startInvestigation method

Future<StartInvestigationResponse> startInvestigation({
  1. required String entityArn,
  2. required String graphArn,
  3. required DateTime scopeEndTime,
  4. required DateTime scopeStartTime,
})

Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network, system, or environment that can (with a high level of confidence) identify malicious activity or a security incident. StartInvestigation initiates an investigation on an entity in a behavior graph.

May throw AccessDeniedException. May throw InternalServerException. May throw ResourceNotFoundException. May throw TooManyRequestsException. May throw ValidationException.

Parameter entityArn : The unique Amazon Resource Name (ARN) of the IAM user and IAM role.

Parameter graphArn : The Amazon Resource Name (ARN) of the behavior graph.

Parameter scopeEndTime : The data and time when the investigation ended. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

Parameter scopeStartTime : The data and time when the investigation began. The value is an UTC ISO8601 formatted string. For example, 2021-08-18T16:35:56.284Z.

Implementation

Future<StartInvestigationResponse> startInvestigation({
  required String entityArn,
  required String graphArn,
  required DateTime scopeEndTime,
  required DateTime scopeStartTime,
}) async {
  final $payload = <String, dynamic>{
    'EntityArn': entityArn,
    'GraphArn': graphArn,
    'ScopeEndTime': iso8601ToJson(scopeEndTime),
    'ScopeStartTime': iso8601ToJson(scopeStartTime),
  };
  final response = await _protocol.send(
    payload: $payload,
    method: 'POST',
    requestUri: '/investigations/startInvestigation',
    exceptionFnMap: _exceptionFns,
  );
  return StartInvestigationResponse.fromJson(response);
}