AwsApiCallAction - AWS Security Hub

AwsApiCallAction

Provided if ActionType is AWS_API_CALL. It provides details about the API call that was detected.

Contents

AffectedResources

Identifies the resources that were affected by the API call.

Type: String to string map

Key Pattern: .*\S.*

Value Pattern: .*\S.*

Required: No

Api

The name of the API method that was issued.

Length Constraints: 128.

Type: String

Pattern: .*\S.*

Required: No

CallerType

Indicates whether the API call originated from a remote IP address (remoteip) or from a DNS domain (domain).

Type: String

Pattern: .*\S.*

Required: No

DomainDetails

Provided if CallerType is domain. Provides information about the DNS domain that the API call originated from.

Type: AwsApiCallActionDomainDetails object

Required: No

FirstSeen

A timestamp that indicates when the API call was first observed.

For more information about the validation and formatting of timestamp fields in AWS Security Hub, see Timestamps.

Type: String

Pattern: .*\S.*

Required: No

LastSeen

A timestamp that indicates when the API call was most recently observed.

For more information about the validation and formatting of timestamp fields in AWS Security Hub, see Timestamps.

Type: String

Pattern: .*\S.*

Required: No

RemoteIpDetails

Provided if CallerType is remoteip. Provides information about the remote IP address that the API call originated from.

Type: ActionRemoteIpDetails object

Required: No

ServiceName

The name of the AWS service that the API method belongs to.

Length Constraints: 128.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: