/AWS1/CL_GDYSEQUENCE¶

Contains information about the GuardDuty attack sequence finding.

`CONSTRUCTOR`¶

IMPORTING¶

Required arguments:¶

`iv_uid` `TYPE /AWS1/GDYSTRING` `/AWS1/GDYSTRING`¶

Unique identifier of the attack sequence.

`iv_description` `TYPE /AWS1/GDYSEQUENCEDESCRIPTION` `/AWS1/GDYSEQUENCEDESCRIPTION`¶

Description of the attack sequence.

`it_signals` `TYPE /AWS1/CL_GDYSIGNAL=>TT_SIGNALS` `TT_SIGNALS`¶

Contains information about the signals involved in the attack sequence.

Optional arguments:¶

`it_actors` `TYPE /AWS1/CL_GDYACTOR=>TT_ACTORS` `TT_ACTORS`¶

Contains information about the actors involved in the attack sequence.

`it_resources` `TYPE /AWS1/CL_GDYRESOURCEV2=>TT_RESOURCES` `TT_RESOURCES`¶

Contains information about the resources involved in the attack sequence.

`it_endpoints` `TYPE /AWS1/CL_GDYNETWORKENDPOINT=>TT_NETWORKENDPOINTS` `TT_NETWORKENDPOINTS`¶

Contains information about the network endpoints that were used in the attack sequence.

`it_sequenceindicators` `TYPE /AWS1/CL_GDYINDICATOR=>TT_INDICATORS` `TT_INDICATORS`¶

Contains information about the indicators observed in the attack sequence.

`it_additionalsequencetypes` `TYPE /AWS1/CL_GDYADDLSEQUENCETYPE00=>TT_ADDITIONALSEQUENCETYPES` `TT_ADDITIONALSEQUENCETYPES`¶

Additional types of sequences that may be associated with the attack sequence finding, providing further context about the nature of the detected threat.

Queryable Attributes¶

Uid¶

Unique identifier of the attack sequence.

Accessible with the following methods¶

Method	Description
`GET_UID()`	Getter for UID, with configurable default
`ASK_UID()`	Getter for UID w/ exceptions if field has no value
`HAS_UID()`	Determine if UID has a value

Description¶

Description of the attack sequence.

Accessible with the following methods¶

Method	Description
`GET_DESCRIPTION()`	Getter for DESCRIPTION, with configurable default
`ASK_DESCRIPTION()`	Getter for DESCRIPTION w/ exceptions if field has no value
`HAS_DESCRIPTION()`	Determine if DESCRIPTION has a value

Actors¶

Contains information about the actors involved in the attack sequence.

Accessible with the following methods¶

Method	Description
`GET_ACTORS()`	Getter for ACTORS, with configurable default
`ASK_ACTORS()`	Getter for ACTORS w/ exceptions if field has no value
`HAS_ACTORS()`	Determine if ACTORS has a value

Resources¶

Contains information about the resources involved in the attack sequence.

Accessible with the following methods¶

Method	Description
`GET_RESOURCES()`	Getter for RESOURCES, with configurable default
`ASK_RESOURCES()`	Getter for RESOURCES w/ exceptions if field has no value
`HAS_RESOURCES()`	Determine if RESOURCES has a value

Endpoints¶

Contains information about the network endpoints that were used in the attack sequence.

Accessible with the following methods¶

Method	Description
`GET_ENDPOINTS()`	Getter for ENDPOINTS, with configurable default
`ASK_ENDPOINTS()`	Getter for ENDPOINTS w/ exceptions if field has no value
`HAS_ENDPOINTS()`	Determine if ENDPOINTS has a value

Signals¶

Contains information about the signals involved in the attack sequence.

Accessible with the following methods¶

Method	Description
`GET_SIGNALS()`	Getter for SIGNALS, with configurable default
`ASK_SIGNALS()`	Getter for SIGNALS w/ exceptions if field has no value
`HAS_SIGNALS()`	Determine if SIGNALS has a value

SequenceIndicators¶

Contains information about the indicators observed in the attack sequence.

Accessible with the following methods¶

Method	Description
`GET_SEQUENCEINDICATORS()`	Getter for SEQUENCEINDICATORS, with configurable default
`ASK_SEQUENCEINDICATORS()`	Getter for SEQUENCEINDICATORS w/ exceptions if field has no
`HAS_SEQUENCEINDICATORS()`	Determine if SEQUENCEINDICATORS has a value

AdditionalSequenceTypes¶

Additional types of sequences that may be associated with the attack sequence finding, providing further context about the nature of the detected threat.

Accessible with the following methods¶

Method	Description
`GET_ADDITIONALSEQUENCETYPES()`	Getter for ADDITIONALSEQUENCETYPES, with configurable defaul
`ASK_ADDITIONALSEQUENCETYPES()`	Getter for ADDITIONALSEQUENCETYPES w/ exceptions if field ha
`HAS_ADDITIONALSEQUENCETYPES()`	Determine if ADDITIONALSEQUENCETYPES has a value

/AWS1/CL_GDYSEQUENCE¶

CONSTRUCTOR¶

IMPORTING¶

Required arguments:¶

iv_uid TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING¶

iv_description TYPE /AWS1/GDYSEQUENCEDESCRIPTION /AWS1/GDYSEQUENCEDESCRIPTION¶

it_signals TYPE /AWS1/CL_GDYSIGNAL=>TT_SIGNALS TT_SIGNALS¶

Optional arguments:¶

it_actors TYPE /AWS1/CL_GDYACTOR=>TT_ACTORS TT_ACTORS¶

it_resources TYPE /AWS1/CL_GDYRESOURCEV2=>TT_RESOURCES TT_RESOURCES¶

it_endpoints TYPE /AWS1/CL_GDYNETWORKENDPOINT=>TT_NETWORKENDPOINTS TT_NETWORKENDPOINTS¶

it_sequenceindicators TYPE /AWS1/CL_GDYINDICATOR=>TT_INDICATORS TT_INDICATORS¶

it_additionalsequencetypes TYPE /AWS1/CL_GDYADDLSEQUENCETYPE00=>TT_ADDITIONALSEQUENCETYPES TT_ADDITIONALSEQUENCETYPES¶

Queryable Attributes¶

Uid¶

Accessible with the following methods¶

Description¶

Accessible with the following methods¶

Actors¶

Accessible with the following methods¶

Resources¶

Accessible with the following methods¶

Endpoints¶

Accessible with the following methods¶

Signals¶

Accessible with the following methods¶

SequenceIndicators¶

Accessible with the following methods¶

AdditionalSequenceTypes¶

Accessible with the following methods¶

`CONSTRUCTOR`¶

`iv_uid` `TYPE /AWS1/GDYSTRING` `/AWS1/GDYSTRING`¶

`iv_description` `TYPE /AWS1/GDYSEQUENCEDESCRIPTION` `/AWS1/GDYSEQUENCEDESCRIPTION`¶

`it_signals` `TYPE /AWS1/CL_GDYSIGNAL=>TT_SIGNALS` `TT_SIGNALS`¶

`it_actors` `TYPE /AWS1/CL_GDYACTOR=>TT_ACTORS` `TT_ACTORS`¶

`it_resources` `TYPE /AWS1/CL_GDYRESOURCEV2=>TT_RESOURCES` `TT_RESOURCES`¶

`it_endpoints` `TYPE /AWS1/CL_GDYNETWORKENDPOINT=>TT_NETWORKENDPOINTS` `TT_NETWORKENDPOINTS`¶

`it_sequenceindicators` `TYPE /AWS1/CL_GDYINDICATOR=>TT_INDICATORS` `TT_INDICATORS`¶

`it_additionalsequencetypes` `TYPE /AWS1/CL_GDYADDLSEQUENCETYPE00=>TT_ADDITIONALSEQUENCETYPES` `TT_ADDITIONALSEQUENCETYPES`¶