Module Values.StartInvestigationRequestSource

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. StartInvestigation initiates an investigation on an entity in a behavior graph.

Sourcetype nonrec t = {
  1. graphArn : GraphArn.t;
    (*

    The Amazon Resource Name (ARN) of the behavior graph.

    *)
  2. entityArn : EntityArn.t;
    (*

    The unique Amazon Resource Name (ARN) of the IAM user and IAM role.

    *)
  3. scopeStartTime : Timestamp.t;
    (*

    The data and time when the investigation began. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

    *)
  4. scopeEndTime : Timestamp.t;
    (*

    The data and time when the investigation ended. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

    *)
}
Sourceval context_ : string
Sourceval make : graphArn:GraphArn.t -> entityArn:EntityArn.t -> scopeStartTime:Timestamp.t -> scopeEndTime:Timestamp.t -> unit -> t
Sourceval to_value : t -> [> `Structure of (string * [> `String of GraphArn.t | `Timestamp of Timestamp.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t