Skip to content

/AWS1/CL_DET=>STARTINVESTIGATION()

About StartInvestigation

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. StartInvestigation initiates an investigation on an entity in a behavior graph.

Method Signature

IMPORTING

Required arguments:

IV_GRAPHARN TYPE /AWS1/DETGRAPHARN /AWS1/DETGRAPHARN

The Amazon Resource Name (ARN) of the behavior graph.

IV_ENTITYARN TYPE /AWS1/DETENTITYARN /AWS1/DETENTITYARN

The unique Amazon Resource Name (ARN) of the IAM user and IAM role.

IV_SCOPESTARTTIME TYPE /AWS1/DETTIMESTAMP /AWS1/DETTIMESTAMP

The data and time when the investigation began. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

IV_SCOPEENDTIME TYPE /AWS1/DETTIMESTAMP /AWS1/DETTIMESTAMP

The data and time when the investigation ended. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

RETURNING

OO_OUTPUT TYPE REF TO /AWS1/CL_DETSTRTINVESTIGATIO01 /AWS1/CL_DETSTRTINVESTIGATIO01