Contains information about an Amazon GuardDuty Extended Threat Detection attack sequence finding. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in AWS Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
Contents
- Actors
-
Provides information about the actors involved in the attack sequence.
Type: Array of Actor objects
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Required: No
- Endpoints
-
Contains information about the network endpoints that were used in the attack sequence.
Type: Array of NetworkEndpoint objects
Array Members: Minimum number of 0 items. Maximum number of 10 items.
Required: No
- SequenceIndicators
-
Contains information about the indicators observed in the attack sequence. The values for SignalIndicators are a subset of the values for
SequenceIndicators, but the values for these fields don't always match 1:1.Type: Array of Indicator objects
Array Members: Minimum number of 0 items. Maximum number of 100 items.
Required: No
- Signals
-
Contains information about the signals involved in the attack sequence.
Type: Array of Signal objects
Array Members: Minimum number of 1 item. Maximum number of 100 items.
Required: No
- Uid
-
Unique identifier of the attack sequence.
Type: String
Pattern:
.*\S.*Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
