Security Incident Response 2018-05-10
- Client: Aws\SecurityIR\SecurityIRClient
- Service ID: security-ir
- Version: 2018-05-10
This page describes the parameters and results for the operations of the Security Incident Response (2018-05-10), and shows how to use the Aws\SecurityIR\SecurityIRClient object to call the described operations. This documentation is specific to the 2018-05-10 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- BatchGetMemberAccountDetails ( array $params = [] )
- Provides information on whether the supplied account IDs are associated with a membership.
- CancelMembership ( array $params = [] )
- Cancels an existing membership.
- CloseCase ( array $params = [] )
- Closes an existing case.
- CreateCase ( array $params = [] )
- Creates a new case.
- CreateCaseComment ( array $params = [] )
- Adds a comment to an existing case.
- CreateMembership ( array $params = [] )
- Creates a new membership.
- GetCase ( array $params = [] )
- Returns the attributes of a case.
- GetCaseAttachmentDownloadUrl ( array $params = [] )
- Returns a Pre-Signed URL for uploading attachments into a case.
- GetCaseAttachmentUploadUrl ( array $params = [] )
- Uploads an attachment to a case.
- GetMembership ( array $params = [] )
- Returns the attributes of a membership.
- ListCaseEdits ( array $params = [] )
- Views the case history for edits made to a designated case.
- ListCases ( array $params = [] )
- Lists all cases the requester has access to.
- ListComments ( array $params = [] )
- Returns comments for a designated case.
- ListMemberships ( array $params = [] )
- Returns the memberships that the calling principal can access.
- ListTagsForResource ( array $params = [] )
- Returns currently configured tags on a resource.
- TagResource ( array $params = [] )
- Adds a tag(s) to a designated resource.
- UntagResource ( array $params = [] )
- Removes a tag(s) from a designate resource.
- UpdateCase ( array $params = [] )
- Updates an existing case.
- UpdateCaseComment ( array $params = [] )
- Updates an existing case comment.
- UpdateCaseStatus ( array $params = [] )
- Updates the state transitions for a designated cases.
- UpdateMembership ( array $params = [] )
- Updates membership configuration.
- UpdateResolverType ( array $params = [] )
- Updates the resolver type for a case.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
BatchGetMemberAccountDetails
$result = $client->batchGetMemberAccountDetails
([/* ... */]); $promise = $client->batchGetMemberAccountDetailsAsync
([/* ... */]);
Provides information on whether the supplied account IDs are associated with a membership.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123
which is nine digits, and with zero-prepend would be 000123123123
. Not zero-prepending to 12 digits could result in errors.
Parameter Syntax
$result = $client->batchGetMemberAccountDetails([ 'accountIds' => ['<string>', ...], // REQUIRED 'membershipId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- accountIds
-
- Required: Yes
- Type: Array of strings
Optional element to query the membership relationship status to a provided list of account IDs.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be
123123123
which is nine digits, and with zero-prepend would be000123123123
. Not zero-prepending to 12 digits could result in errors. - membershipId
-
- Required: Yes
- Type: string
Required element used in combination with BatchGetMemberAccountDetails to identify the membership ID to query.
Result Syntax
[ 'errors' => [ [ 'accountId' => '<string>', 'error' => '<string>', 'message' => '<string>', ], // ... ], 'items' => [ [ 'accountId' => '<string>', 'relationshipStatus' => 'Associated|Disassociated|Unassociated', 'relationshipType' => 'Organization|Unrelated', ], // ... ], ]
Result Details
Members
- errors
-
- Type: Array of GetMembershipAccountDetailError structures
The response element providing error messages for requests to GetMembershipAccountDetails.
- items
-
- Type: Array of GetMembershipAccountDetailItem structures
The response element providing responses for requests to GetMembershipAccountDetails.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke BatchGetMemberAccountDetails
$result = $client->batchGetMemberAccountDetails([ 'accountIds' => [ '123412341234', ], 'membershipId' => 'm-abcd1234efgh', ]);
Result syntax:
[ 'items' => [ [ 'accountId' => '123412341234', 'relationshipStatus' => 'Associated', 'relationshipType' => 'Organization', ], ], ]
CancelMembership
$result = $client->cancelMembership
([/* ... */]); $promise = $client->cancelMembershipAsync
([/* ... */]);
Cancels an existing membership.
Parameter Syntax
$result = $client->cancelMembership([ 'membershipId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- membershipId
-
- Required: Yes
- Type: string
Required element used in combination with CancelMembershipRequest to identify the membership ID to cancel.
Result Syntax
[ 'membershipId' => '<string>', ]
Result Details
Members
- membershipId
-
- Required: Yes
- Type: string
The response element providing responses for requests to CancelMembershipRequest.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke CancelMembership
$result = $client->cancelMembership([ 'membershipId' => 'm-abcd1234efgh', ]);
Result syntax:
[ 'membershipId' => 'm-abcd1234efgh', ]
CloseCase
$result = $client->closeCase
([/* ... */]); $promise = $client->closeCaseAsync
([/* ... */]);
Closes an existing case.
Parameter Syntax
$result = $client->closeCase([ 'caseId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element used in combination with CloseCase to identify the case ID to close.
Result Syntax
[ 'caseStatus' => 'Submitted|Acknowledged|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities|Ready to Close|Closed', 'closedDate' => <DateTime>, ]
Result Details
Members
- caseStatus
-
- Type: string
A response element providing responses for requests to CloseCase. This element responds
Closed
if successful. - closedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A response element providing responses for requests to CloseCase. This element responds with the ISO-8601 formatted timestamp of the moment when the case was closed.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke CloseCase
$result = $client->closeCase([ 'caseId' => '8403556009', ]);
Result syntax:
[ 'caseStatus' => 'Closed', 'closedDate' =>, ]
CreateCase
$result = $client->createCase
([/* ... */]); $promise = $client->createCaseAsync
([/* ... */]);
Creates a new case.
Parameter Syntax
$result = $client->createCase([ 'clientToken' => '<string>', 'description' => '<string>', // REQUIRED 'engagementType' => 'Security Incident|Investigation', // REQUIRED 'impactedAccounts' => ['<string>', ...], // REQUIRED 'impactedAwsRegions' => [ [ 'region' => 'af-south-1|ap-east-1|ap-east-2|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ap-southeast-7|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|mx-central-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', // REQUIRED ], // ... ], 'impactedServices' => ['<string>', ...], 'reportedIncidentStartDate' => <integer || string || DateTime>, // REQUIRED 'resolverType' => 'AWS|Self', // REQUIRED 'tags' => ['<string>', ...], 'threatActorIpAddresses' => [ [ 'ipAddress' => '<string>', // REQUIRED 'userAgent' => '<string>', ], // ... ], 'title' => '<string>', // REQUIRED 'watchers' => [ // REQUIRED [ 'email' => '<string>', // REQUIRED 'jobTitle' => '<string>', 'name' => '<string>', ], // ... ], ]);
Parameter Details
Members
- clientToken
-
- Type: string
The
clientToken
field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided. - description
-
- Required: Yes
- Type: string
Required element used in combination with CreateCase
to provide a description for the new case.
- engagementType
-
- Required: Yes
- Type: string
Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation
- impactedAccounts
-
- Required: Yes
- Type: Array of strings
Required element used in combination with CreateCase to provide a list of impacted accounts.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be
123123123
which is nine digits, and with zero-prepend would be000123123123
. Not zero-prepending to 12 digits could result in errors. - impactedAwsRegions
-
- Type: Array of ImpactedAwsRegion structures
An optional element used in combination with CreateCase to provide a list of impacted regions.
- impactedServices
-
- Type: Array of strings
An optional element used in combination with CreateCase to provide a list of services impacted.
- reportedIncidentStartDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity.
- resolverType
-
- Required: Yes
- Type: string
Required element used in combination with CreateCase to identify the resolver type.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
An optional element used in combination with CreateCase to add customer specified tags to a case.
- threatActorIpAddresses
-
- Type: Array of ThreatActorIp structures
An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity.
- title
-
- Required: Yes
- Type: string
Required element used in combination with CreateCase to provide a title for the new case.
- watchers
-
- Required: Yes
- Type: Array of Watcher structures
Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates.
Result Syntax
[ 'caseId' => '<string>', ]
Result Details
Members
- caseId
-
- Required: Yes
- Type: string
A response element providing responses for requests to CreateCase. This element responds with the case ID.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke CreateCase
$result = $client->createCase([ 'description' => 'Case description', 'engagementType' => 'Investigation', 'impactedAccounts' => [ '000000000000', '111111111111', ], 'impactedAwsRegions' => [ [ 'region' => 'ap-southeast-1', ], ], 'impactedServices' => [ 'Amazon EC2', 'Amazon EKS', ], 'reportedIncidentStartDate' =>, 'resolverType' => 'Self', 'threatActorIpAddresses' => [ [ 'ipAddress' => '192.168.192.168', 'userAgent' => 'Browser', ], ], 'title' => 'My sample case', 'watchers' => [ [ 'name' => 'Alice', 'email' => 'alice@example.com', 'jobTitle' => 'CEO', ], [ 'name' => 'Bob', 'email' => 'bob@example.com', 'jobTitle' => 'CFO', ], ], ]);
CreateCaseComment
$result = $client->createCaseComment
([/* ... */]); $promise = $client->createCaseCommentAsync
([/* ... */]);
Adds a comment to an existing case.
Parameter Syntax
$result = $client->createCaseComment([ 'body' => '<string>', // REQUIRED 'caseId' => '<string>', // REQUIRED 'clientToken' => '<string>', ]);
Parameter Details
Members
- body
-
- Required: Yes
- Type: string
Required element used in combination with CreateCaseComment to add content for the new comment.
- caseId
-
- Required: Yes
- Type: string
Required element used in combination with CreateCaseComment to specify a case ID.
- clientToken
-
- Type: string
The
clientToken
field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.
Result Syntax
[ 'commentId' => '<string>', ]
Result Details
Members
- commentId
-
- Required: Yes
- Type: string
Response element indicating the new comment ID.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke CreateCaseComment
$result = $client->createCaseComment([ 'body' => 'Case comment body.', 'caseId' => '8403556009', ]);
Result syntax:
[ 'commentId' => '000000', ]
CreateMembership
$result = $client->createMembership
([/* ... */]); $promise = $client->createMembershipAsync
([/* ... */]);
Creates a new membership.
Parameter Syntax
$result = $client->createMembership([ 'clientToken' => '<string>', 'coverEntireOrganization' => true || false, 'incidentResponseTeam' => [ // REQUIRED [ 'email' => '<string>', // REQUIRED 'jobTitle' => '<string>', // REQUIRED 'name' => '<string>', // REQUIRED ], // ... ], 'membershipName' => '<string>', // REQUIRED 'optInFeatures' => [ [ 'featureName' => 'Triage', // REQUIRED 'isEnabled' => true || false, // REQUIRED ], // ... ], 'tags' => ['<string>', ...], ]);
Parameter Details
Members
- clientToken
-
- Type: string
The
clientToken
field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided. - coverEntireOrganization
-
- Type: boolean
The
coverEntireOrganization
parameter is a boolean flag that determines whether the membership should be applied to the entire Amazon Web Services Organization. When set to true, the membership will be created for all accounts within the organization. When set to false, the membership will only be created for specified accounts.This parameter is optional. If not specified, the default value is false.
-
If set to true: The membership will automatically include all existing and future accounts in the Amazon Web Services Organization.
-
If set to false: The membership will only apply to explicitly specified accounts.
- incidentResponseTeam
-
- Required: Yes
- Type: Array of IncidentResponder structures
Required element used in combination with CreateMembership to add customer incident response team members and trusted partners to the membership.
- membershipName
-
- Required: Yes
- Type: string
Required element used in combination with CreateMembership to create a name for the membership.
- optInFeatures
-
- Type: Array of OptInFeature structures
Optional element to enable the monitoring and investigation opt-in features for the service.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
Optional element for customer configured tags.
Result Syntax
[ 'membershipId' => '<string>', ]
Result Details
Members
- membershipId
-
- Required: Yes
- Type: string
Response element for CreateMembership providing the newly created membership ID.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke CreateMembership
$result = $client->createMembership([ 'incidentResponseTeam' => [ [ 'name' => 'Bob Jones', 'email' => 'bob.jones@gmail.com', 'jobTitle' => 'Security Responder', ], [ 'name' => 'Alice', 'email' => 'alice@example.com', 'jobTitle' => 'CEO', ], ], 'membershipName' => 'Example Membership Name.', 'optInFeatures' => [ [ 'featureName' => 'Triage', 'isEnabled' => 1, ], ], ]);
Result syntax:
[ 'membershipId' => 'm-abcd1234efgh', ]
GetCase
$result = $client->getCase
([/* ... */]); $promise = $client->getCaseAsync
([/* ... */]);
Returns the attributes of a case.
Parameter Syntax
$result = $client->getCase([ 'caseId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for GetCase to identify the requested case ID.
Result Syntax
[ 'actualIncidentStartDate' => <DateTime>, 'caseArn' => '<string>', 'caseAttachments' => [ [ 'attachmentId' => '<string>', 'attachmentStatus' => 'Verified|Failed|Pending', 'createdDate' => <DateTime>, 'creator' => '<string>', 'fileName' => '<string>', ], // ... ], 'caseStatus' => 'Submitted|Acknowledged|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities|Ready to Close|Closed', 'closedDate' => <DateTime>, 'closureCode' => 'Investigation Completed|Not Resolved|False Positive|Duplicate', 'createdDate' => <DateTime>, 'description' => '<string>', 'engagementType' => 'Security Incident|Investigation', 'impactedAccounts' => ['<string>', ...], 'impactedAwsRegions' => [ [ 'region' => 'af-south-1|ap-east-1|ap-east-2|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ap-southeast-7|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|mx-central-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', ], // ... ], 'impactedServices' => ['<string>', ...], 'lastUpdatedDate' => <DateTime>, 'pendingAction' => 'Customer|None', 'reportedIncidentStartDate' => <DateTime>, 'resolverType' => 'AWS|Self', 'threatActorIpAddresses' => [ [ 'ipAddress' => '<string>', 'userAgent' => '<string>', ], // ... ], 'title' => '<string>', 'watchers' => [ [ 'email' => '<string>', 'jobTitle' => '<string>', 'name' => '<string>', ], // ... ], ]
Result Details
Members
- actualIncidentStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the actual incident start date as identified by data analysis during the investigation.
- caseArn
-
- Type: string
Response element for GetCase that provides the case ARN
- caseAttachments
-
- Type: Array of CaseAttachmentAttributes structures
Response element for GetCase that provides a list of current case attachments.
- caseStatus
-
- Type: string
Response element for GetCase that provides the case status. Options for statuses include
Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed
- closedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the date a specified case was closed.
- closureCode
-
- Type: string
Response element for GetCase that provides the summary code for why a case was closed.
- createdDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the date the case was created.
- description
-
- Type: string
Response element for GetCase that provides contents of the case description.
- engagementType
-
- Type: string
Response element for GetCase that provides the engagement type. Options for engagement type include
Active Security Event | Investigations
- impactedAccounts
-
- Type: Array of strings
Response element for GetCase that provides a list of impacted accounts.
- impactedAwsRegions
-
- Type: Array of ImpactedAwsRegion structures
Response element for GetCase that provides the impacted regions.
- impactedServices
-
- Type: Array of strings
Response element for GetCase that provides a list of impacted services.
- lastUpdatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the date a case was last modified.
- pendingAction
-
- Type: string
Response element for GetCase that identifies the case is waiting on customer input.
- reportedIncidentStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetCase that provides the customer provided incident start date.
- resolverType
-
- Type: string
Response element for GetCase that provides the current resolver types.
- threatActorIpAddresses
-
- Type: Array of ThreatActorIp structures
Response element for GetCase that provides a list of suspicious IP addresses associated with unauthorized activity.
- title
-
- Type: string
Response element for GetCase that provides the case title.
- watchers
-
- Type: Array of Watcher structures
Response element for GetCase that provides a list of Watchers added to the case.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke GetCase
$result = $client->getCase([ 'caseId' => '8403556009', ]);
Result syntax:
[ 'actualIncidentStartDate' =>, 'caseArn' => 'arn:aws:security-ir:us-west-1:123456789012:case/1234567890', 'caseStatus' => 'Submitted', 'createdDate' => , 'description' => 'Case description', 'engagementType' => 'Investigation', 'impactedAccounts' => [ '000000000000', '111111111111', ], 'impactedAwsRegions' => [ [ 'region' => 'ap-southeast-1', ], ], 'impactedServices' => [ 'Amazon EC2', 'Amazon EKS', ], 'lastUpdatedDate' => , 'pendingAction' => 'Customer', 'reportedIncidentStartDate' => , 'resolverType' => 'Self', 'threatActorIpAddresses' => [ [ 'ipAddress' => '192.168.192.168', 'userAgent' => 'Browser', ], ], 'title' => 'My sample case', 'watchers' => [ [ 'name' => 'Alice', 'email' => 'alice@example.com', 'jobTitle' => 'CEO', ], [ 'name' => 'Bob', 'email' => 'bob@example.com', 'jobTitle' => 'CFO', ], ], ]
GetCaseAttachmentDownloadUrl
$result = $client->getCaseAttachmentDownloadUrl
([/* ... */]); $promise = $client->getCaseAttachmentDownloadUrlAsync
([/* ... */]);
Returns a Pre-Signed URL for uploading attachments into a case.
Parameter Syntax
$result = $client->getCaseAttachmentDownloadUrl([ 'attachmentId' => '<string>', // REQUIRED 'caseId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- attachmentId
-
- Required: Yes
- Type: string
Required element for GetCaseAttachmentDownloadUrl to identify the attachment ID for downloading an attachment.
- caseId
-
- Required: Yes
- Type: string
Required element for GetCaseAttachmentDownloadUrl to identify the case ID for downloading an attachment from.
Result Syntax
[ 'attachmentPresignedUrl' => '<string>', ]
Result Details
Members
- attachmentPresignedUrl
-
- Required: Yes
- Type: string
Response element providing the Amazon S3 presigned URL to download an attachment.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke GetCaseAttachmentDownloadUrl
$result = $client->getCaseAttachmentDownloadUrl([ 'attachmentId' => '3C5A6B89-1DEF-4C2D-A5B6-123456789ABC', 'caseId' => '8403556009', ]);
Result syntax:
[ 'attachmentPresignedUrl' => 'https://presignedurl.com', ]
GetCaseAttachmentUploadUrl
$result = $client->getCaseAttachmentUploadUrl
([/* ... */]); $promise = $client->getCaseAttachmentUploadUrlAsync
([/* ... */]);
Uploads an attachment to a case.
Parameter Syntax
$result = $client->getCaseAttachmentUploadUrl([ 'caseId' => '<string>', // REQUIRED 'clientToken' => '<string>', 'contentLength' => <integer>, // REQUIRED 'fileName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for GetCaseAttachmentUploadUrl to identify the case ID for uploading an attachment.
- clientToken
-
- Type: string
The
clientToken
field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided. - contentLength
-
- Required: Yes
- Type: long (int|float)
Required element for GetCaseAttachmentUploadUrl to identify the size of the file attachment.
- fileName
-
- Required: Yes
- Type: string
Required element for GetCaseAttachmentUploadUrl to identify the file name of the attachment to upload.
Result Syntax
[ 'attachmentPresignedUrl' => '<string>', ]
Result Details
Members
- attachmentPresignedUrl
-
- Required: Yes
- Type: string
Response element providing the Amazon S3 presigned URL to upload the attachment.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke GetCaseAttachmentUploadUrl
$result = $client->getCaseAttachmentUploadUrl([ 'caseId' => '8403556009', 'contentLength' => 1500, 'fileName' => 'TestFileName', ]);
Result syntax:
[ 'attachmentPresignedUrl' => 'https://presignedurl.com', ]
GetMembership
$result = $client->getMembership
([/* ... */]); $promise = $client->getMembershipAsync
([/* ... */]);
Returns the attributes of a membership.
Parameter Syntax
$result = $client->getMembership([ 'membershipId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- membershipId
-
- Required: Yes
- Type: string
Required element for GetMembership to identify the membership ID to query.
Result Syntax
[ 'accountId' => '<string>', 'customerType' => 'Standalone|Organization', 'incidentResponseTeam' => [ [ 'email' => '<string>', 'jobTitle' => '<string>', 'name' => '<string>', ], // ... ], 'membershipAccountsConfigurations' => [ 'coverEntireOrganization' => true || false, 'organizationalUnits' => ['<string>', ...], ], 'membershipActivationTimestamp' => <DateTime>, 'membershipArn' => '<string>', 'membershipDeactivationTimestamp' => <DateTime>, 'membershipId' => '<string>', 'membershipName' => '<string>', 'membershipStatus' => 'Active|Cancelled|Terminated', 'numberOfAccountsCovered' => <integer>, 'optInFeatures' => [ [ 'featureName' => 'Triage', 'isEnabled' => true || false, ], // ... ], 'region' => 'af-south-1|ap-east-1|ap-east-2|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ap-southeast-7|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|mx-central-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', ]
Result Details
Members
- accountId
-
- Type: string
Response element for GetMembership that provides the account configured to manage the membership.
- customerType
-
- Type: string
Response element for GetMembership that provides the configured membership type. Options include
Standalone | Organizations
. - incidentResponseTeam
-
- Type: Array of IncidentResponder structures
Response element for GetMembership that provides the configured membership incident response team members.
- membershipAccountsConfigurations
-
- Type: MembershipAccountsConfigurations structure
The
membershipAccountsConfigurations
field contains the configuration details for member accounts within the Amazon Web Services Organizations membership structure.This field returns a structure containing information about:
-
Account configurations for member accounts
-
Membership settings and preferences
-
Account-level permissions and roles
- membershipActivationTimestamp
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetMembership that provides the configured membership activation timestamp.
- membershipArn
-
- Type: string
Response element for GetMembership that provides the membership ARN.
- membershipDeactivationTimestamp
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Response element for GetMembership that provides the configured membership name deactivation timestamp.
- membershipId
-
- Required: Yes
- Type: string
Response element for GetMembership that provides the queried membership ID.
- membershipName
-
- Type: string
Response element for GetMembership that provides the configured membership name.
- membershipStatus
-
- Type: string
Response element for GetMembership that provides the current membership status.
- numberOfAccountsCovered
-
- Type: long (int|float)
Response element for GetMembership that provides the number of accounts in the membership.
- optInFeatures
-
- Type: Array of OptInFeature structures
Response element for GetMembership that provides the if opt-in features have been enabled.
- region
-
- Type: string
Response element for GetMembership that provides the region configured to manage the membership.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke GetMembership
$result = $client->getMembership([ 'membershipId' => 'm-abcd1234efgh', ]);
Result syntax:
[ 'accountId' => '123412341234', 'customerType' => 'Standalone', 'incidentResponseTeam' => [ [ 'name' => 'Bob Jones', 'email' => 'bob.jones@gmail.com', 'jobTitle' => 'Security Responder', ], [ 'name' => 'Alice', 'email' => 'alice@example.com', 'jobTitle' => 'CEO', ], ], 'membershipActivationTimestamp' =>, 'membershipArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh', 'membershipDeactivationTimestamp' => , 'membershipId' => 'm-abcd1234efgh', 'membershipName' => 'Example Membership', 'membershipStatus' => 'Active', 'numberOfAccountsCovered' => 50, 'optInFeatures' => [ [ 'featureName' => 'Triage', 'isEnabled' => 1, ], ], 'region' => 'af-south-1', ]
ListCaseEdits
$result = $client->listCaseEdits
([/* ... */]); $promise = $client->listCaseEditsAsync
([/* ... */]);
Views the case history for edits made to a designated case.
Parameter Syntax
$result = $client->listCaseEdits([ 'caseId' => '<string>', // REQUIRED 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element used with ListCaseEdits to identify the case to query.
- maxResults
-
- Type: int
Optional element to identify how many results to obtain. There is a maximum value of 25.
- nextToken
-
- Type: string
An optional string that, if supplied, must be copied from the output of a previous call to ListCaseEdits. When provided in this manner, the API fetches the next page of results.
Result Syntax
[ 'items' => [ [ 'action' => '<string>', 'eventTimestamp' => <DateTime>, 'message' => '<string>', 'principal' => '<string>', ], // ... ], 'nextToken' => '<string>', 'total' => <integer>, ]
Result Details
Members
- items
-
- Type: Array of CaseEditItem structures
Response element for ListCaseEdits that includes the action, event timestamp, message, and principal for the response.
- nextToken
-
- Type: string
An optional string that, if supplied on subsequent calls to ListCaseEdits, allows the API to fetch the next page of results.
- total
-
- Type: int
Response element for ListCaseEdits that identifies the total number of edits.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke ListCaseEdits
$result = $client->listCaseEdits([ 'caseId' => '8403556009', ]);
Result syntax:
[ 'items' => [ [ 'action' => 'Add comment', 'eventTimestamp' =>, 'message' => 'Added comment to ask question to responder.', 'principal' => '00000000000', ], ], 'total' => 1, ]
ListCases
$result = $client->listCases
([/* ... */]); $promise = $client->listCasesAsync
([/* ... */]);
Lists all cases the requester has access to.
Parameter Syntax
$result = $client->listCases([ 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- maxResults
-
- Type: int
Optional element for ListCases to limit the number of responses.
- nextToken
-
- Type: string
An optional string that, if supplied, must be copied from the output of a previous call to ListCases. When provided in this manner, the API fetches the next page of results.
Result Syntax
[ 'items' => [ [ 'caseArn' => '<string>', 'caseId' => '<string>', 'caseStatus' => 'Submitted|Acknowledged|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities|Ready to Close|Closed', 'closedDate' => <DateTime>, 'createdDate' => <DateTime>, 'engagementType' => 'Security Incident|Investigation', 'lastUpdatedDate' => <DateTime>, 'pendingAction' => 'Customer|None', 'resolverType' => 'AWS|Self', 'title' => '<string>', ], // ... ], 'nextToken' => '<string>', 'total' => <integer>, ]
Result Details
Members
- items
-
- Type: Array of ListCasesItem structures
Response element for ListCases that includes caseARN, caseID, caseStatus, closedDate, createdDate, engagementType, lastUpdatedDate, pendingAction, resolverType, and title for each response.
- nextToken
-
- Type: string
An optional string that, if supplied on subsequent calls to ListCases, allows the API to fetch the next page of results.
- total
-
- Type: long (int|float)
Response element for ListCases providing the total number of responses.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke ListCases
$result = $client->listCases([ 'maxResults' => 10, ]);
Result syntax:
[ 'items' => [ [ 'caseArn' => 'arn:aws:security-ir:us-west-1:123456789012:case/1234567890', 'caseId' => '8403556009', 'caseStatus' => 'Acknowledged', 'createdDate' =>, 'engagementType' => 'Security Incident', 'lastUpdatedDate' => , 'pendingAction' => 'None', 'resolverType' => 'Self', 'title' => 'Example case title', ], ], 'total' => 1, ]
ListComments
$result = $client->listComments
([/* ... */]); $promise = $client->listCommentsAsync
([/* ... */]);
Returns comments for a designated case.
Parameter Syntax
$result = $client->listComments([ 'caseId' => '<string>', // REQUIRED 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for ListComments to designate the case to query.
- maxResults
-
- Type: int
Optional element for ListComments to limit the number of responses.
- nextToken
-
- Type: string
An optional string that, if supplied, must be copied from the output of a previous call to ListComments. When provided in this manner, the API fetches the next page of results.
Result Syntax
[ 'items' => [ [ 'body' => '<string>', 'commentId' => '<string>', 'createdDate' => <DateTime>, 'creator' => '<string>', 'lastUpdatedBy' => '<string>', 'lastUpdatedDate' => <DateTime>, ], // ... ], 'nextToken' => '<string>', 'total' => <integer>, ]
Result Details
Members
- items
-
- Type: Array of ListCommentsItem structures
Response element for ListComments providing the body, commentID, createDate, creator, lastUpdatedBy and lastUpdatedDate for each response.
- nextToken
-
- Type: string
An optional string that, if supplied on subsequent calls to ListComments, allows the API to fetch the next page of results.
- total
-
- Type: int
Response element for ListComments identifying the number of responses.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke ListComments
$result = $client->listComments([ 'caseId' => '8403556009', ]);
Result syntax:
[ 'items' => [ [ 'body' => 'Case comment body.', 'commentId' => '000000', ], ], 'total' => 1, ]
ListMemberships
$result = $client->listMemberships
([/* ... */]); $promise = $client->listMembershipsAsync
([/* ... */]);
Returns the memberships that the calling principal can access.
Parameter Syntax
$result = $client->listMemberships([ 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- maxResults
-
- Type: int
Request element for ListMemberships to limit the number of responses.
- nextToken
-
- Type: string
An optional string that, if supplied, must be copied from the output of a previous call to ListMemberships. When provided in this manner, the API fetches the next page of results.
Result Syntax
[ 'items' => [ [ 'accountId' => '<string>', 'membershipArn' => '<string>', 'membershipId' => '<string>', 'membershipStatus' => 'Active|Cancelled|Terminated', 'region' => 'af-south-1|ap-east-1|ap-east-2|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ap-southeast-7|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|mx-central-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- items
-
- Type: Array of ListMembershipItem structures
Request element for ListMemberships including the accountID, membershipARN, membershipID, membershipStatus, and region for each response.
- nextToken
-
- Type: string
An optional string that, if supplied on subsequent calls to ListMemberships, allows the API to fetch the next page of results.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke ListMemberships
$result = $client->listMemberships([ 'maxResults' => 10, ]);
Result syntax:
[ 'items' => [ [ 'accountId' => '123123123123', 'membershipArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh', 'membershipId' => 'm-abcd1234efgh', 'membershipStatus' => 'Cancelled', 'region' => 'af-south-1', ], ], ]
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
Returns currently configured tags on a resource.
Parameter Syntax
$result = $client->listTagsForResource([ 'resourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
Required element for ListTagsForResource to provide the ARN to identify a specific resource.
Result Syntax
[ 'tags' => ['<string>', ...], ]
Result Details
Members
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
Response element for ListTagsForResource providing content for each configured tag.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ResourceNotFoundException:
- ThrottlingException:
- ConflictException:
- InvalidTokenException:
Examples
Example 1: Invoke ListTagsForResource
$result = $client->listTagsForResource([ 'resourceArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh', ]);
Result syntax:
[ 'tags' => [ 'key' => 'example-tag-key', 'value' => 'example-tag-value', ], ]
TagResource
$result = $client->tagResource
([/* ... */]); $promise = $client->tagResourceAsync
([/* ... */]);
Adds a tag(s) to a designated resource.
Parameter Syntax
$result = $client->tagResource([ 'resourceArn' => '<string>', // REQUIRED 'tags' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
Required element for TagResource to identify the ARN for the resource to add a tag to.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
Required element for ListTagsForResource to provide the content for a tag.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ResourceNotFoundException:
- ThrottlingException:
- ConflictException:
- InvalidTokenException:
Examples
Example 1: Invoke TagResource
$result = $client->tagResource([ 'resourceArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh', 'tags' => [ 'key' => 'example-tag-key', 'value' => 'example-tag-value', ], ]);
Result syntax:
[ ]
UntagResource
$result = $client->untagResource
([/* ... */]); $promise = $client->untagResourceAsync
([/* ... */]);
Removes a tag(s) from a designate resource.
Parameter Syntax
$result = $client->untagResource([ 'resourceArn' => '<string>', // REQUIRED 'tagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
Required element for UnTagResource to identify the ARN for the resource to remove a tag from.
- tagKeys
-
- Required: Yes
- Type: Array of strings
Required element for UnTagResource to identify tag to remove.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ResourceNotFoundException:
- ThrottlingException:
- ConflictException:
- InvalidTokenException:
Examples
Example 1: Invoke UntagResource
$result = $client->untagResource([ 'resourceArn' => 'arn:aws:security-ir:us-west-1:123456789012:membership/m-abcd1234efgh', 'tagKeys' => [ 'example-tag-key', ], ]);
UpdateCase
$result = $client->updateCase
([/* ... */]); $promise = $client->updateCaseAsync
([/* ... */]);
Updates an existing case.
Parameter Syntax
$result = $client->updateCase([ 'actualIncidentStartDate' => <integer || string || DateTime>, 'caseId' => '<string>', // REQUIRED 'description' => '<string>', 'engagementType' => 'Security Incident|Investigation', 'impactedAccountsToAdd' => ['<string>', ...], 'impactedAccountsToDelete' => ['<string>', ...], 'impactedAwsRegionsToAdd' => [ [ 'region' => 'af-south-1|ap-east-1|ap-east-2|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ap-southeast-7|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|mx-central-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', // REQUIRED ], // ... ], 'impactedAwsRegionsToDelete' => [ [ 'region' => 'af-south-1|ap-east-1|ap-east-2|ap-northeast-1|ap-northeast-2|ap-northeast-3|ap-south-1|ap-south-2|ap-southeast-1|ap-southeast-2|ap-southeast-3|ap-southeast-4|ap-southeast-5|ap-southeast-7|ca-central-1|ca-west-1|cn-north-1|cn-northwest-1|eu-central-1|eu-central-2|eu-north-1|eu-south-1|eu-south-2|eu-west-1|eu-west-2|eu-west-3|il-central-1|me-central-1|me-south-1|mx-central-1|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2', // REQUIRED ], // ... ], 'impactedServicesToAdd' => ['<string>', ...], 'impactedServicesToDelete' => ['<string>', ...], 'reportedIncidentStartDate' => <integer || string || DateTime>, 'threatActorIpAddressesToAdd' => [ [ 'ipAddress' => '<string>', // REQUIRED 'userAgent' => '<string>', ], // ... ], 'threatActorIpAddressesToDelete' => [ [ 'ipAddress' => '<string>', // REQUIRED 'userAgent' => '<string>', ], // ... ], 'title' => '<string>', 'watchersToAdd' => [ [ 'email' => '<string>', // REQUIRED 'jobTitle' => '<string>', 'name' => '<string>', ], // ... ], 'watchersToDelete' => [ [ 'email' => '<string>', // REQUIRED 'jobTitle' => '<string>', 'name' => '<string>', ], // ... ], ]);
Parameter Details
Members
- actualIncidentStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Optional element for UpdateCase to provide content for the incident start date field.
- caseId
-
- Required: Yes
- Type: string
Required element for UpdateCase to identify the case ID for updates.
- description
-
- Type: string
Optional element for UpdateCase to provide content for the description field.
- engagementType
-
- Type: string
Optional element for UpdateCase to provide content for the engagement type field.
Available engagement types include Security Incident | Investigation
. - impactedAccountsToAdd
-
- Type: Array of strings
Optional element for UpdateCase to provide content to add accounts impacted.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be
123123123
which is nine digits, and with zero-prepend would be000123123123
. Not zero-prepending to 12 digits could result in errors. - impactedAccountsToDelete
-
- Type: Array of strings
Optional element for UpdateCase to provide content to add accounts impacted.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be
123123123
which is nine digits, and with zero-prepend would be000123123123
. Not zero-prepending to 12 digits could result in errors. - impactedAwsRegionsToAdd
-
- Type: Array of ImpactedAwsRegion structures
Optional element for UpdateCase to provide content to add regions impacted.
- impactedAwsRegionsToDelete
-
- Type: Array of ImpactedAwsRegion structures
Optional element for UpdateCase to provide content to remove regions impacted.
- impactedServicesToAdd
-
- Type: Array of strings
Optional element for UpdateCase to provide content to add services impacted.
- impactedServicesToDelete
-
- Type: Array of strings
Optional element for UpdateCase to provide content to remove services impacted.
- reportedIncidentStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Optional element for UpdateCase to provide content for the customer reported incident start date field.
- threatActorIpAddressesToAdd
-
- Type: Array of ThreatActorIp structures
Optional element for UpdateCase to provide content to add additional suspicious IP addresses related to a case.
- threatActorIpAddressesToDelete
-
- Type: Array of ThreatActorIp structures
Optional element for UpdateCase to provide content to remove suspicious IP addresses from a case.
- title
-
- Type: string
Optional element for UpdateCase to provide content for the title field.
- watchersToAdd
-
- Type: Array of Watcher structures
Optional element for UpdateCase to provide content to add additional watchers to a case.
- watchersToDelete
-
- Type: Array of Watcher structures
Optional element for UpdateCase to provide content to remove existing watchers from a case.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateCase
$result = $client->updateCase([ 'actualIncidentStartDate' =>, 'caseId' => '8403556009', 'description' => 'Case description', 'engagementType' => 'Investigation', 'impactedAccountsToAdd' => [ '000000000000', ], 'impactedAccountsToDelete' => [ '111111111111', ], 'impactedAwsRegionsToAdd' => [ [ 'region' => 'ap-southeast-1', ], ], 'impactedAwsRegionsToDelete' => [ [ 'region' => 'us-east-1', ], ], 'impactedServicesToAdd' => [ 'Amazon EC2', ], 'impactedServicesToDelete' => [ 'Amazon EKS', ], 'reportedIncidentStartDate' => , 'threatActorIpAddressesToAdd' => [ [ 'ipAddress' => '190.160.190.160', 'userAgent' => 'Browser', ], ], 'threatActorIpAddressesToDelete' => [ [ 'ipAddress' => '192.168.192.168', 'userAgent' => 'Browser', ], ], 'title' => 'My sample case', 'watchersToAdd' => [ [ 'name' => 'Same', 'email' => 'Sam@example.com', 'jobTitle' => 'CEO', ], ], 'watchersToDelete' => [ [ 'name' => 'Bob', 'email' => 'bob@example.com', 'jobTitle' => 'CFO', ], ], ]);
Result syntax:
[ ]
UpdateCaseComment
$result = $client->updateCaseComment
([/* ... */]); $promise = $client->updateCaseCommentAsync
([/* ... */]);
Updates an existing case comment.
Parameter Syntax
$result = $client->updateCaseComment([ 'body' => '<string>', // REQUIRED 'caseId' => '<string>', // REQUIRED 'commentId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- body
-
- Required: Yes
- Type: string
Required element for UpdateCaseComment to identify the content for the comment to be updated.
- caseId
-
- Required: Yes
- Type: string
Required element for UpdateCaseComment to identify the case ID containing the comment to be updated.
- commentId
-
- Required: Yes
- Type: string
Required element for UpdateCaseComment to identify the case ID to be updated.
Result Syntax
[ 'body' => '<string>', 'commentId' => '<string>', ]
Result Details
Members
- body
-
- Type: string
Response element for UpdateCaseComment providing the updated comment content.
- commentId
-
- Required: Yes
- Type: string
Response element for UpdateCaseComment providing the updated comment ID.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateCaseComment
$result = $client->updateCaseComment([ 'body' => 'Updated case comment.', 'caseId' => '8403556009', 'commentId' => '000000', ]);
Result syntax:
[ 'body' => 'Updated case comment.', 'commentId' => '000000', ]
UpdateCaseStatus
$result = $client->updateCaseStatus
([/* ... */]); $promise = $client->updateCaseStatusAsync
([/* ... */]);
Updates the state transitions for a designated cases.
Self-managed: the following states are available for self-managed cases.
-
Submitted → Detection and Analysis
-
Detection and Analysis → Containment, Eradication, and Recovery
-
Detection and Analysis → Post-incident Activities
-
Containment, Eradication, and Recovery → Detection and Analysis
-
Containment, Eradication, and Recovery → Post-incident Activities
-
Post-incident Activities → Containment, Eradication, and Recovery
-
Post-incident Activities → Detection and Analysis
-
Any → Closed
AWS supported: You must use the CloseCase
API to close.
Parameter Syntax
$result = $client->updateCaseStatus([ 'caseId' => '<string>', // REQUIRED 'caseStatus' => 'Submitted|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities', // REQUIRED ]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for UpdateCaseStatus to identify the case to update.
- caseStatus
-
- Required: Yes
- Type: string
Required element for UpdateCaseStatus to identify the status for a case. Options include
Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities
.
Result Syntax
[ 'caseStatus' => 'Submitted|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities', ]
Result Details
Members
- caseStatus
-
- Type: string
Response element for UpdateCaseStatus showing the newly configured status.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateCaseStatus
$result = $client->updateCaseStatus([ 'caseId' => '8403556009', 'caseStatus' => 'Post-incident Activities', ]);
Result syntax:
[ 'caseStatus' => 'Post-incident Activities', ]
UpdateMembership
$result = $client->updateMembership
([/* ... */]); $promise = $client->updateMembershipAsync
([/* ... */]);
Updates membership configuration.
Parameter Syntax
$result = $client->updateMembership([ 'incidentResponseTeam' => [ [ 'email' => '<string>', // REQUIRED 'jobTitle' => '<string>', // REQUIRED 'name' => '<string>', // REQUIRED ], // ... ], 'membershipAccountsConfigurationsUpdate' => [ 'coverEntireOrganization' => true || false, 'organizationalUnitsToAdd' => ['<string>', ...], 'organizationalUnitsToRemove' => ['<string>', ...], ], 'membershipId' => '<string>', // REQUIRED 'membershipName' => '<string>', 'optInFeatures' => [ [ 'featureName' => 'Triage', // REQUIRED 'isEnabled' => true || false, // REQUIRED ], // ... ], 'undoMembershipCancellation' => true || false, ]);
Parameter Details
Members
- incidentResponseTeam
-
- Type: Array of IncidentResponder structures
Optional element for UpdateMembership to update the membership name.
- membershipAccountsConfigurationsUpdate
-
- Type: MembershipAccountsConfigurationsUpdate structure
The
membershipAccountsConfigurationsUpdate
field in theUpdateMembershipRequest
structure allows you to update the configuration settings for accounts within a membership.This field is optional and contains a structure of type
MembershipAccountsConfigurationsUpdate
that specifies the updated account configurations for the membership. - membershipId
-
- Required: Yes
- Type: string
Required element for UpdateMembership to identify the membership to update.
- membershipName
-
- Type: string
Optional element for UpdateMembership to update the membership name.
- optInFeatures
-
- Type: Array of OptInFeature structures
Optional element for UpdateMembership to enable or disable opt-in features for the service.
- undoMembershipCancellation
-
- Type: boolean
The
undoMembershipCancellation
parameter is a boolean flag that indicates whether to reverse a previously requested membership cancellation. When set to true, this will revoke the cancellation request and maintain the membership status.This parameter is optional and can be used in scenarios where you need to restore a membership that was marked for cancellation but hasn't been fully terminated yet.
-
If set to
true
, the cancellation request will be revoked -
If set to
false
the service will throw a ValidationException.
Result Syntax
[]
Result Details
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateMembership
$result = $client->updateMembership([ 'incidentResponseTeam' => [ [ 'name' => 'Bob Jones', 'email' => 'bob.jones@gmail.com', 'jobTitle' => 'Security Responder', ], [ 'name' => 'Alice', 'email' => 'alice@example.com', 'jobTitle' => 'CEO', ], ], 'membershipId' => 'm-abcd1234efgh', 'membershipName' => 'New membership name', 'optInFeatures' => [ [ 'featureName' => 'Triage', 'isEnabled' => 1, ], ], ]);
Result syntax:
[ ]
UpdateResolverType
$result = $client->updateResolverType
([/* ... */]); $promise = $client->updateResolverTypeAsync
([/* ... */]);
Updates the resolver type for a case.
This is a one-way action and cannot be reversed.
Parameter Syntax
$result = $client->updateResolverType([ 'caseId' => '<string>', // REQUIRED 'resolverType' => 'AWS|Self', // REQUIRED ]);
Parameter Details
Members
- caseId
-
- Required: Yes
- Type: string
Required element for UpdateResolverType to identify the case to update.
- resolverType
-
- Required: Yes
- Type: string
Required element for UpdateResolverType to identify the new resolver.
Result Syntax
[ 'caseId' => '<string>', 'caseStatus' => 'Submitted|Acknowledged|Detection and Analysis|Containment, Eradication and Recovery|Post-incident Activities|Ready to Close|Closed', 'resolverType' => 'AWS|Self', ]
Result Details
Members
- caseId
-
- Required: Yes
- Type: string
Response element for UpdateResolver identifying the case ID being updated.
- caseStatus
-
- Type: string
Response element for UpdateResolver identifying the current status of the case.
- resolverType
-
- Type: string
Response element for UpdateResolver identifying the current resolver of the case.
Errors
- ServiceQuotaExceededException:
- AccessDeniedException:
- ValidationException:
- SecurityIncidentResponseNotActiveException:
- InternalServerException:
- ThrottlingException:
- ConflictException:
- ResourceNotFoundException:
- InvalidTokenException:
Examples
Example 1: Invoke UpdateResolverType
$result = $client->updateResolverType([ 'caseId' => '8403556009', 'resolverType' => 'AWS', ]);
Result syntax:
[ 'caseId' => '8403556009', 'caseStatus' => 'Detection and Analysis', 'resolverType' => 'AWS', ]
Shapes
AccessDeniedException
Description
Members
- message
-
- Required: Yes
- Type: string
The ID of the resource which lead to the access denial.
CaseAttachmentAttributes
Description
Members
- attachmentId
-
- Required: Yes
- Type: string
- attachmentStatus
-
- Required: Yes
- Type: string
- createdDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- creator
-
- Required: Yes
- Type: string
- fileName
-
- Required: Yes
- Type: string
CaseEditItem
Description
Members
- action
-
- Type: string
- eventTimestamp
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- message
-
- Type: string
- principal
-
- Type: string
ConflictException
Description
Members
- message
-
- Required: Yes
- Type: string
The exception message.
- resourceId
-
- Required: Yes
- Type: string
The ID of the conflicting resource.
- resourceType
-
- Required: Yes
- Type: string
The type of the conflicting resource.
GetMembershipAccountDetailError
Description
Members
- accountId
-
- Required: Yes
- Type: string
- error
-
- Required: Yes
- Type: string
- message
-
- Required: Yes
- Type: string
GetMembershipAccountDetailItem
Description
Members
- accountId
-
- Type: string
- relationshipStatus
-
- Type: string
- relationshipType
-
- Type: string
ImpactedAwsRegion
Description
Members
- region
-
- Required: Yes
- Type: string
IncidentResponder
Description
Members
-
- Required: Yes
- Type: string
- jobTitle
-
- Required: Yes
- Type: string
- name
-
- Required: Yes
- Type: string
InternalServerException
Description
Members
- message
-
- Required: Yes
- Type: string
The exception message.
- retryAfterSeconds
-
- Type: int
The number of seconds after which to retry the request.
InvalidTokenException
Description
Members
- message
-
- Required: Yes
- Type: string
The exception message.
ListCasesItem
Description
Members
- caseArn
-
- Type: string
- caseId
-
- Required: Yes
- Type: string
- caseStatus
-
- Type: string
- closedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- createdDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- engagementType
-
- Type: string
- lastUpdatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- pendingAction
-
- Type: string
- resolverType
-
- Type: string
- title
-
- Type: string
ListCommentsItem
Description
Members
- body
-
- Type: string
- commentId
-
- Required: Yes
- Type: string
- createdDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- creator
-
- Type: string
- lastUpdatedBy
-
- Type: string
- lastUpdatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
ListMembershipItem
Description
Members
- accountId
-
- Type: string
- membershipArn
-
- Type: string
- membershipId
-
- Required: Yes
- Type: string
- membershipStatus
-
- Type: string
- region
-
- Type: string
MembershipAccountsConfigurations
Description
The MembershipAccountsConfigurations
structure defines the configuration settings for managing membership accounts withinAmazon Web Services.
This structure contains settings that determine how member accounts are configured and managed within your organization, including:
-
Account configuration preferences
-
Membership validation rules
-
Account access settings
You can use this structure to define and maintain standardized configurations across multiple member accounts in your organization.
Members
- coverEntireOrganization
-
- Type: boolean
The
coverEntireOrganization
field is a boolean value that determines whether the membership configuration applies to all accounts within an Amazon Web Services Organization.When set to
true
, the configuration will be applied across all accounts in the organization. When set tofalse
, the configuration will only apply to specifically designated accounts under the AWS Organizational Units specificied. - organizationalUnits
-
- Type: Array of strings
A list of organizational unit IDs that follow the pattern
ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}
. These IDs represent the organizational units within an Amazon Web Services Organizations structure that are covered by the membership.Each organizational unit ID in the list must:
-
Begin with the prefix 'ou-'
-
Contain between 4 and 32 alphanumeric characters in the first segment
-
Contain between 8 and 32 alphanumeric characters in the second segment
MembershipAccountsConfigurationsUpdate
Description
The MembershipAccountsConfigurationsUpdate
structure represents the configuration updates for member accounts within an Amazon Web Services organization.
This structure is used to modify existing account configurations and settings for members in the organization. When applying updates, ensure all required fields are properly specified to maintain account consistency.
Key considerations when using this structure:
-
All configuration changes are validated before being applied
-
Updates are processed asynchronously in the background
-
Configuration changes may take several minutes to propagate across all affected accounts
Members
- coverEntireOrganization
-
- Type: boolean
The
coverEntireOrganization
field is a boolean value that determines whether the membership configuration should be applied across the entire Amazon Web Services Organization.When set to
true
, the configuration will be applied to all accounts within the organization. When set tofalse
, the configuration will only apply to specifically designated accounts. - organizationalUnitsToAdd
-
- Type: Array of strings
A list of organizational unit IDs to add to the membership configuration. Each organizational unit ID must match the pattern
ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}
.The list must contain between 1 and 5 organizational unit IDs.
- organizationalUnitsToRemove
-
- Type: Array of strings
A list of organizational unit IDs to remove from the membership configuration. Each organizational unit ID must match the pattern
ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}
.The list must contain between 1 and 5 organizational unit IDs per invocation of the API request.
OptInFeature
Description
Members
- featureName
-
- Required: Yes
- Type: string
- isEnabled
-
- Required: Yes
- Type: boolean
ResourceNotFoundException
Description
Members
- message
-
- Required: Yes
- Type: string
The exception message.
SecurityIncidentResponseNotActiveException
Description
Members
- message
-
- Required: Yes
- Type: string
The exception message.
ServiceQuotaExceededException
Description
Members
- message
-
- Required: Yes
- Type: string
The exception message.
- quotaCode
-
- Required: Yes
- Type: string
The code of the quota.
- resourceId
-
- Required: Yes
- Type: string
The ID of the requested resource which lead to the service quota exception.
- resourceType
-
- Required: Yes
- Type: string
The type of the requested resource which lead to the service quota exception.
- serviceCode
-
- Required: Yes
- Type: string
The service code of the quota.
ThreatActorIp
Description
Members
- ipAddress
-
- Required: Yes
- Type: string
- userAgent
-
- Type: string
ThrottlingException
Description
Members
- message
-
- Required: Yes
- Type: string
The exception message.
- quotaCode
-
- Type: string
The quota code of the exception.
- retryAfterSeconds
-
- Type: int
The number of seconds after which to retry the request.
- serviceCode
-
- Type: string
The service code of the exception.
ValidationException
Description
Members
- fieldList
-
- Type: Array of ValidationExceptionField structures
The fields which lead to the exception.
- message
-
- Required: Yes
- Type: string
The exception message.
- reason
-
- Required: Yes
- Type: string
The reason for the exception.
ValidationExceptionField
Description
Members
- message
-
- Required: Yes
- Type: string
- name
-
- Required: Yes
- Type: string
Watcher
Description
Members
-
- Required: Yes
- Type: string
- jobTitle
-
- Type: string
- name
-
- Type: string