
# @!attribute [rw] ip_address
|
1488
|
+
# The IP address of the finding.
|
1489
|
+
# @return [String]
|
1490
|
+
#
|
1491
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/RelatedFindingDetail AWS API Documentation
|
1492
|
+
#
|
1493
|
+
class RelatedFindingDetail < Struct.new(
|
1494
|
+
:arn,
|
1495
|
+
:type,
|
1496
|
+
:ip_address)
|
1497
|
+
SENSITIVE = []
|
1498
|
+
include Aws::Structure
|
1499
|
+
end
|
1500
|
+
|
1501
|
+
# Details multiple activities as they related to a potential security
|
1502
|
+
# event. Detective uses graph analysis technique that infers
|
1503
|
+
# relationships between findings and entities, and groups them together
|
1504
|
+
# as a finding group.
|
1505
|
+
#
|
1506
|
+
# @!attribute [rw] id
|
1507
|
+
# The unique identifier for the finding group.
|
1508
|
+
# @return [String]
|
1509
|
+
#
|
1510
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/RelatedFindingGroupDetail AWS API Documentation
|
1511
|
+
#
|
1512
|
+
class RelatedFindingGroupDetail < Struct.new(
|
1513
|
+
:id)
|
1514
|
+
SENSITIVE = []
|
1515
|
+
include Aws::Structure
|
1516
|
+
end
|
1517
|
+
|
957
1518
|
# The request refers to a nonexistent resource.
|
958
1519
|
#
|
959
1520
|
# @!attribute [rw] message
|
@@ -996,6 +1557,66 @@ module Aws::Detective
|
|
996
1557
|
include Aws::Structure
|
997
1558
|
end
|
998
1559
|
|
1560
|
+
# Details about the criteria used for sorting investigations.
|
1561
|
+
#
|
1562
|
+
# @!attribute [rw] field
|
1563
|
+
# Represents the `Field` attribute to sort investigations.
|
1564
|
+
# @return [String]
|
1565
|
+
#
|
1566
|
+
# @!attribute [rw] sort_order
|
1567
|
+
# The order by which the sorted findings are displayed.
|
1568
|
+
# @return [String]
|
1569
|
+
#
|
1570
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/SortCriteria AWS API Documentation
|
1571
|
+
#
|
1572
|
+
class SortCriteria < Struct.new(
|
1573
|
+
:field,
|
1574
|
+
:sort_order)
|
1575
|
+
SENSITIVE = []
|
1576
|
+
include Aws::Structure
|
1577
|
+
end
|
1578
|
+
|
1579
|
+
# @!attribute [rw] graph_arn
|
1580
|
+
# The ARN of the behavior graph.
|
1581
|
+
# @return [String]
|
1582
|
+
#
|
1583
|
+
# @!attribute [rw] entity_arn
|
1584
|
+
# The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
|
1585
|
+
# @return [String]
|
1586
|
+
#
|
1587
|
+
# @!attribute [rw] scope_start_time
|
1588
|
+
# The data and time when the investigation began. The value is an UTC
|
1589
|
+
# ISO8601 formatted string. For example, `2021-08-18T16:35:56.284Z`.
|
1590
|
+
# @return [Time]
|
1591
|
+
#
|
1592
|
+
# @!attribute [rw] scope_end_time
|
1593
|
+
# The data and time when the investigation began. The value is an UTC
|
1594
|
+
# ISO8601 formatted string. For example, `2021-08-18T16:35:56.284Z`.
|
1595
|
+
# @return [Time]
|
1596
|
+
#
|
1597
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/StartInvestigationRequest AWS API Documentation
|
1598
|
+
#
|
1599
|
+
class StartInvestigationRequest < Struct.new(
|
1600
|
+
:graph_arn,
|
1601
|
+
:entity_arn,
|
1602
|
+
:scope_start_time,
|
1603
|
+
:scope_end_time)
|
1604
|
+
SENSITIVE = []
|
1605
|
+
include Aws::Structure
|
1606
|
+
end
|
1607
|
+
|
1608
|
+
# @!attribute [rw] investigation_id
|
1609
|
+
# The investigation ID of the investigation report.
|
1610
|
+
# @return [String]
|
1611
|
+
#
|
1612
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/StartInvestigationResponse AWS API Documentation
|
1613
|
+
#
|
1614
|
+
class StartInvestigationResponse < Struct.new(
|
1615
|
+
:investigation_id)
|
1616
|
+
SENSITIVE = []
|
1617
|
+
include Aws::Structure
|
1618
|
+
end
|
1619
|
+
|
999
1620
|
# @!attribute [rw] graph_arn
|
1000
1621
|
# The ARN of the behavior graph.
|
1001
1622
|
# @return [String]
|
@@ -1016,6 +1637,70 @@ module Aws::Detective
|
|
1016
1637
|
include Aws::Structure
|
1017
1638
|
end
|
1018
1639
|
|
1640
|
+
# A string for filtering Detective investigations.
|
1641
|
+
#
|
1642
|
+
# @!attribute [rw] value
|
1643
|
+
# The string filter value.
|
1644
|
+
# @return [String]
|
1645
|
+
#
|
1646
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/StringFilter AWS API Documentation
|
1647
|
+
#
|
1648
|
+
class StringFilter < Struct.new(
|
1649
|
+
:value)
|
1650
|
+
SENSITIVE = []
|
1651
|
+
include Aws::Structure
|
1652
|
+
end
|
1653
|
+
|
1654
|
+
# Details tactics, techniques, and procedures (TTPs) used in a potential
|
1655
|
+
# security event. Tactics are based on [MITRE ATT&CK Matrix for
|
1656
|
+
# Enterprise][1].
|
1657
|
+
#
|
1658
|
+
#
|
1659
|
+
#
|
1660
|
+
# [1]: https://attack.mitre.org/matrices/enterprise/
|
1661
|
+
#
|
1662
|
+
# @!attribute [rw] tactic
|
1663
|
+
# The tactic used, identified by the investigation.
|
1664
|
+
# @return [String]
|
1665
|
+
#
|
1666
|
+
# @!attribute [rw] technique
|
1667
|
+
# The technique used, identified by the investigation.
|
1668
|
+
# @return [String]
|
1669
|
+
#
|
1670
|
+
# @!attribute [rw] procedure
|
1671
|
+
# The procedure used, identified by the investigation.
|
1672
|
+
# @return [String]
|
1673
|
+
#
|
1674
|
+
# @!attribute [rw] ip_address
|
1675
|
+
# The IP address where the TTP was observed.
|
1676
|
+
# @return [String]
|
1677
|
+
#
|
1678
|
+
# @!attribute [rw] api_name
|
1679
|
+
# The name of the API where the TTP was observed.
|
1680
|
+
# @return [String]
|
1681
|
+
#
|
1682
|
+
# @!attribute [rw] api_success_count
|
1683
|
+
# The total number of successful API requests.
|
1684
|
+
# @return [Integer]
|
1685
|
+
#
|
1686
|
+
# @!attribute [rw] api_failure_count
|
1687
|
+
# The total number of failed API requests.
|
1688
|
+
# @return [Integer]
|
1689
|
+
#
|
1690
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/TTPsObservedDetail AWS API Documentation
|
1691
|
+
#
|
1692
|
+
class TTPsObservedDetail < Struct.new(
|
1693
|
+
:tactic,
|
1694
|
+
:technique,
|
1695
|
+
:procedure,
|
1696
|
+
:ip_address,
|
1697
|
+
:api_name,
|
1698
|
+
:api_success_count,
|
1699
|
+
:api_failure_count)
|
1700
|
+
SENSITIVE = []
|
1701
|
+
include Aws::Structure
|
1702
|
+
end
|
1703
|
+
|
1019
1704
|
# @!attribute [rw] resource_arn
|
1020
1705
|
# The ARN of the behavior graph to assign the tags to.
|
1021
1706
|
# @return [String]
|
@@ -1150,6 +1835,29 @@ module Aws::Detective
|
|
1150
1835
|
include Aws::Structure
|
1151
1836
|
end
|
1152
1837
|
|
1838
|
+
# @!attribute [rw] graph_arn
|
1839
|
+
# The ARN of the behavior graph.
|
1840
|
+
# @return [String]
|
1841
|
+
#
|
1842
|
+
# @!attribute [rw] investigation_id
|
1843
|
+
# The investigation ID of the investigation report.
|
1844
|
+
# @return [String]
|
1845
|
+
#
|
1846
|
+
# @!attribute [rw] state
|
1847
|
+
# The current state of the investigation. An archived investigation
|
1848
|
+
# indicates you have completed reviewing the investigation.
|
1849
|
+
# @return [String]
|
1850
|
+
#
|
1851
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/detective-2018-10-26/UpdateInvestigationStateRequest AWS API Documentation
|
1852
|
+
#
|
1853
|
+
class UpdateInvestigationStateRequest < Struct.new(
|
1854
|
+
:graph_arn,
|
1855
|
+
:investigation_id,
|
1856
|
+
:state)
|
1857
|
+
SENSITIVE = []
|
1858
|
+
include Aws::Structure
|
1859
|
+
end
|
1860
|
+
|
1153
1861
|
# @!attribute [rw] graph_arn
|
1154
1862
|
# The ARN of the organization behavior graph.
|
1155
1863
|
# @return [String]
|