Class: Aws::SecurityHub::Types::Indicator

Inherits:

Struct

• Object
• Struct
• Aws::SecurityHub::Types::Indicator

Includes:

Aws::Structure

Defined in:

lib/aws-sdk-securityhub/types.rb

Overview

Contains information about the indicators observed in an Amazon GuardDuty Extended Threat Detection attack sequence. Indicators include a set of signals, which can be API activities or findings that GuardDuty uses to detect an attack sequence finding. GuardDuty generates an attack sequence finding when multiple signals align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see [GuardDuty Extended Threat Detection ][1] in the *Amazon GuardDuty User Guide*.

[1]: docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #key ⇒ String

  The name of the indicator that’s present in the attack sequence finding.

• #title ⇒ String

  The title describing the indicator.

• #type ⇒ String

  The type of indicator.

• #values ⇒ Array<String>

  Values associated with each indicator key.

Instance Attribute Details

#key ⇒ String

The name of the indicator that’s present in the attack sequence finding.

Returns:

• (String)

# File 'lib/aws-sdk-securityhub/types.rb', line 26075

class Indicator < Struct.new(
  :key,
  :values,
  :title,
  :type)
  SENSITIVE = []
  include Aws::Structure
end

#title ⇒ String

The title describing the indicator.

Returns:

• (String)

# File 'lib/aws-sdk-securityhub/types.rb', line 26075

class Indicator < Struct.new(
  :key,
  :values,
  :title,
  :type)
  SENSITIVE = []
  include Aws::Structure
end

#type ⇒ String

The type of indicator.

Returns:

• (String)

# File 'lib/aws-sdk-securityhub/types.rb', line 26075

class Indicator < Struct.new(
  :key,
  :values,
  :title,
  :type)
  SENSITIVE = []
  include Aws::Structure
end

#values ⇒ Array<String>

Values associated with each indicator key. For example, if the indicator key is ‘SUSPICIOUS_NETWORK`, then the value will be the name of the network. If the indicator key is `ATTACK_TACTIC`, then the value will be one of the MITRE tactics.

Returns:

• (Array<String>)

# File 'lib/aws-sdk-securityhub/types.rb', line 26075

class Indicator < Struct.new(
  :key,
  :values,
  :title,
  :type)
  SENSITIVE = []
  include Aws::Structure
end