Class: Aws::SecurityHub::Types::Sequence

Inherits:

Struct

• Object
• Struct
• Aws::SecurityHub::Types::Sequence

Includes:

Aws::Structure

Defined in:

lib/aws-sdk-securityhub/types.rb

Overview

Contains information about an Amazon GuardDuty Extended Threat Detection attack sequence finding. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see [GuardDuty Extended Threat Detection ][1] in the *Amazon GuardDuty User Guide*.

[1]: docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #actors ⇒ Array<Types::Actor>

  Provides information about the actors involved in the attack sequence.

• #endpoints ⇒ Array<Types::NetworkEndpoint>

  Contains information about the network endpoints that were used in the attack sequence.

• #sequence_indicators ⇒ Array<Types::Indicator>

  Contains information about the indicators observed in the attack sequence.

• #signals ⇒ Array<Types::Signal>

  Contains information about the signals involved in the attack sequence.

• #uid ⇒ String

  Unique identifier of the attack sequence.

Instance Attribute Details

#actors ⇒ Array<Types::Actor>

Provides information about the actors involved in the attack sequence.

Returns:

• (Array<Types::Actor>)

# File 'lib/aws-sdk-securityhub/types.rb', line 30013

class Sequence < Struct.new(
  :uid,
  :actors,
  :endpoints,
  :signals,
  :sequence_indicators)
  SENSITIVE = []
  include Aws::Structure
end

#endpoints ⇒ Array<Types::NetworkEndpoint>

Contains information about the network endpoints that were used in the attack sequence.

Returns:

• (Array<Types::NetworkEndpoint>)

# File 'lib/aws-sdk-securityhub/types.rb', line 30013

class Sequence < Struct.new(
  :uid,
  :actors,
  :endpoints,
  :signals,
  :sequence_indicators)
  SENSITIVE = []
  include Aws::Structure
end

#sequence_indicators ⇒ Array<Types::Indicator>

Contains information about the indicators observed in the attack sequence. The values for [SignalIndicators] are a subset of the values for ‘SequenceIndicators`, but the values for these fields don’t always match 1:1.

[1]: docs.aws.amazon.com/securityhub/1.0/APIReference/API_Signal.html

Returns:

• (Array<Types::Indicator>)

# File 'lib/aws-sdk-securityhub/types.rb', line 30013

class Sequence < Struct.new(
  :uid,
  :actors,
  :endpoints,
  :signals,
  :sequence_indicators)
  SENSITIVE = []
  include Aws::Structure
end

#signals ⇒ Array<Types::Signal>

Contains information about the signals involved in the attack sequence.

Returns:

• (Array<Types::Signal>)

# File 'lib/aws-sdk-securityhub/types.rb', line 30013

class Sequence < Struct.new(
  :uid,
  :actors,
  :endpoints,
  :signals,
  :sequence_indicators)
  SENSITIVE = []
  include Aws::Structure
end

#uid ⇒ String

Unique identifier of the attack sequence.

Returns:

• (String)

# File 'lib/aws-sdk-securityhub/types.rb', line 30013

class Sequence < Struct.new(
  :uid,
  :actors,
  :endpoints,
  :signals,
  :sequence_indicators)
  SENSITIVE = []
  include Aws::Structure
end