aws-sdk-securityir 1.16.0 → 1.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ee8e6c087b6205e0da4aa3d720419dd119d1bbd703e407da4dc2eb6a593c588
-  data.tar.gz: fc30addede02e527cb10a36da091340e0a551d3442845e9830211bda69c3a01c
+  metadata.gz: 274db37e8074e163102806262ceff7a57d86ce33055e9976605ce87a836bc837
+  data.tar.gz: 87bb70cf6d47af0f3a9feacc5c34f0d4cc8096166b6b0009e504ecf9a9bbf0a9
 SHA512:
-  metadata.gz: be8c747215a73f774ade8b17199618bb5a6cdb6783c383a31a72d05fed130739e122fb4fca8d988fbab46954e9820f6e813a436ceae37a56da293a7a8dcf71a3
-  data.tar.gz: 36852474fb38eff92089938b9cff1bc5a93feef9a42c2b1e2afc6288c1f206973621c5d6e88386dfa880de3fe65a4211e7e98a7e2c530e11020774b4823fe9c9
+  metadata.gz: 1bf2b8bd4d1320e4d5d3ab8f79af9f4e8bd80eb58d2e9505c1f12c152866daf67403acfc1cf379570940e7fa7aa7ef319112d8ad84833c9b953124f5f01c1730
+  data.tar.gz: 7e77009f64eb60b21832e653fc72213fa6d3cd99ecb7becba2cb587dc62febb95c4d844609e75d63daeef0858fcccbc33682516f8bbded7de474e236dfdd4eda

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.17.0 (2025-11-21)
+------------------
+
+* Feature - Add ListInvestigations and SendFeedback APIs to support SecurityIR AI agents
+
 1.16.0 (2025-11-11)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.16.0
+1.17.0

data/lib/aws-sdk-securityir/client.rb

@@ -1005,6 +1005,7 @@ module Aws::SecurityIR
     #   * {Types::GetCaseResponse#impacted_services #impacted_services} => Array<String>
     #   * {Types::GetCaseResponse#case_attachments #case_attachments} => Array<Types::CaseAttachmentAttributes>
     #   * {Types::GetCaseResponse#closed_date #closed_date} => Time
+    #   * {Types::GetCaseResponse#case_metadata #case_metadata} => Array<Types::CaseMetadataEntry>
     #
     #
     # @example Example: Invoke GetCase
@@ -1099,6 +1100,9 @@ module Aws::SecurityIR
     #   resp.case_attachments[0].creator #=> String
     #   resp.case_attachments[0].created_date #=> Time
     #   resp.closed_date #=> Time
+    #   resp.case_metadata #=> Array
+    #   resp.case_metadata[0].key #=> String
+    #   resp.case_metadata[0].value #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/GetCase AWS API Documentation
     #
@@ -1536,6 +1540,84 @@ module Aws::SecurityIR
       req.send_request(options)
     end
 
+    # Investigation performed by an agent for a security incident...
+    #
+    # @option params [String] :next_token
+    #   Investigation performed by an agent for a security incident request
+    #
+    # @option params [Integer] :max_results
+    #   Investigation performed by an agent for a security incident request,
+    #   returning max results
+    #
+    # @option params [required, String] :case_id
+    #   Investigation performed by an agent for a security incident per caseID
+    #
+    # @return [Types::ListInvestigationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListInvestigationsResponse#next_token #next_token} => String
+    #   * {Types::ListInvestigationsResponse#investigation_actions #investigation_actions} => Array<Types::InvestigationAction>
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    #
+    # @example Example: Invoke ListInvestigations with feedback examples
+    #
+    #   resp = client.list_investigations({
+    #     case_id: "8403556009", 
+    #     max_results: 10, 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     investigation_actions: [
+    #       {
+    #         action_type: "Evidence", 
+    #         content: "## Evidence Collection Results\n\nAnalyzed CloudTrail logs from 2024-01-15 to 2024-01-16 and found:\n\n- 15 failed login attempts from IP 192.168.1.100\n- Unusual API calls to S3 buckets\n- Privilege escalation attempts detected\n\n### Recommendations\n\n1. Block the suspicious IP address\n2. Review S3 bucket permissions\n3. Audit user privileges", 
+    #         feedback: {
+    #           comment: "The CloudTrail analysis was very helpful in identifying the root cause of the security incident. The recommendations were actionable and led to immediate remediation.", 
+    #           submitted_at: Time.parse("2024-01-16T11:15:00Z"), 
+    #           usefulness: "USEFUL", 
+    #         }, 
+    #         investigation_id: "inv-hgyuiuytrt", 
+    #         last_updated: Time.parse("2024-01-16T10:30:00Z"), 
+    #         status: "Completed", 
+    #         title: "Collected CloudTrail logs for suspicious activity", 
+    #       }, 
+    #     ], 
+    #     next_token: "eyJsYXN0RXZhbHVhdGVkS2V5Ijp7InBhcnRpdGlvbktleSI6eyJTIjoiQ0FTRV8xMjM0NTY3ODkwIn0sInNvcnRLZXkiOnsiUyI6IjIwMjQtMDEtMTZUMTA6MzA6MDBaIn19fQ==", 
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_investigations({
+    #     next_token: "ListInvestigationsRequestNextTokenString",
+    #     max_results: 1,
+    #     case_id: "CaseId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.investigation_actions #=> Array
+    #   resp.investigation_actions[0].investigation_id #=> String
+    #   resp.investigation_actions[0].action_type #=> String, one of "Evidence", "Investigation", "Summarization"
+    #   resp.investigation_actions[0].title #=> String
+    #   resp.investigation_actions[0].content #=> String
+    #   resp.investigation_actions[0].status #=> String, one of "Pending", "InProgress", "Waiting", "Completed", "Failed", "Cancelled"
+    #   resp.investigation_actions[0].last_updated #=> Time
+    #   resp.investigation_actions[0].feedback.usefulness #=> String, one of "USEFUL", "NOT_USEFUL"
+    #   resp.investigation_actions[0].feedback.comment #=> String
+    #   resp.investigation_actions[0].feedback.submitted_at #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/ListInvestigations AWS API Documentation
+    #
+    # @overload list_investigations(params = {})
+    # @param [Hash] params ({})
+    def list_investigations(params = {}, options = {})
+      req = build_request(:list_investigations, params)
+      req.send_request(options)
+    end
+
     # Returns the memberships that the calling principal can access.
     #
     # @option params [String] :next_token
@@ -1644,6 +1726,67 @@ module Aws::SecurityIR
       req.send_request(options)
     end
 
+    # Send feedback based on response investigation action
+    #
+    # @option params [required, String] :case_id
+    #   Send feedback based on request caseID
+    #
+    # @option params [required, String] :result_id
+    #   Send feedback based on request result ID
+    #
+    # @option params [required, String] :usefulness
+    #   Required enum value indicating user assessment of result q.....
+    #
+    # @option params [String] :comment
+    #   Send feedback based on request comments
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: Send positive feedback for investigation result
+    #
+    #   resp = client.send_feedback({
+    #     case_id: "8403556009", 
+    #     comment: "The CloudTrail analysis was very helpful in identifying the root cause of the security incident.", 
+    #     result_id: "inv-polkjhyuty", 
+    #     usefulness: "USEFUL", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #   }
+    #
+    # @example Example: Send negative feedback with detailed comment
+    #
+    #   resp = client.send_feedback({
+    #     case_id: "8403556009", 
+    #     comment: "The investigation results were too generic and didn't provide actionable insights for our specific incident.", 
+    #     result_id: "inv-irutjfhgjk", 
+    #     usefulness: "NOT_USEFUL", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.send_feedback({
+    #     case_id: "CaseId", # required
+    #     result_id: "ResultId", # required
+    #     usefulness: "USEFUL", # required, accepts USEFUL, NOT_USEFUL
+    #     comment: "FeedbackComment",
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/SendFeedback AWS API Documentation
+    #
+    # @overload send_feedback(params = {})
+    # @param [Hash] params ({})
+    def send_feedback(params = {}, options = {})
+      req = build_request(:send_feedback, params)
+      req.send_request(options)
+    end
+
     # Adds a tag(s) to a designated resource.
     #
     # @option params [required, String] :resource_arn
@@ -1806,6 +1949,9 @@ module Aws::SecurityIR
     #
     #    </note>
     #
+    # @option params [Array<Types::CaseMetadataEntry>] :case_metadata
+    #   Update the case request with case metadata
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
@@ -1921,6 +2067,12 @@ module Aws::SecurityIR
     #     ],
     #     impacted_accounts_to_add: ["AWSAccountId"],
     #     impacted_accounts_to_delete: ["AWSAccountId"],
+    #     case_metadata: [
+    #       {
+    #         key: "CaseMetadataEntryKeyString", # required
+    #         value: "CaseMetadataEntryValueString", # required
+    #       },
+    #     ],
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/UpdateCase AWS API Documentation
@@ -2235,7 +2387,7 @@ module Aws::SecurityIR
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-securityir'
-      context[:gem_version] = '1.16.0'
+      context[:gem_version] = '1.17.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-securityir/client_api.rb

@@ -17,6 +17,7 @@ module Aws::SecurityIR
     AWSAccountId = Shapes::StringShape.new(name: 'AWSAccountId')
     AWSAccountIds = Shapes::ListShape.new(name: 'AWSAccountIds')
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
+    ActionType = Shapes::StringShape.new(name: 'ActionType')
     Arn = Shapes::StringShape.new(name: 'Arn')
     AttachmentId = Shapes::StringShape.new(name: 'AttachmentId')
     AwsRegion = Shapes::StringShape.new(name: 'AwsRegion')
@@ -36,6 +37,10 @@ module Aws::SecurityIR
     CaseEditItems = Shapes::ListShape.new(name: 'CaseEditItems')
     CaseEditMessage = Shapes::StringShape.new(name: 'CaseEditMessage')
     CaseId = Shapes::StringShape.new(name: 'CaseId')
+    CaseMetadata = Shapes::ListShape.new(name: 'CaseMetadata')
+    CaseMetadataEntry = Shapes::StructureShape.new(name: 'CaseMetadataEntry')
+    CaseMetadataEntryKeyString = Shapes::StringShape.new(name: 'CaseMetadataEntryKeyString')
+    CaseMetadataEntryValueString = Shapes::StringShape.new(name: 'CaseMetadataEntryValueString')
     CaseStatus = Shapes::StringShape.new(name: 'CaseStatus')
     CaseTitle = Shapes::StringShape.new(name: 'CaseTitle')
     CloseCaseRequest = Shapes::StructureShape.new(name: 'CloseCaseRequest')
@@ -59,6 +64,8 @@ module Aws::SecurityIR
     CustomerType = Shapes::StringShape.new(name: 'CustomerType')
     EmailAddress = Shapes::StringShape.new(name: 'EmailAddress')
     EngagementType = Shapes::StringShape.new(name: 'EngagementType')
+    ExecutionStatus = Shapes::StringShape.new(name: 'ExecutionStatus')
+    FeedbackComment = Shapes::StringShape.new(name: 'FeedbackComment')
     FileName = Shapes::StringShape.new(name: 'FileName')
     GetCaseAttachmentDownloadUrlRequest = Shapes::StructureShape.new(name: 'GetCaseAttachmentDownloadUrlRequest')
     GetCaseAttachmentDownloadUrlResponse = Shapes::StructureShape.new(name: 'GetCaseAttachmentDownloadUrlResponse')
@@ -84,6 +91,12 @@ module Aws::SecurityIR
     Integer = Shapes::IntegerShape.new(name: 'Integer')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
     InvalidTokenException = Shapes::StructureShape.new(name: 'InvalidTokenException')
+    InvestigationAction = Shapes::StructureShape.new(name: 'InvestigationAction')
+    InvestigationActionList = Shapes::ListShape.new(name: 'InvestigationActionList')
+    InvestigationContent = Shapes::StringShape.new(name: 'InvestigationContent')
+    InvestigationFeedback = Shapes::StructureShape.new(name: 'InvestigationFeedback')
+    InvestigationId = Shapes::StringShape.new(name: 'InvestigationId')
+    InvestigationTitle = Shapes::StringShape.new(name: 'InvestigationTitle')
     JobTitle = Shapes::StringShape.new(name: 'JobTitle')
     ListCaseEditsRequest = Shapes::StructureShape.new(name: 'ListCaseEditsRequest')
     ListCaseEditsRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'ListCaseEditsRequestMaxResultsInteger')
@@ -101,6 +114,10 @@ module Aws::SecurityIR
     ListCommentsRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'ListCommentsRequestMaxResultsInteger')
     ListCommentsRequestNextTokenString = Shapes::StringShape.new(name: 'ListCommentsRequestNextTokenString')
     ListCommentsResponse = Shapes::StructureShape.new(name: 'ListCommentsResponse')
+    ListInvestigationsRequest = Shapes::StructureShape.new(name: 'ListInvestigationsRequest')
+    ListInvestigationsRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'ListInvestigationsRequestMaxResultsInteger')
+    ListInvestigationsRequestNextTokenString = Shapes::StringShape.new(name: 'ListInvestigationsRequestNextTokenString')
+    ListInvestigationsResponse = Shapes::StructureShape.new(name: 'ListInvestigationsResponse')
     ListMembershipItem = Shapes::StructureShape.new(name: 'ListMembershipItem')
     ListMembershipItems = Shapes::ListShape.new(name: 'ListMembershipItems')
     ListMembershipsRequest = Shapes::StructureShape.new(name: 'ListMembershipsRequest')
@@ -130,8 +147,11 @@ module Aws::SecurityIR
     PrincipalId = Shapes::StringShape.new(name: 'PrincipalId')
     ResolverType = Shapes::StringShape.new(name: 'ResolverType')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
+    ResultId = Shapes::StringShape.new(name: 'ResultId')
     SecurityIncidentResponseNotActiveException = Shapes::StructureShape.new(name: 'SecurityIncidentResponseNotActiveException')
     SelfManagedCaseStatus = Shapes::StringShape.new(name: 'SelfManagedCaseStatus')
+    SendFeedbackRequest = Shapes::StructureShape.new(name: 'SendFeedbackRequest')
+    SendFeedbackResponse = Shapes::StructureShape.new(name: 'SendFeedbackResponse')
     ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
     String = Shapes::StringShape.new(name: 'String')
     TagKey = Shapes::StringShape.new(name: 'TagKey')
@@ -157,6 +177,7 @@ module Aws::SecurityIR
     UpdateResolverTypeRequest = Shapes::StructureShape.new(name: 'UpdateResolverTypeRequest')
     UpdateResolverTypeResponse = Shapes::StructureShape.new(name: 'UpdateResolverTypeResponse')
     Url = Shapes::StringShape.new(name: 'Url')
+    UsefulnessRating = Shapes::StringShape.new(name: 'UsefulnessRating')
     UserAgent = Shapes::StringShape.new(name: 'UserAgent')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
     ValidationExceptionField = Shapes::StructureShape.new(name: 'ValidationExceptionField')
@@ -201,6 +222,12 @@ module Aws::SecurityIR
 
     CaseEditItems.member = Shapes::ShapeRef.new(shape: CaseEditItem)
 
+    CaseMetadata.member = Shapes::ShapeRef.new(shape: CaseMetadataEntry)
+
+    CaseMetadataEntry.add_member(:key, Shapes::ShapeRef.new(shape: CaseMetadataEntryKeyString, required: true, location_name: "key"))
+    CaseMetadataEntry.add_member(:value, Shapes::ShapeRef.new(shape: CaseMetadataEntryValueString, required: true, location_name: "value"))
+    CaseMetadataEntry.struct_class = Types::CaseMetadataEntry
+
     CloseCaseRequest.add_member(:case_id, Shapes::ShapeRef.new(shape: CaseId, required: true, location: "uri", location_name: "caseId"))
     CloseCaseRequest.struct_class = Types::CloseCaseRequest
 
@@ -289,6 +316,7 @@ module Aws::SecurityIR
     GetCaseResponse.add_member(:impacted_services, Shapes::ShapeRef.new(shape: ImpactedServicesList, location_name: "impactedServices"))
     GetCaseResponse.add_member(:case_attachments, Shapes::ShapeRef.new(shape: CaseAttachmentsList, location_name: "caseAttachments"))
     GetCaseResponse.add_member(:closed_date, Shapes::ShapeRef.new(shape: Timestamp, location_name: "closedDate"))
+    GetCaseResponse.add_member(:case_metadata, Shapes::ShapeRef.new(shape: CaseMetadata, location_name: "caseMetadata"))
     GetCaseResponse.struct_class = Types::GetCaseResponse
 
     GetMembershipAccountDetailError.add_member(:account_id, Shapes::ShapeRef.new(shape: AWSAccountId, required: true, location_name: "accountId"))
@@ -347,6 +375,22 @@ module Aws::SecurityIR
     InvalidTokenException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     InvalidTokenException.struct_class = Types::InvalidTokenException
 
+    InvestigationAction.add_member(:investigation_id, Shapes::ShapeRef.new(shape: InvestigationId, required: true, location_name: "investigationId"))
+    InvestigationAction.add_member(:action_type, Shapes::ShapeRef.new(shape: ActionType, required: true, location_name: "actionType"))
+    InvestigationAction.add_member(:title, Shapes::ShapeRef.new(shape: InvestigationTitle, required: true, location_name: "title"))
+    InvestigationAction.add_member(:content, Shapes::ShapeRef.new(shape: InvestigationContent, required: true, location_name: "content"))
+    InvestigationAction.add_member(:status, Shapes::ShapeRef.new(shape: ExecutionStatus, required: true, location_name: "status"))
+    InvestigationAction.add_member(:last_updated, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "lastUpdated"))
+    InvestigationAction.add_member(:feedback, Shapes::ShapeRef.new(shape: InvestigationFeedback, location_name: "feedback"))
+    InvestigationAction.struct_class = Types::InvestigationAction
+
+    InvestigationActionList.member = Shapes::ShapeRef.new(shape: InvestigationAction)
+
+    InvestigationFeedback.add_member(:usefulness, Shapes::ShapeRef.new(shape: UsefulnessRating, location_name: "usefulness"))
+    InvestigationFeedback.add_member(:comment, Shapes::ShapeRef.new(shape: FeedbackComment, location_name: "comment"))
+    InvestigationFeedback.add_member(:submitted_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "submittedAt"))
+    InvestigationFeedback.struct_class = Types::InvestigationFeedback
+
     ListCaseEditsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: ListCaseEditsRequestNextTokenString, location_name: "nextToken"))
     ListCaseEditsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListCaseEditsRequestMaxResultsInteger, location_name: "maxResults"))
     ListCaseEditsRequest.add_member(:case_id, Shapes::ShapeRef.new(shape: CaseId, required: true, location: "uri", location_name: "caseId"))
@@ -400,6 +444,15 @@ module Aws::SecurityIR
     ListCommentsResponse.add_member(:total, Shapes::ShapeRef.new(shape: Integer, location_name: "total"))
     ListCommentsResponse.struct_class = Types::ListCommentsResponse
 
+    ListInvestigationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: ListInvestigationsRequestNextTokenString, location: "querystring", location_name: "nextToken"))
+    ListInvestigationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListInvestigationsRequestMaxResultsInteger, location: "querystring", location_name: "maxResults"))
+    ListInvestigationsRequest.add_member(:case_id, Shapes::ShapeRef.new(shape: CaseId, required: true, location: "uri", location_name: "caseId"))
+    ListInvestigationsRequest.struct_class = Types::ListInvestigationsRequest
+
+    ListInvestigationsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
+    ListInvestigationsResponse.add_member(:investigation_actions, Shapes::ShapeRef.new(shape: InvestigationActionList, required: true, location_name: "investigationActions"))
+    ListInvestigationsResponse.struct_class = Types::ListInvestigationsResponse
+
     ListMembershipItem.add_member(:membership_id, Shapes::ShapeRef.new(shape: MembershipId, required: true, location_name: "membershipId"))
     ListMembershipItem.add_member(:account_id, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "accountId"))
     ListMembershipItem.add_member(:region, Shapes::ShapeRef.new(shape: AwsRegion, location_name: "region"))
@@ -450,6 +503,14 @@ module Aws::SecurityIR
     SecurityIncidentResponseNotActiveException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     SecurityIncidentResponseNotActiveException.struct_class = Types::SecurityIncidentResponseNotActiveException
 
+    SendFeedbackRequest.add_member(:case_id, Shapes::ShapeRef.new(shape: CaseId, required: true, location: "uri", location_name: "caseId"))
+    SendFeedbackRequest.add_member(:result_id, Shapes::ShapeRef.new(shape: ResultId, required: true, location: "uri", location_name: "resultId"))
+    SendFeedbackRequest.add_member(:usefulness, Shapes::ShapeRef.new(shape: UsefulnessRating, required: true, location_name: "usefulness"))
+    SendFeedbackRequest.add_member(:comment, Shapes::ShapeRef.new(shape: FeedbackComment, location_name: "comment"))
+    SendFeedbackRequest.struct_class = Types::SendFeedbackRequest
+
+    SendFeedbackResponse.struct_class = Types::SendFeedbackResponse
+
     ServiceQuotaExceededException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ServiceQuotaExceededException.add_member(:resource_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceId"))
     ServiceQuotaExceededException.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceType"))
@@ -511,6 +572,7 @@ module Aws::SecurityIR
     UpdateCaseRequest.add_member(:impacted_aws_regions_to_delete, Shapes::ShapeRef.new(shape: ImpactedAwsRegionList, location_name: "impactedAwsRegionsToDelete"))
     UpdateCaseRequest.add_member(:impacted_accounts_to_add, Shapes::ShapeRef.new(shape: ImpactedAccounts, location_name: "impactedAccountsToAdd"))
     UpdateCaseRequest.add_member(:impacted_accounts_to_delete, Shapes::ShapeRef.new(shape: ImpactedAccounts, location_name: "impactedAccountsToDelete"))
+    UpdateCaseRequest.add_member(:case_metadata, Shapes::ShapeRef.new(shape: CaseMetadata, location_name: "caseMetadata"))
     UpdateCaseRequest.struct_class = Types::UpdateCaseRequest
 
     UpdateCaseResponse.struct_class = Types::UpdateCaseResponse
@@ -817,6 +879,29 @@ module Aws::SecurityIR
         )
       end)
 
+      api.add_operation(:list_investigations, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListInvestigations"
+        o.http_method = "GET"
+        o.http_request_uri = "/v1/cases/{caseId}/list-investigations"
+        o.input = Shapes::ShapeRef.new(shape: ListInvestigationsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListInvestigationsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: SecurityIncidentResponseNotActiveException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_memberships, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListMemberships"
         o.http_method = "POST"
@@ -857,6 +942,23 @@ module Aws::SecurityIR
         o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
       end)
 
+      api.add_operation(:send_feedback, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "SendFeedback"
+        o.http_method = "POST"
+        o.http_request_uri = "/v1/cases/{caseId}/feedback/{resultId}/send-feedback"
+        o.input = Shapes::ShapeRef.new(shape: SendFeedbackRequest)
+        o.output = Shapes::ShapeRef.new(shape: SendFeedbackResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: SecurityIncidentResponseNotActiveException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
+      end)
+
       api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
         o.name = "TagResource"
         o.http_method = "POST"

data/lib/aws-sdk-securityir/types.rb

@@ -143,6 +143,31 @@ module Aws::SecurityIR
       include Aws::Structure
     end
 
+    # Represents a single metadata entry associated with a case. Each entry
+    # consists of a key-value pair that provides additional contextual
+    # information about the case, such as classification tags, custom
+    # attributes, or system-generated properties.
+    #
+    # @!attribute [rw] key
+    #   The identifier for the metadata field. This key uniquely identifies
+    #   the type of metadata being stored, such as "severity",
+    #   "category", or "assignee".
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The value associated with the metadata key. This contains the actual
+    #   data for the metadata field identified by the key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/CaseMetadataEntry AWS API Documentation
+    #
+    class CaseMetadataEntry < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] case_id
     #   Required element used in combination with CloseCase to identify the
     #   case ID to close.
@@ -622,6 +647,10 @@ module Aws::SecurityIR
     #   was closed.
     #   @return [Time]
     #
+    # @!attribute [rw] case_metadata
+    #   Case response metadata
+    #   @return [Array<Types::CaseMetadataEntry>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/GetCaseResponse AWS API Documentation
     #
     class GetCaseResponse < Struct.new(
@@ -643,7 +672,8 @@ module Aws::SecurityIR
       :resolver_type,
       :impacted_services,
       :case_attachments,
-      :closed_date)
+      :closed_date,
+      :case_metadata)
       SENSITIVE = [:title, :description]
       include Aws::Structure
     end
@@ -855,6 +885,97 @@ module Aws::SecurityIR
       include Aws::Structure
     end
 
+    # Represents an investigation action performed within a case. This
+    # structure captures the details of an automated or manual
+    # investigation, including its status, results, and user feedback.
+    #
+    # @!attribute [rw] investigation_id
+    #   The unique identifier for this investigation action. This ID is used
+    #   to track and reference the specific investigation throughout its
+    #   lifecycle.
+    #   @return [String]
+    #
+    # @!attribute [rw] action_type
+    #   The type of investigation action being performed. This categorizes
+    #   the investigation method or approach used in the case.
+    #   @return [String]
+    #
+    # @!attribute [rw] title
+    #   Human-readable summary of the investigation focus. This provides a
+    #   brief description of what the investigation is examining or
+    #   analyzing.
+    #   @return [String]
+    #
+    # @!attribute [rw] content
+    #   Detailed investigation results in rich markdown format. This field
+    #   contains the comprehensive findings, analysis, and conclusions from
+    #   the investigation.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The current execution status of the investigation. This indicates
+    #   whether the investigation is pending, in progress, completed, or
+    #   failed.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_updated
+    #   ISO 8601 timestamp of the most recent status update. This indicates
+    #   when the investigation was last modified or when its status last
+    #   changed.
+    #   @return [Time]
+    #
+    # @!attribute [rw] feedback
+    #   User feedback for this investigation result. This contains the
+    #   user's assessment and comments about the quality and usefulness of
+    #   the investigation findings.
+    #   @return [Types::InvestigationFeedback]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/InvestigationAction AWS API Documentation
+    #
+    class InvestigationAction < Struct.new(
+      :investigation_id,
+      :action_type,
+      :title,
+      :content,
+      :status,
+      :last_updated,
+      :feedback)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Represents user feedback for an investigation result. This structure
+    # captures the user's evaluation of the investigation's quality,
+    # usefulness, and any additional comments.
+    #
+    # @!attribute [rw] usefulness
+    #   User assessment of the investigation result's quality and
+    #   helpfulness. This rating indicates how valuable the investigation
+    #   findings were in addressing the case.
+    #   @return [String]
+    #
+    # @!attribute [rw] comment
+    #   Optional user comments providing additional context about the
+    #   investigation feedback. This allows users to explain their rating or
+    #   provide suggestions for improvement.
+    #   @return [String]
+    #
+    # @!attribute [rw] submitted_at
+    #   ISO 8601 timestamp when the feedback was submitted. This records
+    #   when the user provided their assessment of the investigation
+    #   results.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/InvestigationFeedback AWS API Documentation
+    #
+    class InvestigationFeedback < Struct.new(
+      :usefulness,
+      :comment,
+      :submitted_at)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] next_token
     #   An optional string that, if supplied, must be copied from the output
     #   of a previous call to ListCaseEdits. When provided in this manner,
@@ -1080,6 +1201,49 @@ module Aws::SecurityIR
       include Aws::Structure
     end
 
+    # @!attribute [rw] next_token
+    #   Investigation performed by an agent for a security incident request
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   Investigation performed by an agent for a security incident request,
+    #   returning max results
+    #   @return [Integer]
+    #
+    # @!attribute [rw] case_id
+    #   Investigation performed by an agent for a security incident per
+    #   caseID
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/ListInvestigationsRequest AWS API Documentation
+    #
+    class ListInvestigationsRequest < Struct.new(
+      :next_token,
+      :max_results,
+      :case_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   Investigation performed by an agent for a security incident for next
+    #   Token
+    #   @return [String]
+    #
+    # @!attribute [rw] investigation_actions
+    #   Investigation performed by an agent for a security incid…Unique
+    #   identifier for the specific investigation&gt;
+    #   @return [Array<Types::InvestigationAction>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/ListInvestigationsResponse AWS API Documentation
+    #
+    class ListInvestigationsResponse < Struct.new(
+      :next_token,
+      :investigation_actions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] membership_id
     #   @return [String]
     #
@@ -1320,6 +1484,37 @@ module Aws::SecurityIR
       include Aws::Structure
     end
 
+    # @!attribute [rw] case_id
+    #   Send feedback based on request caseID
+    #   @return [String]
+    #
+    # @!attribute [rw] result_id
+    #   Send feedback based on request result ID
+    #   @return [String]
+    #
+    # @!attribute [rw] usefulness
+    #   Required enum value indicating user assessment of result q.....
+    #   @return [String]
+    #
+    # @!attribute [rw] comment
+    #   Send feedback based on request comments
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/SendFeedbackRequest AWS API Documentation
+    #
+    class SendFeedbackRequest < Struct.new(
+      :case_id,
+      :result_id,
+      :usefulness,
+      :comment)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/SendFeedbackResponse AWS API Documentation
+    #
+    class SendFeedbackResponse < Aws::EmptyStructure; end
+
     # @!attribute [rw] message
     #   The exception message.
     #   @return [String]
@@ -1579,6 +1774,10 @@ module Aws::SecurityIR
     #    </note>
     #   @return [Array<String>]
     #
+    # @!attribute [rw] case_metadata
+    #   Update the case request with case metadata
+    #   @return [Array<Types::CaseMetadataEntry>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/UpdateCaseRequest AWS API Documentation
     #
     class UpdateCaseRequest < Struct.new(
@@ -1597,7 +1796,8 @@ module Aws::SecurityIR
       :impacted_aws_regions_to_add,
       :impacted_aws_regions_to_delete,
       :impacted_accounts_to_add,
-      :impacted_accounts_to_delete)
+      :impacted_accounts_to_delete,
+      :case_metadata)
       SENSITIVE = [:title, :description]
       include Aws::Structure
     end

data/lib/aws-sdk-securityir.rb

@@ -55,7 +55,7 @@ module Aws::SecurityIR
   autoload :EndpointProvider, 'aws-sdk-securityir/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-securityir/endpoints'
 
-  GEM_VERSION = '1.16.0'
+  GEM_VERSION = '1.17.0'
 
 end
 

data/sig/client.rbs

@@ -207,6 +207,7 @@ module Aws
         def impacted_services: () -> ::Array[::String]
         def case_attachments: () -> ::Array[Types::CaseAttachmentAttributes]
         def closed_date: () -> ::Time
+        def case_metadata: () -> ::Array[Types::CaseMetadataEntry]
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecurityIR/Client.html#get_case-instance_method
       def get_case: (
@@ -301,6 +302,19 @@ module Aws
                          ) -> _ListCommentsResponseSuccess
                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListCommentsResponseSuccess
 
+      interface _ListInvestigationsResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::ListInvestigationsResponse]
+        def next_token: () -> ::String
+        def investigation_actions: () -> ::Array[Types::InvestigationAction]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecurityIR/Client.html#list_investigations-instance_method
+      def list_investigations: (
+                                 ?next_token: ::String,
+                                 ?max_results: ::Integer,
+                                 case_id: ::String
+                               ) -> _ListInvestigationsResponseSuccess
+                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListInvestigationsResponseSuccess
+
       interface _ListMembershipsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::ListMembershipsResponse]
         def next_token: () -> ::String
@@ -323,6 +337,18 @@ module Aws
                                   ) -> _ListTagsForResourceResponseSuccess
                                 | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListTagsForResourceResponseSuccess
 
+      interface _SendFeedbackResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::SendFeedbackResponse]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SecurityIR/Client.html#send_feedback-instance_method
+      def send_feedback: (
+                           case_id: ::String,
+                           result_id: ::String,
+                           usefulness: ("USEFUL" | "NOT_USEFUL"),
+                           ?comment: ::String
+                         ) -> _SendFeedbackResponseSuccess
+                       | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _SendFeedbackResponseSuccess
+
       interface _TagResourceResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::TagResourceOutput]
       end
@@ -393,7 +419,13 @@ module Aws
                            },
                          ],
                          ?impacted_accounts_to_add: Array[::String],
-                         ?impacted_accounts_to_delete: Array[::String]
+                         ?impacted_accounts_to_delete: Array[::String],
+                         ?case_metadata: Array[
+                           {
+                             key: ::String,
+                             value: ::String
+                           },
+                         ]
                        ) -> _UpdateCaseResponseSuccess
                      | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateCaseResponseSuccess
 

data/sig/types.rbs

@@ -52,6 +52,12 @@ module Aws::SecurityIR
       SENSITIVE: []
     end
 
+    class CaseMetadataEntry
+      attr_accessor key: ::String
+      attr_accessor value: ::String
+      SENSITIVE: []
+    end
+
     class CloseCaseRequest
       attr_accessor case_id: ::String
       SENSITIVE: []
@@ -167,6 +173,7 @@ module Aws::SecurityIR
       attr_accessor impacted_services: ::Array[::String]
       attr_accessor case_attachments: ::Array[Types::CaseAttachmentAttributes]
       attr_accessor closed_date: ::Time
+      attr_accessor case_metadata: ::Array[Types::CaseMetadataEntry]
       SENSITIVE: [:title, :description]
     end
 
@@ -230,6 +237,24 @@ module Aws::SecurityIR
       SENSITIVE: []
     end
 
+    class InvestigationAction
+      attr_accessor investigation_id: ::String
+      attr_accessor action_type: ("Evidence" | "Investigation" | "Summarization")
+      attr_accessor title: ::String
+      attr_accessor content: ::String
+      attr_accessor status: ("Pending" | "InProgress" | "Waiting" | "Completed" | "Failed" | "Cancelled")
+      attr_accessor last_updated: ::Time
+      attr_accessor feedback: Types::InvestigationFeedback
+      SENSITIVE: []
+    end
+
+    class InvestigationFeedback
+      attr_accessor usefulness: ("USEFUL" | "NOT_USEFUL")
+      attr_accessor comment: ::String
+      attr_accessor submitted_at: ::Time
+      SENSITIVE: []
+    end
+
     class ListCaseEditsRequest
       attr_accessor next_token: ::String
       attr_accessor max_results: ::Integer
@@ -295,6 +320,19 @@ module Aws::SecurityIR
       SENSITIVE: []
     end
 
+    class ListInvestigationsRequest
+      attr_accessor next_token: ::String
+      attr_accessor max_results: ::Integer
+      attr_accessor case_id: ::String
+      SENSITIVE: []
+    end
+
+    class ListInvestigationsResponse
+      attr_accessor next_token: ::String
+      attr_accessor investigation_actions: ::Array[Types::InvestigationAction]
+      SENSITIVE: []
+    end
+
     class ListMembershipItem
       attr_accessor membership_id: ::String
       attr_accessor account_id: ::String
@@ -355,6 +393,17 @@ module Aws::SecurityIR
       SENSITIVE: []
     end
 
+    class SendFeedbackRequest
+      attr_accessor case_id: ::String
+      attr_accessor result_id: ::String
+      attr_accessor usefulness: ("USEFUL" | "NOT_USEFUL")
+      attr_accessor comment: ::String
+      SENSITIVE: []
+    end
+
+    class SendFeedbackResponse < Aws::EmptyStructure
+    end
+
     class ServiceQuotaExceededException
       attr_accessor message: ::String
       attr_accessor resource_id: ::String
@@ -426,6 +475,7 @@ module Aws::SecurityIR
       attr_accessor impacted_aws_regions_to_delete: ::Array[Types::ImpactedAwsRegion]
       attr_accessor impacted_accounts_to_add: ::Array[::String]
       attr_accessor impacted_accounts_to_delete: ::Array[::String]
+      attr_accessor case_metadata: ::Array[Types::CaseMetadataEntry]
       SENSITIVE: [:title, :description]
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-securityir
 version: !ruby/object:Gem::Version
-  version: 1.16.0
+  version: 1.17.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.234.0
+        version: 3.239.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.234.0
+        version: 3.239.1
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement