1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
// Code generated by smithy-go-codegen DO NOT EDIT.
package detective
import (
"context"
"fmt"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/service/detective/types"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
"time"
)
// Detective investigations lets you investigate IAM users and IAM roles using
// indicators of compromise. An indicator of compromise (IOC) is an artifact
// observed in or on a network, system, or environment that can (with a high level
// of confidence) identify malicious activity or a security incident.
// GetInvestigation returns the investigation results of an investigation for a
// behavior graph.
func (c *Client) GetInvestigation(ctx context.Context, params *GetInvestigationInput, optFns ...func(*Options)) (*GetInvestigationOutput, error) {
if params == nil {
params = &GetInvestigationInput{}
}
result, metadata, err := c.invokeOperation(ctx, "GetInvestigation", params, optFns, c.addOperationGetInvestigationMiddlewares)
if err != nil {
return nil, err
}
out := result.(*GetInvestigationOutput)
out.ResultMetadata = metadata
return out, nil
}
type GetInvestigationInput struct {
// The Amazon Resource Name (ARN) of the behavior graph.
//
// This member is required.
GraphArn *string
// The investigation ID of the investigation report.
//
// This member is required.
InvestigationId *string
noSmithyDocumentSerde
}
type GetInvestigationOutput struct {
// The creation time of the investigation report in UTC time stamp format.
CreatedTime *time.Time
// The unique Amazon Resource Name (ARN). Detective supports IAM user ARNs and IAM
// role ARNs.
EntityArn *string
// Type of entity. For example, Amazon Web Services accounts, such as an IAM user
// and/or IAM role.
EntityType types.EntityType
// The Amazon Resource Name (ARN) of the behavior graph.
GraphArn *string
// The investigation ID of the investigation report.
InvestigationId *string
// The data and time when the investigation began. The value is an UTC ISO8601
// formatted string. For example, 2021-08-18T16:35:56.284Z .
ScopeEndTime *time.Time
// The start date and time used to set the scope time within which you want to
// generate the investigation report. The value is an UTC ISO8601 formatted string.
// For example, 2021-08-18T16:35:56.284Z .
ScopeStartTime *time.Time
// The severity assigned is based on the likelihood and impact of the indicators
// of compromise discovered in the investigation.
Severity types.Severity
// The current state of the investigation. An archived investigation indicates
// that you have completed reviewing the investigation.
State types.State
// The status based on the completion status of the investigation.
Status types.Status
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationGetInvestigationMiddlewares(stack *middleware.Stack, options Options) (err error) {
if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
return err
}
err = stack.Serialize.Add(&awsRestjson1_serializeOpGetInvestigation{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsRestjson1_deserializeOpGetInvestigation{}, middleware.After)
if err != nil {
return err
}
if err := addProtocolFinalizerMiddlewares(stack, options, "GetInvestigation"); err != nil {
return fmt.Errorf("add protocol finalizers: %v", err)
}
if err = addlegacyEndpointContextSetter(stack, options); err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = addClientRequestID(stack); err != nil {
return err
}
if err = addComputeContentLength(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = addComputePayloadSHA256(stack); err != nil {
return err
}
if err = addRetry(stack, options); err != nil {
return err
}
if err = addRawResponseToMetadata(stack); err != nil {
return err
}
if err = addRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack, options); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
return err
}
if err = addTimeOffsetBuild(stack, c); err != nil {
return err
}
if err = addUserAgentRetryMode(stack, options); err != nil {
return err
}
if err = addOpGetInvestigationValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetInvestigation(options.Region), middleware.Before); err != nil {
return err
}
if err = addRecursionDetection(stack); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
if err = addDisableHTTPSMiddleware(stack, options); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opGetInvestigation(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
OperationName: "GetInvestigation",
}
}
|
