Indicator
Contains information about the indicators that include a set of signals observed in an attack sequence.
Contents
- key
-
Specific indicator keys observed in the attack sequence.
Type: String
Valid Values:
SUSPICIOUS_USER_AGENT | SUSPICIOUS_NETWORK | MALICIOUS_IP | TOR_IP | ATTACK_TACTIC | HIGH_RISK_API | ATTACK_TECHNIQUE | UNUSUAL_API_FOR_ACCOUNT | UNUSUAL_ASN_FOR_ACCOUNT | UNUSUAL_ASN_FOR_USERRequired: Yes
- title
-
Title describing the indicator.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Required: No
- values
-
Values associated with each indicator key. For example, if the indicator key is
SUSPICIOUS_NETWORK, then the value will be the name of the network. If the indicator key isATTACK_TACTIC, then the value will be one of the MITRE tactics.For more information about the values associated with the key, see GuardDuty Extended Threat Detection in the GuardDuty User Guide.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 400 items.
Length Constraints: Minimum length of 1. Maximum length of 256.
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
