Class: Aws::Detective::Types::IndicatorDetail

Inherits:

Struct

• Object
• Struct
• Aws::Detective::Types::IndicatorDetail

Includes:

Structure

Defined in:

lib/aws-sdk-detective/types.rb

Overview

Details about the indicators of compromise which are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. For the list of indicators of compromise that are generated by Detective investigations, see [Detective investigations].

[1]: docs.aws.amazon.com/detective/latest/userguide/detective-investigations.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #flagged_ip_address_detail ⇒ Types::FlaggedIpAddressDetail

  Suspicious IP addresses that are flagged, which indicates critical or severe threats based on threat intelligence by Detective.

• #impossible_travel_detail ⇒ Types::ImpossibleTravelDetail

  Identifies unusual and impossible user activity for an account.

• #new_aso_detail ⇒ Types::NewAsoDetail

  Contains details about the new Autonomous System Organization (ASO).

• #new_geolocation_detail ⇒ Types::NewGeolocationDetail

  Contains details about the new geographic location.

• #new_user_agent_detail ⇒ Types::NewUserAgentDetail

  Contains details about the new user agent.

• #related_finding_detail ⇒ Types::RelatedFindingDetail

  Contains details about related findings.

• #related_finding_group_detail ⇒ Types::RelatedFindingGroupDetail

  Contains details about related finding groups.

• #tt_ps_observed_detail ⇒ Types::TTPsObservedDetail

  Details about the indicator of compromise.

Instance Attribute Details

#flagged_ip_address_detail ⇒ Types::FlaggedIpAddressDetail

Suspicious IP addresses that are flagged, which indicates critical or severe threats based on threat intelligence by Detective. This indicator is derived from Amazon Web Services threat intelligence.

Returns:

• (Types::FlaggedIpAddressDetail)

# File 'lib/aws-sdk-detective/types.rb', line 771

class IndicatorDetail < Struct.new(
  :tt_ps_observed_detail,
  :impossible_travel_detail,
  :flagged_ip_address_detail,
  :new_geolocation_detail,
  :new_aso_detail,
  :new_user_agent_detail,
  :related_finding_detail,
  :related_finding_group_detail)
  SENSITIVE = []
  include Aws::Structure
end

#impossible_travel_detail ⇒ Types::ImpossibleTravelDetail

Identifies unusual and impossible user activity for an account.

Returns:

• (Types::ImpossibleTravelDetail)

# File 'lib/aws-sdk-detective/types.rb', line 771

class IndicatorDetail < Struct.new(
  :tt_ps_observed_detail,
  :impossible_travel_detail,
  :flagged_ip_address_detail,
  :new_geolocation_detail,
  :new_aso_detail,
  :new_user_agent_detail,
  :related_finding_detail,
  :related_finding_group_detail)
  SENSITIVE = []
  include Aws::Structure
end

#new_aso_detail ⇒ Types::NewAsoDetail

Contains details about the new Autonomous System Organization (ASO).

Returns:

• (Types::NewAsoDetail)

# File 'lib/aws-sdk-detective/types.rb', line 771

class IndicatorDetail < Struct.new(
  :tt_ps_observed_detail,
  :impossible_travel_detail,
  :flagged_ip_address_detail,
  :new_geolocation_detail,
  :new_aso_detail,
  :new_user_agent_detail,
  :related_finding_detail,
  :related_finding_group_detail)
  SENSITIVE = []
  include Aws::Structure
end

#new_geolocation_detail ⇒ Types::NewGeolocationDetail

Contains details about the new geographic location.

Returns:

• (Types::NewGeolocationDetail)

# File 'lib/aws-sdk-detective/types.rb', line 771

class IndicatorDetail < Struct.new(
  :tt_ps_observed_detail,
  :impossible_travel_detail,
  :flagged_ip_address_detail,
  :new_geolocation_detail,
  :new_aso_detail,
  :new_user_agent_detail,
  :related_finding_detail,
  :related_finding_group_detail)
  SENSITIVE = []
  include Aws::Structure
end

#new_user_agent_detail ⇒ Types::NewUserAgentDetail

Contains details about the new user agent.

Returns:

• (Types::NewUserAgentDetail)

# File 'lib/aws-sdk-detective/types.rb', line 771

class IndicatorDetail < Struct.new(
  :tt_ps_observed_detail,
  :impossible_travel_detail,
  :flagged_ip_address_detail,
  :new_geolocation_detail,
  :new_aso_detail,
  :new_user_agent_detail,
  :related_finding_detail,
  :related_finding_group_detail)
  SENSITIVE = []
  include Aws::Structure
end

#related_finding_detail ⇒ Types::RelatedFindingDetail

Contains details about related findings.

Returns:

• (Types::RelatedFindingDetail)

# File 'lib/aws-sdk-detective/types.rb', line 771

class IndicatorDetail < Struct.new(
  :tt_ps_observed_detail,
  :impossible_travel_detail,
  :flagged_ip_address_detail,
  :new_geolocation_detail,
  :new_aso_detail,
  :new_user_agent_detail,
  :related_finding_detail,
  :related_finding_group_detail)
  SENSITIVE = []
  include Aws::Structure
end

#related_finding_group_detail ⇒ Types::RelatedFindingGroupDetail

Contains details about related finding groups.

Returns:

• (Types::RelatedFindingGroupDetail)

# File 'lib/aws-sdk-detective/types.rb', line 771

class IndicatorDetail < Struct.new(
  :tt_ps_observed_detail,
  :impossible_travel_detail,
  :flagged_ip_address_detail,
  :new_geolocation_detail,
  :new_aso_detail,
  :new_user_agent_detail,
  :related_finding_detail,
  :related_finding_group_detail)
  SENSITIVE = []
  include Aws::Structure
end

#tt_ps_observed_detail ⇒ Types::TTPsObservedDetail

Details about the indicator of compromise.

Returns:

• (Types::TTPsObservedDetail)

# File 'lib/aws-sdk-detective/types.rb', line 771

class IndicatorDetail < Struct.new(
  :tt_ps_observed_detail,
  :impossible_travel_detail,
  :flagged_ip_address_detail,
  :new_geolocation_detail,
  :new_aso_detail,
  :new_user_agent_detail,
  :related_finding_detail,
  :related_finding_group_detail)
  SENSITIVE = []
  include Aws::Structure
end