Class Investigation

java.lang.Object

software.amazon.awssdk.services.guardduty.model.Investigation

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<Investigation.Builder,Investigation>

@Generated("software.amazon.awssdk:codegen")
public final class Investigation
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<Investigation.Builder,Investigation>

Contains the details and results of a GuardDuty investigation.

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	Investigation.Builder

Method Summary

Modifier and Type	Method	Description
static Investigation.Builder	builder()
final CloudDetails	cloud()	Details about the cloud environment in which the investigation was performed, including the provider, region, and account.
final Confidence	confidence()	The confidence level of the investigation's assessment.
final String	confidenceAsString()	The confidence level of the investigation's assessment.
final Instant	endTime()	The timestamp at which the investigation completed.
final boolean	equals(Object obj)
final boolean	equalsBySdkFields(Object obj)	Indicates whether some other object is "equal to" this one by SDK fields.
final String	error()	Details about the error if the investigation status is FAILED.
final <T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
final int	hashCode()
final String	investigationId()	The unique identifier of the investigation.
final InvestigationMetadata	metadata()	Metadata about the product and version that produced the investigation.
final String	risk()	A human-readable description of the assessed risk.
final RiskLevel	riskLevel()	The assessed risk level of the investigated threat.
final String	riskLevelAsString()	The assessed risk level of the investigated threat.
final Map<String,SdkField<?>>	sdkFieldNameToField()
final List<SdkField<?>>	sdkFields()
static Class<? extends Investigation.Builder>	serializableBuilderClass()
final Instant	startTime()	The timestamp at which the investigation started.
final InvestigationStatus	status()	The current status of the investigation.
final String	statusAsString()	The current status of the investigation.
final String	summary()	A structured summary of the investigation findings, including affected resources, threat assessment, and recommended remediation steps.
Investigation.Builder	toBuilder()	Take this object and create a builder that contains all of the current property values of this object.
final String	toString()	Returns a string representation of this object.
final String	triggeredBy()	The account that initiated the investigation.
final String	triggerPrompt()	The natural-language prompt that initiated this investigation.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Details

investigationId

public final String investigationId()

The unique identifier of the investigation.

Returns:

The unique identifier of the investigation.

status

public final InvestigationStatus status()

The current status of the investigation. Possible values are RUNNING, COMPLETED, and FAILED.

If the service returns an enum value that is not available in the current SDK version, status will return InvestigationStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from statusAsString().

Returns:

The current status of the investigation. Possible values are RUNNING, COMPLETED , and FAILED.

See Also:

• InvestigationStatus

statusAsString

public final String statusAsString()

The current status of the investigation. Possible values are RUNNING, COMPLETED, and FAILED.

If the service returns an enum value that is not available in the current SDK version, status will return InvestigationStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from statusAsString().

Returns:

The current status of the investigation. Possible values are RUNNING, COMPLETED , and FAILED.

See Also:

• InvestigationStatus

triggerPrompt

public final String triggerPrompt()

The natural-language prompt that initiated this investigation.

Returns:

The natural-language prompt that initiated this investigation.

triggeredBy

public final String triggeredBy()

The account that initiated the investigation.

Returns:

The account that initiated the investigation.

metadata

public final InvestigationMetadata metadata()

Metadata about the product and version that produced the investigation.

Returns:

Metadata about the product and version that produced the investigation.

cloud

public final CloudDetails cloud()

Details about the cloud environment in which the investigation was performed, including the provider, region, and account.

Returns:

Details about the cloud environment in which the investigation was performed, including the provider, region, and account.

riskLevel

public final RiskLevel riskLevel()

The assessed risk level of the investigated threat. Possible values are Info, Low, Medium, High, and Critical.

If the service returns an enum value that is not available in the current SDK version, riskLevel will return RiskLevel.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from riskLevelAsString().

Returns:

The assessed risk level of the investigated threat. Possible values are Info, Low, Medium, High, and Critical.

See Also:

• RiskLevel

riskLevelAsString

public final String riskLevelAsString()

The assessed risk level of the investigated threat. Possible values are Info, Low, Medium, High, and Critical.

If the service returns an enum value that is not available in the current SDK version, riskLevel will return RiskLevel.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from riskLevelAsString().

Returns:

The assessed risk level of the investigated threat. Possible values are Info, Low, Medium, High, and Critical.

See Also:

• RiskLevel

risk

public final String risk()

A human-readable description of the assessed risk.

Returns:

A human-readable description of the assessed risk.

confidence

public final Confidence confidence()

The confidence level of the investigation's assessment. Possible values are Unknown, Low, Medium, and High.

If the service returns an enum value that is not available in the current SDK version, confidence will return Confidence.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from confidenceAsString().

Returns:

The confidence level of the investigation's assessment. Possible values are Unknown, Low, Medium, and High.

See Also:

• Confidence

confidenceAsString

public final String confidenceAsString()

The confidence level of the investigation's assessment. Possible values are Unknown, Low, Medium, and High.

If the service returns an enum value that is not available in the current SDK version, confidence will return Confidence.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from confidenceAsString().

Returns:

The confidence level of the investigation's assessment. Possible values are Unknown, Low, Medium, and High.

See Also:

• Confidence

summary

public final String summary()

A structured summary of the investigation findings, including affected resources, threat assessment, and recommended remediation steps.

Returns:

A structured summary of the investigation findings, including affected resources, threat assessment, and recommended remediation steps.

startTime

public final Instant startTime()

The timestamp at which the investigation started.

Returns:

The timestamp at which the investigation started.

endTime

public final Instant endTime()

The timestamp at which the investigation completed.

Returns:

The timestamp at which the investigation completed.

error

public final String error()

Details about the error if the investigation status is FAILED.

Returns:

Details about the error if the investigation status is FAILED.

toBuilder

public Investigation.Builder toBuilder()

Description copied from interface: ToCopyableBuilder

Take this object and create a builder that contains all of the current property values of this object.

Specified by:

toBuilder in interface ToCopyableBuilder<Investigation.Builder,Investigation>

Returns:

a builder for type T

builder

public static Investigation.Builder builder()

serializableBuilderClass

public static Class<? extends Investigation.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Description copied from interface: SdkPojo

Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

Specified by:

equalsBySdkFields in interface SdkPojo

Parameters:

obj - the object to be compared with

Returns:

true if the other object equals to this object by sdk fields, false otherwise.

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
 Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo

Returns:

List of SdkField in this POJO. May be empty list but should never be null.

sdkFieldNameToField

public final Map<String,SdkField<?>> sdkFieldNameToField()

Specified by:

sdkFieldNameToField in interface SdkPojo

Returns:

The mapping between the field name and its corresponding field.