Amazon Detective · Schema

InvestigationDetail

Summary details of an investigation

ForensicsInvestigationSecurity

Properties

Name Type Description
InvestigationId string The investigation ID of the investigation report.
Severity string The severity assigned to the investigation.
Status string The status based on the completion status of the investigation.
State string The current state of the investigation.
CreatedTime string The time stamp of the creation time of the investigation report.
EntityArn string The unique Amazon Resource Name (ARN) of the IAM user and IAM role.
EntityType string Type of entity. For example, IAM_ROLE or IAM_USER.
View JSON Schema on GitHub

JSON Schema

amazon-detective-investigation-detail-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-detective/refs/heads/main/json-schema/amazon-detective-investigation-detail-schema.json",
  "title": "InvestigationDetail",
  "description": "Summary details of an investigation",
  "type": "object",
  "properties": {
    "InvestigationId": {
      "type": "string",
      "description": "The investigation ID of the investigation report.",
      "example": "invest-abc123def456"
    },
    "Severity": {
      "type": "string",
      "description": "The severity assigned to the investigation.",
      "enum": [
        "INFORMATIONAL",
        "LOW",
        "MEDIUM",
        "HIGH",
        "CRITICAL"
      ],
      "example": "HIGH"
    },
    "Status": {
      "type": "string",
      "description": "The status based on the completion status of the investigation.",
      "enum": [
        "RUNNING",
        "FAILED",
        "SUCCESSFUL"
      ],
      "example": "RUNNING"
    },
    "State": {
      "type": "string",
      "description": "The current state of the investigation.",
      "enum": [
        "ACTIVE",
        "ARCHIVED"
      ],
      "example": "ACTIVE"
    },
    "CreatedTime": {
      "type": "string",
      "format": "date-time",
      "description": "The time stamp of the creation time of the investigation report.",
      "example": "2025-01-15T10:00:00Z"
    },
    "EntityArn": {
      "type": "string",
      "description": "The unique Amazon Resource Name (ARN) of the IAM user and IAM role.",
      "example": "arn:aws:iam::123456789012:user/jsmith"
    },
    "EntityType": {
      "type": "string",
      "description": "Type of entity. For example, IAM_ROLE or IAM_USER.",
      "enum": [
        "IAM_ROLE",
        "IAM_USER"
      ],
      "example": "IAM_ROLE"
    }
  }
}