Class: Aws::AuditManager::Types::EvidenceFinderEnablement

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-auditmanager/types.rb

Overview

The settings object that specifies whether evidence finder is enabled. This object also describes the related event data store, and the backfill status for populating the event data store with evidence data.

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#backfill_statusString

The current status of the evidence data backfill process.

The backfill starts after you enable evidence finder. During this task, Audit Manager populates an event data store with your past evidence data so that your evidence can be queried.

  • ‘NOT_STARTED` means that the backfill hasn’t started yet.

  • ‘IN_PROGRESS` means that the backfill is in progress. This can take up to 24 hours to complete, depending on the amount of evidence data.

  • ‘COMPLETED` means that the backfill is complete. All of your past evidence is now queryable.

Returns:

  • (String) 


2565
2566
2567
2568
2569
2570
2571
2572
 
# File 'lib/aws-sdk-auditmanager/types.rb', line 2565

class EvidenceFinderEnablement < Struct.new(
  :event_data_store_arn,
  :enablement_status,
  :backfill_status,
  :error)
  SENSITIVE = []
  include Aws::Structure
end

#enablement_statusString

The current status of the evidence finder feature and the related event data store.

  • ‘ENABLE_IN_PROGRESS` means that you requested to enable evidence finder. An event data store is currently being created to support evidence finder queries.

  • ‘ENABLED` means that an event data store was successfully created and evidence finder is enabled. We recommend that you wait 24 hours until the event data store is backfilled with your past evidence data. You can use evidence finder in the meantime, but not all data might be available until the backfill is complete.

  • ‘DISABLE_IN_PROGRESS` means that you requested to disable evidence finder, and your request is pending the deletion of the event data store.

  • ‘DISABLED` means that you have permanently disabled evidence finder and the event data store has been deleted. You can’t re-enable evidence finder after this point.

Returns:

  • (String) 


2565
2566
2567
2568
2569
2570
2571
2572
 
# File 'lib/aws-sdk-auditmanager/types.rb', line 2565

class EvidenceFinderEnablement < Struct.new(
  :event_data_store_arn,
  :enablement_status,
  :backfill_status,
  :error)
  SENSITIVE = []
  include Aws::Structure
end

#errorString

Represents any errors that occurred when enabling or disabling evidence finder.

Returns:

  • (String) 


2565
2566
2567
2568
2569
2570
2571
2572
 
# File 'lib/aws-sdk-auditmanager/types.rb', line 2565

class EvidenceFinderEnablement < Struct.new(
  :event_data_store_arn,
  :enablement_status,
  :backfill_status,
  :error)
  SENSITIVE = []
  include Aws::Structure
end

#event_data_store_arnString

The Amazon Resource Name (ARN) of the CloudTrail Lake event data store that’s used by evidence finder. The event data store is the lake of evidence data that evidence finder runs queries against.

Returns:

  • (String) 


2565
2566
2567
2568
2569
2570
2571
2572
 
# File 'lib/aws-sdk-auditmanager/types.rb', line 2565

class EvidenceFinderEnablement < Struct.new(
  :event_data_store_arn,
  :enablement_status,
  :backfill_status,
  :error)
  SENSITIVE = []
  include Aws::Structure
end