SecurityIncidentResponse / Client / list_investigations
list_investigations¶
- SecurityIncidentResponse.Client.list_investigations(**kwargs)¶
Investigation performed by an agent for a security incident…
See also: AWS API Documentation
Request Syntax
response = client.list_investigations( nextToken='string', maxResults=123, caseId='string' )
- Parameters:
nextToken (string) – Investigation performed by an agent for a security incident request
maxResults (integer) – Investigation performed by an agent for a security incident request, returning max results
caseId (string) –
[REQUIRED]
Investigation performed by an agent for a security incident per caseID
- Return type:
dict
- Returns:
Response Syntax
{ 'nextToken': 'string', 'investigationActions': [ { 'investigationId': 'string', 'actionType': 'Evidence'|'Investigation'|'Summarization', 'title': 'string', 'content': 'string', 'status': 'Pending'|'InProgress'|'Waiting'|'Completed'|'Failed'|'Cancelled', 'lastUpdated': datetime(2015, 1, 1), 'feedback': { 'usefulness': 'USEFUL'|'NOT_USEFUL', 'comment': 'string', 'submittedAt': datetime(2015, 1, 1) } }, ] }
Response Structure
(dict) –
nextToken (string) –
Investigation performed by an agent for a security incident for next Token
investigationActions (list) –
Investigation performed by an agent for a security incid…Unique identifier for the specific investigation>
(dict) –
Represents an investigation action performed within a case. This structure captures the details of an automated or manual investigation, including its status, results, and user feedback.
investigationId (string) –
The unique identifier for this investigation action. This ID is used to track and reference the specific investigation throughout its lifecycle.
actionType (string) –
The type of investigation action being performed. This categorizes the investigation method or approach used in the case.
title (string) –
Human-readable summary of the investigation focus. This provides a brief description of what the investigation is examining or analyzing.
content (string) –
Detailed investigation results in rich markdown format. This field contains the comprehensive findings, analysis, and conclusions from the investigation.
status (string) –
The current execution status of the investigation. This indicates whether the investigation is pending, in progress, completed, or failed.
lastUpdated (datetime) –
ISO 8601 timestamp of the most recent status update. This indicates when the investigation was last modified or when its status last changed.
feedback (dict) –
User feedback for this investigation result. This contains the user’s assessment and comments about the quality and usefulness of the investigation findings.
usefulness (string) –
User assessment of the investigation result’s quality and helpfulness. This rating indicates how valuable the investigation findings were in addressing the case.
comment (string) –
Optional user comments providing additional context about the investigation feedback. This allows users to explain their rating or provide suggestions for improvement.
submittedAt (datetime) –
ISO 8601 timestamp when the feedback was submitted. This records when the user provided their assessment of the investigation results.
Exceptions
SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceededExceptionSecurityIncidentResponse.Client.exceptions.AccessDeniedExceptionSecurityIncidentResponse.Client.exceptions.ValidationExceptionSecurityIncidentResponse.Client.exceptions.SecurityIncidentResponseNotActiveExceptionSecurityIncidentResponse.Client.exceptions.InternalServerExceptionSecurityIncidentResponse.Client.exceptions.ThrottlingExceptionSecurityIncidentResponse.Client.exceptions.ConflictExceptionSecurityIncidentResponse.Client.exceptions.ResourceNotFoundExceptionSecurityIncidentResponse.Client.exceptions.InvalidTokenException