/AWS1/CL_DET=>STARTINVESTIGATION()
¶
About StartInvestigation¶
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. StartInvestigation
initiates an investigation on an entity in a behavior graph.
Method Signature¶
IMPORTING¶
Required arguments:¶
IV_GRAPHARN
TYPE /AWS1/DETGRAPHARN
/AWS1/DETGRAPHARN
¶
The Amazon Resource Name (ARN) of the behavior graph.
IV_ENTITYARN
TYPE /AWS1/DETENTITYARN
/AWS1/DETENTITYARN
¶
The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
IV_SCOPESTARTTIME
TYPE /AWS1/DETTIMESTAMP
/AWS1/DETTIMESTAMP
¶
The data and time when the investigation began. The value is an UTC ISO8601 formatted string. For example,
2021-08-18T16:35:56.284Z
.
IV_SCOPEENDTIME
TYPE /AWS1/DETTIMESTAMP
/AWS1/DETTIMESTAMP
¶
The data and time when the investigation ended. The value is an UTC ISO8601 formatted string. For example,
2021-08-18T16:35:56.284Z
.