/AWS1/CL_GDYSIGNAL¶
Contains information about the signals involved in the attack sequence.
CONSTRUCTOR¶
IMPORTING¶
Required arguments:¶
iv_uid TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING¶
The unique identifier of the signal.
iv_type TYPE /AWS1/GDYSIGNALTYPE /AWS1/GDYSIGNALTYPE¶
The type of the signal used to identify an attack sequence.
Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For more information, see Foundational data sources in the Amazon GuardDuty User Guide.
A signal type can be one of the valid values listed in this API. Here are the related descriptions:
FINDING- Individually generated GuardDuty finding.
CLOUD_TRAIL- Activity observed from CloudTrail logs
S3_DATA_EVENTS- Activity observed from CloudTrail data events for S3. Activities associated with this type will show up only when you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and steps to enable it, see S3 Protection in the Amazon GuardDuty User Guide.
iv_name TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING¶
The name of the signal. For example, when signal type is
FINDING, the signal name is the name of the finding.
iv_createdat TYPE /AWS1/GDYTIMESTAMP /AWS1/GDYTIMESTAMP¶
The timestamp when the first finding or activity related to this signal was observed.
iv_updatedat TYPE /AWS1/GDYTIMESTAMP /AWS1/GDYTIMESTAMP¶
The timestamp when this signal was last observed.
iv_firstseenat TYPE /AWS1/GDYTIMESTAMP /AWS1/GDYTIMESTAMP¶
The timestamp when the first finding or activity related to this signal was observed.
iv_lastseenat TYPE /AWS1/GDYTIMESTAMP /AWS1/GDYTIMESTAMP¶
The timestamp when the last finding or activity related to this signal was observed.
iv_count TYPE /AWS1/GDYINTEGER /AWS1/GDYINTEGER¶
The number of times this signal was observed.
Optional arguments:¶
iv_description TYPE /AWS1/GDYSIGNALDESCRIPTION /AWS1/GDYSIGNALDESCRIPTION¶
The description of the signal.
iv_severity TYPE /AWS1/RT_DOUBLE_AS_STRING /AWS1/RT_DOUBLE_AS_STRING¶
The severity associated with the signal. For more information about severity, see Findings severity levels in the Amazon GuardDuty User Guide.
it_resourceuids TYPE /AWS1/CL_GDYRESOURCEUIDS_W=>TT_RESOURCEUIDS TT_RESOURCEUIDS¶
Information about the unique identifiers of the resources involved in the signal.
it_actorids TYPE /AWS1/CL_GDYACTORIDS_W=>TT_ACTORIDS TT_ACTORIDS¶
Information about the IDs of the threat actors involved in the signal.
it_endpointids TYPE /AWS1/CL_GDYENDPOINTIDS_W=>TT_ENDPOINTIDS TT_ENDPOINTIDS¶
Information about the endpoint IDs associated with this signal.
it_signalindicators TYPE /AWS1/CL_GDYINDICATOR=>TT_INDICATORS TT_INDICATORS¶
Contains information about the indicators associated with the signals.
Queryable Attributes¶
Uid¶
The unique identifier of the signal.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_UID() |
Getter for UID, with configurable default |
ASK_UID() |
Getter for UID w/ exceptions if field has no value |
HAS_UID() |
Determine if UID has a value |
Type¶
The type of the signal used to identify an attack sequence.
Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For more information, see Foundational data sources in the Amazon GuardDuty User Guide.
A signal type can be one of the valid values listed in this API. Here are the related descriptions:
FINDING- Individually generated GuardDuty finding.
CLOUD_TRAIL- Activity observed from CloudTrail logs
S3_DATA_EVENTS- Activity observed from CloudTrail data events for S3. Activities associated with this type will show up only when you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and steps to enable it, see S3 Protection in the Amazon GuardDuty User Guide.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_TYPE() |
Getter for TYPE, with configurable default |
ASK_TYPE() |
Getter for TYPE w/ exceptions if field has no value |
HAS_TYPE() |
Determine if TYPE has a value |
Description¶
The description of the signal.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_DESCRIPTION() |
Getter for DESCRIPTION, with configurable default |
ASK_DESCRIPTION() |
Getter for DESCRIPTION w/ exceptions if field has no value |
HAS_DESCRIPTION() |
Determine if DESCRIPTION has a value |
Name¶
The name of the signal. For example, when signal type is
FINDING, the signal name is the name of the finding.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_NAME() |
Getter for NAME, with configurable default |
ASK_NAME() |
Getter for NAME w/ exceptions if field has no value |
HAS_NAME() |
Determine if NAME has a value |
CreatedAt¶
The timestamp when the first finding or activity related to this signal was observed.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_CREATEDAT() |
Getter for CREATEDAT, with configurable default |
ASK_CREATEDAT() |
Getter for CREATEDAT w/ exceptions if field has no value |
HAS_CREATEDAT() |
Determine if CREATEDAT has a value |
UpdatedAt¶
The timestamp when this signal was last observed.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_UPDATEDAT() |
Getter for UPDATEDAT, with configurable default |
ASK_UPDATEDAT() |
Getter for UPDATEDAT w/ exceptions if field has no value |
HAS_UPDATEDAT() |
Determine if UPDATEDAT has a value |
FirstSeenAt¶
The timestamp when the first finding or activity related to this signal was observed.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_FIRSTSEENAT() |
Getter for FIRSTSEENAT, with configurable default |
ASK_FIRSTSEENAT() |
Getter for FIRSTSEENAT w/ exceptions if field has no value |
HAS_FIRSTSEENAT() |
Determine if FIRSTSEENAT has a value |
LastSeenAt¶
The timestamp when the last finding or activity related to this signal was observed.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_LASTSEENAT() |
Getter for LASTSEENAT, with configurable default |
ASK_LASTSEENAT() |
Getter for LASTSEENAT w/ exceptions if field has no value |
HAS_LASTSEENAT() |
Determine if LASTSEENAT has a value |
Severity¶
The severity associated with the signal. For more information about severity, see Findings severity levels in the Amazon GuardDuty User Guide.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_SEVERITY() |
Getter for SEVERITY, with configurable default |
ASK_SEVERITY() |
Getter for SEVERITY w/ exceptions if field has no value |
STR_SEVERITY() |
String format for SEVERITY, with configurable default |
HAS_SEVERITY() |
Determine if SEVERITY has a value |
Count¶
The number of times this signal was observed.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_COUNT() |
Getter for COUNT, with configurable default |
ASK_COUNT() |
Getter for COUNT w/ exceptions if field has no value |
HAS_COUNT() |
Determine if COUNT has a value |
ResourceUids¶
Information about the unique identifiers of the resources involved in the signal.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_RESOURCEUIDS() |
Getter for RESOURCEUIDS, with configurable default |
ASK_RESOURCEUIDS() |
Getter for RESOURCEUIDS w/ exceptions if field has no value |
HAS_RESOURCEUIDS() |
Determine if RESOURCEUIDS has a value |
ActorIds¶
Information about the IDs of the threat actors involved in the signal.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_ACTORIDS() |
Getter for ACTORIDS, with configurable default |
ASK_ACTORIDS() |
Getter for ACTORIDS w/ exceptions if field has no value |
HAS_ACTORIDS() |
Determine if ACTORIDS has a value |
EndpointIds¶
Information about the endpoint IDs associated with this signal.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_ENDPOINTIDS() |
Getter for ENDPOINTIDS, with configurable default |
ASK_ENDPOINTIDS() |
Getter for ENDPOINTIDS w/ exceptions if field has no value |
HAS_ENDPOINTIDS() |
Determine if ENDPOINTIDS has a value |
SignalIndicators¶
Contains information about the indicators associated with the signals.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_SIGNALINDICATORS() |
Getter for SIGNALINDICATORS, with configurable default |
ASK_SIGNALINDICATORS() |
Getter for SIGNALINDICATORS w/ exceptions if field has no va |
HAS_SIGNALINDICATORS() |
Determine if SIGNALINDICATORS has a value |
Public Local Types In This Class¶
Internal table types, representing arrays and maps of this class, are defined as local types:
TT_SIGNALS¶
TYPES TT_SIGNALS TYPE STANDARD TABLE OF REF TO /AWS1/CL_GDYSIGNAL WITH DEFAULT KEY
.