Skip to content

Get Investigation

detective_get_investigation R Documentation

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise

Description

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. get_investigation returns the investigation results of an investigation for a behavior graph.

Usage

detective_get_investigation(GraphArn, InvestigationId)

Arguments

GraphArn

[required] The Amazon Resource Name (ARN) of the behavior graph.

InvestigationId

[required] The investigation ID of the investigation report.

Value

A list with the following syntax: 

list(
  GraphArn = "string",
  InvestigationId = "string",
  EntityArn = "string",
  EntityType = "IAM_ROLE"|"IAM_USER",
  CreatedTime = as.POSIXct(
    "2015-01-01"
  ),
  ScopeStartTime = as.POSIXct(
    "2015-01-01"
  ),
  ScopeEndTime = as.POSIXct(
    "2015-01-01"
  ),
  Status = "RUNNING"|"FAILED"|"SUCCESSFUL",
  Severity = "INFORMATIONAL"|"LOW"|"MEDIUM"|"HIGH"|"CRITICAL",
  State = "ACTIVE"|"ARCHIVED"
)

Request syntax

svc$get_investigation(
  GraphArn = "string",
  InvestigationId = "string"
)