Skip to content

/AWS1/CL_DETMEMBERDETAIL

Details about a member account in a behavior graph.

CONSTRUCTOR

IMPORTING

Optional arguments:

iv_accountid TYPE /AWS1/DETACCOUNTID /AWS1/DETACCOUNTID

The Amazon Web Services account identifier for the member account.

iv_emailaddress TYPE /AWS1/DETEMAILADDRESS /AWS1/DETEMAILADDRESS

The Amazon Web Services account root user email address for the member account.

iv_grapharn TYPE /AWS1/DETGRAPHARN /AWS1/DETGRAPHARN

The ARN of the behavior graph.

iv_masterid TYPE /AWS1/DETACCOUNTID /AWS1/DETACCOUNTID

The Amazon Web Services account identifier of the administrator account for the behavior graph.

iv_administratorid TYPE /AWS1/DETACCOUNTID /AWS1/DETACCOUNTID

The Amazon Web Services account identifier of the administrator account for the behavior graph.

iv_status TYPE /AWS1/DETMEMBERSTATUS /AWS1/DETMEMBERSTATUS

The current membership status of the member account. The status can have one of the following values:

  • INVITED - For invited accounts only. Indicates that the member was sent an invitation but has not yet responded.

  • VERIFICATION_IN_PROGRESS - For invited accounts only, indicates that Detective is verifying that the account identifier and email address provided for the member account match. If they do match, then Detective sends the invitation. If the email address and account identifier don't match, then the member cannot be added to the behavior graph.

    For organization accounts in the organization behavior graph, indicates that Detective is verifying that the account belongs to the organization.

  • VERIFICATION_FAILED - For invited accounts only. Indicates that the account and email address provided for the member account do not match, and Detective did not send an invitation to the account.

  • ENABLED - Indicates that the member account currently contributes data to the behavior graph. For invited accounts, the member account accepted the invitation. For organization accounts in the organization behavior graph, the Detective administrator account enabled the organization account as a member account.

  • ACCEPTED_BUT_DISABLED - The account accepted the invitation, or was enabled by the Detective administrator account, but is prevented from contributing data to the behavior graph. DisabledReason provides the reason why the member account is not enabled.

Invited accounts that declined an invitation or that were removed from the behavior graph are not included. In the organization behavior graph, organization accounts that the Detective administrator account did not enable are not included.

iv_disabledreason TYPE /AWS1/DETMEMBERDISABLEDREASON /AWS1/DETMEMBERDISABLEDREASON

For member accounts with a status of ACCEPTED_BUT_DISABLED, the reason that the member account is not enabled.

The reason can have one of the following values:

  • VOLUME_TOO_HIGH - Indicates that adding the member account would cause the data volume for the behavior graph to be too high.

  • VOLUME_UNKNOWN - Indicates that Detective is unable to verify the data volume for the member account. This is usually because the member account is not enrolled in Amazon GuardDuty.

iv_invitedtime TYPE /AWS1/DETTIMESTAMP /AWS1/DETTIMESTAMP

For invited accounts, the date and time that Detective sent the invitation to the account. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

iv_updatedtime TYPE /AWS1/DETTIMESTAMP /AWS1/DETTIMESTAMP

The date and time that the member account was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

iv_volumeusageinbytes TYPE /AWS1/DETBYTEVALUE /AWS1/DETBYTEVALUE

The data volume in bytes per day for the member account.

iv_volumeusageupdatedtime TYPE /AWS1/DETTIMESTAMP /AWS1/DETTIMESTAMP

The data and time when the member account data volume was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

iv_percentofgraphutilization TYPE /AWS1/RT_DOUBLE_AS_STRING /AWS1/RT_DOUBLE_AS_STRING

The member account data volume as a percentage of the maximum allowed data volume. 0 indicates 0 percent, and 100 indicates 100 percent.

Note that this is not the percentage of the behavior graph data volume.

For example, the data volume for the behavior graph is 80 GB per day. The maximum data volume is 160 GB per day. If the data volume for the member account is 40 GB per day, then PercentOfGraphUtilization is 25. It represents 25% of the maximum allowed data volume.

iv_percentofgraphutilizati00 TYPE /AWS1/DETTIMESTAMP /AWS1/DETTIMESTAMP

The date and time when the graph utilization percentage was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

iv_invitationtype TYPE /AWS1/DETINVITATIONTYPE /AWS1/DETINVITATIONTYPE

The type of behavior graph membership.

For an organization account in the organization behavior graph, the type is ORGANIZATION.

For an account that was invited to a behavior graph, the type is INVITATION.

it_volusagebydatasrcpackage TYPE /AWS1/CL_DETDATASRCPACKAGEUS00=>TT_VOLUMEUSAGEBYDATASRCPACKAGE TT_VOLUMEUSAGEBYDATASRCPACKAGE

Details on the volume of usage for each data source package in a behavior graph.

it_datasrcpackageingeststa00 TYPE /AWS1/CL_DETDATASRCPACKAGEIN00=>TT_DATASRCPACKAGEINGESTSTATES TT_DATASRCPACKAGEINGESTSTATES

The state of a data source package for the behavior graph.

Queryable Attributes

AccountId

The Amazon Web Services account identifier for the member account.

Accessible with the following methods

Method Description
GET_ACCOUNTID() Getter for ACCOUNTID, with configurable default
ASK_ACCOUNTID() Getter for ACCOUNTID w/ exceptions if field has no value
HAS_ACCOUNTID() Determine if ACCOUNTID has a value

EmailAddress

The Amazon Web Services account root user email address for the member account.

Accessible with the following methods

Method Description
GET_EMAILADDRESS() Getter for EMAILADDRESS, with configurable default
ASK_EMAILADDRESS() Getter for EMAILADDRESS w/ exceptions if field has no value
HAS_EMAILADDRESS() Determine if EMAILADDRESS has a value

GraphArn

The ARN of the behavior graph.

Accessible with the following methods

Method Description
GET_GRAPHARN() Getter for GRAPHARN, with configurable default
ASK_GRAPHARN() Getter for GRAPHARN w/ exceptions if field has no value
HAS_GRAPHARN() Determine if GRAPHARN has a value

MasterId

The Amazon Web Services account identifier of the administrator account for the behavior graph.

Accessible with the following methods

Method Description
GET_MASTERID() Getter for MASTERID, with configurable default
ASK_MASTERID() Getter for MASTERID w/ exceptions if field has no value
HAS_MASTERID() Determine if MASTERID has a value

AdministratorId

The Amazon Web Services account identifier of the administrator account for the behavior graph.

Accessible with the following methods

Method Description
GET_ADMINISTRATORID() Getter for ADMINISTRATORID, with configurable default
ASK_ADMINISTRATORID() Getter for ADMINISTRATORID w/ exceptions if field has no val
HAS_ADMINISTRATORID() Determine if ADMINISTRATORID has a value

Status

The current membership status of the member account. The status can have one of the following values:

  • INVITED - For invited accounts only. Indicates that the member was sent an invitation but has not yet responded.

  • VERIFICATION_IN_PROGRESS - For invited accounts only, indicates that Detective is verifying that the account identifier and email address provided for the member account match. If they do match, then Detective sends the invitation. If the email address and account identifier don't match, then the member cannot be added to the behavior graph.

    For organization accounts in the organization behavior graph, indicates that Detective is verifying that the account belongs to the organization.

  • VERIFICATION_FAILED - For invited accounts only. Indicates that the account and email address provided for the member account do not match, and Detective did not send an invitation to the account.

  • ENABLED - Indicates that the member account currently contributes data to the behavior graph. For invited accounts, the member account accepted the invitation. For organization accounts in the organization behavior graph, the Detective administrator account enabled the organization account as a member account.

  • ACCEPTED_BUT_DISABLED - The account accepted the invitation, or was enabled by the Detective administrator account, but is prevented from contributing data to the behavior graph. DisabledReason provides the reason why the member account is not enabled.

Invited accounts that declined an invitation or that were removed from the behavior graph are not included. In the organization behavior graph, organization accounts that the Detective administrator account did not enable are not included.

Accessible with the following methods

Method Description
GET_STATUS() Getter for STATUS, with configurable default
ASK_STATUS() Getter for STATUS w/ exceptions if field has no value
HAS_STATUS() Determine if STATUS has a value

DisabledReason

For member accounts with a status of ACCEPTED_BUT_DISABLED, the reason that the member account is not enabled.

The reason can have one of the following values:

  • VOLUME_TOO_HIGH - Indicates that adding the member account would cause the data volume for the behavior graph to be too high.

  • VOLUME_UNKNOWN - Indicates that Detective is unable to verify the data volume for the member account. This is usually because the member account is not enrolled in Amazon GuardDuty.

Accessible with the following methods

Method Description
GET_DISABLEDREASON() Getter for DISABLEDREASON, with configurable default
ASK_DISABLEDREASON() Getter for DISABLEDREASON w/ exceptions if field has no valu
HAS_DISABLEDREASON() Determine if DISABLEDREASON has a value

InvitedTime

For invited accounts, the date and time that Detective sent the invitation to the account. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

Accessible with the following methods

Method Description
GET_INVITEDTIME() Getter for INVITEDTIME, with configurable default
ASK_INVITEDTIME() Getter for INVITEDTIME w/ exceptions if field has no value
HAS_INVITEDTIME() Determine if INVITEDTIME has a value

UpdatedTime

The date and time that the member account was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

Accessible with the following methods

Method Description
GET_UPDATEDTIME() Getter for UPDATEDTIME, with configurable default
ASK_UPDATEDTIME() Getter for UPDATEDTIME w/ exceptions if field has no value
HAS_UPDATEDTIME() Determine if UPDATEDTIME has a value

VolumeUsageInBytes

The data volume in bytes per day for the member account.

Accessible with the following methods

Method Description
GET_VOLUMEUSAGEINBYTES() Getter for VOLUMEUSAGEINBYTES, with configurable default
ASK_VOLUMEUSAGEINBYTES() Getter for VOLUMEUSAGEINBYTES w/ exceptions if field has no
HAS_VOLUMEUSAGEINBYTES() Determine if VOLUMEUSAGEINBYTES has a value

VolumeUsageUpdatedTime

The data and time when the member account data volume was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

Accessible with the following methods

Method Description
GET_VOLUMEUSAGEUPDATEDTIME() Getter for VOLUMEUSAGEUPDATEDTIME, with configurable default
ASK_VOLUMEUSAGEUPDATEDTIME() Getter for VOLUMEUSAGEUPDATEDTIME w/ exceptions if field has
HAS_VOLUMEUSAGEUPDATEDTIME() Determine if VOLUMEUSAGEUPDATEDTIME has a value

PercentOfGraphUtilization

The member account data volume as a percentage of the maximum allowed data volume. 0 indicates 0 percent, and 100 indicates 100 percent.

Note that this is not the percentage of the behavior graph data volume.

For example, the data volume for the behavior graph is 80 GB per day. The maximum data volume is 160 GB per day. If the data volume for the member account is 40 GB per day, then PercentOfGraphUtilization is 25. It represents 25% of the maximum allowed data volume.

Accessible with the following methods

Method Description
GET_PERCENTOFGRAPHUTILIZAT00() Getter for PERCENTOFGRAPHUTILIZATION, with configurable defa
ASK_PERCENTOFGRAPHUTILIZAT00() Getter for PERCENTOFGRAPHUTILIZATION w/ exceptions if field
STR_PERCENTOFGRAPHUTILIZAT00() String format for PERCENTOFGRAPHUTILIZATION, with configurab
HAS_PERCENTOFGRAPHUTILIZAT00() Determine if PERCENTOFGRAPHUTILIZATION has a value

PercentOfGraphUtilizationUpdatedTime

The date and time when the graph utilization percentage was last updated. The value is an ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

Accessible with the following methods

Method Description
GET_PERCENTOFGRAPHUTILIZAT01() Getter for PERCENTOFGRAPHUTILIZATIONU00, with configurable d
ASK_PERCENTOFGRAPHUTILIZAT01() Getter for PERCENTOFGRAPHUTILIZATIONU00 w/ exceptions if fie
HAS_PERCENTOFGRAPHUTILIZAT01() Determine if PERCENTOFGRAPHUTILIZATIONU00 has a value

InvitationType

The type of behavior graph membership.

For an organization account in the organization behavior graph, the type is ORGANIZATION.

For an account that was invited to a behavior graph, the type is INVITATION.

Accessible with the following methods

Method Description
GET_INVITATIONTYPE() Getter for INVITATIONTYPE, with configurable default
ASK_INVITATIONTYPE() Getter for INVITATIONTYPE w/ exceptions if field has no valu
HAS_INVITATIONTYPE() Determine if INVITATIONTYPE has a value

VolumeUsageByDatasourcePackage

Details on the volume of usage for each data source package in a behavior graph.

Accessible with the following methods

Method Description
GET_VOLUSAGEBYDATASRCPACKAGE() Getter for VOLUMEUSAGEBYDATASRCPACKAGE, with configurable de
ASK_VOLUSAGEBYDATASRCPACKAGE() Getter for VOLUMEUSAGEBYDATASRCPACKAGE w/ exceptions if fiel
HAS_VOLUSAGEBYDATASRCPACKAGE() Determine if VOLUMEUSAGEBYDATASRCPACKAGE has a value

DatasourcePackageIngestStates

The state of a data source package for the behavior graph.

Accessible with the following methods

Method Description
GET_DATASRCPACKAGEINGESTST00() Getter for DATASRCPACKAGEINGESTSTATES, with configurable def
ASK_DATASRCPACKAGEINGESTST00() Getter for DATASRCPACKAGEINGESTSTATES w/ exceptions if field
HAS_DATASRCPACKAGEINGESTST00() Determine if DATASRCPACKAGEINGESTSTATES has a value

Public Local Types In This Class

Internal table types, representing arrays and maps of this class, are defined as local types:

TT_MEMBERDETAILLIST

TYPES TT_MEMBERDETAILLIST TYPE STANDARD TABLE OF REF TO /AWS1/CL_DETMEMBERDETAIL WITH DEFAULT KEY
.