Detective / Client / start_investigation
start_investigation#
- Detective.Client.start_investigation(**kwargs)#
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident.
StartInvestigation
initiates an investigation on an entity in a behavior graph.See also: AWS API Documentation
Request Syntax
response = client.start_investigation( GraphArn='string', EntityArn='string', ScopeStartTime=datetime(2015, 1, 1), ScopeEndTime=datetime(2015, 1, 1) )
- Parameters:
GraphArn (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of the behavior graph.
EntityArn (string) –
[REQUIRED]
The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
ScopeStartTime (datetime) –
[REQUIRED]
The data and time when the investigation began. The value is an UTC ISO8601 formatted string. For example,
2021-08-18T16:35:56.284Z
.ScopeEndTime (datetime) –
[REQUIRED]
The data and time when the investigation ended. The value is an UTC ISO8601 formatted string. For example,
2021-08-18T16:35:56.284Z
.
- Return type:
dict
- Returns:
Response Syntax
{ 'InvestigationId': 'string' }
Response Structure
(dict) –
InvestigationId (string) –
The investigation ID of the investigation report.
Exceptions
Detective.Client.exceptions.AccessDeniedException
Detective.Client.exceptions.InternalServerException
Detective.Client.exceptions.ValidationException
Detective.Client.exceptions.TooManyRequestsException
Detective.Client.exceptions.ResourceNotFoundException