detective/aws.sdk.kotlin.services.detective.model/IndicatorDetail

IndicatorDetail

Details about the indicators of compromise which are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. For the list of indicators of compromise that are generated by Detective investigations, see Detective investigations.

Types

Builder

class Builder

Companion

object Companion

Properties

flaggedIpAddressDetail

val flaggedIpAddressDetail: FlaggedIpAddressDetail?

Suspicious IP addresses that are flagged, which indicates critical or severe threats based on threat intelligence by Detective. This indicator is derived from Amazon Web Services threat intelligence.

impossibleTravelDetail

val impossibleTravelDetail: ImpossibleTravelDetail?

Identifies unusual and impossible user activity for an account.

newAsoDetail

val newAsoDetail: NewAsoDetail?

Contains details about the new Autonomous System Organization (ASO).

newGeolocationDetail

val newGeolocationDetail: NewGeolocationDetail?

Contains details about the new geographic location.

newUserAgentDetail

val newUserAgentDetail: NewUserAgentDetail?

Contains details about the new user agent.