Module Values.GetInvestigationResponseSource

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. GetInvestigation returns the investigation results of an investigation for a behavior graph.

Sourcetype nonrec t = {
  1. graphArn : GraphArn.t option;
    (*

    The Amazon Resource Name (ARN) of the behavior graph.

    *)
  2. investigationId : InvestigationId.t option;
    (*

    The investigation ID of the investigation report.

    *)
  3. entityArn : EntityArn.t option;
    (*

    The unique Amazon Resource Name (ARN). Detective supports IAM user ARNs and IAM role ARNs.

    *)
  4. entityType : EntityType.t option;
    (*

    Type of entity. For example, Amazon Web Services accounts, such as an IAM user and/or IAM role.

    *)
  5. createdTime : Timestamp.t option;
    (*

    The creation time of the investigation report in UTC time stamp format.

    *)
  6. scopeStartTime : Timestamp.t option;
    (*

    The start date and time used to set the scope time within which you want to generate the investigation report. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

    *)
  7. scopeEndTime : Timestamp.t option;
    (*

    The data and time when the investigation began. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

    *)
  8. status : Status.t option;
    (*

    The status based on the completion status of the investigation.

    *)
  9. severity : Severity.t option;
    (*

    The severity assigned is based on the likelihood and impact of the indicators of compromise discovered in the investigation.

    *)
  10. state : State.t option;
    (*

    The current state of the investigation. An archived investigation indicates that you have completed reviewing the investigation.

    *)
}
Sourcetype nonrec error = [
  1. | `AccessDeniedException of AccessDeniedException.t
  2. | `InternalServerException of InternalServerException.t
  3. | `ResourceNotFoundException of ResourceNotFoundException.t
  4. | `TooManyRequestsException of TooManyRequestsException.t
  5. | `ValidationException of ValidationException.t
  6. | `Unknown_operation_error of string * string option
]
Sourceval make : ?graphArn:??? -> ?investigationId:??? -> ?entityArn:??? -> ?entityType:??? -> ?createdTime:??? -> ?scopeStartTime:??? -> ?scopeEndTime:??? -> ?status:??? -> ?severity:??? -> ?state:??? -> unit -> t
Sourceval error_of_json : string -> Yojson.Safe.t -> [> `AccessDeniedException of AccessDeniedException.t | `InternalServerException of InternalServerException.t | `ResourceNotFoundException of ResourceNotFoundException.t | `TooManyRequestsException of TooManyRequestsException.t | `Unknown_operation_error of string * string option | `ValidationException of ValidationException.t ]
Sourceval error_of_xml : string -> Awso.Xml.t -> [> `AccessDeniedException of AccessDeniedException.t | `InternalServerException of InternalServerException.t | `ResourceNotFoundException of ResourceNotFoundException.t | `TooManyRequestsException of TooManyRequestsException.t | `Unknown_operation_error of string * string option | `ValidationException of ValidationException.t ]
Sourceval error_to_json : error -> Yojson.Safe.t
Sourceval to_value : t -> [> `Structure of (string * [> `Enum of string | `String of GraphArn.t | `Timestamp of Timestamp.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t