Package-level declarations

The request issuer does not have permission to access this resource or perform this operation.

An Amazon Web Services account that is the administrator account of or a member of a behavior graph.

Information about the Detective administrator account for an organization.

The request attempted an invalid action.

Details about the data source packages ingested by your behavior graph.

Information on the usage of a data source package in the behavior graph.

Contains details on the time range used to filter data.

Base class for all service related exceptions thrown by the Detective client

Details on the criteria used to define the filter for investigation results.

Contains information on suspicious IP addresses identified as indicators of compromise. This indicator is derived from Amazon Web Services threat intelligence.

A behavior graph in Detective.

Contains information on unusual and impossible travel in an account.

Detective investigations triages indicators of compromises such as a finding and surfaces only the most critical and suspicious issues, so you can focus on high-level investigations. An Indicator lets you determine if an Amazon Web Services resource is involved in unusual activity that could indicate malicious behavior and its impact.

Details about the indicators of compromise which are used to determine if a resource is involved in a security incident. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. For the list of indicators of compromise that are generated by Detective investigations, see Detective investigations.

The request was valid but failed because of a problem with the service.

Details about the investigation related to a potential security event identified by Detective.

Details about a member account in a behavior graph.

Details on data source packages for members of the behavior graph.

Details new Autonomous System Organizations (ASOs) used either at the resource or account level.

Details new geolocations used either at the resource or account level. For example, lists an observed geolocation that is an infrequent or unused location based on previous user activity.

Details new user agents used either at the resource or account level.

Details related activities associated with a potential security event. Lists all distinct categories of evidence that are connected to the resource or the finding group.

Details multiple activities as they related to a potential security event. Detective uses graph analysis technique that infers relationships between findings and entities, and groups them together as a finding group.

The request refers to a nonexistent resource.

This request cannot be completed for one of the following reasons.

Details about the criteria used for sorting investigations.

A string for filtering Detective investigations.

Details on when data collection began for a source package.

The request cannot be completed because too many other requests are occurring at the same time.

Details tactics, techniques, and procedures (TTPs) used in a potential security event. Tactics are based on MITRE ATT&CK Matrix for Enterprise.

A member account that was included in a request but for which the request could not be processed.

Behavior graphs that could not be processed in the request.

The request parameters are invalid.