Class: Aws::SecurityHub::Types::Action

Inherits:

Struct

• Object
• Struct
• Aws::SecurityHub::Types::Action

Defined in:

gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb

Overview

Note:

When making an API call, you may pass Action data as a hash:

{
  action_type: "NonEmptyString",
  network_connection_action: {
    connection_direction: "NonEmptyString",
    remote_ip_details: {
      ip_address_v4: "NonEmptyString",
      organization: {
        asn: 1,
        asn_org: "NonEmptyString",
        isp: "NonEmptyString",
        org: "NonEmptyString",
      },
      country: {
        country_code: "NonEmptyString",
        country_name: "NonEmptyString",
      },
      city: {
        city_name: "NonEmptyString",
      },
      geo_location: {
        lon: 1.0,
        lat: 1.0,
      },
    },
    remote_port_details: {
      port: 1,
      port_name: "NonEmptyString",
    },
    local_port_details: {
      port: 1,
      port_name: "NonEmptyString",
    },
    protocol: "NonEmptyString",
    blocked: false,
  },
  aws_api_call_action: {
    api: "NonEmptyString",
    service_name: "NonEmptyString",
    caller_type: "NonEmptyString",
    remote_ip_details: {
      ip_address_v4: "NonEmptyString",
      organization: {
        asn: 1,
        asn_org: "NonEmptyString",
        isp: "NonEmptyString",
        org: "NonEmptyString",
      },
      country: {
        country_code: "NonEmptyString",
        country_name: "NonEmptyString",
      },
      city: {
        city_name: "NonEmptyString",
      },
      geo_location: {
        lon: 1.0,
        lat: 1.0,
      },
    },
    domain_details: {
      domain: "NonEmptyString",
    },
    affected_resources: {
      "NonEmptyString" => "NonEmptyString",
    },
    first_seen: "NonEmptyString",
    last_seen: "NonEmptyString",
  },
  dns_request_action: {
    domain: "NonEmptyString",
    protocol: "NonEmptyString",
    blocked: false,
  },
  port_probe_action: {
    port_probe_details: [
      {
        local_port_details: {
          port: 1,
          port_name: "NonEmptyString",
        },
        local_ip_details: {
          ip_address_v4: "NonEmptyString",
        },
        remote_ip_details: {
          ip_address_v4: "NonEmptyString",
          organization: {
            asn: 1,
            asn_org: "NonEmptyString",
            isp: "NonEmptyString",
            org: "NonEmptyString",
          },
          country: {
            country_code: "NonEmptyString",
            country_name: "NonEmptyString",
          },
          city: {
            city_name: "NonEmptyString",
          },
          geo_location: {
            lon: 1.0,
            lat: 1.0,
          },
        },
      },
    ],
    blocked: false,
  },
}

Provides details about one of the following actions that affects or that was taken on a resource:

• A remote IP address issued an AWS API call

• A DNS request was received

• A remote IP address attempted to connect to an EC2 instance

• A remote IP address attempted a port probe on an EC2 instance

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #action_type ⇒ String

  The type of action that was detected.

• #aws_api_call_action ⇒ Types::AwsApiCallAction

  Included if ActionType is AWS_API_CALL.

• #dns_request_action ⇒ Types::DnsRequestAction

  Included if ActionType is DNS_REQUEST.

• #network_connection_action ⇒ Types::NetworkConnectionAction

  Included if ActionType is NETWORK_CONNECTION.

• #port_probe_action ⇒ Types::PortProbeAction

  Included if ActionType is PORT_PROBE.

Instance Attribute Details

#action_type ⇒ String

The type of action that was detected. The possible action types are:

• NETWORK_CONNECTION

• AWS_API_CALL

• DNS_REQUEST

• PORT_PROBE

Returns:

• (String)

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end

#aws_api_call_action ⇒ Types::AwsApiCallAction

Included if ActionType is AWS_API_CALL. Provides details about the API call that was detected.

Returns:

• (Types::AwsApiCallAction)

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end

#dns_request_action ⇒ Types::DnsRequestAction

Included if ActionType is DNS_REQUEST. Provides details about the DNS request that was detected.

Returns:

• (Types::DnsRequestAction)

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end

#network_connection_action ⇒ Types::NetworkConnectionAction

Included if ActionType is NETWORK_CONNECTION. Provides details about the network connection that was detected.

Returns:

• (Types::NetworkConnectionAction)

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end

#port_probe_action ⇒ Types::PortProbeAction

Included if ActionType is PORT_PROBE. Provides details about the port probe that was detected.

Returns:

• (Types::PortProbeAction)

# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end