SDK for PHP 3.x
Security Incident Response 2018-05-10
- Client: Aws\SecurityIR\SecurityIRClient
- Service ID: security-ir
- Version: 2018-05-10
This page describes the parameters and results for the operations of the Security Incident Response (2018-05-10), and shows how to use the Aws\SecurityIR\SecurityIRClient object to call the described operations. This documentation is specific to the 2018-05-10 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- BatchGetMemberAccountDetails ( array $params = [] )
- Grants permission to view an existing membership.
- CancelMembership ( array $params = [] )
- Grants permissions to cancel an existing membership.
- CloseCase ( array $params = [] )
- Grants permission to close an existing case.
- CreateCase ( array $params = [] )
- Grants permission to create a new case.
- CreateCaseComment ( array $params = [] )
- Grants permission to add a comment to an existing case.
- CreateMembership ( array $params = [] )
- Grants permissions to create a new membership.
- GetCase ( array $params = [] )
- Grant permission to view a designated case.
- GetCaseAttachmentDownloadUrl ( array $params = [] )
- Grants permission to obtain an Amazon S3 presigned URL to download an attachment.
- GetCaseAttachmentUploadUrl ( array $params = [] )
- Grants permission to upload an attachment to a case.
- GetMembership ( array $params = [] )
- Grants permission to get details of a designated service membership.
- ListCaseEdits ( array $params = [] )
- Grants permissions to view the aidt log for edits made to a designated case.
- ListCases ( array $params = [] )
- Grants permission to list all cases the requester has access to.
- ListComments ( array $params = [] )
- Grants permissions to list and view comments for a designated case.
- ListMemberships ( array $params = [] )
- Grants permission to query the memberships a principal has access to.
- ListTagsForResource ( array $params = [] )
- Grants permission to view currently configured tags on a resource.
- TagResource ( array $params = [] )
- Grants permission to add a tag(s) to a designated resource.
- UntagResource ( array $params = [] )
- Grants permission to remove a tag(s) from a designate resource.
- UpdateCase ( array $params = [] )
- Grants permission to update an existing case.
- UpdateCaseComment ( array $params = [] )
- Grants permission to update an existing case comment.
- UpdateCaseStatus ( array $params = [] )
- Grants permission to update the status for a designated cases.
- UpdateMembership ( array $params = [] )
- Grants access to UpdateMembership to change membership configuration.
- UpdateResolverType ( array $params = [] )
- Grants permission to update the resolver type for a case.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
BatchGetMemberAccountDetails
$result = $client->batchGetMemberAccountDetails([/* ... */]); $promise = $client->batchGetMemberAccountDetailsAsync([/* ... */]);
Grants permission to view an existing membership.
Parameter Syntax
$result = $client->batchGetMemberAccountDetails([
'accountIds' => ['<string>', ...], // REQUIRED
'membershipId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accountIds
-
- Required: Yes
- Type: Array of strings
Optional element to query the membership relationship status to a provided list of account IDs.
- membershipId
-
- Required: Yes
- Type: string
Required element used in combination with BatchGetMemberAccountDetails to identify the membership ID to query.
Result Syntax
[
'errors' => [
[
'accountId' => '<string>',
'error' => '<string>',
'message' => '<string>',
],
// ...
],
'items' => [
[
'accountId' => '<string>',
'relationshipStatus' => 'Associated|Disassociated',
'relationshipType' => 'Organization',
],
// ...
],
]
Result Details
Members
- errors
-
- Type: Array of GetMembershipAccountDetailError structures
The response element providing errors messages for requests to GetMembershipAccountDetails.
- items
-
- Type: Array of GetMembershipAccountDetailItem structures
The response element providing responses for requests to GetMembershipAccountDetails.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke BatchGetMemberAccountDetails
$result = $client->batchGetMemberAccountDetails([
'accountIds' => [
'123412341234',
],
'membershipId' => 'm-abcd1234efgh',
]);
Result syntax:
[
'items' => [
[
'accountId' => '123412341234',
'relationshipStatus' => 'Associated',
'relationshipType' => 'Organization',
],
],
]
CancelMembership
$result = $client->cancelMembership([/* ... */]); $promise = $client->cancelMembershipAsync([/* ... */]);
Grants permissions to cancel an existing membership.
Parameter Syntax
$result = $client->cancelMembership([
'membershipId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- membershipId
-
- Required: Yes
- Type: string
Required element used in combination with CancelMembershipRequest to identify the membership ID to cancel.
Result Syntax
[
'membershipId' => '<string>',
]
Result Details
Members
- membershipId
-
- Required: Yes
- Type: string
The response element providing responses for requests to CancelMembershipRequest.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke CancelMembership
$result = $client->cancelMembership([
'membershipId' => 'm-abcd1234efgh',
]);
Result syntax:
[
'membershipId' => 'm-abcd1234efgh',
]
CloseCase
$result = $client->closeCase([/* ... */]); $promise = $client->closeCaseAsync([/* ... */]);
Grants permission to close an existing case.
Parameter Syntax
$result = $client->closeCase([
'caseId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element used in combination with CloseCase to identify the case ID to close.
Result Syntax
[
'caseStatus' => 'Submitted|Acknowledged|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities|Ready to Close|Closed',
'closedDate' => <DateTime>,
]
Result Details
Members
- caseStatus
-
- Type: string
A response element providing responses for requests to CloseCase. This element responds with the case status following the action.
- closedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A response element providing responses for requests to CloseCase. This element responds with the case closure date following the action.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke CloseCase
$result = $client->closeCase([
'caseId' => '8403556009',
]);
Result syntax:
[
'caseStatus' => 'Closed',
'closedDate' => ,
]
CreateCase
$result = $client->createCase([/* ... */]); $promise = $client->createCaseAsync([/* ... */]);
Grants permission to create a new case.
Parameter Syntax
$result = $client->createCase([
'clientToken' => '<string>',
'description' => '<string>', // REQUIRED
'engagementType' => 'Security Incident|Investigation', // REQUIRED
'impactedAccounts' => ['<string>', ...], // REQUIRED
'impactedAwsRegions' => [
[
'region' => 'af-south-1|ap-east-1|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', // REQUIRED
],
// ...
],
'impactedServices' => ['<string>', ...],
'reportedIncidentStartDate' => <integer || string || DateTime>, // REQUIRED
'resolverType' => 'AWS|Self', // REQUIRED
'tags' => ['<string>', ...],
'threatActorIpAddresses' => [
[
'ipAddress' => '<string>', // REQUIRED
'userAgent' => '<string>',
],
// ...
],
'title' => '<string>', // REQUIRED
'watchers' => [ // REQUIRED
[
'email' => '<string>', // REQUIRED
'jobTitle' => '<string>',
'name' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- clientToken
-
- Type: string
Required element used in combination with CreateCase.
- description
-
- Required: Yes
- Type: string
Required element used in combination with CreateCase to provide a description for the new case.
- engagementType
-
- Required: Yes
- Type: string
Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation
- impactedAccounts
-
- Required: Yes
- Type: Array of strings
Required element used in combination with CreateCase to provide a list of impacted accounts.
- impactedAwsRegions
-
- Type: Array of ImpactedAwsRegion structures
An optional element used in combination with CreateCase to provide a list of impacted regions.
- impactedServices
-
- Type: Array of strings
An optional element used in combination with CreateCase to provide a list of services impacted.
- reportedIncidentStartDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity.
- resolverType
-
- Required: Yes
- Type: string
Required element used in combination with CreateCase to identify the resolver type. Available resolvers include self-supported | aws-supported.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
An optional element used in combination with CreateCase to add customer specified tags to a case.
- threatActorIpAddresses
-
- Type: Array of ThreatActorIp structures
An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity.
- title
-
- Required: Yes
- Type: string
Required element used in combination with CreateCase to provide a title for the new case.
- watchers
-
- Required: Yes
- Type: Array of Watcher structures
Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates.
Result Syntax
[
'caseId' => '<string>',
]
Result Details
Members
- caseId
-
- Required: Yes
- Type: string
A response element providing responses for requests to CreateCase. This element responds with the case ID.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke CreateCase
$result = $client->createCase([
'description' => 'Case description',
'engagementType' => 'Investigation',
'impactedAccounts' => [
'000000000000',
'111111111111',
],
'impactedAwsRegions' => [
[
'region' => 'ap-southeast-1',
],
],
'impactedServices' => [
'Amazon EC2',
'Amazon EKS',
],
'reportedIncidentStartDate' => ,
'resolverType' => 'Self',
'threatActorIpAddresses' => [
[
'ipAddress' => '192.168.192.168',
'userAgent' => 'Browser',
],
],
'title' => 'My sample case',
'watchers' => [
[
'name' => 'Alice',
'email' => 'alice@example.com',
'jobTitle' => 'CEO',
],
[
'name' => 'Bob',
'email' => 'bob@example.com',
'jobTitle' => 'CFO',
],
],
]);
CreateCaseComment
$result = $client->createCaseComment([/* ... */]); $promise = $client->createCaseCommentAsync([/* ... */]);
Grants permission to add a comment to an existing case.
Parameter Syntax
$result = $client->createCaseComment([
'body' => '<string>', // REQUIRED
'caseId' => '<string>', // REQUIRED
'clientToken' => '<string>',
]);
Parameter Details
Members
- body
-
- Required: Yes
- Type: string
Required element used in combination with CreateCaseComment to add content for the new comment.
- caseId
-
- Required: Yes
- Type: string
Required element used in combination with CreateCaseComment to specify a case ID.
- clientToken
-
- Type: string
An optional element used in combination with CreateCaseComment.
Result Syntax
[
'commentId' => '<string>',
]
Result Details
Members
- commentId
-
- Required: Yes
- Type: string
Response element indicating the new comment ID.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke CreateCaseComment
$result = $client->createCaseComment([
'body' => 'Case comment body.',
'caseId' => '8403556009',
]);
Result syntax:
[
'commentId' => '000000',
]
CreateMembership
$result = $client->createMembership([/* ... */]); $promise = $client->createMembershipAsync([/* ... */]);
Grants permissions to create a new membership.
Parameter Syntax
$result = $client->createMembership([
'clientToken' => '<string>',
'incidentResponseTeam' => [ // REQUIRED
[
'email' => '<string>', // REQUIRED
'jobTitle' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
],
// ...
],
'membershipName' => '<string>', // REQUIRED
'optInFeatures' => [
[
'featureName' => 'Triage', // REQUIRED
'isEnabled' => true || false, // REQUIRED
],
// ...
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- clientToken
-
- Type: string
An optional element used in combination with CreateMembership.
- incidentResponseTeam
-
- Required: Yes
- Type: Array of IncidentResponder structures
Required element use in combination with CreateMembership to add customer incident response team members and trusted partners to the membership.
- membershipName
-
- Required: Yes
- Type: string
Required element use in combination with CreateMembership to create a name for the membership.
- optInFeatures
-
- Type: Array of OptInFeature structures
Optional element to enable the monitoring and investigation opt-in features for the service.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
Optional element for customer configured tags.
Result Syntax
[
'membershipId' => '<string>',
]
Result Details
Members
- membershipId
-
- Required: Yes
- Type: string
Response element for CreateMembership providing the newly created membership ID.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke CreateMembership
$result = $client->createMembership([
'incidentResponseTeam' => [
[
'name' => 'Bob Jones',
'email' => 'bob.jones@gmail.com',
'jobTitle' => 'Security Responder',
],
[
'name' => 'Alice',
'email' => 'alice@example.com',
'jobTitle' => 'CEO',
],
],
'membershipName' => 'Example Membership Name.',
'optInFeatures' => [
[
'featureName' => 'Triage',
'isEnabled' => 1,
],
],
]);
Result syntax:
[
'membershipId' => 'm-abcd1234efgh',
]
GetCase
$result = $client->getCase([/* ... */]); $promise = $client->getCaseAsync([/* ... */]);
Grant permission to view a designated case.
Parameter Syntax
$result = $client->getCase([
'caseId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for GetCase to identify the requested case ID.
Result Syntax
[
'actualIncidentStartDate' => <DateTime>,
'caseArn' => '<string>',
'caseAttachments' => [
[
'attachmentId' => '<string>',
'attachmentStatus' => 'Verified|Failed|Pending',
'createdDate' => <DateTime>,
'creator' => '<string>',
'fileName' => '<string>',
],
// ...
],
'caseStatus' => 'Submitted|Acknowledged|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities|Ready to Close|Closed',
'closedDate' => <DateTime>,
'closureCode' => 'Investigation Completed|Not Resolved|False Positive|Duplicate',
'createdDate' => <DateTime>,
'description' => '<string>',
'engagementType' => 'Security Incident|Investigation',
'impactedAccounts' => ['<string>', ...],
'impactedAwsRegions' => [
[
'region' => 'af-south-1|ap-east-1|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2',
],
// ...
],
'impactedServices' => ['<string>', ...],
'lastUpdatedDate' => <DateTime>,
'pendingAction' => 'Customer|None',
'reportedIncidentStartDate' => <DateTime>,
'resolverType' => 'AWS|Self',
'threatActorIpAddresses' => [
[
'ipAddress' => '<string>',
'userAgent' => '<string>',
],
// ...
],
'title' => '<string>',
'watchers' => [
[
'email' => '<string>',
'jobTitle' => '<string>',
'name' => '<string>',
],
// ...
],
]
Result Details
Members
- actualIncidentStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the actual incident start date as identified by data analysis during the investigation.
- caseArn
-
- Type: string
Response element for GetCase that provides the case ARN
- caseAttachments
-
- Type: Array of CaseAttachmentAttributes structures
Response element for GetCase that provides a list of current case attachments.
- caseStatus
-
- Type: string
Response element for GetCase that provides the case status. Options for statuses include
Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed - closedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the date a specified case was closed.
- closureCode
-
- Type: string
Response element for GetCase that provides the summary code for why a case was closed.
- createdDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the date the case was created.
- description
-
- Type: string
Response element for GetCase that provides contents of the case description.
- engagementType
-
- Type: string
Response element for GetCase that provides the engagement type. Options for engagement type include
Active Security Event | Investigations - impactedAccounts
-
- Type: Array of strings
Response element for GetCase that provides a list of impacted accounts.
- impactedAwsRegions
-
- Type: Array of ImpactedAwsRegion structures
Response element for GetCase that provides the impacted regions.
- impactedServices
-
- Type: Array of strings
Response element for GetCase that provides a list of impacted services.
- lastUpdatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the date a case was last modified.
- pendingAction
-
- Type: string
Response element for GetCase that provides identifies the case is waiting on customer input.
- reportedIncidentStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the customer provided incident start date.
- resolverType
-
- Type: string
Response element for GetCase that provides the current resolver types. Options include
self-supported | AWS-supported. - threatActorIpAddresses
-
- Type: Array of ThreatActorIp structures
Response element for GetCase that provides a list of suspicious IP addresses associated with unauthorized activity.
- title
-
- Type: string
Response element for GetCase that provides the case title.
- watchers
-
- Type: Array of Watcher structures
Response element for GetCase that provides a list of Watchers added to the case.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke GetCase
$result = $client->getCase([
'caseId' => '8403556009',
]);
Result syntax:
[
'actualIncidentStartDate' => ,
'caseArn' => 'arn:aws:security-ir:us-west-1:123456789012:case/1234567890',
'caseStatus' => 'Submitted',
'createdDate' => ,
'description' => 'Case description',
'engagementType' => 'Investigation',
'impactedAccounts' => [
'000000000000',
'111111111111',
],
'impactedAwsRegions' => [
[
'region' => 'ap-southeast-1',
],
],
'impactedServices' => [
'Amazon EC2',
'Amazon EKS',
],
'lastUpdatedDate' => ,
'pendingAction' => 'Customer',
'reportedIncidentStartDate' => ,
'resolverType' => 'Self',
'threatActorIpAddresses' => [
[
'ipAddress' => '192.168.192.168',
'userAgent' => 'Browser',
],
],
'title' => 'My sample case',
'watchers' => [
[
'name' => 'Alice',
'email' => 'alice@example.com',
'jobTitle' => 'CEO',
],
[
'name' => 'Bob',
'email' => 'bob@example.com',
'jobTitle' => 'CFO',
],
],
]
GetCaseAttachmentDownloadUrl
$result = $client->getCaseAttachmentDownloadUrl([/* ... */]); $promise = $client->getCaseAttachmentDownloadUrlAsync([/* ... */]);
Grants permission to obtain an Amazon S3 presigned URL to download an attachment.
Parameter Syntax
$result = $client->getCaseAttachmentDownloadUrl([
'attachmentId' => '<string>', // REQUIRED
'caseId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- attachmentId
-
- Required: Yes
- Type: string
Required element for GetCaseAttachmentDownloadUrl to identify the attachment ID for downloading an attachment.
- caseId
-
- Required: Yes
- Type: string
Required element for GetCaseAttachmentDownloadUrl to identify the case ID for downloading an attachment from.
Result Syntax
[
'attachmentPresignedUrl' => '<string>',
]
Result Details
Members
- attachmentPresignedUrl
-
- Required: Yes
- Type: string
Response element providing the Amazon S3 presigned URL to download an attachment.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke GetCaseAttachmentDownloadUrl
$result = $client->getCaseAttachmentDownloadUrl([
'attachmentId' => '3C5A6B89-1DEF-4C2D-A5B6-123456789ABC',
'caseId' => '8403556009',
]);
Result syntax:
[
'attachmentPresignedUrl' => 'https://presignedurl.com',
]
GetCaseAttachmentUploadUrl
$result = $client->getCaseAttachmentUploadUrl([/* ... */]); $promise = $client->getCaseAttachmentUploadUrlAsync([/* ... */]);
Grants permission to upload an attachment to a case.
Parameter Syntax
$result = $client->getCaseAttachmentUploadUrl([
'caseId' => '<string>', // REQUIRED
'clientToken' => '<string>',
'contentLength' => <integer>, // REQUIRED
'fileName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for GetCaseAttachmentUploadUrl to identify the case ID for uploading an attachment to.
- clientToken
-
- Type: string
Optional element for customer provided token.
- contentLength
-
- Required: Yes
- Type: long (int|float)
Required element for GetCaseAttachmentUploadUrl to identify the size od the file attachment.
- fileName
-
- Required: Yes
- Type: string
Required element for GetCaseAttachmentUploadUrl to identify the file name of the attachment to upload.
Result Syntax
[
'attachmentPresignedUrl' => '<string>',
]
Result Details
Members
- attachmentPresignedUrl
-
- Required: Yes
- Type: string
Response element providing the Amazon S3 presigned UTL to upload the attachment.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke GetCaseAttachmentUploadUrl
$result = $client->getCaseAttachmentUploadUrl([
'caseId' => '8403556009',
'contentLength' => 1500,
'fileName' => 'TestFileName',
]);
Result syntax:
[
'attachmentPresignedUrl' => 'https://presignedurl.com',
]
GetMembership
$result = $client->getMembership([/* ... */]); $promise = $client->getMembershipAsync([/* ... */]);
Grants permission to get details of a designated service membership.
Parameter Syntax
$result = $client->getMembership([
'membershipId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- membershipId
-
- Required: Yes
- Type: string
Required element for GetMembership to identify the membership ID to query.
Result Syntax
[
'accountId' => '<string>',
'customerType' => 'Standalone|Organization',
'incidentResponseTeam' => [
[
'email' => '<string>',
'jobTitle' => '<string>',
'name' => '<string>',
],
// ...
],
'membershipActivationTimestamp' => <DateTime>,
'membershipArn' => '<string>',
'membershipDeactivationTimestamp' => <DateTime>,
'membershipId' => '<string>',
'membershipName' => '<string>',
'membershipStatus' => 'Active|Cancelled|Terminated',
'numberOfAccountsCovered' => <integer>,
'optInFeatures' => [
[
'featureName' => 'Triage',
'isEnabled' => true || false,
],
// ...
],
'region' => 'af-south-1|ap-east-1|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2',
]
Result Details
Members
- accountId
-
- Type: string
Response element for GetMembership that provides the configured account for managing the membership.
- customerType
-
- Type: string
Response element for GetMembership that provides the configured membership type. Options include
Standalone | Organizations. - incidentResponseTeam
-
- Type: Array of IncidentResponder structures
Response element for GetMembership that provides the configured membership incident response team members.
- membershipActivationTimestamp
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetMembership that provides the configured membership activation timestamp.
- membershipArn
-
- Type: string
Response element for GetMembership that provides the membership ARN.
- membershipDeactivationTimestamp
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetMembership that provides the configured membership name deactivation timestamp.
- membershipId
-
- Required: Yes
- Type: string
Response element for GetMembership that provides the queried membership ID.
- membershipName
-
- Type: string
Response element for GetMembership that provides the configured membership name.
- membershipStatus
-
- Type: string
Response element for GetMembership that provides the current membership status.
- numberOfAccountsCovered
-
- Type: long (int|float)
Response element for GetMembership that provides the number of accounts in the membership.
- optInFeatures
-
- Type: Array of OptInFeature structures
Response element for GetMembership that provides the if opt-in features have been enabled.
- region
-
- Type: string
Response element for GetMembership that provides the configured region for managing the membership.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke GetMembership
$result = $client->getMembership([
'membershipId' => 'm-abcd1234efgh',
]);
Result syntax:
[
'accountId' => '123412341234',
'customerType' => 'Standalone',
'incidentResponseTeam' => [
[
'name' => 'Bob Jones',
'email' => 'bob.jones@gmail.com',
'jobTitle' => 'Security Responder',
],
[
'name' => 'Alice',
'email' => 'alice@example.com',
'jobTitle' => 'CEO',
],
],
'membershipActivationTimestamp' => ,
'membershipArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh',
'membershipDeactivationTimestamp' => ,
'membershipId' => 'm-abcd1234efgh',
'membershipName' => 'Example Membership',
'membershipStatus' => 'Active',
'numberOfAccountsCovered' => 50,
'optInFeatures' => [
[
'featureName' => 'Triage',
'isEnabled' => 1,
],
],
'region' => 'af-south-1',
]
ListCaseEdits
$result = $client->listCaseEdits([/* ... */]); $promise = $client->listCaseEditsAsync([/* ... */]);
Grants permissions to view the aidt log for edits made to a designated case.
Parameter Syntax
$result = $client->listCaseEdits([
'caseId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element used with ListCaseEdits to identify the case to query.
- maxResults
-
- Type: int
Optional element to identify how many results to obtain. There is a maximum value of 25.
- nextToken
-
- Type: string
Optional element for a customer provided token.
Result Syntax
[
'items' => [
[
'action' => '<string>',
'eventTimestamp' => <DateTime>,
'message' => '<string>',
'principal' => '<string>',
],
// ...
],
'nextToken' => '<string>',
'total' => <integer>,
]
Result Details
Members
- items
-
- Type: Array of CaseEditItem structures
Response element for ListCaseEdits that includes the action, eventtimestamp, message, and principal for the response.
- nextToken
-
- Type: string
Optional element.
- total
-
- Type: int
Response element for ListCaseEdits that identifies the total number of edits.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke ListCaseEdits
$result = $client->listCaseEdits([
'caseId' => '8403556009',
]);
Result syntax:
[
'items' => [
[
'action' => 'Add comment',
'eventTimestamp' => ,
'message' => 'Added comment to ask question to responder.',
'principal' => '00000000000',
],
],
'total' => 1,
]
ListCases
$result = $client->listCases([/* ... */]); $promise = $client->listCasesAsync([/* ... */]);
Grants permission to list all cases the requester has access to.
Parameter Syntax
$result = $client->listCases([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Optional element for ListCases to limit the number of responses.
- nextToken
-
- Type: string
Optional element.
Result Syntax
[
'items' => [
[
'caseArn' => '<string>',
'caseId' => '<string>',
'caseStatus' => 'Submitted|Acknowledged|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities|Ready to Close|Closed',
'closedDate' => <DateTime>,
'createdDate' => <DateTime>,
'engagementType' => 'Security Incident|Investigation',
'lastUpdatedDate' => <DateTime>,
'pendingAction' => 'Customer|None',
'resolverType' => 'AWS|Self',
'title' => '<string>',
],
// ...
],
'nextToken' => '<string>',
'total' => <integer>,
]
Result Details
Members
- items
-
- Type: Array of ListCasesItem structures
Response element for ListCases that includes caseARN, caseID, caseStatus, closedDate, createdDate, engagementType, lastUpdatedDate, pendingAction, resolverType, and title for each response.
- nextToken
-
- Type: string
Optional element.
- total
-
- Type: long (int|float)
Response element for ListCases providing the total number of responses.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke ListCases
$result = $client->listCases([
'maxResults' => 10,
]);
Result syntax:
[
'items' => [
[
'caseArn' => 'arn:aws:security-ir:us-west-1:123456789012:case/1234567890',
'caseId' => '8403556009',
'caseStatus' => 'Acknowledged',
'createdDate' => ,
'engagementType' => 'Security Incident',
'lastUpdatedDate' => ,
'pendingAction' => 'None',
'resolverType' => 'Self',
'title' => 'Example case title',
],
],
'total' => 1,
]
ListComments
$result = $client->listComments([/* ... */]); $promise = $client->listCommentsAsync([/* ... */]);
Grants permissions to list and view comments for a designated case.
Parameter Syntax
$result = $client->listComments([
'caseId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for ListComments to designate the case to query.
- maxResults
-
- Type: int
Optional element for ListComments to limit the number of responses.
- nextToken
-
- Type: string
Optional element.
Result Syntax
[
'items' => [
[
'body' => '<string>',
'commentId' => '<string>',
'createdDate' => <DateTime>,
'creator' => '<string>',
'lastUpdatedBy' => '<string>',
'lastUpdatedDate' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
'total' => <integer>,
]
Result Details
Members
- items
-
- Type: Array of ListCommentsItem structures
Response element for ListComments providing the body, commentID, createDate, creator, lastUpdatedBy and lastUpdatedDate for each response.
- nextToken
-
- Type: string
Optional request elements.
- total
-
- Type: int
Response element for ListComments identifying the number of responses.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke ListComments
$result = $client->listComments([
'caseId' => '8403556009',
]);
Result syntax:
[
'items' => [
[
'body' => 'Case comment body.',
'commentId' => '000000',
],
],
'total' => 1,
]
ListMemberships
$result = $client->listMemberships([/* ... */]); $promise = $client->listMembershipsAsync([/* ... */]);
Grants permission to query the memberships a principal has access to.
Parameter Syntax
$result = $client->listMemberships([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Request element for ListMemberships to limit the number of responses.
- nextToken
-
- Type: string
Optional element.
Result Syntax
[
'items' => [
[
'accountId' => '<string>',
'membershipArn' => '<string>',
'membershipId' => '<string>',
'membershipStatus' => 'Active|Cancelled|Terminated',
'region' => 'af-south-1|ap-east-1|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- items
-
- Type: Array of ListMembershipItem structures
Request element for ListMemberships including the accountID, membershipARN, membershipID, membershipStatus, and region for each response.
- nextToken
-
- Type: string
Optional element.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke ListMemberships
$result = $client->listMemberships([
'maxResults' => 10,
]);
Result syntax:
[
'items' => [
[
'accountId' => '123123123123',
'membershipArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh',
'membershipId' => 'm-abcd1234efgh',
'membershipStatus' => 'Cancelled',
'region' => 'af-south-1',
],
],
]
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Grants permission to view currently configured tags on a resource.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
Required element for ListTagsForResource to provide the ARN to identify a specific resource.
Result Syntax
[
'tags' => ['<string>', ...],
]
Result Details
Members
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
Response element for ListTagsForResource providing content for each configured tag.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ResourceNotFoundException:
- ConflictException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke ListTagsForResource
$result = $client->listTagsForResource([
'resourceArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh',
]);
Result syntax:
[
'tags' => [
'key' => 'example-tag-key',
'value' => 'example-tag-value',
],
]
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Grants permission to add a tag(s) to a designated resource.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
Required element for TagResource to identify the ARN for the resource to add a tag to.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
Required element for ListTagsForResource to provide the content for a tag.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ResourceNotFoundException:
- ConflictException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke TagResource
$result = $client->tagResource([
'resourceArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh',
'tags' => [
'key' => 'example-tag-key',
'value' => 'example-tag-value',
],
]);
Result syntax:
[ ]
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Grants permission to remove a tag(s) from a designate resource.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
Required element for UnTagResource to identify the ARN for the resource to remove a tag from.
- tagKeys
-
- Required: Yes
- Type: Array of strings
Required element for UnTagResource to identify tag to remove.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ResourceNotFoundException:
- ConflictException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke UntagResource
$result = $client->untagResource([
'resourceArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh',
'tagKeys' => [
'example-tag-key',
],
]);
UpdateCase
$result = $client->updateCase([/* ... */]); $promise = $client->updateCaseAsync([/* ... */]);
Grants permission to update an existing case.
Parameter Syntax
$result = $client->updateCase([
'actualIncidentStartDate' => <integer || string || DateTime>,
'caseId' => '<string>', // REQUIRED
'description' => '<string>',
'engagementType' => 'Security Incident|Investigation',
'impactedAccountsToAdd' => ['<string>', ...],
'impactedAccountsToDelete' => ['<string>', ...],
'impactedAwsRegionsToAdd' => [
[
'region' => 'af-south-1|ap-east-1|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', // REQUIRED
],
// ...
],
'impactedAwsRegionsToDelete' => [
[
'region' => 'af-south-1|ap-east-1|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', // REQUIRED
],
// ...
],
'impactedServicesToAdd' => ['<string>', ...],
'impactedServicesToDelete' => ['<string>', ...],
'reportedIncidentStartDate' => <integer || string || DateTime>,
'threatActorIpAddressesToAdd' => [
[
'ipAddress' => '<string>', // REQUIRED
'userAgent' => '<string>',
],
// ...
],
'threatActorIpAddressesToDelete' => [
[
'ipAddress' => '<string>', // REQUIRED
'userAgent' => '<string>',
],
// ...
],
'title' => '<string>',
'watchersToAdd' => [
[
'email' => '<string>', // REQUIRED
'jobTitle' => '<string>',
'name' => '<string>',
],
// ...
],
'watchersToDelete' => [
[
'email' => '<string>', // REQUIRED
'jobTitle' => '<string>',
'name' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- actualIncidentStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Optional element for UpdateCase to provide content for the incident start date field.
- caseId
-
- Required: Yes
- Type: string
Required element for UpdateCase to identify the case ID for updates.
- description
-
- Type: string
Optional element for UpdateCase to provide content for the description field.
- engagementType
-
- Type: string
Optional element for UpdateCase to provide content for the engagement type field.
Available engagement types include Security Incident | Investigation. - impactedAccountsToAdd
-
- Type: Array of strings
Optional element for UpdateCase to provide content to add accounts impacted.
- impactedAccountsToDelete
-
- Type: Array of strings
Optional element for UpdateCase to provide content to add accounts impacted.
- impactedAwsRegionsToAdd
-
- Type: Array of ImpactedAwsRegion structures
Optional element for UpdateCase to provide content to add regions impacted.
- impactedAwsRegionsToDelete
-
- Type: Array of ImpactedAwsRegion structures
Optional element for UpdateCase to provide content to remove regions impacted.
- impactedServicesToAdd
-
- Type: Array of strings
Optional element for UpdateCase to provide content to add services impacted.
- impactedServicesToDelete
-
- Type: Array of strings
Optional element for UpdateCase to provide content to remove services impacted.
- reportedIncidentStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Optional element for UpdateCase to provide content for the customer reported incident start date field.
- threatActorIpAddressesToAdd
-
- Type: Array of ThreatActorIp structures
Optional element for UpdateCase to provide content to add additional suspicious IP addresses related to a case.
- threatActorIpAddressesToDelete
-
- Type: Array of ThreatActorIp structures
Optional element for UpdateCase to provide content to remove suspicious IP addresses from a case.
- title
-
- Type: string
Optional element for UpdateCase to provide content for the title field.
- watchersToAdd
-
- Type: Array of Watcher structures
Optional element for UpdateCase to provide content to add additional watchers to a case.
- watchersToDelete
-
- Type: Array of Watcher structures
Optional element for UpdateCase to provide content to remove existing watchers from a case.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateCase
$result = $client->updateCase([
'actualIncidentStartDate' => ,
'caseId' => '8403556009',
'description' => 'Case description',
'engagementType' => 'Investigation',
'impactedAccountsToAdd' => [
'000000000000',
],
'impactedAccountsToDelete' => [
'111111111111',
],
'impactedAwsRegionsToAdd' => [
[
'region' => 'ap-southeast-1',
],
],
'impactedAwsRegionsToDelete' => [
[
'region' => 'us-east-1',
],
],
'impactedServicesToAdd' => [
'Amazon EC2',
],
'impactedServicesToDelete' => [
'Amazon EKS',
],
'reportedIncidentStartDate' => ,
'threatActorIpAddressesToAdd' => [
[
'ipAddress' => '190.160.190.160',
'userAgent' => 'Browser',
],
],
'threatActorIpAddressesToDelete' => [
[
'ipAddress' => '192.168.192.168',
'userAgent' => 'Browser',
],
],
'title' => 'My sample case',
'watchersToAdd' => [
[
'name' => 'Same',
'email' => 'Sam@example.com',
'jobTitle' => 'CEO',
],
],
'watchersToDelete' => [
[
'name' => 'Bob',
'email' => 'bob@example.com',
'jobTitle' => 'CFO',
],
],
]);
Result syntax:
[ ]
UpdateCaseComment
$result = $client->updateCaseComment([/* ... */]); $promise = $client->updateCaseCommentAsync([/* ... */]);
Grants permission to update an existing case comment.
Parameter Syntax
$result = $client->updateCaseComment([
'body' => '<string>', // REQUIRED
'caseId' => '<string>', // REQUIRED
'commentId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- body
-
- Required: Yes
- Type: string
Required element for UpdateCaseComment to identify the content for the comment to be updated.
- caseId
-
- Required: Yes
- Type: string
Required element for UpdateCaseComment to identify the case ID containing the comment to be updated.
- commentId
-
- Required: Yes
- Type: string
Required element for UpdateCaseComment to identify the case ID to be updated.
Result Syntax
[
'body' => '<string>',
'commentId' => '<string>',
]
Result Details
Members
- body
-
- Type: string
Response element for UpdateCaseComment providing the updated comment content.
- commentId
-
- Required: Yes
- Type: string
Response element for UpdateCaseComment providing the updated comment ID.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateCaseComment
$result = $client->updateCaseComment([
'body' => 'Updated case comment.',
'caseId' => '8403556009',
'commentId' => '000000',
]);
Result syntax:
[
'body' => 'Updated case comment.',
'commentId' => '000000',
]
UpdateCaseStatus
$result = $client->updateCaseStatus([/* ... */]); $promise = $client->updateCaseStatusAsync([/* ... */]);
Grants permission to update the status for a designated cases. Options include Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed.
Parameter Syntax
$result = $client->updateCaseStatus([
'caseId' => '<string>', // REQUIRED
'caseStatus' => 'Submitted|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities', // REQUIRED
]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for UpdateCaseStatus to identify the case to update.
- caseStatus
-
- Required: Yes
- Type: string
Required element for UpdateCaseStatus to identify the status for a case. Options include
Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities.
Result Syntax
[
'caseStatus' => 'Submitted|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities',
]
Result Details
Members
- caseStatus
-
- Type: string
Response element for UpdateCaseStatus showing the newly configured status.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateCaseStatus
$result = $client->updateCaseStatus([
'caseId' => '8403556009',
'caseStatus' => 'Post-incident Activities',
]);
Result syntax:
[
'caseStatus' => 'Post-incident Activities',
]
UpdateMembership
$result = $client->updateMembership([/* ... */]); $promise = $client->updateMembershipAsync([/* ... */]);
Grants access to UpdateMembership to change membership configuration.
Parameter Syntax
$result = $client->updateMembership([
'incidentResponseTeam' => [
[
'email' => '<string>', // REQUIRED
'jobTitle' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
],
// ...
],
'membershipId' => '<string>', // REQUIRED
'membershipName' => '<string>',
'optInFeatures' => [
[
'featureName' => 'Triage', // REQUIRED
'isEnabled' => true || false, // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- incidentResponseTeam
-
- Type: Array of IncidentResponder structures
Optional element for UpdateMembership to update the membership name.
- membershipId
-
- Required: Yes
- Type: string
Required element for UpdateMembership to identify the membership to update.
- membershipName
-
- Type: string
Optional element for UpdateMembership to update the membership name.
- optInFeatures
-
- Type: Array of OptInFeature structures
Optional element for UpdateMembership to enable or disable opt-in features for the service.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateMembership
$result = $client->updateMembership([
'incidentResponseTeam' => [
[
'name' => 'Bob Jones',
'email' => 'bob.jones@gmail.com',
'jobTitle' => 'Security Responder',
],
[
'name' => 'Alice',
'email' => 'alice@example.com',
'jobTitle' => 'CEO',
],
],
'membershipId' => 'm-abcd1234efgh',
'membershipName' => 'New membership name',
'optInFeatures' => [
[
'featureName' => 'Triage',
'isEnabled' => 1,
],
],
]);
Result syntax:
[ ]
UpdateResolverType
$result = $client->updateResolverType([/* ... */]); $promise = $client->updateResolverTypeAsync([/* ... */]);
Grants permission to update the resolver type for a case.
This is a one-way action and cannot be reversed.
Options include self-supported > AWS-supported.
Parameter Syntax
$result = $client->updateResolverType([
'caseId' => '<string>', // REQUIRED
'resolverType' => 'AWS|Self', // REQUIRED
]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for UpdateResolverType to identify the case to update.
- resolverType
-
- Required: Yes
- Type: string
Required element for UpdateResolverType to identify the new resolver.
Result Syntax
[
'caseId' => '<string>',
'caseStatus' => 'Submitted|Acknowledged|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities|Ready to Close|Closed',
'resolverType' => 'AWS|Self',
]
Result Details
Members
- caseId
-
- Required: Yes
- Type: string
Response element for UpdateResolver identifying the case ID being updated.
- caseStatus
-
- Type: string
Response element for UpdateResolver identifying the current status of the case.
- resolverType
-
- Type: string
Response element for UpdateResolver identifying the current resolver of the case.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ConflictException:
- ResourceNotFoundException:
- ThrottlingException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateResolverType
$result = $client->updateResolverType([
'caseId' => '8403556009',
'resolverType' => 'AWS',
]);
Result syntax:
[
'caseId' => '8403556009',
'caseStatus' => 'Detection and Analysis',
'resolverType' => 'AWS',
]
Shapes
AccessDeniedException
Description
Members
- message
-
- Required: Yes
- Type: string
CaseAttachmentAttributes
Description
Members
- attachmentId
-
- Required: Yes
- Type: string
- attachmentStatus
-
- Required: Yes
- Type: string
- createdDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- creator
-
- Required: Yes
- Type: string
- fileName
-
- Required: Yes
- Type: string
CaseEditItem
Description
Members
- action
-
- Type: string
- eventTimestamp
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- message
-
- Type: string
- principal
-
- Type: string
ConflictException
Description
Members
- message
-
- Required: Yes
- Type: string
- resourceId
-
- Required: Yes
- Type: string
Element providing the ID of the resource affected.
- resourceType
-
- Required: Yes
- Type: string
Element providing the type of the resource affected.
GetMembershipAccountDetailError
Description
Members
- accountId
-
- Required: Yes
- Type: string
- error
-
- Required: Yes
- Type: string
- message
-
- Required: Yes
- Type: string
GetMembershipAccountDetailItem
Description
Members
- accountId
-
- Type: string
- relationshipStatus
-
- Type: string
- relationshipType
-
- Type: string
ImpactedAwsRegion
Description
Members
- region
-
- Required: Yes
- Type: string
IncidentResponder
Description
Members
-
- Required: Yes
- Type: string
- jobTitle
-
- Required: Yes
- Type: string
- name
-
- Required: Yes
- Type: string
InternalServerException
Description
Members
- message
-
- Required: Yes
- Type: string
- retryAfterSeconds
-
- Type: int
Element providing advice to clients on when the call can be safely retried.
InvalidTokenException
Description
Members
- message
-
- Required: Yes
- Type: string
ListCasesItem
Description
Members
- caseArn
-
- Type: string
- caseId
-
- Required: Yes
- Type: string
- caseStatus
-
- Type: string
- closedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- createdDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- engagementType
-
- Type: string
- lastUpdatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- pendingAction
-
- Type: string
- resolverType
-
- Type: string
- title
-
- Type: string
ListCommentsItem
Description
Members
- body
-
- Type: string
- commentId
-
- Required: Yes
- Type: string
- createdDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- creator
-
- Type: string
- lastUpdatedBy
-
- Type: string
- lastUpdatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
ListMembershipItem
Description
Members
- accountId
-
- Type: string
- membershipArn
-
- Type: string
- membershipId
-
- Required: Yes
- Type: string
- membershipStatus
-
- Type: string
- region
-
- Type: string
OptInFeature
Description
Members
- featureName
-
- Required: Yes
- Type: string
- isEnabled
-
- Required: Yes
- Type: boolean
ResourceNotFoundException
Description
Members
- message
-
- Required: Yes
- Type: string
SecurityIncidentResponseNotActiveException
Description
Members
- message
-
- Required: Yes
- Type: string
ServiceQuotaExceededException
Description
Members
- message
-
- Required: Yes
- Type: string
- quotaCode
-
- Required: Yes
- Type: string
Element that provides the quota that was exceeded.
- resourceId
-
- Required: Yes
- Type: string
Element that provides the ID of the resource affected.
- resourceType
-
- Required: Yes
- Type: string
Element that provides the type of the resource affected.
- serviceCode
-
- Required: Yes
- Type: string
Element that provides the originating service who made the call.
ThreatActorIp
Description
Members
- ipAddress
-
- Required: Yes
- Type: string
- userAgent
-
- Type: string
ThrottlingException
Description
Members
- message
-
- Required: Yes
- Type: string
- quotaCode
-
- Type: string
Element providing the quota of the originating service.
- retryAfterSeconds
-
- Type: int
Element providing advice to clients on when the call can be safely retried.
- serviceCode
-
- Type: string
Element providing the service code of the originating service.
ValidationException
Description
Members
- fieldList
-
- Type: Array of ValidationExceptionField structures
Element that provides the list of field(s) that caused the error, if applicable.
- message
-
- Required: Yes
- Type: string
- reason
-
- Required: Yes
- Type: string
Element that provides the reason the request failed validation.
ValidationExceptionField
Description
Members
- message
-
- Required: Yes
- Type: string
- name
-
- Required: Yes
- Type: string
Watcher
Description
Members
-
- Required: Yes
- Type: string
- jobTitle
-
- Type: string
- name
-
- Type: string