List Investigations
| detective_list_investigations | R Documentation |
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise¶
Description¶
Detective investigations lets you investigate IAM users and IAM roles
using indicators of compromise. An indicator of compromise (IOC) is an
artifact observed in or on a network, system, or environment that can
(with a high level of confidence) identify malicious activity or a
security incident. list_investigations lists all active Detective
investigations.
Usage¶
Arguments¶
GraphArn[required] The Amazon Resource Name (ARN) of the behavior graph.
NextTokenLists if there are more results available. The value of nextToken is a unique pagination token for each page. Repeat the call using the returned token to retrieve the next page. Keep all other arguments unchanged.
Each pagination token expires after 24 hours. Using an expired pagination token will return a Validation Exception error.
MaxResultsLists the maximum number of investigations in a page.
FilterCriteriaFilters the investigation results based on a criteria.
SortCriteriaSorts the investigation results based on a criteria.
Value¶
A list with the following syntax:
list(
InvestigationDetails = list(
list(
InvestigationId = "string",
Severity = "INFORMATIONAL"|"LOW"|"MEDIUM"|"HIGH"|"CRITICAL",
Status = "RUNNING"|"FAILED"|"SUCCESSFUL",
State = "ACTIVE"|"ARCHIVED",
CreatedTime = as.POSIXct(
"2015-01-01"
),
EntityArn = "string",
EntityType = "IAM_ROLE"|"IAM_USER"
)
),
NextToken = "string"
)
Request syntax¶
svc$list_investigations(
GraphArn = "string",
NextToken = "string",
MaxResults = 123,
FilterCriteria = list(
Severity = list(
Value = "string"
),
Status = list(
Value = "string"
),
State = list(
Value = "string"
),
EntityArn = list(
Value = "string"
),
CreatedTime = list(
StartInclusive = as.POSIXct(
"2015-01-01"
),
EndInclusive = as.POSIXct(
"2015-01-01"
)
)
),
SortCriteria = list(
Field = "SEVERITY"|"STATUS"|"CREATED_TIME",
SortOrder = "ASC"|"DESC"
)
)