Class: Aws::SecurityHub::Types::Action

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb

Overview

Note:

When making an API call, you may pass Action data as a hash:

{
  action_type: "NonEmptyString",
  network_connection_action: {
    connection_direction: "NonEmptyString",
    remote_ip_details: {
      ip_address_v4: "NonEmptyString",
      organization: {
        asn: 1,
        asn_org: "NonEmptyString",
        isp: "NonEmptyString",
        org: "NonEmptyString",
      },
      country: {
        country_code: "NonEmptyString",
        country_name: "NonEmptyString",
      },
      city: {
        city_name: "NonEmptyString",
      },
      geo_location: {
        lon: 1.0,
        lat: 1.0,
      },
    },
    remote_port_details: {
      port: 1,
      port_name: "NonEmptyString",
    },
    local_port_details: {
      port: 1,
      port_name: "NonEmptyString",
    },
    protocol: "NonEmptyString",
    blocked: false,
  },
  aws_api_call_action: {
    api: "NonEmptyString",
    service_name: "NonEmptyString",
    caller_type: "NonEmptyString",
    remote_ip_details: {
      ip_address_v4: "NonEmptyString",
      organization: {
        asn: 1,
        asn_org: "NonEmptyString",
        isp: "NonEmptyString",
        org: "NonEmptyString",
      },
      country: {
        country_code: "NonEmptyString",
        country_name: "NonEmptyString",
      },
      city: {
        city_name: "NonEmptyString",
      },
      geo_location: {
        lon: 1.0,
        lat: 1.0,
      },
    },
    domain_details: {
      domain: "NonEmptyString",
    },
    affected_resources: {
      "NonEmptyString" => "NonEmptyString",
    },
    first_seen: "NonEmptyString",
    last_seen: "NonEmptyString",
  },
  dns_request_action: {
    domain: "NonEmptyString",
    protocol: "NonEmptyString",
    blocked: false,
  },
  port_probe_action: {
    port_probe_details: [
      {
        local_port_details: {
          port: 1,
          port_name: "NonEmptyString",
        },
        local_ip_details: {
          ip_address_v4: "NonEmptyString",
        },
        remote_ip_details: {
          ip_address_v4: "NonEmptyString",
          organization: {
            asn: 1,
            asn_org: "NonEmptyString",
            isp: "NonEmptyString",
            org: "NonEmptyString",
          },
          country: {
            country_code: "NonEmptyString",
            country_name: "NonEmptyString",
          },
          city: {
            city_name: "NonEmptyString",
          },
          geo_location: {
            lon: 1.0,
            lat: 1.0,
          },
        },
      },
    ],
    blocked: false,
  },
}

Provides details about one of the following actions that affects or that was taken on a resource:

  • A remote IP address issued an AWS API call

  • A DNS request was received

  • A remote IP address attempted to connect to an EC2 instance

  • A remote IP address attempted a port probe on an EC2 instance

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#action_typeString

The type of action that was detected. The possible action types are:

  • NETWORK_CONNECTION

  • AWS_API_CALL

  • DNS_REQUEST

  • PORT_PROBE

Returns:

  • (String)


245
246
247
248
249
250
251
252
253
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end

#aws_api_call_actionTypes::AwsApiCallAction

Included if ActionType is AWS_API_CALL. Provides details about the API call that was detected.



245
246
247
248
249
250
251
252
253
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end

#dns_request_actionTypes::DnsRequestAction

Included if ActionType is DNS_REQUEST. Provides details about the DNS request that was detected.



245
246
247
248
249
250
251
252
253
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end

#network_connection_actionTypes::NetworkConnectionAction

Included if ActionType is NETWORK_CONNECTION. Provides details about the network connection that was detected.



245
246
247
248
249
250
251
252
253
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end

#port_probe_actionTypes::PortProbeAction

Included if ActionType is PORT_PROBE. Provides details about the port probe that was detected.



245
246
247
248
249
250
251
252
253
# File 'gems/aws-sdk-securityhub/lib/aws-sdk-securityhub/types.rb', line 245

class Action < Struct.new(
  :action_type,
  :network_connection_action,
  :aws_api_call_action,
  :dns_request_action,
  :port_probe_action)
  SENSITIVE = []
  include Aws::Structure
end