IndicatorDetail - Amazon Detective

IndicatorDetail

Details about the indicators of compromise which are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. For the list of indicators of compromise that are generated by Detective investigations, see Detective investigations.

Contents

FlaggedIpAddressDetail

Suspicious IP addresses that are flagged, which indicates critical or severe threats based on threat intelligence by Detective. This indicator is derived from AWS threat intelligence.

Type: FlaggedIpAddressDetail object

Required: No

ImpossibleTravelDetail

Identifies unusual and impossible user activity for an account.

Type: ImpossibleTravelDetail object

Required: No

NewAsoDetail

Contains details about the new Autonomous System Organization (ASO).

Type: NewAsoDetail object

Required: No

NewGeolocationDetail

Contains details about the new geographic location.

Type: NewGeolocationDetail object

Required: No

NewUserAgentDetail

Contains details about the new user agent.

Type: NewUserAgentDetail object

Required: No

RelatedFindingDetail

Contains details about related findings.

Type: RelatedFindingDetail object

Required: No

RelatedFindingGroupDetail

Contains details about related finding groups.

Type: RelatedFindingGroupDetail object

Required: No

TTPsObservedDetail

Details about the indicator of compromise.

Type: TTPsObservedDetail object

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: