AcceptInvitation

valid {
    input.Body.GraphArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchGetGraphMemberDatasources

valid {
    input.Body.GraphArn == STRING
    input.Body.AccountIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchGetMembershipDatasources

valid {
    input.Body.GraphArns[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateGraph

valid {
    input.Body.Tags.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateMembers

valid {
    input.Body.GraphArn == STRING
    input.Body.Message == STRING
    input.Body.DisableEmailNotification == BOOLEAN
    input.Body.Accounts[_].AccountId == STRING
    input.Body.Accounts[_].EmailAddress == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteGraph

valid {
    input.Body.GraphArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteMembers

valid {
    input.Body.GraphArn == STRING
    input.Body.AccountIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeOrganizationConfiguration

valid {
    input.Body.GraphArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableOrganizationAdminAccount

valid {
    input.Body.GraphArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateMembership

valid {
    input.Body.GraphArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableOrganizationAdminAccount

valid {
    input.Body.AccountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInvestigation

valid {
    input.Body.GraphArn == STRING
    input.Body.InvestigationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMembers

valid {
    input.Body.GraphArn == STRING
    input.Body.AccountIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDatasourcePackages

valid {
    input.Body.GraphArn == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListGraphs

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListIndicators

enum_IndicatorType := [ "TTP_OBSERVED", "IMPOSSIBLE_TRAVEL", "FLAGGED_IP_ADDRESS", "NEW_GEOLOCATION", "NEW_ASO", "NEW_USER_AGENT", "RELATED_FINDING", "RELATED_FINDING_GROUP" ]

valid {
    input.Body.GraphArn == STRING
    input.Body.InvestigationId == STRING
    input.Body.IndicatorType == enum_IndicatorType[_]
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListInvestigations

enum_Field := [ "SEVERITY", "STATUS", "CREATED_TIME" ]
enum_SortOrder := [ "ASC", "DESC" ]

valid {
    input.Body.GraphArn == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.Body.FilterCriteria.Severity.Value == STRING
    input.Body.FilterCriteria.Status.Value == STRING
    input.Body.FilterCriteria.State.Value == STRING
    input.Body.FilterCriteria.EntityArn.Value == STRING
    input.Body.FilterCriteria.CreatedTime.StartInclusive == TIMESTAMP
    input.Body.FilterCriteria.CreatedTime.EndInclusive == TIMESTAMP
    input.Body.SortCriteria.Field == enum_Field[_]
    input.Body.SortCriteria.SortOrder == enum_SortOrder[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListInvitations

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMembers

valid {
    input.Body.GraphArn == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOrganizationAdminAccounts

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.ReqMap.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RejectInvitation

valid {
    input.Body.GraphArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartInvestigation

valid {
    input.Body.GraphArn == STRING
    input.Body.EntityArn == STRING
    input.Body.ScopeStartTime == TIMESTAMP
    input.Body.ScopeEndTime == TIMESTAMP
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartMonitoringMember

valid {
    input.Body.GraphArn == STRING
    input.Body.AccountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.Tags.STRING == STRING
    input.ReqMap.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.ReqMap.ResourceArn == STRING
    input.Qs.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDatasourcePackages

enum_DatasourcePackage := [ "DETECTIVE_CORE", "EKS_AUDIT", "ASFF_SECURITYHUB_FINDING" ]

valid {
    input.Body.GraphArn == STRING
    input.Body.DatasourcePackages[_] == enum_DatasourcePackage[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateInvestigationState

enum_State := [ "ACTIVE", "ARCHIVED" ]

valid {
    input.Body.GraphArn == STRING
    input.Body.InvestigationId == STRING
    input.Body.State == enum_State[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateOrganizationConfiguration

valid {
    input.Body.GraphArn == STRING
    input.Body.AutoEnable == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}