Class: Aws::Detective::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::Detective::Client
- Includes:
- ClientStubs
- Defined in:
- gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb
Overview
An API client for Detective. To construct a client, you need to configure a :region
and :credentials
.
client = Aws::Detective::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
API Operations collapse
-
#accept_invitation(params = {}) ⇒ Struct
Accepts an invitation for the member account to contribute data to a behavior graph.
-
#batch_get_graph_member_datasources(params = {}) ⇒ Types::BatchGetGraphMemberDatasourcesResponse
Gets data source package information for the behavior graph.
-
#batch_get_membership_datasources(params = {}) ⇒ Types::BatchGetMembershipDatasourcesResponse
Gets information on the data source package history for an account.
-
#create_graph(params = {}) ⇒ Types::CreateGraphResponse
Creates a new behavior graph for the calling account, and sets that account as the administrator account.
-
#create_members(params = {}) ⇒ Types::CreateMembersResponse
CreateMembers
is used to send invitations to accounts. -
#delete_graph(params = {}) ⇒ Struct
Disables the specified behavior graph and queues it to be deleted.
-
#delete_members(params = {}) ⇒ Types::DeleteMembersResponse
Removes the specified member accounts from the behavior graph.
-
#describe_organization_configuration(params = {}) ⇒ Types::DescribeOrganizationConfigurationResponse
Returns information about the configuration for the organization behavior graph.
-
#disable_organization_admin_account(params = {}) ⇒ Struct
Removes the Detective administrator account in the current Region.
-
#disassociate_membership(params = {}) ⇒ Struct
Removes the member account from the specified behavior graph.
-
#enable_organization_admin_account(params = {}) ⇒ Struct
Designates the Detective administrator account for the organization in the current Region.
-
#get_investigation(params = {}) ⇒ Types::GetInvestigationResponse
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise.
-
#get_members(params = {}) ⇒ Types::GetMembersResponse
Returns the membership details for specified member accounts for a behavior graph.
-
#list_datasource_packages(params = {}) ⇒ Types::ListDatasourcePackagesResponse
Lists data source packages in the behavior graph.
-
#list_graphs(params = {}) ⇒ Types::ListGraphsResponse
Returns the list of behavior graphs that the calling account is an administrator account of.
-
#list_indicators(params = {}) ⇒ Types::ListIndicatorsResponse
Gets the indicators from an investigation.
-
#list_investigations(params = {}) ⇒ Types::ListInvestigationsResponse
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise.
-
#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse
Retrieves the list of open and accepted behavior graph invitations for the member account.
-
#list_members(params = {}) ⇒ Types::ListMembersResponse
Retrieves the list of member accounts for a behavior graph.
-
#list_organization_admin_accounts(params = {}) ⇒ Types::ListOrganizationAdminAccountsResponse
Returns information about the Detective administrator account for an organization.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Returns the tag values that are assigned to a behavior graph.
-
#reject_invitation(params = {}) ⇒ Struct
Rejects an invitation to contribute the account data to a behavior graph.
-
#start_investigation(params = {}) ⇒ Types::StartInvestigationResponse
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise.
-
#start_monitoring_member(params = {}) ⇒ Struct
Sends a request to enable data ingest for a member account that has a status of
ACCEPTED_BUT_DISABLED
. -
#tag_resource(params = {}) ⇒ Struct
Applies tag values to a behavior graph.
-
#untag_resource(params = {}) ⇒ Struct
Removes tags from a behavior graph.
-
#update_datasource_packages(params = {}) ⇒ Struct
Starts a data source packages for the behavior graph.
-
#update_investigation_state(params = {}) ⇒ Struct
Updates the state of an investigation.
-
#update_organization_configuration(params = {}) ⇒ Struct
Updates the configuration for the Organizations integration in the current Region.
Instance Method Summary collapse
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
Methods included from ClientStubs
#api_requests, #stub_data, #stub_responses
Methods inherited from Seahorse::Client::Base
add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
410 411 412 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 410 def initialize(*args) super end |
Instance Method Details
#accept_invitation(params = {}) ⇒ Struct
Accepts an invitation for the member account to contribute data to a behavior graph. This operation can only be called by an invited member account.
The request provides the ARN of behavior graph.
The member account status in the graph must be INVITED
.
442 443 444 445 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 442 def accept_invitation(params = {}, = {}) req = build_request(:accept_invitation, params) req.send_request() end |
#batch_get_graph_member_datasources(params = {}) ⇒ Types::BatchGetGraphMemberDatasourcesResponse
Gets data source package information for the behavior graph.
484 485 486 487 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 484 def batch_get_graph_member_datasources(params = {}, = {}) req = build_request(:batch_get_graph_member_datasources, params) req.send_request() end |
#batch_get_membership_datasources(params = {}) ⇒ Types::BatchGetMembershipDatasourcesResponse
Gets information on the data source package history for an account.
521 522 523 524 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 521 def batch_get_membership_datasources(params = {}, = {}) req = build_request(:batch_get_membership_datasources, params) req.send_request() end |
#create_graph(params = {}) ⇒ Types::CreateGraphResponse
Creates a new behavior graph for the calling account, and sets that account as the administrator account. This operation is called by the account that is enabling Detective.
The operation also enables Detective for the calling account in the currently selected Region. It returns the ARN of the new behavior graph.
CreateGraph
triggers a process to create the corresponding data
tables for the new behavior graph.
An account can only be the administrator account for one behavior
graph within a Region. If the same account calls CreateGraph
with
the same administrator account, it always returns the same behavior
graph ARN. It does not create a new behavior graph.
568 569 570 571 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 568 def create_graph(params = {}, = {}) req = build_request(:create_graph, params) req.send_request() end |
#create_members(params = {}) ⇒ Types::CreateMembersResponse
CreateMembers
is used to send invitations to accounts. For the
organization behavior graph, the Detective administrator account uses
CreateMembers
to enable organization accounts as member accounts.
For invited accounts, CreateMembers
sends a request to invite the
specified Amazon Web Services accounts to be member accounts in the
behavior graph. This operation can only be called by the administrator
account for a behavior graph.
CreateMembers
verifies the accounts and then invites the verified
accounts. The administrator can optionally specify to not send
invitation emails to the member accounts. This would be used when the
administrator manages their member accounts centrally.
For organization accounts in the organization behavior graph,
CreateMembers
attempts to enable the accounts. The organization
accounts do not receive invitations.
The request provides the behavior graph ARN and the list of accounts to invite or to enable.
The response separates the requested accounts into two lists:
The accounts that
CreateMembers
was able to process. For invited accounts, includes member accounts that are being verified, that have passed verification and are to be invited, and that have failed verification. For organization accounts in the organization behavior graph, includes accounts that can be enabled and that cannot be enabled.The accounts that
CreateMembers
was unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.
679 680 681 682 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 679 def create_members(params = {}, = {}) req = build_request(:create_members, params) req.send_request() end |
#delete_graph(params = {}) ⇒ Struct
Disables the specified behavior graph and queues it to be deleted. This operation removes the behavior graph from each member account's list of behavior graphs.
DeleteGraph
can only be called by the administrator account for a
behavior graph.
706 707 708 709 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 706 def delete_graph(params = {}, = {}) req = build_request(:delete_graph, params) req.send_request() end |
#delete_members(params = {}) ⇒ Types::DeleteMembersResponse
Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. This operation can only be called by the administrator account for the behavior graph.
For invited accounts, the removed accounts are deleted from the list of accounts in the behavior graph. To restore the account, the administrator account must send another invitation.
For organization accounts in the organization behavior graph, the
Detective administrator account can always enable the organization
account again. Organization accounts that are not enabled as member
accounts are not included in the ListMembers
results for the
organization behavior graph.
An administrator account cannot use DeleteMembers
to remove their
own account from the behavior graph. To disable a behavior graph, the
administrator account uses the DeleteGraph
API method.
762 763 764 765 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 762 def delete_members(params = {}, = {}) req = build_request(:delete_members, params) req.send_request() end |
#describe_organization_configuration(params = {}) ⇒ Types::DescribeOrganizationConfigurationResponse
Returns information about the configuration for the organization behavior graph. Currently indicates whether to automatically enable new organization accounts as member accounts.
Can only be called by the Detective administrator account for the organization.
795 796 797 798 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 795 def describe_organization_configuration(params = {}, = {}) req = build_request(:describe_organization_configuration, params) req.send_request() end |
#disable_organization_admin_account(params = {}) ⇒ Struct
Removes the Detective administrator account in the current Region. Deletes the organization behavior graph.
Can only be called by the organization management account.
Removing the Detective administrator account does not affect the delegated administrator account for Detective in Organizations.
To remove the delegated administrator account in Organizations, use the Organizations API. Removing the delegated administrator account also removes the Detective administrator account in all Regions, except for Regions where the Detective administrator account is the organization management account.
820 821 822 823 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 820 def disable_organization_admin_account(params = {}, = {}) req = build_request(:disable_organization_admin_account, params) req.send_request() end |
#disassociate_membership(params = {}) ⇒ Struct
Removes the member account from the specified behavior graph. This
operation can only be called by an invited member account that has the
ENABLED
status.
DisassociateMembership
cannot be called by an organization account
in the organization behavior graph. For the organization behavior
graph, the Detective administrator account determines which
organization accounts to enable or disable as member accounts.
852 853 854 855 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 852 def disassociate_membership(params = {}, = {}) req = build_request(:disassociate_membership, params) req.send_request() end |
#enable_organization_admin_account(params = {}) ⇒ Struct
Designates the Detective administrator account for the organization in the current Region.
If the account does not have Detective enabled, then enables Detective for that account and creates a new behavior graph.
Can only be called by the organization management account.
If the organization has a delegated administrator account in Organizations, then the Detective administrator account must be either the delegated administrator account or the organization management account.
If the organization does not have a delegated administrator account in Organizations, then you can choose any account in the organization. If you choose an account other than the organization management account, Detective calls Organizations to make that account the delegated administrator account for Detective. The organization management account cannot be the delegated administrator account.
893 894 895 896 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 893 def enable_organization_admin_account(params = {}, = {}) req = build_request(:enable_organization_admin_account, params) req.send_request() end |
#get_investigation(params = {}) ⇒ Types::GetInvestigationResponse
Detective investigations lets you investigate IAM users and IAM roles
using indicators of compromise. An indicator of compromise (IOC) is an
artifact observed in or on a network, system, or environment that can
(with a high level of confidence) identify malicious activity or a
security incident. GetInvestigation
returns the investigation
results of an investigation for a behavior graph.
948 949 950 951 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 948 def get_investigation(params = {}, = {}) req = build_request(:get_investigation, params) req.send_request() end |
#get_members(params = {}) ⇒ Types::GetMembersResponse
Returns the membership details for specified member accounts for a behavior graph.
1009 1010 1011 1012 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1009 def get_members(params = {}, = {}) req = build_request(:get_members, params) req.send_request() end |
#list_datasource_packages(params = {}) ⇒ Types::ListDatasourcePackagesResponse
Lists data source packages in the behavior graph.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1054 1055 1056 1057 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1054 def list_datasource_packages(params = {}, = {}) req = build_request(:list_datasource_packages, params) req.send_request() end |
#list_graphs(params = {}) ⇒ Types::ListGraphsResponse
Returns the list of behavior graphs that the calling account is an administrator account of. This operation can only be called by an administrator account.
Because an account can currently only be the administrator of one behavior graph within a Region, the results always contain a single behavior graph.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1102 1103 1104 1105 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1102 def list_graphs(params = {}, = {}) req = build_request(:list_graphs, params) req.send_request() end |
#list_indicators(params = {}) ⇒ Types::ListIndicatorsResponse
Gets the indicators from an investigation. You can use the information from the indicators to determine if an IAM user and/or IAM role is involved in an unusual activity that could indicate malicious behavior and its impact.
1192 1193 1194 1195 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1192 def list_indicators(params = {}, = {}) req = build_request(:list_indicators, params) req.send_request() end |
#list_investigations(params = {}) ⇒ Types::ListInvestigationsResponse
Detective investigations lets you investigate IAM users and IAM roles
using indicators of compromise. An indicator of compromise (IOC) is an
artifact observed in or on a network, system, or environment that can
(with a high level of confidence) identify malicious activity or a
security incident. ListInvestigations
lists all active Detective
investigations.
1276 1277 1278 1279 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1276 def list_investigations(params = {}, = {}) req = build_request(:list_investigations, params) req.send_request() end |
#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse
Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by an invited member account.
Open invitations are invitations that the member account has not responded to.
The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1345 1346 1347 1348 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1345 def list_invitations(params = {}, = {}) req = build_request(:list_invitations, params) req.send_request() end |
#list_members(params = {}) ⇒ Types::ListMembersResponse
Retrieves the list of member accounts for a behavior graph.
For invited accounts, the results do not include member accounts that were removed from the behavior graph.
For the organization behavior graph, the results do not include organization accounts that the Detective administrator account has not enabled as member accounts.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1416 1417 1418 1419 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1416 def list_members(params = {}, = {}) req = build_request(:list_members, params) req.send_request() end |
#list_organization_admin_accounts(params = {}) ⇒ Types::ListOrganizationAdminAccountsResponse
Returns information about the Detective administrator account for an organization. Can only be called by the organization management account.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
1459 1460 1461 1462 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1459 def list_organization_admin_accounts(params = {}, = {}) req = build_request(:list_organization_admin_accounts, params) req.send_request() end |
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Returns the tag values that are assigned to a behavior graph.
1488 1489 1490 1491 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1488 def (params = {}, = {}) req = build_request(:list_tags_for_resource, params) req.send_request() end |
#reject_invitation(params = {}) ⇒ Struct
Rejects an invitation to contribute the account data to a behavior
graph. This operation must be called by an invited member account that
has the INVITED
status.
RejectInvitation
cannot be called by an organization account in the
organization behavior graph. In the organization behavior graph,
organization accounts do not receive an invitation.
1519 1520 1521 1522 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1519 def reject_invitation(params = {}, = {}) req = build_request(:reject_invitation, params) req.send_request() end |
#start_investigation(params = {}) ⇒ Types::StartInvestigationResponse
Detective investigations lets you investigate IAM users and IAM roles
using indicators of compromise. An indicator of compromise (IOC) is an
artifact observed in or on a network, system, or environment that can
(with a high level of confidence) identify malicious activity or a
security incident. StartInvestigation
initiates an investigation on
an entity in a behavior graph.
1566 1567 1568 1569 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1566 def start_investigation(params = {}, = {}) req = build_request(:start_investigation, params) req.send_request() end |
#start_monitoring_member(params = {}) ⇒ Struct
Sends a request to enable data ingest for a member account that has a
status of ACCEPTED_BUT_DISABLED
.
For valid member accounts, the status is updated as follows.
If Detective enabled the member account, then the new status is
ENABLED
.If Detective cannot enable the member account, the status remains
ACCEPTED_BUT_DISABLED
.
1604 1605 1606 1607 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1604 def start_monitoring_member(params = {}, = {}) req = build_request(:start_monitoring_member, params) req.send_request() end |
#tag_resource(params = {}) ⇒ Struct
Applies tag values to a behavior graph.
1635 1636 1637 1638 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1635 def tag_resource(params = {}, = {}) req = build_request(:tag_resource, params) req.send_request() end |
#untag_resource(params = {}) ⇒ Struct
Removes tags from a behavior graph.
1662 1663 1664 1665 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1662 def untag_resource(params = {}, = {}) req = build_request(:untag_resource, params) req.send_request() end |
#update_datasource_packages(params = {}) ⇒ Struct
Starts a data source packages for the behavior graph.
1688 1689 1690 1691 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1688 def update_datasource_packages(params = {}, = {}) req = build_request(:update_datasource_packages, params) req.send_request() end |
#update_investigation_state(params = {}) ⇒ Struct
Updates the state of an investigation.
1719 1720 1721 1722 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1719 def update_investigation_state(params = {}, = {}) req = build_request(:update_investigation_state, params) req.send_request() end |
#update_organization_configuration(params = {}) ⇒ Struct
Updates the configuration for the Organizations integration in the current Region. Can only be called by the Detective administrator account for the organization.
1748 1749 1750 1751 |
# File 'gems/aws-sdk-detective/lib/aws-sdk-detective/client.rb', line 1748 def update_organization_configuration(params = {}, = {}) req = build_request(:update_organization_configuration, params) req.send_request() end |