View a markdown version of this page

Investigation - Amazon GuardDuty
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Investigation

Contains the details and results of a GuardDuty investigation.

Contents

investigationId

The unique identifier of the investigation.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [a-fA-F0-9\-]+

Required: Yes

status

The current status of the investigation. Possible values are RUNNING, COMPLETED, and FAILED.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Valid Values: RUNNING | COMPLETED | FAILED

Required: Yes

triggeredBy

The account that initiated the investigation.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 256.

Required: Yes

triggerPrompt

The natural-language prompt that initiated this investigation.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: Yes

cloud

Details about the cloud environment in which the investigation was performed, including the provider, region, and account.

Type: CloudDetails object

Required: No

confidence

The confidence level of the investigation's assessment. Possible values are Unknown, Low, Medium, and High.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 50.

Valid Values: Unknown | Low | Medium | High

Required: No

endTime

The timestamp at which the investigation completed.

Type: Timestamp

Required: No

error

Details about the error if the investigation status is FAILED.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Required: No

metadata

Metadata about the product and version that produced the investigation.

Type: InvestigationMetadata object

Required: No

risk

A human-readable description of the assessed risk.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 1024.

Required: No

riskLevel

The assessed risk level of the investigated threat. Possible values are Info, Low, Medium, High, and Critical.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Valid Values: Info | Low | Medium | High | Critical

Required: No

startTime

The timestamp at which the investigation started.

Type: Timestamp

Required: No

summary

A structured summary of the investigation findings, including affected resources, threat assessment, and recommended remediation steps.

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: