GuardDuty / Client / list_investigations

list_investigations

GuardDuty.Client.list_investigations(**kwargs)

This API is currently available as a preview. This feature is available in the following Amazon Web Services Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), and Asia Pacific (Tokyo).

Returns a list of investigations associated with the specified GuardDuty detector.

An administrator account sees all investigations across the organization. Member accounts see only the investigations that belong to them.

See also: AWS API Documentation

Request Syntax

response = client.list_investigations(
    DetectorId='string',
    SortCriteria={
        'AttributeName': 'START_TIME'|'END_TIME'|'STATUS'|'RISK_LEVEL'|'CONFIDENCE',
        'OrderBy': 'ASC'|'DESC'
    },
    MaxResults=123,
    NextToken='string'
)
Parameters:
  • DetectorId (string) –

    [REQUIRED]

    The unique ID of the GuardDuty detector whose investigations you want to list.

    To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.

  • SortCriteria (dict) –

    Represents the criteria used for sorting investigations.

    • AttributeName (string) –

      The attribute by which to sort investigations.

    • OrderBy (string) –

      The order in which the sorted results are to be displayed.

  • MaxResults (integer) – You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50.

  • NextToken (string) – You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

Return type:

dict

Returns:

Response Syntax

{
    'Investigations': [
        {
            'InvestigationId': 'string',
            'Status': 'RUNNING'|'COMPLETED'|'FAILED',
            'TriggerPrompt': 'string',
            'RiskLevel': 'Info'|'Low'|'Medium'|'High'|'Critical',
            'Confidence': 'Unknown'|'Low'|'Medium'|'High',
            'Title': 'string',
            'AccountId': 'string',
            'StartTime': datetime(2015, 1, 1),
            'EndTime': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • Investigations (list) –

      A list of investigation summaries associated with the specified detector.

      • (dict) –

        Contains summary information about a GuardDuty investigation.

        • InvestigationId (string) –

          The unique identifier of the investigation.

        • Status (string) –

          The current status of the investigation.

        • TriggerPrompt (string) –

          The natural-language prompt that initiated this investigation.

        • RiskLevel (string) –

          The assessed risk level of the investigated threat.

        • Confidence (string) –

          The confidence level of the investigation’s assessment.

        • Title (string) –

          A short title summarizing the investigation.

        • AccountId (string) –

          The Amazon Web Services account ID associated with the investigation.

        • StartTime (datetime) –

          The timestamp at which the investigation started.

        • EndTime (datetime) –

          The timestamp at which the investigation completed.

    • NextToken (string) –

      The pagination parameter to be used on the next list operation to retrieve more items.

Exceptions

  • GuardDuty.Client.exceptions.BadRequestException

  • GuardDuty.Client.exceptions.InternalServerErrorException

  • GuardDuty.Client.exceptions.AccessDeniedException