InvestigationDetail
Details about the investigation related to a potential security event identified by Detective.
Contents
- CreatedTime
-
The time stamp of the creation time of the investigation report. The value is an UTC ISO8601 formatted string. For example,
2021-08-18T16:35:56.284Z.Type: Timestamp
Required: No
- EntityArn
-
The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
Type: String
Pattern:
^arn:.*Required: No
- EntityType
-
Type of entity. For example, AWS accounts, such as IAM user and role.
Type: String
Valid Values:
IAM_ROLE | IAM_USERRequired: No
- InvestigationId
-
The investigation ID of the investigation report.
Type: String
Length Constraints: Fixed length of 21.
Pattern:
^[0-9]+$Required: No
- Severity
-
Severity based on the likelihood and impact of the indicators of compromise discovered in the investigation.
Type: String
Valid Values:
INFORMATIONAL | LOW | MEDIUM | HIGH | CRITICALRequired: No
- State
-
The current state of the investigation. An archived investigation indicates you have completed reviewing the investigation.
Type: String
Valid Values:
ACTIVE | ARCHIVEDRequired: No
- Status
-
Status based on the completion status of the investigation.
Type: String
Valid Values:
RUNNING | FAILED | SUCCESSFULRequired: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
