detective/aws.sdk.kotlin.services.detective

Package-level declarations

Types

Link copied to clipboard
interface DetectiveClient : SdkClient

Detective uses machine learning and purpose-built visualizations to help you to analyze and investigate security issues across your Amazon Web Services (Amazon Web Services) workloads. Detective automatically extracts time-based events such as login attempts, API calls, and network traffic from CloudTrail and Amazon Virtual Private Cloud (Amazon VPC) flow logs. It also extracts findings detected by Amazon GuardDuty.

Properties

Link copied to clipboard
const val SdkVersion: String
Link copied to clipboard
Link copied to clipboard
const val ServiceId: String

Functions

Link copied to clipboard
inline suspend fun DetectiveClient.acceptInvitation(crossinline block: AcceptInvitationRequest.Builder.() -> Unit): AcceptInvitationResponse

Accepts an invitation for the member account to contribute data to a behavior graph. This operation can only be called by an invited member account.

Link copied to clipboard
inline suspend fun DetectiveClient.batchGetGraphMemberDatasources(crossinline block: BatchGetGraphMemberDatasourcesRequest.Builder.() -> Unit): BatchGetGraphMemberDatasourcesResponse

Gets data source package information for the behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.batchGetMembershipDatasources(crossinline block: BatchGetMembershipDatasourcesRequest.Builder.() -> Unit): BatchGetMembershipDatasourcesResponse

Gets information on the data source package history for an account.

Link copied to clipboard
inline suspend fun DetectiveClient.createGraph(crossinline block: CreateGraphRequest.Builder.() -> Unit): CreateGraphResponse

Creates a new behavior graph for the calling account, and sets that account as the administrator account. This operation is called by the account that is enabling Detective.

Link copied to clipboard
inline suspend fun DetectiveClient.createMembers(crossinline block: CreateMembersRequest.Builder.() -> Unit): CreateMembersResponse

CreateMembers is used to send invitations to accounts. For the organization behavior graph, the Detective administrator account uses CreateMembers to enable organization accounts as member accounts.

Link copied to clipboard
inline suspend fun DetectiveClient.deleteGraph(crossinline block: DeleteGraphRequest.Builder.() -> Unit): DeleteGraphResponse

Disables the specified behavior graph and queues it to be deleted. This operation removes the behavior graph from each member account's list of behavior graphs.

Link copied to clipboard
inline suspend fun DetectiveClient.deleteMembers(crossinline block: DeleteMembersRequest.Builder.() -> Unit): DeleteMembersResponse

Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. This operation can only be called by the administrator account for the behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.describeOrganizationConfiguration(crossinline block: DescribeOrganizationConfigurationRequest.Builder.() -> Unit): DescribeOrganizationConfigurationResponse

Returns information about the configuration for the organization behavior graph. Currently indicates whether to automatically enable new organization accounts as member accounts.

Link copied to clipboard
inline suspend fun DetectiveClient.disableOrganizationAdminAccount(crossinline block: DisableOrganizationAdminAccountRequest.Builder.() -> Unit): DisableOrganizationAdminAccountResponse

Removes the Detective administrator account in the current Region. Deletes the organization behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.disassociateMembership(crossinline block: DisassociateMembershipRequest.Builder.() -> Unit): DisassociateMembershipResponse

Removes the member account from the specified behavior graph. This operation can only be called by an invited member account that has the ENABLED status.

Link copied to clipboard
inline suspend fun DetectiveClient.enableOrganizationAdminAccount(crossinline block: EnableOrganizationAdminAccountRequest.Builder.() -> Unit): EnableOrganizationAdminAccountResponse

Designates the Detective administrator account for the organization in the current Region.

Link copied to clipboard
inline suspend fun DetectiveClient.getInvestigation(crossinline block: GetInvestigationRequest.Builder.() -> Unit): GetInvestigationResponse

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. GetInvestigation returns the investigation results of an investigation for a behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.getMembers(crossinline block: GetMembersRequest.Builder.() -> Unit): GetMembersResponse

Returns the membership details for specified member accounts for a behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.listDatasourcePackages(crossinline block: ListDatasourcePackagesRequest.Builder.() -> Unit): ListDatasourcePackagesResponse

Lists data source packages in the behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.listGraphs(crossinline block: ListGraphsRequest.Builder.() -> Unit): ListGraphsResponse

Returns the list of behavior graphs that the calling account is an administrator account of. This operation can only be called by an administrator account.

Link copied to clipboard
inline suspend fun DetectiveClient.listIndicators(crossinline block: ListIndicatorsRequest.Builder.() -> Unit): ListIndicatorsResponse

Gets the indicators from an investigation. You can use the information from the indicators to determine if an IAM user and/or IAM role is involved in an unusual activity that could indicate malicious behavior and its impact.

Link copied to clipboard
inline suspend fun DetectiveClient.listInvestigations(crossinline block: ListInvestigationsRequest.Builder.() -> Unit): ListInvestigationsResponse

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. ListInvestigations lists all active Detective investigations.

Link copied to clipboard
inline suspend fun DetectiveClient.listInvitations(crossinline block: ListInvitationsRequest.Builder.() -> Unit): ListInvitationsResponse

Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by an invited member account.

Link copied to clipboard
inline suspend fun DetectiveClient.listMembers(crossinline block: ListMembersRequest.Builder.() -> Unit): ListMembersResponse

Retrieves the list of member accounts for a behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.listOrganizationAdminAccounts(crossinline block: ListOrganizationAdminAccountsRequest.Builder.() -> Unit): ListOrganizationAdminAccountsResponse

Returns information about the Detective administrator account for an organization. Can only be called by the organization management account.

Link copied to clipboard
inline suspend fun DetectiveClient.listTagsForResource(crossinline block: ListTagsForResourceRequest.Builder.() -> Unit): ListTagsForResourceResponse

Returns the tag values that are assigned to a behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.rejectInvitation(crossinline block: RejectInvitationRequest.Builder.() -> Unit): RejectInvitationResponse

Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by an invited member account that has the INVITED status.

Link copied to clipboard
inline suspend fun DetectiveClient.startInvestigation(crossinline block: StartInvestigationRequest.Builder.() -> Unit): StartInvestigationResponse

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. StartInvestigation initiates an investigation on an entity in a behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.startMonitoringMember(crossinline block: StartMonitoringMemberRequest.Builder.() -> Unit): StartMonitoringMemberResponse

Sends a request to enable data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED.

Link copied to clipboard
inline suspend fun DetectiveClient.tagResource(crossinline block: TagResourceRequest.Builder.() -> Unit): TagResourceResponse

Applies tag values to a behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.untagResource(crossinline block: UntagResourceRequest.Builder.() -> Unit): UntagResourceResponse

Removes tags from a behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.updateDatasourcePackages(crossinline block: UpdateDatasourcePackagesRequest.Builder.() -> Unit): UpdateDatasourcePackagesResponse

Starts a data source packages for the behavior graph.

Link copied to clipboard
inline suspend fun DetectiveClient.updateInvestigationState(crossinline block: UpdateInvestigationStateRequest.Builder.() -> Unit): UpdateInvestigationStateResponse

Updates the state of an investigation.

Link copied to clipboard
inline suspend fun DetectiveClient.updateOrganizationConfiguration(crossinline block: UpdateOrganizationConfigurationRequest.Builder.() -> Unit): UpdateOrganizationConfigurationResponse

Updates the configuration for the Organizations integration in the current Region. Can only be called by the Detective administrator account for the organization.

Link copied to clipboard
fun DetectiveClient.withConfig(block: DetectiveClient.Config.Builder.() -> Unit): DetectiveClient

Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.