Detective / Client / get_investigation

get_investigation#

Detective.Client.get_investigation(**kwargs)#

Returns the investigation results of an investigation for a behavior graph.

See also: AWS API Documentation

Request Syntax

response = client.get_investigation(
    GraphArn='string',
    InvestigationId='string'
)
Parameters:

  • GraphArn (string) –

    [REQUIRED]

    The ARN of the behavior graph.

  • InvestigationId (string) –

    [REQUIRED]

    The investigation ID of the investigation report.

Return type:

dict

Returns:

Response Syntax

{
    'GraphArn': 'string',
    'InvestigationId': 'string',
    'EntityArn': 'string',
    'EntityType': 'IAM_ROLE'|'IAM_USER',
    'CreatedTime': datetime(2015, 1, 1),
    'ScopeStartTime': datetime(2015, 1, 1),
    'ScopeEndTime': datetime(2015, 1, 1),
    'Status': 'RUNNING'|'FAILED'|'SUCCESSFUL',
    'Severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
    'State': 'ACTIVE'|'ARCHIVED'
}

Response Structure

  • (dict) –

    • GraphArn (string) –

      The ARN of the behavior graph.

    • InvestigationId (string) –

      The investigation ID of the investigation report.

    • EntityArn (string) –

      The unique Amazon Resource Name (ARN) of the IAM user and IAM role.

    • EntityType (string) –

      Type of entity. For example, Amazon Web Services accounts, such as IAM user and role.

    • CreatedTime (datetime) –

      The UTC time stamp of the creation time of the investigation report.

    • ScopeStartTime (datetime) –

      The start date and time for the scope time set to generate the investigation report.

    • ScopeEndTime (datetime) –

      The data and time when the investigation began. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

    • Status (string) –

      Status based on the completion status of the investigation.

    • Severity (string) –

      Severity based on the likelihood and impact of the indicators of compromise discovered in the investigation.

    • State (string) –

      The current state of the investigation. An archived investigation indicates you have completed reviewing the investigation.

Exceptions

  • Detective.Client.exceptions.AccessDeniedException

  • Detective.Client.exceptions.InternalServerException

  • Detective.Client.exceptions.ValidationException

  • Detective.Client.exceptions.ResourceNotFoundException

  • Detective.Client.exceptions.TooManyRequestsException