SECURITY-IR
BatchGetMemberAccountDetails
valid {
input.Body.accountIds[_] == STRING
input.ReqMap.membershipId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CancelMembership
valid {
input.ReqMap.membershipId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CloseCase
valid {
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateCase
enum_AwsRegion := [ "af-south-1", "ap-east-1", "ap-east-2", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-southeast-4", "ap-southeast-5", "ap-southeast-6", "ap-southeast-7", "ca-central-1", "ca-west-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-central-2", "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", "il-central-1", "me-central-1", "me-south-1", "mx-central-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2" ]
enum_EngagementType := [ "Security Incident", "Investigation" ]
enum_ResolverType := [ "AWS", "Self" ]
valid {
input.Body.clientToken == STRING
input.Body.resolverType == enum_ResolverType[_]
input.Body.title == STRING
input.Body.description == STRING
input.Body.engagementType == enum_EngagementType[_]
input.Body.reportedIncidentStartDate == TIMESTAMP
input.Body.impactedAccounts[_] == STRING
input.Body.watchers[_].email == STRING
input.Body.watchers[_].name == STRING
input.Body.watchers[_].jobTitle == STRING
input.Body.threatActorIpAddresses[_].ipAddress == STRING
input.Body.threatActorIpAddresses[_].userAgent == STRING
input.Body.impactedServices[_] == STRING
input.Body.impactedAwsRegions[_].region == enum_AwsRegion[_]
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateCaseComment
valid {
input.Body.clientToken == STRING
input.Body.body == STRING
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateMembership
enum_CommunicationType := [ "Case Created", "Case Updated", "Case Acknowledged", "Case Closed", "Case Updated To Service Managed", "Case Status Updated", "Case Pending Customer Action Reminder", "Case Attachment Url Uploaded", "Case Comment Added", "Case Comment Updated", "Membership Created", "Membership Updated", "Membership Cancelled", "Register Delegated Administrator", "Deregister Delegated Administrator", "Disable AWS Service Access" ]
enum_OptInFeatureName := [ "Triage" ]
valid {
input.Body.clientToken == STRING
input.Body.membershipName == STRING
input.Body.incidentResponseTeam[_].name == STRING
input.Body.incidentResponseTeam[_].jobTitle == STRING
input.Body.incidentResponseTeam[_].email == STRING
input.Body.incidentResponseTeam[_].communicationPreferences[_] == enum_CommunicationType[_]
input.Body.optInFeatures[_].featureName == enum_OptInFeatureName[_]
input.Body.optInFeatures[_].isEnabled == BOOLEAN
input.Body.tags.STRING == STRING
input.Body.coverEntireOrganization == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetCase
valid {
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetCaseAttachmentDownloadUrl
valid {
input.ReqMap.caseId == STRING
input.ReqMap.attachmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetCaseAttachmentUploadUrl
valid {
input.Body.fileName == STRING
input.Body.contentLength == LONG
input.Body.clientToken == STRING
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetMembership
valid {
input.ReqMap.membershipId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListCaseEdits
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListCases
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListComments
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListMemberships
valid {
input.Body.nextToken == STRING
input.Body.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateCase
enum_AwsRegion := [ "af-south-1", "ap-east-1", "ap-east-2", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-southeast-4", "ap-southeast-5", "ap-southeast-6", "ap-southeast-7", "ca-central-1", "ca-west-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-central-2", "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", "il-central-1", "me-central-1", "me-south-1", "mx-central-1", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2" ]
enum_EngagementType := [ "Security Incident", "Investigation" ]
valid {
input.Body.title == STRING
input.Body.description == STRING
input.Body.reportedIncidentStartDate == TIMESTAMP
input.Body.actualIncidentStartDate == TIMESTAMP
input.Body.engagementType == enum_EngagementType[_]
input.Body.watchersToAdd[_].email == STRING
input.Body.watchersToAdd[_].name == STRING
input.Body.watchersToAdd[_].jobTitle == STRING
input.Body.watchersToDelete[_].email == STRING
input.Body.watchersToDelete[_].name == STRING
input.Body.watchersToDelete[_].jobTitle == STRING
input.Body.threatActorIpAddressesToAdd[_].ipAddress == STRING
input.Body.threatActorIpAddressesToAdd[_].userAgent == STRING
input.Body.threatActorIpAddressesToDelete[_].ipAddress == STRING
input.Body.threatActorIpAddressesToDelete[_].userAgent == STRING
input.Body.impactedServicesToAdd[_] == STRING
input.Body.impactedServicesToDelete[_] == STRING
input.Body.impactedAwsRegionsToAdd[_].region == enum_AwsRegion[_]
input.Body.impactedAwsRegionsToDelete[_].region == enum_AwsRegion[_]
input.Body.impactedAccountsToAdd[_] == STRING
input.Body.impactedAccountsToDelete[_] == STRING
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateCaseComment
valid {
input.Body.body == STRING
input.ReqMap.caseId == STRING
input.ReqMap.commentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateCaseStatus
enum_SelfManagedCaseStatus := [ "Submitted", "Detection and Analysis", "Containment, Eradication and Recovery", "Post-incident Activities" ]
valid {
input.Body.caseStatus == enum_SelfManagedCaseStatus[_]
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateMembership
enum_CommunicationType := [ "Case Created", "Case Updated", "Case Acknowledged", "Case Closed", "Case Updated To Service Managed", "Case Status Updated", "Case Pending Customer Action Reminder", "Case Attachment Url Uploaded", "Case Comment Added", "Case Comment Updated", "Membership Created", "Membership Updated", "Membership Cancelled", "Register Delegated Administrator", "Deregister Delegated Administrator", "Disable AWS Service Access" ]
enum_OptInFeatureName := [ "Triage" ]
valid {
input.Body.membershipName == STRING
input.Body.incidentResponseTeam[_].name == STRING
input.Body.incidentResponseTeam[_].jobTitle == STRING
input.Body.incidentResponseTeam[_].email == STRING
input.Body.incidentResponseTeam[_].communicationPreferences[_] == enum_CommunicationType[_]
input.Body.optInFeatures[_].featureName == enum_OptInFeatureName[_]
input.Body.optInFeatures[_].isEnabled == BOOLEAN
input.Body.membershipAccountsConfigurationsUpdate.coverEntireOrganization == BOOLEAN
input.Body.membershipAccountsConfigurationsUpdate.organizationalUnitsToAdd[_] == STRING
input.Body.membershipAccountsConfigurationsUpdate.organizationalUnitsToRemove[_] == STRING
input.Body.undoMembershipCancellation == BOOLEAN
input.ReqMap.membershipId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateResolverType
enum_ResolverType := [ "AWS", "Self" ]
valid {
input.Body.resolverType == enum_ResolverType[_]
input.ReqMap.caseId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 15 days ago