software.amazon.awssdk.services.detective.package-info Maven / Gradle / Ivy
Show all versions of detective Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
/**
*
* Detective uses machine learning and purpose-built visualizations to help you to analyze and investigate security
* issues across your Amazon Web Services (Amazon Web Services) workloads. Detective automatically extracts time-based
* events such as login attempts, API calls, and network traffic from CloudTrail and Amazon Virtual Private Cloud
* (Amazon VPC) flow logs. It also extracts findings detected by Amazon GuardDuty.
*
*
* The Detective API primarily supports the creation and management of behavior graphs. A behavior graph contains the
* extracted data from a set of member accounts, and is created and managed by an administrator account.
*
*
* To add a member account to the behavior graph, the administrator account sends an invitation to the account. When the
* account accepts the invitation, it becomes a member account in the behavior graph.
*
*
* Detective is also integrated with Organizations. The organization management account designates the Detective
* administrator account for the organization. That account becomes the administrator account for the organization
* behavior graph. The Detective administrator account is also the delegated administrator account for Detective in
* Organizations.
*
*
* The Detective administrator account can enable any organization account as a member account in the organization
* behavior graph. The organization accounts do not receive invitations. The Detective administrator account can also
* invite other accounts to the organization behavior graph.
*
*
* Every behavior graph is specific to a Region. You can only use the API to manage behavior graphs that belong to the
* Region that is associated with the currently selected endpoint.
*
*
* The administrator account for a behavior graph can use the Detective API to do the following:
*
*
* -
*
* Enable and disable Detective. Enabling Detective creates a new behavior graph.
*
*
* -
*
* View the list of member accounts in a behavior graph.
*
*
* -
*
* Add member accounts to a behavior graph.
*
*
* -
*
* Remove member accounts from a behavior graph.
*
*
* -
*
* Apply tags to a behavior graph.
*
*
*
*
* The organization management account can use the Detective API to select the delegated administrator for Detective.
*
*
* The Detective administrator account for an organization can use the Detective API to do the following:
*
*
* -
*
* Perform all of the functions of an administrator account.
*
*
* -
*
* Determine whether to automatically enable new organization accounts as member accounts in the organization behavior
* graph.
*
*
*
*
* An invited member account can use the Detective API to do the following:
*
*
* -
*
* View the list of behavior graphs that they are invited to.
*
*
* -
*
* Accept an invitation to contribute to a behavior graph.
*
*
* -
*
* Decline an invitation to contribute to a behavior graph.
*
*
* -
*
* Remove their account from a behavior graph.
*
*
*
*
* All API actions are logged as CloudTrail events. See Logging Detective API
* Calls with CloudTrail.
*
*
*
* We replaced the term "master account" with the term "administrator account". An administrator account is used to
* centrally manage multiple accounts. In the case of Detective, the administrator account manages the accounts in their
* behavior graph.
*
*
*/
package software.amazon.awssdk.services.detective;