View a markdown version of this page

Investigation - Amazon GuardDuty
ContentsSee Also

Investigation

Contains the details and results of a GuardDuty investigation.

Contents

investigationId

The unique identifier of the investigation.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [a-fA-F0-9\-]+

Required: Yes

status

The current status of the investigation. Possible values are RUNNING, COMPLETED, and FAILED.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Valid Values: RUNNING | COMPLETED | FAILED

Required: Yes

triggeredBy

The account that initiated the investigation.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 256.

Required: Yes

triggerPrompt

The natural-language prompt that initiated this investigation.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: Yes

cloud

Details about the cloud environment in which the investigation was performed, including the provider, region, and account.

Type: CloudDetails object

Required: No

confidence

The confidence level of the investigation's assessment. Possible values are Unknown, Low, Medium, and High.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 50.

Valid Values: Unknown | Low | Medium | High

Required: No

endTime

The timestamp at which the investigation completed.

Type: Timestamp

Required: No

error

Details about the error if the investigation status is FAILED.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Required: No

metadata

Metadata about the product and version that produced the investigation.

Type: InvestigationMetadata object

Required: No

risk

A human-readable description of the assessed risk.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 1024.

Required: No

riskLevel

The assessed risk level of the investigated threat. Possible values are Info, Low, Medium, High, and Critical.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Valid Values: Info | Low | Medium | High | Critical

Required: No

startTime

The timestamp at which the investigation started.

Type: Timestamp

Required: No

summary

A structured summary of the investigation findings, including affected resources, threat assessment, and recommended remediation steps.

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: