Class: Aws::Detective::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::Detective::Client
- Includes:
- ClientStubs
- Defined in:
- lib/aws-sdk-detective/client.rb,
sig/client.rbs
Overview
An API client for Detective. To construct a client, you need to configure a :region and :credentials.
client = Aws::Detective::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Defined Under Namespace
Modules: _BatchGetGraphMemberDatasourcesResponseSuccess, _BatchGetMembershipDatasourcesResponseSuccess, _CreateGraphResponseSuccess, _CreateMembersResponseSuccess, _DeleteMembersResponseSuccess, _DescribeOrganizationConfigurationResponseSuccess, _GetInvestigationResponseSuccess, _GetMembersResponseSuccess, _ListDatasourcePackagesResponseSuccess, _ListGraphsResponseSuccess, _ListIndicatorsResponseSuccess, _ListInvestigationsResponseSuccess, _ListInvitationsResponseSuccess, _ListMembersResponseSuccess, _ListOrganizationAdminAccountsResponseSuccess, _ListTagsForResourceResponseSuccess, _StartInvestigationResponseSuccess, _TagResourceResponseSuccess, _UntagResourceResponseSuccess
Class Attribute Summary collapse
- .identifier ⇒ Object readonly private
API Operations collapse
-
#accept_invitation(params = {}) ⇒ Struct
Accepts an invitation for the member account to contribute data to a behavior graph.
-
#batch_get_graph_member_datasources(params = {}) ⇒ Types::BatchGetGraphMemberDatasourcesResponse
Gets data source package information for the behavior graph.
-
#batch_get_membership_datasources(params = {}) ⇒ Types::BatchGetMembershipDatasourcesResponse
Gets information on the data source package history for an account.
-
#create_graph(params = {}) ⇒ Types::CreateGraphResponse
Creates a new behavior graph for the calling account, and sets that account as the administrator account.
-
#create_members(params = {}) ⇒ Types::CreateMembersResponse
CreateMembersis used to send invitations to accounts. -
#delete_graph(params = {}) ⇒ Struct
Disables the specified behavior graph and queues it to be deleted.
-
#delete_members(params = {}) ⇒ Types::DeleteMembersResponse
Removes the specified member accounts from the behavior graph.
-
#describe_organization_configuration(params = {}) ⇒ Types::DescribeOrganizationConfigurationResponse
Returns information about the configuration for the organization behavior graph.
-
#disable_organization_admin_account(params = {}) ⇒ Struct
Removes the Detective administrator account in the current Region.
-
#disassociate_membership(params = {}) ⇒ Struct
Removes the member account from the specified behavior graph.
-
#enable_organization_admin_account(params = {}) ⇒ Struct
Designates the Detective administrator account for the organization in the current Region.
-
#get_investigation(params = {}) ⇒ Types::GetInvestigationResponse
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise.
-
#get_members(params = {}) ⇒ Types::GetMembersResponse
Returns the membership details for specified member accounts for a behavior graph.
-
#list_datasource_packages(params = {}) ⇒ Types::ListDatasourcePackagesResponse
Lists data source packages in the behavior graph.
-
#list_graphs(params = {}) ⇒ Types::ListGraphsResponse
Returns the list of behavior graphs that the calling account is an administrator account of.
-
#list_indicators(params = {}) ⇒ Types::ListIndicatorsResponse
Gets the indicators from an investigation.
-
#list_investigations(params = {}) ⇒ Types::ListInvestigationsResponse
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise.
-
#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse
Retrieves the list of open and accepted behavior graph invitations for the member account.
-
#list_members(params = {}) ⇒ Types::ListMembersResponse
Retrieves the list of member accounts for a behavior graph.
-
#list_organization_admin_accounts(params = {}) ⇒ Types::ListOrganizationAdminAccountsResponse
Returns information about the Detective administrator account for an organization.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Returns the tag values that are assigned to a behavior graph.
-
#reject_invitation(params = {}) ⇒ Struct
Rejects an invitation to contribute the account data to a behavior graph.
-
#start_investigation(params = {}) ⇒ Types::StartInvestigationResponse
Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise.
-
#start_monitoring_member(params = {}) ⇒ Struct
Sends a request to enable data ingest for a member account that has a status of
ACCEPTED_BUT_DISABLED. -
#tag_resource(params = {}) ⇒ Struct
Applies tag values to a behavior graph.
-
#untag_resource(params = {}) ⇒ Struct
Removes tags from a behavior graph.
-
#update_datasource_packages(params = {}) ⇒ Struct
Starts a data source package for the Detective behavior graph.
-
#update_investigation_state(params = {}) ⇒ Struct
Updates the state of an investigation.
-
#update_organization_configuration(params = {}) ⇒ Struct
Updates the configuration for the Organizations integration in the current Region.
Class Method Summary collapse
- .errors_module ⇒ Object private
- .new ⇒ Object
Instance Method Summary collapse
- #build_request(operation_name, params = {}) ⇒ Object private
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
- #waiter_names ⇒ Object deprecated private Deprecated.
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
471 472 473 |
# File 'lib/aws-sdk-detective/client.rb', line 471 def initialize(*args) super end |
Class Attribute Details
.identifier ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1845 1846 1847 |
# File 'lib/aws-sdk-detective/client.rb', line 1845 def identifier @identifier end |
Class Method Details
.errors_module ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1848 1849 1850 |
# File 'lib/aws-sdk-detective/client.rb', line 1848 def errors_module Errors end |
.new ⇒ Object
14 |
# File 'sig/client.rbs', line 14
def self.new: (
|
Instance Method Details
#accept_invitation(params = {}) ⇒ Struct
Accepts an invitation for the member account to contribute data to a behavior graph. This operation can only be called by an invited member account.
The request provides the ARN of behavior graph.
The member account status in the graph must be INVITED.
82 |
# File 'sig/client.rbs', line 82
def accept_invitation: (
|
#batch_get_graph_member_datasources(params = {}) ⇒ Types::BatchGetGraphMemberDatasourcesResponse
Gets data source package information for the behavior graph.
93 |
# File 'sig/client.rbs', line 93
def batch_get_graph_member_datasources: (
|
#batch_get_membership_datasources(params = {}) ⇒ Types::BatchGetMembershipDatasourcesResponse
Gets information on the data source package history for an account.
105 |
# File 'sig/client.rbs', line 105
def batch_get_membership_datasources: (
|
#build_request(operation_name, params = {}) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 |
# File 'lib/aws-sdk-detective/client.rb', line 1818 def build_request(operation_name, params = {}) handlers = @handlers.for(operation_name) tracer = config.telemetry_provider.tracer_provider.tracer( Aws::Telemetry.module_to_tracer_name('Aws::Detective') ) context = Seahorse::Client::RequestContext.new( operation_name: operation_name, operation: config.api.operation(operation_name), client: self, params: params, config: config, tracer: tracer ) context[:gem_name] = 'aws-sdk-detective' context[:gem_version] = '1.85.0' Seahorse::Client::Request.new(handlers, context) end |
#create_graph(params = {}) ⇒ Types::CreateGraphResponse
Creates a new behavior graph for the calling account, and sets that account as the administrator account. This operation is called by the account that is enabling Detective.
The operation also enables Detective for the calling account in the currently selected Region. It returns the ARN of the new behavior graph.
CreateGraph triggers a process to create the corresponding data
tables for the new behavior graph.
An account can only be the administrator account for one behavior
graph within a Region. If the same account calls CreateGraph with
the same administrator account, it always returns the same behavior
graph ARN. It does not create a new behavior graph.
115 |
# File 'sig/client.rbs', line 115
def create_graph: (
|
#create_members(params = {}) ⇒ Types::CreateMembersResponse
CreateMembers is used to send invitations to accounts. For the
organization behavior graph, the Detective administrator account uses
CreateMembers to enable organization accounts as member accounts.
For invited accounts, CreateMembers sends a request to invite the
specified Amazon Web Services accounts to be member accounts in the
behavior graph. This operation can only be called by the administrator
account for a behavior graph.
CreateMembers verifies the accounts and then invites the verified
accounts. The administrator can optionally specify to not send
invitation emails to the member accounts. This would be used when the
administrator manages their member accounts centrally.
For organization accounts in the organization behavior graph,
CreateMembers attempts to enable the accounts. The organization
accounts do not receive invitations.
The request provides the behavior graph ARN and the list of accounts to invite or to enable.
The response separates the requested accounts into two lists:
-
The accounts that
CreateMemberswas able to process. For invited accounts, includes member accounts that are being verified, that have passed verification and are to be invited, and that have failed verification. For organization accounts in the organization behavior graph, includes accounts that can be enabled and that cannot be enabled. -
The accounts that
CreateMemberswas unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.
126 |
# File 'sig/client.rbs', line 126
def create_members: (
|
#delete_graph(params = {}) ⇒ Struct
Disables the specified behavior graph and queues it to be deleted. This operation removes the behavior graph from each member account's list of behavior graphs.
DeleteGraph can only be called by the administrator account for a
behavior graph.
140 |
# File 'sig/client.rbs', line 140
def delete_graph: (
|
#delete_members(params = {}) ⇒ Types::DeleteMembersResponse
Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. This operation can only be called by the administrator account for the behavior graph.
For invited accounts, the removed accounts are deleted from the list of accounts in the behavior graph. To restore the account, the administrator account must send another invitation.
For organization accounts in the organization behavior graph, the
Detective administrator account can always enable the organization
account again. Organization accounts that are not enabled as member
accounts are not included in the ListMembers results for the
organization behavior graph.
An administrator account cannot use DeleteMembers to remove their
own account from the behavior graph. To disable a behavior graph, the
administrator account uses the DeleteGraph API method.
151 |
# File 'sig/client.rbs', line 151
def delete_members: (
|
#describe_organization_configuration(params = {}) ⇒ Types::DescribeOrganizationConfigurationResponse
Returns information about the configuration for the organization behavior graph. Currently indicates whether to automatically enable new organization accounts as member accounts.
Can only be called by the Detective administrator account for the organization.
162 |
# File 'sig/client.rbs', line 162
def describe_organization_configuration: (
|
#disable_organization_admin_account(params = {}) ⇒ Struct
Removes the Detective administrator account in the current Region. Deletes the organization behavior graph.
Can only be called by the organization management account.
Removing the Detective administrator account does not affect the delegated administrator account for Detective in Organizations.
To remove the delegated administrator account in Organizations, use the Organizations API. Removing the delegated administrator account also removes the Detective administrator account in all Regions, except for Regions where the Detective administrator account is the organization management account.
168 169 |
# File 'sig/client.rbs', line 168
def disable_organization_admin_account: () -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
| (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
|
#disassociate_membership(params = {}) ⇒ Struct
Removes the member account from the specified behavior graph. This
operation can only be called by an invited member account that has the
ENABLED status.
DisassociateMembership cannot be called by an organization account
in the organization behavior graph. For the organization behavior
graph, the Detective administrator account determines which
organization accounts to enable or disable as member accounts.
172 |
# File 'sig/client.rbs', line 172
def disassociate_membership: (
|
#enable_organization_admin_account(params = {}) ⇒ Struct
Designates the Detective administrator account for the organization in the current Region.
If the account does not have Detective enabled, then enables Detective for that account and creates a new behavior graph.
Can only be called by the organization management account.
If the organization has a delegated administrator account in Organizations, then the Detective administrator account must be either the delegated administrator account or the organization management account.
If the organization does not have a delegated administrator account in Organizations, then you can choose any account in the organization. If you choose an account other than the organization management account, Detective calls Organizations to make that account the delegated administrator account for Detective. The organization management account cannot be the delegated administrator account.
178 |
# File 'sig/client.rbs', line 178
def enable_organization_admin_account: (
|
#get_investigation(params = {}) ⇒ Types::GetInvestigationResponse
Detective investigations lets you investigate IAM users and IAM roles
using indicators of compromise. An indicator of compromise (IOC) is an
artifact observed in or on a network, system, or environment that can
(with a high level of confidence) identify malicious activity or a
security incident. GetInvestigation returns the investigation
results of an investigation for a behavior graph.
197 |
# File 'sig/client.rbs', line 197
def get_investigation: (
|
#get_members(params = {}) ⇒ Types::GetMembersResponse
Returns the membership details for specified member accounts for a behavior graph.
209 |
# File 'sig/client.rbs', line 209
def get_members: (
|
#list_datasource_packages(params = {}) ⇒ Types::ListDatasourcePackagesResponse
Lists data source packages in the behavior graph.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
221 |
# File 'sig/client.rbs', line 221
def list_datasource_packages: (
|
#list_graphs(params = {}) ⇒ Types::ListGraphsResponse
Returns the list of behavior graphs that the calling account is an administrator account of. This operation can only be called by an administrator account.
Because an account can currently only be the administrator of one behavior graph within a Region, the results always contain a single behavior graph.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
234 |
# File 'sig/client.rbs', line 234
def list_graphs: (
|
#list_indicators(params = {}) ⇒ Types::ListIndicatorsResponse
Gets the indicators from an investigation. You can use the information from the indicators to determine if an IAM user and/or IAM role is involved in an unusual activity that could indicate malicious behavior and its impact.
248 |
# File 'sig/client.rbs', line 248
def list_indicators: (
|
#list_investigations(params = {}) ⇒ Types::ListInvestigationsResponse
Detective investigations lets you investigate IAM users and IAM roles
using indicators of compromise. An indicator of compromise (IOC) is an
artifact observed in or on a network, system, or environment that can
(with a high level of confidence) identify malicious activity or a
security incident. ListInvestigations lists all active Detective
investigations.
263 |
# File 'sig/client.rbs', line 263
def list_investigations: (
|
#list_invitations(params = {}) ⇒ Types::ListInvitationsResponse
Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by an invited member account.
Open invitations are invitations that the member account has not responded to.
The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
298 |
# File 'sig/client.rbs', line 298
def list_invitations: (
|
#list_members(params = {}) ⇒ Types::ListMembersResponse
Retrieves the list of member accounts for a behavior graph.
For invited accounts, the results do not include member accounts that were removed from the behavior graph.
For the organization behavior graph, the results do not include organization accounts that the Detective administrator account has not enabled as member accounts.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
310 |
# File 'sig/client.rbs', line 310
def list_members: (
|
#list_organization_admin_accounts(params = {}) ⇒ Types::ListOrganizationAdminAccountsResponse
Returns information about the Detective administrator account for an organization. Can only be called by the organization management account.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
323 |
# File 'sig/client.rbs', line 323
def list_organization_admin_accounts: (
|
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Returns the tag values that are assigned to a behavior graph.
334 |
# File 'sig/client.rbs', line 334
def list_tags_for_resource: (
|
#reject_invitation(params = {}) ⇒ Struct
Rejects an invitation to contribute the account data to a behavior
graph. This operation must be called by an invited member account that
has the INVITED status.
RejectInvitation cannot be called by an organization account in the
organization behavior graph. In the organization behavior graph,
organization accounts do not receive an invitation.
340 |
# File 'sig/client.rbs', line 340
def reject_invitation: (
|
#start_investigation(params = {}) ⇒ Types::StartInvestigationResponse
Detective investigations lets you investigate IAM users and IAM roles
using indicators of compromise. An indicator of compromise (IOC) is an
artifact observed in or on a network, system, or environment that can
(with a high level of confidence) identify malicious activity or a
security incident. StartInvestigation initiates an investigation on
an entity in a behavior graph.
350 |
# File 'sig/client.rbs', line 350
def start_investigation: (
|
#start_monitoring_member(params = {}) ⇒ Struct
Sends a request to enable data ingest for a member account that has a
status of ACCEPTED_BUT_DISABLED.
For valid member accounts, the status is updated as follows.
-
If Detective enabled the member account, then the new status is
ENABLED. -
If Detective cannot enable the member account, the status remains
ACCEPTED_BUT_DISABLED.
359 |
# File 'sig/client.rbs', line 359
def start_monitoring_member: (
|
#tag_resource(params = {}) ⇒ Struct
Applies tag values to a behavior graph.
369 |
# File 'sig/client.rbs', line 369
def tag_resource: (
|
#untag_resource(params = {}) ⇒ Struct
Removes tags from a behavior graph.
379 |
# File 'sig/client.rbs', line 379
def untag_resource: (
|
#update_datasource_packages(params = {}) ⇒ Struct
Starts a data source package for the Detective behavior graph.
386 |
# File 'sig/client.rbs', line 386
def update_datasource_packages: (
|
#update_investigation_state(params = {}) ⇒ Struct
Updates the state of an investigation.
393 |
# File 'sig/client.rbs', line 393
def update_investigation_state: (
|
#update_organization_configuration(params = {}) ⇒ Struct
Updates the configuration for the Organizations integration in the current Region. Can only be called by the Detective administrator account for the organization.
401 |
# File 'sig/client.rbs', line 401
def update_organization_configuration: (
|
#waiter_names ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
1838 1839 1840 |
# File 'lib/aws-sdk-detective/client.rb', line 1838 def waiter_names [] end |