Expand description
Data structures used by operation inputs/outputs.
Modules§
Structs§
- Account
An Amazon Web Services account that is the administrator account of or a member of a behavior graph.
- Administrator
Information about the Detective administrator account for an organization.
- Datasource
Package Ingest Detail Details about the data source packages ingested by your behavior graph.
- Datasource
Package Usage Info Information on the usage of a data source package in the behavior graph.
- Date
Filter Contains details on the time range used to filter data.
- Filter
Criteria Details on the criteria used to define the filter for investigation results.
- Flagged
IpAddress Detail Contains information on suspicious IP addresses identified as indicators of compromise. This indicator is derived from Amazon Web Services threat intelligence.
- Graph
A behavior graph in Detective.
- Impossible
Travel Detail Contains information on unusual and impossible travel in an account.
- Indicator
Detective investigations triages indicators of compromises such as a finding and surfaces only the most critical and suspicious issues, so you can focus on high-level investigations. An
Indicatorlets you determine if an Amazon Web Services resource is involved in unusual activity that could indicate malicious behavior and its impact.- Indicator
Detail Details about the indicators of compromise which are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. For the list of indicators of compromise that are generated by Detective investigations, see Detective investigations.
- Investigation
Detail Details about the investigation related to a potential security event identified by Detective.
- Member
Detail Details about a member account in a behavior graph.
- Membership
Datasources Details on data source packages for members of the behavior graph.
- NewAso
Detail Details new Autonomous System Organizations (ASOs) used either at the resource or account level.
- NewGeolocation
Detail Details new geolocations used either at the resource or account level. For example, lists an observed geolocation that is an infrequent or unused location based on previous user activity.
- NewUser
Agent Detail Details new user agents used either at the resource or account level.
- Related
Finding Detail Details related activities associated with a potential security event. Lists all distinct categories of evidence that are connected to the resource or the finding group.
- Related
Finding Group Detail Details multiple activities as they related to a potential security event. Detective uses graph analysis technique that infers relationships between findings and entities, and groups them together as a finding group.
- Sort
Criteria Details about the criteria used for sorting investigations.
- String
Filter A string for filtering Detective investigations.
- Timestamp
ForCollection Details on when data collection began for a source package.
- TtPs
Observed Detail Details tactics, techniques, and procedures (TTPs) used in a potential security event. Tactics are based on MITRE ATT&CK Matrix for Enterprise.
- Unprocessed
Account A member account that was included in a request but for which the request could not be processed.
- Unprocessed
Graph Behavior graphs that could not be processed in the request.
Enums§
- Datasource
Package - When writing a match expression against
DatasourcePackage, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Datasource
Package Ingest State - When writing a match expression against
DatasourcePackageIngestState, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Entity
Type - When writing a match expression against
EntityType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Error
Code - When writing a match expression against
ErrorCode, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Field
- When writing a match expression against
Field, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Indicator
Type - When writing a match expression against
IndicatorType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Invitation
Type - When writing a match expression against
InvitationType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Member
Disabled Reason - When writing a match expression against
MemberDisabledReason, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Member
Status - When writing a match expression against
MemberStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Reason
- When writing a match expression against
Reason, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Severity
- When writing a match expression against
Severity, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Sort
Order - When writing a match expression against
SortOrder, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - State
- When writing a match expression against
State, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature. - Status
- When writing a match expression against
Status, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.