Values.IndicatorDetailSourceDetails about the indicators of compromise which are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. For the list of indicators of compromise that are generated by Detective investigations, see Detective investigations.
type nonrec t = {tTPsObservedDetail : TTPsObservedDetail.t option;Details about the indicator of compromise.
*)impossibleTravelDetail : ImpossibleTravelDetail.t option;Identifies unusual and impossible user activity for an account.
*)flaggedIpAddressDetail : FlaggedIpAddressDetail.t option;Suspicious IP addresses that are flagged, which indicates critical or severe threats based on threat intelligence by Detective. This indicator is derived from Amazon Web Services threat intelligence.
*)newGeolocationDetail : NewGeolocationDetail.t option;Contains details about the new geographic location.
*)newAsoDetail : NewAsoDetail.t option;Contains details about the new Autonomous System Organization (ASO).
*)newUserAgentDetail : NewUserAgentDetail.t option;Contains details about the new user agent.
*)}val to_value :
t ->
[> `Structure of
(string
* [> `Structure of
(string
* [> `Boolean of IsNewForEntireAccount.t
| `Enum of string
| `Integer of HourlyTimeDelta.t
| `Long of APISuccessCount.t
| `String of Tactic.t ])
list ])
list ]