InvestigationAction
Represents a specific action or recommendation generated during a security investigation. Investigation actions provide guidance on steps to take in response to security incidents.
Contents
- actionType
-
The type or category of the investigation action, indicating the nature of the recommended step (e.g., containment, remediation, analysis).
Type: String
Valid Values:
Evidence | Investigation | SummarizationRequired: Yes
- content
-
Detailed information about the investigation action, including specific steps, context, and guidance for implementation.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 5000.
Required: Yes
- investigationId
-
The unique identifier of the investigation to which this action belongs.
Type: String
Pattern:
inv-[a-z0-9]{10,32}Required: Yes
- lastUpdated
-
The timestamp when the investigation action was last modified or updated.
Type: Timestamp
Required: Yes
- status
-
The current status of the investigation action (e.g., pending, in progress, completed, dismissed).
Type: String
Valid Values:
Pending | InProgress | Waiting | Completed | Failed | CancelledRequired: Yes
- title
-
A brief, descriptive title summarizing the investigation action.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 200.
Required: Yes
- feedback
-
User feedback associated with this investigation action, including usefulness ratings and comments.
Type: InvestigationFeedback object
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
