SECURITY-IR
BatchGetMemberAccountDetails
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.membershipId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CancelMembership
valid {
input.ReqMap.membershipId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CloseCase
valid {
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateCase
enum_AwsRegion := [ "af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-southeast-4", "ap-southeast-5", "ca-central-1", "ca-west-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-central-2", "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", "il-central-1", "me-central-1", "me-south-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2" ]
enum_EngagementType := [ "Security Incident", "Investigation" ]
enum_ResolverType := [ "AWS", "Self" ]
valid {
input.Body.clientToken == STRING
input.Body.resolverType == enum_ResolverType[_]
input.Body.title == STRING
input.Body.description == STRING
input.Body.engagementType == enum_EngagementType[_]
input.Body.reportedIncidentStartDate == TIMESTAMP
input.Body.impactedAccounts[_] == STRING
input.Body.watchers[_].email == STRING
input.Body.watchers[_].name == STRING
input.Body.watchers[_].jobTitle == STRING
input.Body.threatActorIpAddresses[_].ipAddress == STRING
input.Body.threatActorIpAddresses[_].userAgent == STRING
input.Body.impactedServices[_] == STRING
input.Body.impactedAwsRegions[_].region == enum_AwsRegion[_]
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateCaseComment
valid {
input.Body.clientToken == STRING
input.Body.body == STRING
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateMembership
enum_OptInFeatureName := [ "Triage" ]
valid {
input.Body.clientToken == STRING
input.Body.membershipName == STRING
input.Body.incidentResponseTeam[_].name == STRING
input.Body.incidentResponseTeam[_].jobTitle == STRING
input.Body.incidentResponseTeam[_].email == STRING
input.Body.optInFeatures[_].featureName == enum_OptInFeatureName[_]
input.Body.optInFeatures[_].isEnabled == BOOLEAN
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCase
valid {
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCaseAttachmentDownloadUrl
valid {
input.ReqMap.caseId == STRING
input.ReqMap.attachmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCaseAttachmentUploadUrl
valid {
input.Body.fileName == STRING
input.Body.contentLength == LONG
input.Body.clientToken == STRING
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMembership
valid {
input.ReqMap.membershipId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCaseEdits
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCases
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListComments
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListMemberships
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateCase
enum_AwsRegion := [ "af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-southeast-4", "ap-southeast-5", "ca-central-1", "ca-west-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-central-2", "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", "il-central-1", "me-central-1", "me-south-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2" ]
enum_EngagementType := [ "Security Incident", "Investigation" ]
valid {
input.Body.title == STRING
input.Body.description == STRING
input.Body.reportedIncidentStartDate == TIMESTAMP
input.Body.actualIncidentStartDate == TIMESTAMP
input.Body.engagementType == enum_EngagementType[_]
input.Body.watchersToAdd[_].email == STRING
input.Body.watchersToAdd[_].name == STRING
input.Body.watchersToAdd[_].jobTitle == STRING
input.Body.watchersToDelete[_].email == STRING
input.Body.watchersToDelete[_].name == STRING
input.Body.watchersToDelete[_].jobTitle == STRING
input.Body.threatActorIpAddressesToAdd[_].ipAddress == STRING
input.Body.threatActorIpAddressesToAdd[_].userAgent == STRING
input.Body.threatActorIpAddressesToDelete[_].ipAddress == STRING
input.Body.threatActorIpAddressesToDelete[_].userAgent == STRING
input.Body.impactedServicesToAdd[_] == STRING
input.Body.impactedServicesToDelete[_] == STRING
input.Body.impactedAwsRegionsToAdd[_].region == enum_AwsRegion[_]
input.Body.impactedAwsRegionsToDelete[_].region == enum_AwsRegion[_]
input.Body.impactedAccountsToAdd[_] == STRING
input.Body.impactedAccountsToDelete[_] == STRING
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateCaseComment
valid {
input.Body.body == STRING
input.ReqMap.caseId == STRING
input.ReqMap.commentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateCaseStatus
enum_SelfManagedCaseStatus := [ "Submitted", "Detection and Analysis", "Containment, Eradication and Recovery", "Post-incident Activities" ]
valid {
input.Body.caseStatus == enum_SelfManagedCaseStatus[_]
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateMembership
enum_OptInFeatureName := [ "Triage" ]
valid {
input.Body.membershipName == STRING
input.Body.incidentResponseTeam[_].name == STRING
input.Body.incidentResponseTeam[_].jobTitle == STRING
input.Body.incidentResponseTeam[_].email == STRING
input.Body.optInFeatures[_].featureName == enum_OptInFeatureName[_]
input.Body.optInFeatures[_].isEnabled == BOOLEAN
input.ReqMap.membershipId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateResolverType
enum_ResolverType := [ "AWS", "Self" ]
valid {
input.Body.resolverType == enum_ResolverType[_]
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 5 days ago