View a markdown version of this page

ListInvestigations - Amazon GuardDuty
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

ListInvestigations

This API is currently available as a preview. This feature is available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), and Asia Pacific (Tokyo).

Returns a list of investigations associated with the specified GuardDuty detector.

An administrator account sees all investigations across the organization. Member accounts see only the investigations that belong to them.

Request Syntax

POST /detector/DetectorId/investigation/list HTTP/1.1
Content-type: application/json

{
   "maxResults": number,
   "nextToken": "string",
   "sortCriteria": { 
      "attributeName": "string",
      "orderBy": "string"
   }
}

URI Request Parameters

The request uses the following URI parameters.

DetectorId

The unique ID of the GuardDuty detector whose investigations you want to list.

To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

Length Constraints: Minimum length of 1. Maximum length of 300.

Required: Yes

Request Body

The request accepts the following data in JSON format.

maxResults

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 50.

Required: No

nextToken

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: [a-zA-Z0-9+/=_\-]+

Required: No

sortCriteria

Represents the criteria used for sorting investigations.

Type: InvestigationSortCriteria object

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "investigations": [ 
      { 
         "accountId": "string",
         "confidence": "string",
         "endTime": number,
         "investigationId": "string",
         "riskLevel": "string",
         "startTime": number,
         "status": "string",
         "title": "string",
         "triggerPrompt": "string"
      }
   ],
   "nextToken": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

investigations

A list of investigation summaries associated with the specified detector.

Type: Array of InvestigationSummary objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

nextToken

The pagination parameter to be used on the next list operation to retrieve more items.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: [a-zA-Z0-9+/=_\-]+

Errors

For information about the errors that are common to all actions, see Common Error Types.

AccessDeniedException

An access denied exception object.

Message

The error message.

Type

The error type.

HTTP Status Code: 403

BadRequestException

A bad request exception object.

Message

The error message.

Type

The error type.

HTTP Status Code: 400

InternalServerErrorException

An internal server error exception object.

Message

The error message.

Type

The error type.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: