InvestigationDetail

Details about the investigation related to a potential security event identified by Detective.

Contents

CreatedTime

The time stamp of the creation time of the investigation report. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

Type: Timestamp

Required: No

EntityArn

The unique Amazon Resource Name (ARN) of the IAM user and IAM role.

Type: String

Pattern: ^arn:.*

Required: No

EntityType

Type of entity. For example, AWS accounts, such as IAM user and role.

Type: String

Valid Values: IAM_ROLE | IAM_USER

Required: No

InvestigationId

The investigation ID of the investigation report.

Type: String

Length Constraints: Fixed length of 21.

Pattern: ^[0-9]+$

Required: No

Severity

Severity based on the likelihood and impact of the indicators of compromise discovered in the investigation.

Type: String

Valid Values: INFORMATIONAL | LOW | MEDIUM | HIGH | CRITICAL

Required: No

State

The current state of the investigation. An archived investigation indicates you have completed reviewing the investigation.

Type: String

Valid Values: ACTIVE | ARCHIVED

Required: No

Status

Status based on the completion status of the investigation.

Type: String

Valid Values: RUNNING | FAILED | SUCCESSFUL

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3