Skip to content

List Investigations

detective_list_investigations R Documentation

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise

Description

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. list_investigations lists all active Detective investigations.

Usage

detective_list_investigations(GraphArn, NextToken, MaxResults,
  FilterCriteria, SortCriteria)

Arguments

GraphArn

[required] The Amazon Resource Name (ARN) of the behavior graph.

NextToken

Lists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.

Each pagination token expires after 24 hours. Using an expired pagination token will return a Validation Exception error.

MaxResults

Lists the maximum number of investigations in a page.

FilterCriteria

Filters the investigation results based on a criteria.

SortCriteria

Sorts the investigation results based on a criteria.

Value

A list with the following syntax:

list(
  InvestigationDetails = list(
    list(
      InvestigationId = "string",
      Severity = "INFORMATIONAL"|"LOW"|"MEDIUM"|"HIGH"|"CRITICAL",
      Status = "RUNNING"|"FAILED"|"SUCCESSFUL",
      State = "ACTIVE"|"ARCHIVED",
      CreatedTime = as.POSIXct(
        "2015-01-01"
      ),
      EntityArn = "string",
      EntityType = "IAM_ROLE"|"IAM_USER"
    )
  ),
  NextToken = "string"
)

Request syntax

svc$list_investigations(
  GraphArn = "string",
  NextToken = "string",
  MaxResults = 123,
  FilterCriteria = list(
    Severity = list(
      Value = "string"
    ),
    Status = list(
      Value = "string"
    ),
    State = list(
      Value = "string"
    ),
    EntityArn = list(
      Value = "string"
    ),
    CreatedTime = list(
      StartInclusive = as.POSIXct(
        "2015-01-01"
      ),
      EndInclusive = as.POSIXct(
        "2015-01-01"
      )
    )
  ),
  SortCriteria = list(
    Field = "SEVERITY"|"STATUS"|"CREATED_TIME",
    SortOrder = "ASC"|"DESC"
  )
)