IndicatorDetail
Details about the indicators of compromise which are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. For the list of indicators of compromise that are generated by Detective investigations, see Detective investigations.
Contents
- FlaggedIpAddressDetail
-
Suspicious IP addresses that are flagged, which indicates critical or severe threats based on threat intelligence by Detective. This indicator is derived from AWS threat intelligence.
Type: FlaggedIpAddressDetail object
Required: No
- ImpossibleTravelDetail
-
Identifies unusual and impossible user activity for an account.
Type: ImpossibleTravelDetail object
Required: No
- NewAsoDetail
-
Contains details about the new Autonomous System Organization (ASO).
Type: NewAsoDetail object
Required: No
- NewGeolocationDetail
-
Contains details about the new geographic location.
Type: NewGeolocationDetail object
Required: No
- NewUserAgentDetail
-
Contains details about the new user agent.
Type: NewUserAgentDetail object
Required: No
- RelatedFindingDetail
-
Contains details about related findings.
Type: RelatedFindingDetail object
Required: No
- RelatedFindingGroupDetail
-
Contains details about related finding groups.
Type: RelatedFindingGroupDetail object
Required: No
- TTPsObservedDetail
-
Details about the indicator of compromise.
Type: TTPsObservedDetail object
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: