Indicator
Detective investigations triages indicators of compromises such as a finding
and surfaces only the most critical and suspicious issues, so you can focus on high-level
investigations. An Indicator
lets you determine if an AWS
resource is involved in unusual activity that could indicate malicious behavior and its
impact.
Contents
- IndicatorDetail
-
Details about the indicators of compromise that are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident.
Type: IndicatorDetail object
Required: No
- IndicatorType
-
The type of indicator.
Type: String
Valid Values:
TTP_OBSERVED | IMPOSSIBLE_TRAVEL | FLAGGED_IP_ADDRESS | NEW_GEOLOCATION | NEW_ASO | NEW_USER_AGENT | RELATED_FINDING | RELATED_FINDING_GROUP
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: