openapi: 3.1.0 info: title: Amazon Detective description: >- Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. It automatically collects log data from AWS resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations that help you conduct faster and more efficient security investigations. version: '2018-10-26' contact: name: AWS Support url: https://aws.amazon.com/premiumsupport/ license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html termsOfService: https://aws.amazon.com/service-terms/ x-logo: url: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png x-generated-from: documentation externalDocs: description: Amazon Detective API Reference url: https://docs.aws.amazon.com/detective/latest/APIReference/Welcome.html servers: - url: https://api.detective.{region}.amazonaws.com description: Amazon Detective regional endpoint variables: region: default: us-east-1 description: AWS region enum: - us-east-1 - us-east-2 - us-west-1 - us-west-2 - eu-west-1 - eu-west-2 - eu-central-1 - ap-northeast-1 - ap-southeast-1 - ap-southeast-2 - ap-south-1 - sa-east-1 security: - sigv4: [] tags: - name: Graph description: Behavior graph management operations - name: Members description: Member account management operations - name: Invitations description: Invitation management for member accounts - name: Datasources description: Data source package management operations - name: Investigations description: Security investigation operations - name: Organizations description: AWS Organizations integration operations - name: Tags description: Resource tagging operations paths: /graph: post: summary: Amazon Detective Create Graph description: Creates a new behavior graph for the calling account and sets it as the administrator account. operationId: createGraph tags: - Graph requestBody: required: false content: application/json: schema: $ref: '#/components/schemas/CreateGraphRequest' examples: CreateGraphRequestExample: summary: Default createGraph request x-microcks-default: true value: Tags: Environment: production responses: '200': description: Successfully created behavior graph content: application/json: schema: $ref: '#/components/schemas/CreateGraphResponse' examples: CreateGraph200Example: summary: Default createGraph 200 response x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 '400': description: Bad request - validation error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '409': description: Conflict - behavior graph already enabled content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: summary: Amazon Detective Delete Graph description: Disables Amazon Detective and queues the behavior graph for deletion. This operation requires the behavior graph ARN in the request. operationId: deleteGraph tags: - Graph requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/DeleteGraphRequest' examples: DeleteGraphRequestExample: summary: Default deleteGraph request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 responses: '200': description: Successfully deleted behavior graph '400': description: Bad request - validation error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Access denied content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graphs/list: post: summary: Amazon Detective List Graphs description: Returns the list of behavior graphs that the calling account is an administrator account of. This operation can only be called by a Detective administrator account. operationId: listGraphs tags: - Graph requestBody: required: false content: application/json: schema: $ref: '#/components/schemas/ListGraphsRequest' examples: ListGraphsRequestExample: summary: Default listGraphs request x-microcks-default: true value: MaxResults: 100 responses: '200': description: Successfully listed behavior graphs content: application/json: schema: $ref: '#/components/schemas/ListGraphsResponse' examples: ListGraphs200Example: summary: Default listGraphs 200 response x-microcks-default: true value: GraphList: - Arn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 CreatedTime: '2025-01-15T10:00:00Z' NextToken: null '400': description: Bad request - validation error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graph/members: post: summary: Amazon Detective Create Members description: Sends a request to invite the specified AWS accounts to be member accounts in the behavior graph. This operation can only be called by the administrator account. operationId: createMembers tags: - Members requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateMembersRequest' examples: CreateMembersRequestExample: summary: Default createMembers request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 Message: You are invited to join the security behavior graph. Accounts: - AccountId: '234567890123' EmailAddress: security@example.com responses: '200': description: Successfully invited member accounts content: application/json: schema: $ref: '#/components/schemas/CreateMembersResponse' examples: CreateMembers200Example: summary: Default createMembers 200 response x-microcks-default: true value: Members: - AccountId: '234567890123' EmailAddress: security@example.com GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 Status: INVITED UnprocessedAccounts: [] '400': description: Bad request - validation error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graph/members/removal: post: summary: Amazon Detective Delete Members description: Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. operationId: deleteMembers tags: - Members requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/DeleteMembersRequest' examples: DeleteMembersRequestExample: summary: Default deleteMembers request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AccountIds: - '234567890123' responses: '200': description: Successfully removed member accounts content: application/json: schema: $ref: '#/components/schemas/DeleteMembersResponse' examples: DeleteMembers200Example: summary: Default deleteMembers 200 response x-microcks-default: true value: AccountIds: - '234567890123' UnprocessedAccounts: [] '400': description: Bad request - validation error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graph/members/get: post: summary: Amazon Detective Get Members description: Returns the membership details for specified member accounts for a behavior graph. operationId: getMembers tags: - Members requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GetMembersRequest' examples: GetMembersRequestExample: summary: Default getMembers request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AccountIds: - '234567890123' responses: '200': description: Successfully retrieved member details content: application/json: schema: $ref: '#/components/schemas/GetMembersResponse' examples: GetMembers200Example: summary: Default getMembers 200 response x-microcks-default: true value: MemberDetails: - AccountId: '234567890123' EmailAddress: security@example.com GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AdministratorId: '123456789012' Status: ENABLED InvitedTime: '2025-01-15T10:00:00Z' UpdatedTime: '2025-01-16T12:00:00Z' UnprocessedAccounts: [] '400': description: Bad request - validation error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graph/members/list: post: summary: Amazon Detective List Members description: Retrieves the list of member accounts for a behavior graph. Does not return member accounts that were removed. operationId: listMembers tags: - Members requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ListMembersRequest' examples: ListMembersRequestExample: summary: Default listMembers request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 MaxResults: 100 responses: '200': description: Successfully listed members content: application/json: schema: $ref: '#/components/schemas/ListMembersResponse' examples: ListMembers200Example: summary: Default listMembers 200 response x-microcks-default: true value: MemberDetails: - AccountId: '234567890123' EmailAddress: security@example.com GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 Status: ENABLED NextToken: null '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graph/members/monitoringEnable: post: summary: Amazon Detective Start Monitoring Member description: Sends a request to enable data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED. operationId: startMonitoringMember tags: - Members requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/StartMonitoringMemberRequest' examples: StartMonitoringMemberRequestExample: summary: Default startMonitoringMember request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AccountId: '234567890123' responses: '200': description: Successfully started monitoring member '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /invitation: put: summary: Amazon Detective Accept Invitation description: Accepts an invitation for the member account to contribute data to a behavior graph. operationId: acceptInvitation tags: - Invitations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AcceptInvitationRequest' examples: AcceptInvitationRequestExample: summary: Default acceptInvitation request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 responses: '200': description: Successfully accepted invitation '400': description: Bad request - validation error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Access denied content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /invitation/removal: put: summary: Amazon Detective Reject Invitation description: Rejects an invitation to contribute the account data to a behavior graph. operationId: rejectInvitation tags: - Invitations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RejectInvitationRequest' examples: RejectInvitationRequestExample: summary: Default rejectInvitation request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 responses: '200': description: Successfully rejected invitation '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /invitations/list: post: summary: Amazon Detective List Invitations description: Retrieves the list of open and accepted behavior graph invitations for the member account. operationId: listInvitations tags: - Invitations requestBody: required: false content: application/json: schema: $ref: '#/components/schemas/ListInvitationsRequest' examples: ListInvitationsRequestExample: summary: Default listInvitations request x-microcks-default: true value: MaxResults: 100 responses: '200': description: Successfully listed invitations content: application/json: schema: $ref: '#/components/schemas/ListInvitationsResponse' examples: ListInvitations200Example: summary: Default listInvitations 200 response x-microcks-default: true value: Invitations: - AccountId: '234567890123' GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 Status: INVITED NextToken: null '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /membership/removal: post: summary: Amazon Detective Disassociate Membership description: Removes the member account from the specified behavior graph. This operation can only be called by a Detective member account. operationId: disassociateMembership tags: - Invitations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/DisassociateMembershipRequest' examples: DisassociateMembershipRequestExample: summary: Default disassociateMembership request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 responses: '200': description: Successfully disassociated membership '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graph/datasources/list: post: summary: Amazon Detective List Datasource Packages description: Lists data source packages in the behavior graph. operationId: listDatasourcePackages tags: - Datasources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ListDatasourcePackagesRequest' examples: ListDatasourcePackagesRequestExample: summary: Default listDatasourcePackages request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 MaxResults: 100 responses: '200': description: Successfully listed datasource packages content: application/json: schema: $ref: '#/components/schemas/ListDatasourcePackagesResponse' examples: ListDatasourcePackages200Example: summary: Default listDatasourcePackages 200 response x-microcks-default: true value: DatasourcePackages: DETECTIVE_CORE: DatasourcePackageIngestState: STARTED LastIngestStateChange: STARTED: Timestamp: '2025-01-15T10:00:00Z' NextToken: null '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graph/datasources/get: post: summary: Amazon Detective Batch Get Graph Member Datasources description: Gets data source package information for the behavior graph. operationId: batchGetGraphMemberDatasources tags: - Datasources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/BatchGetGraphMemberDatasourcesRequest' examples: BatchGetGraphMemberDatasourcesRequestExample: summary: Default batchGetGraphMemberDatasources request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AccountIds: - '234567890123' responses: '200': description: Successfully retrieved datasource details content: application/json: schema: $ref: '#/components/schemas/BatchGetGraphMemberDatasourcesResponse' examples: BatchGetGraphMemberDatasources200Example: summary: Default batchGetGraphMemberDatasources 200 response x-microcks-default: true value: MemberDatasources: - AccountId: '234567890123' GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 DatasourcePackageIngestHistory: {} UnprocessedAccounts: [] '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /membership/datasources/get: post: summary: Amazon Detective Batch Get Membership Datasources description: Gets information on the data source package history for an account. operationId: batchGetMembershipDatasources tags: - Datasources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/BatchGetMembershipDatasourcesRequest' examples: BatchGetMembershipDatasourcesRequestExample: summary: Default batchGetMembershipDatasources request x-microcks-default: true value: GraphArns: - arn:aws:detective:us-east-1:123456789012:graph:abc123def456 responses: '200': description: Successfully retrieved membership datasource history content: application/json: schema: $ref: '#/components/schemas/BatchGetMembershipDatasourcesResponse' examples: BatchGetMembershipDatasources200Example: summary: Default batchGetMembershipDatasources 200 response x-microcks-default: true value: MembershipDatasources: - AccountId: '234567890123' GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 UnprocessedGraphs: [] '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /graph/datasources/update: post: summary: Amazon Detective Update Datasource Packages description: Starts a data source packages for the specified behavior graph. operationId: updateDatasourcePackages tags: - Datasources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UpdateDatasourcePackagesRequest' examples: UpdateDatasourcePackagesRequestExample: summary: Default updateDatasourcePackages request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 DatasourcePackages: - EKS_AUDIT responses: '200': description: Successfully updated datasource packages '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /investigations/startInvestigation: post: summary: Amazon Detective Start Investigation description: Initiates a Detective investigation on an entity in a behavior graph. operationId: startInvestigation tags: - Investigations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/StartInvestigationRequest' examples: StartInvestigationRequestExample: summary: Default startInvestigation request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 EntityArn: arn:aws:iam::123456789012:user/jsmith ScopeStartTime: '2025-01-01T00:00:00Z' ScopeEndTime: '2025-01-15T23:59:59Z' responses: '200': description: Successfully started investigation content: application/json: schema: $ref: '#/components/schemas/StartInvestigationResponse' examples: StartInvestigation200Example: summary: Default startInvestigation 200 response x-microcks-default: true value: InvestigationId: invest-abc123def456 '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /investigations/getInvestigation: post: summary: Amazon Detective Get Investigation description: Returns the investigation results of an investigation for a behavior graph. operationId: getInvestigation tags: - Investigations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GetInvestigationRequest' examples: GetInvestigationRequestExample: summary: Default getInvestigation request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: invest-abc123def456 responses: '200': description: Successfully retrieved investigation content: application/json: schema: $ref: '#/components/schemas/GetInvestigationResponse' examples: GetInvestigation200Example: summary: Default getInvestigation 200 response x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: invest-abc123def456 EntityArn: arn:aws:iam::123456789012:user/jsmith EntityType: IAM_ROLE CreatedTime: '2025-01-15T10:00:00Z' ScopeStartTime: '2025-01-01T00:00:00Z' ScopeEndTime: '2025-01-15T23:59:59Z' Status: RUNNING Severity: HIGH State: ACTIVE '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /investigations/listInvestigations: post: summary: Amazon Detective List Investigations description: Lists investigations for a behavior graph using filters such as time range, entity ARN, and investigation state. operationId: listInvestigations tags: - Investigations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ListInvestigationsRequest' examples: ListInvestigationsRequestExample: summary: Default listInvestigations request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 MaxResults: 100 responses: '200': description: Successfully listed investigations content: application/json: schema: $ref: '#/components/schemas/ListInvestigationsResponse' examples: ListInvestigations200Example: summary: Default listInvestigations 200 response x-microcks-default: true value: InvestigationDetails: - InvestigationId: invest-abc123def456 Severity: HIGH Status: RUNNING State: ACTIVE CreatedTime: '2025-01-15T10:00:00Z' EntityArn: arn:aws:iam::123456789012:user/jsmith EntityType: IAM_ROLE NextToken: null '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /investigations/updateInvestigationState: post: summary: Amazon Detective Update Investigation State description: Updates the state of an investigation. Valid states are ACTIVE and ARCHIVED. operationId: updateInvestigationState tags: - Investigations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UpdateInvestigationStateRequest' examples: UpdateInvestigationStateRequestExample: summary: Default updateInvestigationState request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: invest-abc123def456 State: ARCHIVED responses: '200': description: Successfully updated investigation state '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /investigations/listIndicators: post: summary: Amazon Detective List Indicators description: Gets the indicators from an investigation. You can use the filters to narrow the results based on the type of indicator. operationId: listIndicators tags: - Investigations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ListIndicatorsRequest' examples: ListIndicatorsRequestExample: summary: Default listIndicators request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: invest-abc123def456 IndicatorType: FLAGGED_IP_ADDRESS responses: '200': description: Successfully listed indicators content: application/json: schema: $ref: '#/components/schemas/ListIndicatorsResponse' examples: ListIndicators200Example: summary: Default listIndicators 200 response x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: invest-abc123def456 Indicators: - IndicatorType: FLAGGED_IP_ADDRESS IndicatorDetail: {} NextToken: null '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /orgs/enableAdminAccount: post: summary: Amazon Detective Enable Organization Admin Account description: Designates the Detective administrator account for the organization in the current Region. operationId: enableOrganizationAdminAccount tags: - Organizations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/EnableOrganizationAdminAccountRequest' examples: EnableOrganizationAdminAccountRequestExample: summary: Default enableOrganizationAdminAccount request x-microcks-default: true value: AccountId: '123456789012' responses: '200': description: Successfully enabled organization admin account '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Access denied content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /orgs/disableAdminAccount: post: summary: Amazon Detective Disable Organization Admin Account description: Removes the Detective administrator account in the current Region. Must be called from the organization management account. operationId: disableOrganizationAdminAccount tags: - Organizations responses: '200': description: Successfully disabled organization admin account '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /orgs/describeOrganizationConfiguration: post: summary: Amazon Detective Describe Organization Configuration description: Returns information about the configuration for the organization behavior graph. operationId: describeOrganizationConfiguration tags: - Organizations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/DescribeOrganizationConfigurationRequest' examples: DescribeOrganizationConfigurationRequestExample: summary: Default describeOrganizationConfiguration request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 responses: '200': description: Successfully retrieved organization configuration content: application/json: schema: $ref: '#/components/schemas/DescribeOrganizationConfigurationResponse' examples: DescribeOrganizationConfiguration200Example: summary: Default describeOrganizationConfiguration 200 response x-microcks-default: true value: AutoEnable: true '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /orgs/updateOrganizationConfiguration: post: summary: Amazon Detective Update Organization Configuration description: Updates the configuration for the organization behavior graph. operationId: updateOrganizationConfiguration tags: - Organizations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UpdateOrganizationConfigurationRequest' examples: UpdateOrganizationConfigurationRequestExample: summary: Default updateOrganizationConfiguration request x-microcks-default: true value: GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AutoEnable: true responses: '200': description: Successfully updated organization configuration '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /orgs/listAdminAccounts: post: summary: Amazon Detective List Organization Admin Accounts description: Lists the Detective administrator accounts in the organization. operationId: listOrganizationAdminAccounts tags: - Organizations requestBody: required: false content: application/json: schema: $ref: '#/components/schemas/ListOrganizationAdminAccountsRequest' examples: ListOrganizationAdminAccountsRequestExample: summary: Default listOrganizationAdminAccounts request x-microcks-default: true value: MaxResults: 100 responses: '200': description: Successfully listed organization admin accounts content: application/json: schema: $ref: '#/components/schemas/ListOrganizationAdminAccountsResponse' examples: ListOrganizationAdminAccounts200Example: summary: Default listOrganizationAdminAccounts 200 response x-microcks-default: true value: Administrators: - AccountId: '123456789012' GraphArn: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 DelegationTime: '2025-01-15T10:00:00Z' NextToken: null '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /tags/{resourceArn}: get: summary: Amazon Detective List Tags for Resource description: Returns the tag values that are assigned to a behavior graph. operationId: listTagsForResource tags: - Tags parameters: - name: resourceArn in: path required: true description: The ARN of the behavior graph for which you want to list tag values. schema: type: string example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 responses: '200': description: Successfully listed tags content: application/json: schema: $ref: '#/components/schemas/ListTagsForResourceResponse' examples: ListTagsForResource200Example: summary: Default listTagsForResource 200 response x-microcks-default: true value: Tags: Environment: production Team: security '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: summary: Amazon Detective Tag Resource description: Applies tag values to a behavior graph. operationId: tagResource tags: - Tags parameters: - name: resourceArn in: path required: true description: The ARN of the behavior graph to assign the tags to. schema: type: string example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TagResourceRequest' examples: TagResourceRequestExample: summary: Default tagResource request x-microcks-default: true value: Tags: Environment: production Team: security responses: '204': description: Successfully applied tags '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: summary: Amazon Detective Untag Resource description: Removes tags from a behavior graph. operationId: untagResource tags: - Tags parameters: - name: resourceArn in: path required: true description: The ARN of the behavior graph to remove the tags from. schema: type: string example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 - name: tagKeys in: query required: true description: The tag keys of the tags to remove from the behavior graph. schema: type: array items: type: string example: - Environment - Team responses: '204': description: Successfully removed tags '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: sigv4: type: apiKey name: Authorization in: header description: AWS Signature Version 4 authentication schemas: ErrorResponse: type: object description: Standard error response from Amazon Detective properties: Message: type: string description: Human-readable error message example: The request is invalid. Code: type: string description: Error code example: ValidationException CreateGraphRequest: type: object description: Request to create a new behavior graph properties: Tags: type: object description: The tags to assign to the new behavior graph additionalProperties: type: string CreateGraphResponse: type: object description: Response from creating a behavior graph properties: GraphArn: type: string description: The ARN of the new behavior graph example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 DeleteGraphRequest: type: object required: - GraphArn description: Request to delete a behavior graph properties: GraphArn: type: string description: The ARN of the behavior graph to disable example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 ListGraphsRequest: type: object description: Request to list behavior graphs properties: NextToken: type: string description: For requests to get the next page of results. The pagination token from the previous request. example: abc123token MaxResults: type: integer description: The maximum number of graphs to return at a time. example: 100 ListGraphsResponse: type: object description: Response from listing behavior graphs properties: GraphList: type: array description: A list of behavior graphs that the account is an administrator account of. items: $ref: '#/components/schemas/Graph' NextToken: type: string description: If there are more behavior graphs remaining in the results, then this is the pagination token to use. Graph: type: object description: A behavior graph in Amazon Detective properties: Arn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 CreatedTime: type: string format: date-time description: The date and time that the behavior graph was created. example: '2025-01-15T10:00:00Z' CreateMembersRequest: type: object required: - GraphArn - Accounts description: Request to invite member accounts to a behavior graph properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 Message: type: string description: Customized message text to include in the invitation email message. example: Please join our security behavior graph. DisableEmailNotification: type: boolean description: If set to true, invitation emails are not sent. example: false Accounts: type: array description: The list of AWS accounts to invite to become member accounts. items: $ref: '#/components/schemas/Account' CreateMembersResponse: type: object description: Response from creating member accounts properties: Members: type: array description: The set of member account invitation or enablement requests. items: $ref: '#/components/schemas/MemberDetail' UnprocessedAccounts: type: array description: The list of accounts for which Detective was unable to process the invitation. items: $ref: '#/components/schemas/UnprocessedAccount' DeleteMembersRequest: type: object required: - GraphArn - AccountIds description: Request to remove member accounts from a behavior graph properties: GraphArn: type: string description: The ARN of the behavior graph to remove members from. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AccountIds: type: array description: The list of AWS account identifiers of the member accounts to remove. items: type: string example: - '234567890123' DeleteMembersResponse: type: object description: Response from deleting member accounts properties: AccountIds: type: array description: The list of AWS account identifiers of the member accounts that Detective successfully deleted. items: type: string UnprocessedAccounts: type: array description: The list of member accounts that Detective was unable to delete. items: $ref: '#/components/schemas/UnprocessedAccount' GetMembersRequest: type: object required: - GraphArn - AccountIds description: Request to get member details properties: GraphArn: type: string description: The ARN of the behavior graph to get member details for. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AccountIds: type: array description: The list of AWS account identifiers of the member accounts to get information on. items: type: string example: - '234567890123' GetMembersResponse: type: object description: Response from getting member details properties: MemberDetails: type: array description: The member account details that Detective retrieved. items: $ref: '#/components/schemas/MemberDetail' UnprocessedAccounts: type: array description: The requested member accounts for which Detective was unable to return member details. items: $ref: '#/components/schemas/UnprocessedAccount' ListMembersRequest: type: object required: - GraphArn description: Request to list member accounts properties: GraphArn: type: string description: The ARN of the behavior graph to list member accounts for. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 NextToken: type: string description: For requests to retrieve the next page of member account results. example: abc123token MaxResults: type: integer description: The maximum number of member accounts to include in the response. example: 100 ListMembersResponse: type: object description: Response from listing member accounts properties: MemberDetails: type: array description: The list of member accounts in the behavior graph. items: $ref: '#/components/schemas/MemberDetail' NextToken: type: string description: If there are more member accounts remaining in the results, then use this pagination token. StartMonitoringMemberRequest: type: object required: - GraphArn - AccountId description: Request to start monitoring a member account properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AccountId: type: string description: The account ID of the member account to try to enable. example: '234567890123' AcceptInvitationRequest: type: object required: - GraphArn description: Request to accept an invitation to a behavior graph properties: GraphArn: type: string description: The ARN of the behavior graph that the member account is accepting the invitation for. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 RejectInvitationRequest: type: object required: - GraphArn description: Request to reject a behavior graph invitation properties: GraphArn: type: string description: The ARN of the behavior graph that the member account is rejecting the invitation for. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 ListInvitationsRequest: type: object description: Request to list invitations properties: NextToken: type: string description: The pagination token for the next page of results. example: abc123token MaxResults: type: integer description: The maximum number of invitations to return. example: 100 ListInvitationsResponse: type: object description: Response from listing invitations properties: Invitations: type: array description: The list of behavior graphs for which the member account has open or accepted invitations. items: $ref: '#/components/schemas/MemberDetail' NextToken: type: string description: If there are more invitations remaining in the results, then use this pagination token. DisassociateMembershipRequest: type: object required: - GraphArn description: Request to disassociate from a behavior graph properties: GraphArn: type: string description: The ARN of the behavior graph to remove the member account from. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 ListDatasourcePackagesRequest: type: object required: - GraphArn description: Request to list datasource packages properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 NextToken: type: string description: For requests to get the next page of results. example: abc123token MaxResults: type: integer description: The total number of items to return. example: 100 ListDatasourcePackagesResponse: type: object description: Response from listing datasource packages properties: DatasourcePackages: type: object description: Details on the data source packages active in the behavior graph. additionalProperties: $ref: '#/components/schemas/DatasourcePackageIngestDetail' NextToken: type: string description: For requests to get the next page of results. DatasourcePackageIngestDetail: type: object description: Details about the ingest state of a datasource package properties: DatasourcePackageIngestState: type: string description: Details on which data source packages are ingested for a member account. enum: - STARTED - STOPPED - DISABLED LastIngestStateChange: type: object description: The date a data source package type was last updated for a member account. additionalProperties: $ref: '#/components/schemas/TimestampForCollection' TimestampForCollection: type: object description: Details on when data collection began for a source package. properties: Timestamp: type: string format: date-time description: The data and time when data collection began for a source package. example: '2025-01-15T10:00:00Z' BatchGetGraphMemberDatasourcesRequest: type: object required: - GraphArn - AccountIds description: Request to get datasource details for behavior graph members properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AccountIds: type: array description: The list of AWS accounts to get data source package information for. items: type: string example: - '234567890123' BatchGetGraphMemberDatasourcesResponse: type: object description: Response from getting datasource details for behavior graph members properties: MemberDatasources: type: array description: Details on the data source packages active in the behavior graph. items: $ref: '#/components/schemas/MembershipDatasources' UnprocessedAccounts: type: array description: Accounts that data source package information could not be retrieved for. items: $ref: '#/components/schemas/UnprocessedAccount' BatchGetMembershipDatasourcesRequest: type: object required: - GraphArns description: Request to get datasource package history for accounts properties: GraphArns: type: array description: The ARN of the behavior graph. items: type: string example: - arn:aws:detective:us-east-1:123456789012:graph:abc123def456 BatchGetMembershipDatasourcesResponse: type: object description: Response from getting membership datasource history properties: MembershipDatasources: type: array description: Details on the data source packages active in the behavior graph. items: $ref: '#/components/schemas/MembershipDatasources' UnprocessedGraphs: type: array description: Graphs that data source package information could not be retrieved for. items: $ref: '#/components/schemas/UnprocessedGraph' MembershipDatasources: type: object description: Details on data source packages for a member account in a behavior graph properties: AccountId: type: string description: The account identifier of the AWS account. example: '234567890123' GraphArn: type: string description: The ARN of the organization behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 DatasourcePackageIngestHistory: type: object description: Details on when a data source package was added to a behavior graph. additionalProperties: type: object UnprocessedGraph: type: object description: A behavior graph that could not be processed properties: GraphArn: type: string description: The ARN of the organization behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 Reason: type: string description: The reason data source package information could not be retrieved for the behavior graph. example: Graph not found UpdateDatasourcePackagesRequest: type: object required: - GraphArn - DatasourcePackages description: Request to update datasource packages for a behavior graph properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 DatasourcePackages: type: array description: The data source package start for the behavior graph. items: type: string enum: - DETECTIVE_CORE - EKS_AUDIT - AD_AUDIT example: - EKS_AUDIT StartInvestigationRequest: type: object required: - GraphArn - EntityArn - ScopeStartTime - ScopeEndTime description: Request to start an investigation properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 EntityArn: type: string description: The unique Amazon Resource Name (ARN) of the IAM user and IAM role. example: arn:aws:iam::123456789012:user/jsmith ScopeStartTime: type: string format: date-time description: The data and time when the investigation began. example: '2025-01-01T00:00:00Z' ScopeEndTime: type: string format: date-time description: The data and time when the investigation ended. example: '2025-01-15T23:59:59Z' StartInvestigationResponse: type: object description: Response from starting an investigation properties: InvestigationId: type: string description: The investigation ID of the investigation report. example: invest-abc123def456 GetInvestigationRequest: type: object required: - GraphArn - InvestigationId description: Request to get investigation details properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: type: string description: The investigation ID of the investigation report. example: invest-abc123def456 GetInvestigationResponse: type: object description: Response from getting investigation details properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: type: string description: The investigation ID of the investigation report. example: invest-abc123def456 EntityArn: type: string description: The unique Amazon Resource Name (ARN) of the IAM user and IAM role. example: arn:aws:iam::123456789012:user/jsmith EntityType: type: string description: Type of entity. For example, IAM_ROLE or IAM_USER. enum: - IAM_ROLE - IAM_USER example: IAM_ROLE CreatedTime: type: string format: date-time description: The creation time of the investigation report in UTC time stamp format. example: '2025-01-15T10:00:00Z' ScopeStartTime: type: string format: date-time description: The start date and time used to set the scope time within which you want Detective to investigate. example: '2025-01-01T00:00:00Z' ScopeEndTime: type: string format: date-time description: The end date and time used to set the scope time within which you want Detective to investigate. example: '2025-01-15T23:59:59Z' Status: type: string description: The status based on the completion status of the investigation. enum: - RUNNING - FAILED - SUCCESSFUL example: RUNNING Severity: type: string description: The severity assigned is based on the likelihood and impact of the indicators of compromise discovered in the investigation. enum: - INFORMATIONAL - LOW - MEDIUM - HIGH - CRITICAL example: HIGH State: type: string description: The current state of the investigation. An archived investigation indicates you have completed reviewing the investigation. enum: - ACTIVE - ARCHIVED example: ACTIVE ListInvestigationsRequest: type: object required: - GraphArn description: Request to list investigations properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 NextToken: type: string description: Lists the investigations for a behavior graph based on the maximum number of investigations in a page. example: abc123token MaxResults: type: integer description: Lists the investigations for a behavior graph based on the total number of investigations. example: 100 FilterCriteria: type: object description: Filters the investigation results based on a criteria. properties: Severity: type: object description: Filter investigations by severity. properties: Value: type: string enum: - INFORMATIONAL - LOW - MEDIUM - HIGH - CRITICAL Status: type: object description: Filter investigations by status. properties: Value: type: string enum: - RUNNING - FAILED - SUCCESSFUL State: type: object description: Filter investigations by state. properties: Value: type: string enum: - ACTIVE - ARCHIVED SortCriteria: type: object description: Sorts the investigation results based on a criteria. properties: Field: type: string description: The field to use to sort the results. enum: - SEVERITY - STATUS - CREATED_TIME SortOrder: type: string enum: - ASC - DESC ListInvestigationsResponse: type: object description: Response from listing investigations properties: InvestigationDetails: type: array description: Lists the summary of uncommon behavior or malicious activity which indicates a compromise. items: $ref: '#/components/schemas/InvestigationDetail' NextToken: type: string description: Lists investigations for a behavior graph based on the maximum number of investigations in a page. InvestigationDetail: type: object description: Summary details of an investigation properties: InvestigationId: type: string description: The investigation ID of the investigation report. example: invest-abc123def456 Severity: type: string description: The severity assigned to the investigation. enum: - INFORMATIONAL - LOW - MEDIUM - HIGH - CRITICAL example: HIGH Status: type: string description: The status based on the completion status of the investigation. enum: - RUNNING - FAILED - SUCCESSFUL example: RUNNING State: type: string description: The current state of the investigation. enum: - ACTIVE - ARCHIVED example: ACTIVE CreatedTime: type: string format: date-time description: The time stamp of the creation time of the investigation report. example: '2025-01-15T10:00:00Z' EntityArn: type: string description: The unique Amazon Resource Name (ARN) of the IAM user and IAM role. example: arn:aws:iam::123456789012:user/jsmith EntityType: type: string description: Type of entity. For example, IAM_ROLE or IAM_USER. enum: - IAM_ROLE - IAM_USER example: IAM_ROLE UpdateInvestigationStateRequest: type: object required: - GraphArn - InvestigationId - State description: Request to update the state of an investigation properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: type: string description: The investigation ID of the investigation report. example: invest-abc123def456 State: type: string description: The current state of the investigation. An archived investigation indicates you have completed reviewing the investigation. enum: - ACTIVE - ARCHIVED example: ARCHIVED ListIndicatorsRequest: type: object required: - GraphArn - InvestigationId description: Request to list indicators from an investigation properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: type: string description: The investigation ID of the investigation report. example: invest-abc123def456 IndicatorType: type: string description: For the list of indicators of compromise that are generated by Detective investigations, see Detective investigations. enum: - TTP_OBSERVED - IMPOSSIBLE_TRAVEL - FLAGGED_IP_ADDRESS - NEW_GEOLOCATION - NEW_ASO - NEW_USER_AGENT - RELATED_FINDING - RELATED_FINDING_GROUP example: FLAGGED_IP_ADDRESS NextToken: type: string description: List if there are more results available. example: abc123token MaxResults: type: integer description: The maximum number of results to return. example: 100 ListIndicatorsResponse: type: object description: Response from listing indicators properties: GraphArn: type: string description: The ARN of the behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 InvestigationId: type: string description: The investigation ID of the investigation report. example: invest-abc123def456 NextToken: type: string description: List if there are more results available. Indicators: type: array description: Lists the indicators of compromise. items: $ref: '#/components/schemas/Indicator' Indicator: type: object description: An indicator of compromise detected during an investigation properties: IndicatorType: type: string description: The type of indicator. enum: - TTP_OBSERVED - IMPOSSIBLE_TRAVEL - FLAGGED_IP_ADDRESS - NEW_GEOLOCATION - NEW_ASO - NEW_USER_AGENT - RELATED_FINDING - RELATED_FINDING_GROUP example: FLAGGED_IP_ADDRESS IndicatorDetail: type: object description: Details about the indicator of compromise. EnableOrganizationAdminAccountRequest: type: object required: - AccountId description: Request to enable an organization admin account for Detective properties: AccountId: type: string description: The AWS account identifier of the account to designate as the Detective administrator account for the organization. example: '123456789012' DescribeOrganizationConfigurationRequest: type: object required: - GraphArn description: Request to describe organization configuration properties: GraphArn: type: string description: The ARN of the organization behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 DescribeOrganizationConfigurationResponse: type: object description: Response from describing organization configuration properties: AutoEnable: type: boolean description: Indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph. example: true UpdateOrganizationConfigurationRequest: type: object required: - GraphArn description: Request to update organization configuration properties: GraphArn: type: string description: The ARN of the organization behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AutoEnable: type: boolean description: Indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph. example: true ListOrganizationAdminAccountsRequest: type: object description: Request to list organization admin accounts properties: NextToken: type: string description: The pagination token for the next page of results. example: abc123token MaxResults: type: integer description: The maximum number of results to return. example: 100 ListOrganizationAdminAccountsResponse: type: object description: Response from listing organization admin accounts properties: Administrators: type: array description: The list of delegated administrator accounts. items: $ref: '#/components/schemas/Administrator' NextToken: type: string description: If there are more accounts remaining in the results, then this is the pagination token. Administrator: type: object description: An organization admin account for Amazon Detective properties: AccountId: type: string description: The AWS account identifier of the Detective administrator account. example: '123456789012' GraphArn: type: string description: The ARN of the organization behavior graph. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 DelegationTime: type: string format: date-time description: The date and time when the Detective administrator account was enabled. example: '2025-01-15T10:00:00Z' ListTagsForResourceResponse: type: object description: Response from listing tags for a resource properties: Tags: type: object description: The tag values that are assigned to the behavior graph. additionalProperties: type: string TagResourceRequest: type: object required: - Tags description: Request to apply tags to a behavior graph properties: Tags: type: object description: The tags to assign to the behavior graph. additionalProperties: type: string Account: type: object required: - AccountId - EmailAddress description: An AWS account to invite to become a member account in a behavior graph properties: AccountId: type: string description: The account identifier of the AWS account. example: '234567890123' EmailAddress: type: string description: The AWS account root user email address for the AWS account. example: security@example.com MemberDetail: type: object description: Details about a member account in a behavior graph properties: AccountId: type: string description: The AWS account identifier of the member account. example: '234567890123' EmailAddress: type: string description: The AWS account root user email address for the member account. example: security@example.com GraphArn: type: string description: The ARN of the behavior graph that the member account was invited to. example: arn:aws:detective:us-east-1:123456789012:graph:abc123def456 AdministratorId: type: string description: The AWS account identifier of the administrator account for the behavior graph. example: '123456789012' Status: type: string description: The current membership status of the member account. enum: - INVITED - VERIFICATION_IN_PROGRESS - VERIFICATION_FAILED - ENABLED - ACCEPTED_BUT_DISABLED example: ENABLED InvitedTime: type: string format: date-time description: The date and time that Detective sent the invitation to the member account. example: '2025-01-15T10:00:00Z' UpdatedTime: type: string format: date-time description: The date and time that the member account was last updated. example: '2025-01-16T12:00:00Z' VolumeUsageInBytes: type: integer description: Data volume in bytes per day for the member account. example: 1073741824 VolumeUsageUpdatedTime: type: string format: date-time description: The data and time when the member account data volume was last updated. example: '2025-01-16T12:00:00Z' PercentOfGraphUtilization: type: number description: The member account data volume as a percentage of the maximum allowed data volume. example: 12.5 DisabledReason: type: string description: For member accounts with a status of ACCEPTED_BUT_DISABLED, the reason the member account is not enabled. enum: - VOLUME_TOO_HIGH - VOLUME_UNKNOWN example: VOLUME_TOO_HIGH InvitationType: type: string description: The type of behavior graph membership. enum: - INVITATION - ORGANIZATION example: INVITATION UnprocessedAccount: type: object description: A member account that could not be processed properties: AccountId: type: string description: The AWS account identifier of the member account that was not processed. example: '234567890123' Reason: type: string description: The reason that the member account request could not be processed. example: Account not found