- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
StartInvestigationCommand
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. StartInvestigation initiates an investigation on an entity in a behavior graph.
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { DetectiveClient, StartInvestigationCommand } from "@aws-sdk/client-detective"; // ES Modules import
// const { DetectiveClient, StartInvestigationCommand } = require("@aws-sdk/client-detective"); // CommonJS import
const client = new DetectiveClient(config);
const input = { // StartInvestigationRequest
GraphArn: "STRING_VALUE", // required
EntityArn: "STRING_VALUE", // required
ScopeStartTime: new Date("TIMESTAMP"), // required
ScopeEndTime: new Date("TIMESTAMP"), // required
};
const command = new StartInvestigationCommand(input);
const response = await client.send(command);
// { // StartInvestigationResponse
// InvestigationId: "STRING_VALUE",
// };
StartInvestigationCommand Input
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
EntityArnRequired | string | undefined | The unique Amazon Resource Name (ARN) of the IAM user and IAM role. |
GraphArnRequired | string | undefined | The Amazon Resource Name (ARN) of the behavior graph. |
ScopeEndTimeRequired | Date | undefined | The data and time when the investigation ended. The value is an UTC ISO8601 formatted string. For example, |
ScopeStartTimeRequired | Date | undefined | The data and time when the investigation began. The value is an UTC ISO8601 formatted string. For example, |
StartInvestigationCommand Output
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
InvestigationId | string | undefined | The investigation ID of the investigation report. |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| AccessDeniedException | client | The request issuer does not have permission to access this resource or perform this operation. |
| InternalServerException | server | The request was valid but failed because of a problem with the service. |
| ResourceNotFoundException | client | The request refers to a nonexistent resource. |
| TooManyRequestsException | client | The request cannot be completed because too many other requests are occurring at the same time. |
| ValidationException | client | The request parameters are invalid. |
| DetectiveServiceException | Base exception class for all service exceptions from Detective service. |