# IndicatorDetail
<a name="API_IndicatorDetail"></a>

Details about the indicators of compromise which are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. For the list of indicators of compromise that are generated by Detective investigations, see [Detective investigations](https://docs.aws.amazon.com/detective/latest/userguide/detective-investigation-about.html).

## Contents
<a name="API_IndicatorDetail_Contents"></a>

 ** FlaggedIpAddressDetail **   <a name="detective-Type-IndicatorDetail-FlaggedIpAddressDetail"></a>
Suspicious IP addresses that are flagged, which indicates critical or severe threats based on threat intelligence by Detective. This indicator is derived from AWS threat intelligence.  
Type: [FlaggedIpAddressDetail](API_FlaggedIpAddressDetail.md) object  
Required: No

 ** ImpossibleTravelDetail **   <a name="detective-Type-IndicatorDetail-ImpossibleTravelDetail"></a>
Identifies unusual and impossible user activity for an account.   
Type: [ImpossibleTravelDetail](API_ImpossibleTravelDetail.md) object  
Required: No

 ** NewAsoDetail **   <a name="detective-Type-IndicatorDetail-NewAsoDetail"></a>
Contains details about the new Autonomous System Organization (ASO).  
Type: [NewAsoDetail](API_NewAsoDetail.md) object  
Required: No

 ** NewGeolocationDetail **   <a name="detective-Type-IndicatorDetail-NewGeolocationDetail"></a>
Contains details about the new geographic location.  
Type: [NewGeolocationDetail](API_NewGeolocationDetail.md) object  
Required: No

 ** NewUserAgentDetail **   <a name="detective-Type-IndicatorDetail-NewUserAgentDetail"></a>
Contains details about the new user agent.  
Type: [NewUserAgentDetail](API_NewUserAgentDetail.md) object  
Required: No

 ** RelatedFindingDetail **   <a name="detective-Type-IndicatorDetail-RelatedFindingDetail"></a>
Contains details about related findings.  
Type: [RelatedFindingDetail](API_RelatedFindingDetail.md) object  
Required: No

 ** RelatedFindingGroupDetail **   <a name="detective-Type-IndicatorDetail-RelatedFindingGroupDetail"></a>
Contains details about related finding groups.  
Type: [RelatedFindingGroupDetail](API_RelatedFindingGroupDetail.md) object  
Required: No

 ** TTPsObservedDetail **   <a name="detective-Type-IndicatorDetail-TTPsObservedDetail"></a>
Details about the indicator of compromise.  
Type: [TTPsObservedDetail](API_TTPsObservedDetail.md) object  
Required: No

## See Also
<a name="API_IndicatorDetail_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/detective-2018-10-26/IndicatorDetail) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/detective-2018-10-26/IndicatorDetail) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/detective-2018-10-26/IndicatorDetail)