Skip to content

/AWS1/CL_DET=>LISTINVESTIGATIONS()

About ListInvestigations

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. ListInvestigations lists all active Detective investigations.

Method Signature

IMPORTING

Required arguments:

IV_GRAPHARN TYPE /AWS1/DETGRAPHARN /AWS1/DETGRAPHARN

The Amazon Resource Name (ARN) of the behavior graph.

Optional arguments:

IV_NEXTTOKEN TYPE /AWS1/DETAIPAGINATIONTOKEN /AWS1/DETAIPAGINATIONTOKEN

Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.

Each pagination token expires after 24 hours. Using an expired pagination token will return a Validation Exception error.

IV_MAXRESULTS TYPE /AWS1/DETMAXRESULTS /AWS1/DETMAXRESULTS

Lists the maximum number of investigations in a page.

IO_FILTERCRITERIA TYPE REF TO /AWS1/CL_DETFILTERCRITERIA /AWS1/CL_DETFILTERCRITERIA

Filters the investigation results based on a criteria.

IO_SORTCRITERIA TYPE REF TO /AWS1/CL_DETSORTCRITERIA /AWS1/CL_DETSORTCRITERIA

Sorts the investigation results based on a criteria.

RETURNING

OO_OUTPUT TYPE REF TO /AWS1/CL_DETLSTINVESTIGATION01 /AWS1/CL_DETLSTINVESTIGATION01