SecurityIncidentResponse ************************ Client ====== class SecurityIncidentResponse.Client A low-level client representing Security Incident Response This guide provides documents the action and response elements for customer use of the service. import boto3 client = boto3.client('security-ir') These are the available methods: * batch_get_member_account_details * can_paginate * cancel_membership * close * close_case * create_case * create_case_comment * create_membership * get_case * get_case_attachment_download_url * get_case_attachment_upload_url * get_membership * get_paginator * get_waiter * list_case_edits * list_cases * list_comments * list_memberships * list_tags_for_resource * tag_resource * untag_resource * update_case * update_case_comment * update_case_status * update_membership * update_resolver_type Paginators ========== Paginators are available on a client instance via the "get_paginator" method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide. The available paginators are: * ListCaseEdits * ListCases * ListComments * ListMemberships SecurityIncidentResponse / Paginator / ListCases ListCases ********* class SecurityIncidentResponse.Paginator.ListCases paginator = client.get_paginator('list_cases') paginate(**kwargs) Creates an iterator that will paginate through responses from "SecurityIncidentResponse.Client.list_cases()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max- items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'items': [ { 'caseId': 'string', 'lastUpdatedDate': datetime(2015, 1, 1), 'title': 'string', 'caseArn': 'string', 'engagementType': 'Security Incident'|'Investigation', 'caseStatus': 'Submitted'|'Acknowledged'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities'|'Ready to Close'|'Closed', 'createdDate': datetime(2015, 1, 1), 'closedDate': datetime(2015, 1, 1), 'resolverType': 'AWS'|'Self', 'pendingAction': 'Customer'|'None' }, ], 'total': 123, 'NextToken': 'string' } **Response Structure** * *(dict) --* * **items** *(list) --* Response element for ListCases that includes caseARN, caseID, caseStatus, closedDate, createdDate, engagementType, lastUpdatedDate, pendingAction, resolverType, and title for each response. * *(dict) --* * **caseId** *(string) --* * **lastUpdatedDate** *(datetime) --* * **title** *(string) --* * **caseArn** *(string) --* * **engagementType** *(string) --* * **caseStatus** *(string) --* * **createdDate** *(datetime) --* * **closedDate** *(datetime) --* * **resolverType** *(string) --* * **pendingAction** *(string) --* * **total** *(integer) --* Response element for ListCases providing the total number of responses. * **NextToken** *(string) --* A token to resume pagination. SecurityIncidentResponse / Paginator / ListCaseEdits ListCaseEdits ************* class SecurityIncidentResponse.Paginator.ListCaseEdits paginator = client.get_paginator('list_case_edits') paginate(**kwargs) Creates an iterator that will paginate through responses from "SecurityIncidentResponse.Client.list_case_edits()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( caseId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element used with ListCaseEdits to identify the case to query. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'items': [ { 'eventTimestamp': datetime(2015, 1, 1), 'principal': 'string', 'action': 'string', 'message': 'string' }, ], 'total': 123, 'NextToken': 'string' } **Response Structure** * *(dict) --* * **items** *(list) --* Response element for ListCaseEdits that includes the action, eventtimestamp, message, and principal for the response. * *(dict) --* * **eventTimestamp** *(datetime) --* * **principal** *(string) --* * **action** *(string) --* * **message** *(string) --* * **total** *(integer) --* Response element for ListCaseEdits that identifies the total number of edits. * **NextToken** *(string) --* A token to resume pagination. SecurityIncidentResponse / Paginator / ListComments ListComments ************ class SecurityIncidentResponse.Paginator.ListComments paginator = client.get_paginator('list_comments') paginate(**kwargs) Creates an iterator that will paginate through responses from "SecurityIncidentResponse.Client.list_comments()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( caseId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element for ListComments to designate the case to query. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'items': [ { 'commentId': 'string', 'createdDate': datetime(2015, 1, 1), 'lastUpdatedDate': datetime(2015, 1, 1), 'creator': 'string', 'lastUpdatedBy': 'string', 'body': 'string' }, ], 'total': 123, 'NextToken': 'string' } **Response Structure** * *(dict) --* * **items** *(list) --* Response element for ListComments providing the body, commentID, createDate, creator, lastUpdatedBy and lastUpdatedDate for each response. * *(dict) --* * **commentId** *(string) --* * **createdDate** *(datetime) --* * **lastUpdatedDate** *(datetime) --* * **creator** *(string) --* * **lastUpdatedBy** *(string) --* * **body** *(string) --* * **total** *(integer) --* Response element for ListComments identifying the number of responses. * **NextToken** *(string) --* A token to resume pagination. SecurityIncidentResponse / Paginator / ListMemberships ListMemberships *************** class SecurityIncidentResponse.Paginator.ListMemberships paginator = client.get_paginator('list_memberships') paginate(**kwargs) Creates an iterator that will paginate through responses from "SecurityIncidentResponse.Client.list_memberships()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max- items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'items': [ { 'membershipId': 'string', 'accountId': 'string', 'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2', 'membershipArn': 'string', 'membershipStatus': 'Active'|'Cancelled'|'Terminated' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **items** *(list) --* Request element for ListMemberships including the accountID, membershipARN, membershipID, membershipStatus, and region for each response. * *(dict) --* * **membershipId** *(string) --* * **accountId** *(string) --* * **region** *(string) --* * **membershipArn** *(string) --* * **membershipStatus** *(string) --* * **NextToken** *(string) --* A token to resume pagination. SecurityIncidentResponse / Client / get_paginator get_paginator ************* SecurityIncidentResponse.Client.get_paginator(operation_name) Create a paginator for an operation. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Raises: **OperationNotPageableError** -- Raised if the operation is not pageable. You can use the "client.can_paginate" method to check if an operation is pageable. Return type: "botocore.paginate.Paginator" Returns: A paginator object. SecurityIncidentResponse / Client / create_case_comment create_case_comment ******************* SecurityIncidentResponse.Client.create_case_comment(**kwargs) Grants permission to add a comment to an existing case. See also: AWS API Documentation **Request Syntax** response = client.create_case_comment( caseId='string', clientToken='string', body='string' ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element used in combination with CreateCaseComment to specify a case ID. * **clientToken** (*string*) -- An optional element used in combination with CreateCaseComment. This field is autopopulated if not provided. * **body** (*string*) -- **[REQUIRED]** Required element used in combination with CreateCaseComment to add content for the new comment. Return type: dict Returns: **Response Syntax** { 'commentId': 'string' } **Response Structure** * *(dict) --* * **commentId** *(string) --* Response element indicating the new comment ID. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / create_case create_case *********** SecurityIncidentResponse.Client.create_case(**kwargs) Grants permission to create a new case. See also: AWS API Documentation **Request Syntax** response = client.create_case( clientToken='string', resolverType='AWS'|'Self', title='string', description='string', engagementType='Security Incident'|'Investigation', reportedIncidentStartDate=datetime(2015, 1, 1), impactedAccounts=[ 'string', ], watchers=[ { 'email': 'string', 'name': 'string', 'jobTitle': 'string' }, ], threatActorIpAddresses=[ { 'ipAddress': 'string', 'userAgent': 'string' }, ], impactedServices=[ 'string', ], impactedAwsRegions=[ { 'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2' }, ], tags={ 'string': 'string' } ) Parameters: * **clientToken** (*string*) -- Required element used in combination with CreateCase. This field is autopopulated if not provided. * **resolverType** (*string*) -- **[REQUIRED]** Required element used in combination with CreateCase to identify the resolver type. Available resolvers include self- supported | aws-supported. * **title** (*string*) -- **[REQUIRED]** Required element used in combination with CreateCase to provide a title for the new case. * **description** (*string*) -- **[REQUIRED]** Required element used in combination with CreateCase to provide a description for the new case. * **engagementType** (*string*) -- **[REQUIRED]** Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation * **reportedIncidentStartDate** (*datetime*) -- **[REQUIRED]** Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity. * **impactedAccounts** (*list*) -- **[REQUIRED]** Required element used in combination with CreateCase to provide a list of impacted accounts. * *(string) --* * **watchers** (*list*) -- **[REQUIRED]** Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates. * *(dict) --* * **email** *(string) --* **[REQUIRED]** * **name** *(string) --* * **jobTitle** *(string) --* * **threatActorIpAddresses** (*list*) -- An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity. * *(dict) --* * **ipAddress** *(string) --* **[REQUIRED]** * **userAgent** *(string) --* * **impactedServices** (*list*) -- An optional element used in combination with CreateCase to provide a list of services impacted. * *(string) --* * **impactedAwsRegions** (*list*) -- An optional element used in combination with CreateCase to provide a list of impacted regions. * *(dict) --* * **region** *(string) --* **[REQUIRED]** * **tags** (*dict*) -- An optional element used in combination with CreateCase to add customer specified tags to a case. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** { 'caseId': 'string' } **Response Structure** * *(dict) --* * **caseId** *(string) --* A response element providing responses for requests to CreateCase. This element responds with the case ID. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / list_cases list_cases ********** SecurityIncidentResponse.Client.list_cases(**kwargs) Grants permission to list all cases the requester has access to. See also: AWS API Documentation **Request Syntax** response = client.list_cases( nextToken='string', maxResults=123 ) Parameters: * **nextToken** (*string*) -- Optional element. * **maxResults** (*integer*) -- Optional element for ListCases to limit the number of responses. Return type: dict Returns: **Response Syntax** { 'nextToken': 'string', 'items': [ { 'caseId': 'string', 'lastUpdatedDate': datetime(2015, 1, 1), 'title': 'string', 'caseArn': 'string', 'engagementType': 'Security Incident'|'Investigation', 'caseStatus': 'Submitted'|'Acknowledged'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities'|'Ready to Close'|'Closed', 'createdDate': datetime(2015, 1, 1), 'closedDate': datetime(2015, 1, 1), 'resolverType': 'AWS'|'Self', 'pendingAction': 'Customer'|'None' }, ], 'total': 123 } **Response Structure** * *(dict) --* * **nextToken** *(string) --* Optional element. * **items** *(list) --* Response element for ListCases that includes caseARN, caseID, caseStatus, closedDate, createdDate, engagementType, lastUpdatedDate, pendingAction, resolverType, and title for each response. * *(dict) --* * **caseId** *(string) --* * **lastUpdatedDate** *(datetime) --* * **title** *(string) --* * **caseArn** *(string) --* * **engagementType** *(string) --* * **caseStatus** *(string) --* * **createdDate** *(datetime) --* * **closedDate** *(datetime) --* * **resolverType** *(string) --* * **pendingAction** *(string) --* * **total** *(integer) --* Response element for ListCases providing the total number of responses. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / can_paginate can_paginate ************ SecurityIncidentResponse.Client.can_paginate(operation_name) Check if an operation can be paginated. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Returns: "True" if the operation can be paginated, "False" otherwise. SecurityIncidentResponse / Client / list_comments list_comments ************* SecurityIncidentResponse.Client.list_comments(**kwargs) Grants permissions to list and view comments for a designated case. See also: AWS API Documentation **Request Syntax** response = client.list_comments( nextToken='string', maxResults=123, caseId='string' ) Parameters: * **nextToken** (*string*) -- Optional element. * **maxResults** (*integer*) -- Optional element for ListComments to limit the number of responses. * **caseId** (*string*) -- **[REQUIRED]** Required element for ListComments to designate the case to query. Return type: dict Returns: **Response Syntax** { 'nextToken': 'string', 'items': [ { 'commentId': 'string', 'createdDate': datetime(2015, 1, 1), 'lastUpdatedDate': datetime(2015, 1, 1), 'creator': 'string', 'lastUpdatedBy': 'string', 'body': 'string' }, ], 'total': 123 } **Response Structure** * *(dict) --* * **nextToken** *(string) --* Optional request elements. * **items** *(list) --* Response element for ListComments providing the body, commentID, createDate, creator, lastUpdatedBy and lastUpdatedDate for each response. * *(dict) --* * **commentId** *(string) --* * **createdDate** *(datetime) --* * **lastUpdatedDate** *(datetime) --* * **creator** *(string) --* * **lastUpdatedBy** *(string) --* * **body** *(string) --* * **total** *(integer) --* Response element for ListComments identifying the number of responses. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / update_case_status update_case_status ****************** SecurityIncidentResponse.Client.update_case_status(**kwargs) Grants permission to update the status for a designated cases. Options include "Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed". See also: AWS API Documentation **Request Syntax** response = client.update_case_status( caseId='string', caseStatus='Submitted'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities' ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element for UpdateCaseStatus to identify the case to update. * **caseStatus** (*string*) -- **[REQUIRED]** Required element for UpdateCaseStatus to identify the status for a case. Options include "Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post- incident Activities". Return type: dict Returns: **Response Syntax** { 'caseStatus': 'Submitted'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities' } **Response Structure** * *(dict) --* * **caseStatus** *(string) --* Response element for UpdateCaseStatus showing the newly configured status. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / update_case_comment update_case_comment ******************* SecurityIncidentResponse.Client.update_case_comment(**kwargs) Grants permission to update an existing case comment. See also: AWS API Documentation **Request Syntax** response = client.update_case_comment( caseId='string', commentId='string', body='string' ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element for UpdateCaseComment to identify the case ID containing the comment to be updated. * **commentId** (*string*) -- **[REQUIRED]** Required element for UpdateCaseComment to identify the case ID to be updated. * **body** (*string*) -- **[REQUIRED]** Required element for UpdateCaseComment to identify the content for the comment to be updated. Return type: dict Returns: **Response Syntax** { 'commentId': 'string', 'body': 'string' } **Response Structure** * *(dict) --* * **commentId** *(string) --* Response element for UpdateCaseComment providing the updated comment ID. * **body** *(string) --* Response element for UpdateCaseComment providing the updated comment content. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / list_tags_for_resource list_tags_for_resource ********************** SecurityIncidentResponse.Client.list_tags_for_resource(**kwargs) Grants permission to view currently configured tags on a resource. See also: AWS API Documentation **Request Syntax** response = client.list_tags_for_resource( resourceArn='string' ) Parameters: **resourceArn** (*string*) -- **[REQUIRED]** Required element for ListTagsForResource to provide the ARN to identify a specific resource. Return type: dict Returns: **Response Syntax** { 'tags': { 'string': 'string' } } **Response Structure** * *(dict) --* * **tags** *(dict) --* Response element for ListTagsForResource providing content for each configured tag. * *(string) --* * *(string) --* **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / update_membership update_membership ***************** SecurityIncidentResponse.Client.update_membership(**kwargs) Grants access to UpdateMembership to change membership configuration. See also: AWS API Documentation **Request Syntax** response = client.update_membership( membershipId='string', membershipName='string', incidentResponseTeam=[ { 'name': 'string', 'jobTitle': 'string', 'email': 'string' }, ], optInFeatures=[ { 'featureName': 'Triage', 'isEnabled': True|False }, ] ) Parameters: * **membershipId** (*string*) -- **[REQUIRED]** Required element for UpdateMembership to identify the membership to update. * **membershipName** (*string*) -- Optional element for UpdateMembership to update the membership name. * **incidentResponseTeam** (*list*) -- Optional element for UpdateMembership to update the membership name. * *(dict) --* * **name** *(string) --* **[REQUIRED]** * **jobTitle** *(string) --* **[REQUIRED]** * **email** *(string) --* **[REQUIRED]** * **optInFeatures** (*list*) -- Optional element for UpdateMembership to enable or disable opt-in features for the service. * *(dict) --* * **featureName** *(string) --* **[REQUIRED]** * **isEnabled** *(boolean) --* **[REQUIRED]** Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / get_case get_case ******** SecurityIncidentResponse.Client.get_case(**kwargs) Grant permission to view a designated case. See also: AWS API Documentation **Request Syntax** response = client.get_case( caseId='string' ) Parameters: **caseId** (*string*) -- **[REQUIRED]** Required element for GetCase to identify the requested case ID. Return type: dict Returns: **Response Syntax** { 'title': 'string', 'caseArn': 'string', 'description': 'string', 'caseStatus': 'Submitted'|'Acknowledged'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities'|'Ready to Close'|'Closed', 'engagementType': 'Security Incident'|'Investigation', 'reportedIncidentStartDate': datetime(2015, 1, 1), 'actualIncidentStartDate': datetime(2015, 1, 1), 'impactedAwsRegions': [ { 'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2' }, ], 'threatActorIpAddresses': [ { 'ipAddress': 'string', 'userAgent': 'string' }, ], 'pendingAction': 'Customer'|'None', 'impactedAccounts': [ 'string', ], 'watchers': [ { 'email': 'string', 'name': 'string', 'jobTitle': 'string' }, ], 'createdDate': datetime(2015, 1, 1), 'lastUpdatedDate': datetime(2015, 1, 1), 'closureCode': 'Investigation Completed'|'Not Resolved'|'False Positive'|'Duplicate', 'resolverType': 'AWS'|'Self', 'impactedServices': [ 'string', ], 'caseAttachments': [ { 'attachmentId': 'string', 'fileName': 'string', 'attachmentStatus': 'Verified'|'Failed'|'Pending', 'creator': 'string', 'createdDate': datetime(2015, 1, 1) }, ], 'closedDate': datetime(2015, 1, 1) } **Response Structure** * *(dict) --* * **title** *(string) --* Response element for GetCase that provides the case title. * **caseArn** *(string) --* Response element for GetCase that provides the case ARN * **description** *(string) --* Response element for GetCase that provides contents of the case description. * **caseStatus** *(string) --* Response element for GetCase that provides the case status. Options for statuses include "Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post- Incident Activities | Closed" * **engagementType** *(string) --* Response element for GetCase that provides the engagement type. Options for engagement type include "Active Security Event | Investigations" * **reportedIncidentStartDate** *(datetime) --* Response element for GetCase that provides the customer provided incident start date. * **actualIncidentStartDate** *(datetime) --* Response element for GetCase that provides the actual incident start date as identified by data analysis during the investigation. * **impactedAwsRegions** *(list) --* Response element for GetCase that provides the impacted regions. * *(dict) --* * **region** *(string) --* * **threatActorIpAddresses** *(list) --* Response element for GetCase that provides a list of suspicious IP addresses associated with unauthorized activity. * *(dict) --* * **ipAddress** *(string) --* * **userAgent** *(string) --* * **pendingAction** *(string) --* Response element for GetCase that provides identifies the case is waiting on customer input. * **impactedAccounts** *(list) --* Response element for GetCase that provides a list of impacted accounts. * *(string) --* * **watchers** *(list) --* Response element for GetCase that provides a list of Watchers added to the case. * *(dict) --* * **email** *(string) --* * **name** *(string) --* * **jobTitle** *(string) --* * **createdDate** *(datetime) --* Response element for GetCase that provides the date the case was created. * **lastUpdatedDate** *(datetime) --* Response element for GetCase that provides the date a case was last modified. * **closureCode** *(string) --* Response element for GetCase that provides the summary code for why a case was closed. * **resolverType** *(string) --* Response element for GetCase that provides the current resolver types. Options include "self-supported | AWS- supported". * **impactedServices** *(list) --* Response element for GetCase that provides a list of impacted services. * *(string) --* * **caseAttachments** *(list) --* Response element for GetCase that provides a list of current case attachments. * *(dict) --* * **attachmentId** *(string) --* * **fileName** *(string) --* * **attachmentStatus** *(string) --* * **creator** *(string) --* * **createdDate** *(datetime) --* * **closedDate** *(datetime) --* Response element for GetCase that provides the date a specified case was closed. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / untag_resource untag_resource ************** SecurityIncidentResponse.Client.untag_resource(**kwargs) Grants permission to remove a tag(s) from a designate resource. See also: AWS API Documentation **Request Syntax** response = client.untag_resource( resourceArn='string', tagKeys=[ 'string', ] ) Parameters: * **resourceArn** (*string*) -- **[REQUIRED]** Required element for UnTagResource to identify the ARN for the resource to remove a tag from. * **tagKeys** (*list*) -- **[REQUIRED]** Required element for UnTagResource to identify tag to remove. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / update_case update_case *********** SecurityIncidentResponse.Client.update_case(**kwargs) Grants permission to update an existing case. See also: AWS API Documentation **Request Syntax** response = client.update_case( caseId='string', title='string', description='string', reportedIncidentStartDate=datetime(2015, 1, 1), actualIncidentStartDate=datetime(2015, 1, 1), engagementType='Security Incident'|'Investigation', watchersToAdd=[ { 'email': 'string', 'name': 'string', 'jobTitle': 'string' }, ], watchersToDelete=[ { 'email': 'string', 'name': 'string', 'jobTitle': 'string' }, ], threatActorIpAddressesToAdd=[ { 'ipAddress': 'string', 'userAgent': 'string' }, ], threatActorIpAddressesToDelete=[ { 'ipAddress': 'string', 'userAgent': 'string' }, ], impactedServicesToAdd=[ 'string', ], impactedServicesToDelete=[ 'string', ], impactedAwsRegionsToAdd=[ { 'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2' }, ], impactedAwsRegionsToDelete=[ { 'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2' }, ], impactedAccountsToAdd=[ 'string', ], impactedAccountsToDelete=[ 'string', ] ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element for UpdateCase to identify the case ID for updates. * **title** (*string*) -- Optional element for UpdateCase to provide content for the title field. * **description** (*string*) -- Optional element for UpdateCase to provide content for the description field. * **reportedIncidentStartDate** (*datetime*) -- Optional element for UpdateCase to provide content for the customer reported incident start date field. * **actualIncidentStartDate** (*datetime*) -- Optional element for UpdateCase to provide content for the incident start date field. * **engagementType** (*string*) -- Optional element for UpdateCase to provide content for the engagement type field. "Available engagement types include Security Incident | Investigation". * **watchersToAdd** (*list*) -- Optional element for UpdateCase to provide content to add additional watchers to a case. * *(dict) --* * **email** *(string) --* **[REQUIRED]** * **name** *(string) --* * **jobTitle** *(string) --* * **watchersToDelete** (*list*) -- Optional element for UpdateCase to provide content to remove existing watchers from a case. * *(dict) --* * **email** *(string) --* **[REQUIRED]** * **name** *(string) --* * **jobTitle** *(string) --* * **threatActorIpAddressesToAdd** (*list*) -- Optional element for UpdateCase to provide content to add additional suspicious IP addresses related to a case. * *(dict) --* * **ipAddress** *(string) --* **[REQUIRED]** * **userAgent** *(string) --* * **threatActorIpAddressesToDelete** (*list*) -- Optional element for UpdateCase to provide content to remove suspicious IP addresses from a case. * *(dict) --* * **ipAddress** *(string) --* **[REQUIRED]** * **userAgent** *(string) --* * **impactedServicesToAdd** (*list*) -- Optional element for UpdateCase to provide content to add services impacted. * *(string) --* * **impactedServicesToDelete** (*list*) -- Optional element for UpdateCase to provide content to remove services impacted. * *(string) --* * **impactedAwsRegionsToAdd** (*list*) -- Optional element for UpdateCase to provide content to add regions impacted. * *(dict) --* * **region** *(string) --* **[REQUIRED]** * **impactedAwsRegionsToDelete** (*list*) -- Optional element for UpdateCase to provide content to remove regions impacted. * *(dict) --* * **region** *(string) --* **[REQUIRED]** * **impactedAccountsToAdd** (*list*) -- Optional element for UpdateCase to provide content to add accounts impacted. * *(string) --* * **impactedAccountsToDelete** (*list*) -- Optional element for UpdateCase to provide content to add accounts impacted. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / get_waiter get_waiter ********** SecurityIncidentResponse.Client.get_waiter(waiter_name) Returns an object that can wait for some condition. Parameters: **waiter_name** (*str*) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters. Returns: The specified waiter object. Return type: "botocore.waiter.Waiter" SecurityIncidentResponse / Client / close_case close_case ********** SecurityIncidentResponse.Client.close_case(**kwargs) Grants permission to close an existing case. See also: AWS API Documentation **Request Syntax** response = client.close_case( caseId='string' ) Parameters: **caseId** (*string*) -- **[REQUIRED]** Required element used in combination with CloseCase to identify the case ID to close. Return type: dict Returns: **Response Syntax** { 'caseStatus': 'Submitted'|'Acknowledged'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities'|'Ready to Close'|'Closed', 'closedDate': datetime(2015, 1, 1) } **Response Structure** * *(dict) --* * **caseStatus** *(string) --* A response element providing responses for requests to CloseCase. This element responds with the case status following the action. * **closedDate** *(datetime) --* A response element providing responses for requests to CloseCase. This element responds with the case closure date following the action. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / list_memberships list_memberships **************** SecurityIncidentResponse.Client.list_memberships(**kwargs) Grants permission to query the memberships a principal has access to. See also: AWS API Documentation **Request Syntax** response = client.list_memberships( nextToken='string', maxResults=123 ) Parameters: * **nextToken** (*string*) -- Optional element. * **maxResults** (*integer*) -- Request element for ListMemberships to limit the number of responses. Return type: dict Returns: **Response Syntax** { 'nextToken': 'string', 'items': [ { 'membershipId': 'string', 'accountId': 'string', 'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2', 'membershipArn': 'string', 'membershipStatus': 'Active'|'Cancelled'|'Terminated' }, ] } **Response Structure** * *(dict) --* * **nextToken** *(string) --* Optional element. * **items** *(list) --* Request element for ListMemberships including the accountID, membershipARN, membershipID, membershipStatus, and region for each response. * *(dict) --* * **membershipId** *(string) --* * **accountId** *(string) --* * **region** *(string) --* * **membershipArn** *(string) --* * **membershipStatus** *(string) --* **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / create_membership create_membership ***************** SecurityIncidentResponse.Client.create_membership(**kwargs) Grants permissions to create a new membership. See also: AWS API Documentation **Request Syntax** response = client.create_membership( clientToken='string', membershipName='string', incidentResponseTeam=[ { 'name': 'string', 'jobTitle': 'string', 'email': 'string' }, ], optInFeatures=[ { 'featureName': 'Triage', 'isEnabled': True|False }, ], tags={ 'string': 'string' } ) Parameters: * **clientToken** (*string*) -- An optional element used in combination with CreateMembership. This field is autopopulated if not provided. * **membershipName** (*string*) -- **[REQUIRED]** Required element use in combination with CreateMembership to create a name for the membership. * **incidentResponseTeam** (*list*) -- **[REQUIRED]** Required element use in combination with CreateMembership to add customer incident response team members and trusted partners to the membership. * *(dict) --* * **name** *(string) --* **[REQUIRED]** * **jobTitle** *(string) --* **[REQUIRED]** * **email** *(string) --* **[REQUIRED]** * **optInFeatures** (*list*) -- Optional element to enable the monitoring and investigation opt-in features for the service. * *(dict) --* * **featureName** *(string) --* **[REQUIRED]** * **isEnabled** *(boolean) --* **[REQUIRED]** * **tags** (*dict*) -- Optional element for customer configured tags. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** { 'membershipId': 'string' } **Response Structure** * *(dict) --* * **membershipId** *(string) --* Response element for CreateMembership providing the newly created membership ID. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / cancel_membership cancel_membership ***************** SecurityIncidentResponse.Client.cancel_membership(**kwargs) Grants permissions to cancel an existing membership. See also: AWS API Documentation **Request Syntax** response = client.cancel_membership( membershipId='string' ) Parameters: **membershipId** (*string*) -- **[REQUIRED]** Required element used in combination with CancelMembershipRequest to identify the membership ID to cancel. Return type: dict Returns: **Response Syntax** { 'membershipId': 'string' } **Response Structure** * *(dict) --* * **membershipId** *(string) --* The response element providing responses for requests to CancelMembershipRequest. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / close close ***** SecurityIncidentResponse.Client.close() Closes underlying endpoint connections. SecurityIncidentResponse / Client / get_case_attachment_download_url get_case_attachment_download_url ******************************** SecurityIncidentResponse.Client.get_case_attachment_download_url(**kwargs) Grants permission to obtain an Amazon S3 presigned URL to download an attachment. See also: AWS API Documentation **Request Syntax** response = client.get_case_attachment_download_url( caseId='string', attachmentId='string' ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element for GetCaseAttachmentDownloadUrl to identify the case ID for downloading an attachment from. * **attachmentId** (*string*) -- **[REQUIRED]** Required element for GetCaseAttachmentDownloadUrl to identify the attachment ID for downloading an attachment. Return type: dict Returns: **Response Syntax** { 'attachmentPresignedUrl': 'string' } **Response Structure** * *(dict) --* * **attachmentPresignedUrl** *(string) --* Response element providing the Amazon S3 presigned URL to download an attachment. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / update_resolver_type update_resolver_type ******************** SecurityIncidentResponse.Client.update_resolver_type(**kwargs) Grants permission to update the resolver type for a case. Warning: This is a one-way action and cannot be reversed. Options include self-supported > AWS-supported. See also: AWS API Documentation **Request Syntax** response = client.update_resolver_type( caseId='string', resolverType='AWS'|'Self' ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element for UpdateResolverType to identify the case to update. * **resolverType** (*string*) -- **[REQUIRED]** Required element for UpdateResolverType to identify the new resolver. Return type: dict Returns: **Response Syntax** { 'caseId': 'string', 'caseStatus': 'Submitted'|'Acknowledged'|'Detection and Analysis'|'Containment, Eradication and Recovery'|'Post-incident Activities'|'Ready to Close'|'Closed', 'resolverType': 'AWS'|'Self' } **Response Structure** * *(dict) --* * **caseId** *(string) --* Response element for UpdateResolver identifying the case ID being updated. * **caseStatus** *(string) --* Response element for UpdateResolver identifying the current status of the case. * **resolverType** *(string) --* Response element for UpdateResolver identifying the current resolver of the case. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / get_membership get_membership ************** SecurityIncidentResponse.Client.get_membership(**kwargs) Grants permission to get details of a designated service membership. See also: AWS API Documentation **Request Syntax** response = client.get_membership( membershipId='string' ) Parameters: **membershipId** (*string*) -- **[REQUIRED]** Required element for GetMembership to identify the membership ID to query. Return type: dict Returns: **Response Syntax** { 'membershipId': 'string', 'accountId': 'string', 'region': 'af-south-1'|'ap-east-1'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'ap-south-1'|'ap-south-2'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-southeast-4'|'ap-southeast-5'|'ap-southeast-7'|'ca-central-1'|'ca-west-1'|'cn-north-1'|'cn-northwest-1'|'eu-central-1'|'eu-central-2'|'eu-north-1'|'eu-south-1'|'eu-south-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'il-central-1'|'me-central-1'|'me-south-1'|'mx-central-1'|'sa-east-1'|'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2', 'membershipName': 'string', 'membershipArn': 'string', 'membershipStatus': 'Active'|'Cancelled'|'Terminated', 'membershipActivationTimestamp': datetime(2015, 1, 1), 'membershipDeactivationTimestamp': datetime(2015, 1, 1), 'customerType': 'Standalone'|'Organization', 'numberOfAccountsCovered': 123, 'incidentResponseTeam': [ { 'name': 'string', 'jobTitle': 'string', 'email': 'string' }, ], 'optInFeatures': [ { 'featureName': 'Triage', 'isEnabled': True|False }, ] } **Response Structure** * *(dict) --* * **membershipId** *(string) --* Response element for GetMembership that provides the queried membership ID. * **accountId** *(string) --* Response element for GetMembership that provides the configured account for managing the membership. * **region** *(string) --* Response element for GetMembership that provides the configured region for managing the membership. * **membershipName** *(string) --* Response element for GetMembership that provides the configured membership name. * **membershipArn** *(string) --* Response element for GetMembership that provides the membership ARN. * **membershipStatus** *(string) --* Response element for GetMembership that provides the current membership status. * **membershipActivationTimestamp** *(datetime) --* Response element for GetMembership that provides the configured membership activation timestamp. * **membershipDeactivationTimestamp** *(datetime) --* Response element for GetMembership that provides the configured membership name deactivation timestamp. * **customerType** *(string) --* Response element for GetMembership that provides the configured membership type. Options include "Standalone | Organizations". * **numberOfAccountsCovered** *(integer) --* Response element for GetMembership that provides the number of accounts in the membership. * **incidentResponseTeam** *(list) --* Response element for GetMembership that provides the configured membership incident response team members. * *(dict) --* * **name** *(string) --* * **jobTitle** *(string) --* * **email** *(string) --* * **optInFeatures** *(list) --* Response element for GetMembership that provides the if opt- in features have been enabled. * *(dict) --* * **featureName** *(string) --* * **isEnabled** *(boolean) --* **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / get_case_attachment_upload_url get_case_attachment_upload_url ****************************** SecurityIncidentResponse.Client.get_case_attachment_upload_url(**kwargs) Grants permission to upload an attachment to a case. See also: AWS API Documentation **Request Syntax** response = client.get_case_attachment_upload_url( caseId='string', fileName='string', contentLength=123, clientToken='string' ) Parameters: * **caseId** (*string*) -- **[REQUIRED]** Required element for GetCaseAttachmentUploadUrl to identify the case ID for uploading an attachment to. * **fileName** (*string*) -- **[REQUIRED]** Required element for GetCaseAttachmentUploadUrl to identify the file name of the attachment to upload. * **contentLength** (*integer*) -- **[REQUIRED]** Required element for GetCaseAttachmentUploadUrl to identify the size od the file attachment. * **clientToken** (*string*) -- Optional element for customer provided token. This field is autopopulated if not provided. Return type: dict Returns: **Response Syntax** { 'attachmentPresignedUrl': 'string' } **Response Structure** * *(dict) --* * **attachmentPresignedUrl** *(string) --* Response element providing the Amazon S3 presigned UTL to upload the attachment. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / list_case_edits list_case_edits *************** SecurityIncidentResponse.Client.list_case_edits(**kwargs) Grants permissions to view the aidt log for edits made to a designated case. See also: AWS API Documentation **Request Syntax** response = client.list_case_edits( nextToken='string', maxResults=123, caseId='string' ) Parameters: * **nextToken** (*string*) -- Optional element for a customer provided token. * **maxResults** (*integer*) -- Optional element to identify how many results to obtain. There is a maximum value of 25. * **caseId** (*string*) -- **[REQUIRED]** Required element used with ListCaseEdits to identify the case to query. Return type: dict Returns: **Response Syntax** { 'nextToken': 'string', 'items': [ { 'eventTimestamp': datetime(2015, 1, 1), 'principal': 'string', 'action': 'string', 'message': 'string' }, ], 'total': 123 } **Response Structure** * *(dict) --* * **nextToken** *(string) --* Optional element. * **items** *(list) --* Response element for ListCaseEdits that includes the action, eventtimestamp, message, and principal for the response. * *(dict) --* * **eventTimestamp** *(datetime) --* * **principal** *(string) --* * **action** *(string) --* * **message** *(string) --* * **total** *(integer) --* Response element for ListCaseEdits that identifies the total number of edits. **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / batch_get_member_account_details batch_get_member_account_details ******************************** SecurityIncidentResponse.Client.batch_get_member_account_details(**kwargs) Grants permission to view an existing membership. See also: AWS API Documentation **Request Syntax** response = client.batch_get_member_account_details( membershipId='string', accountIds=[ 'string', ] ) Parameters: * **membershipId** (*string*) -- **[REQUIRED]** Required element used in combination with BatchGetMemberAccountDetails to identify the membership ID to query. * **accountIds** (*list*) -- **[REQUIRED]** Optional element to query the membership relationship status to a provided list of account IDs. * *(string) --* Return type: dict Returns: **Response Syntax** { 'items': [ { 'accountId': 'string', 'relationshipStatus': 'Associated'|'Disassociated', 'relationshipType': 'Organization' }, ], 'errors': [ { 'accountId': 'string', 'error': 'string', 'message': 'string' }, ] } **Response Structure** * *(dict) --* * **items** *(list) --* The response element providing responses for requests to GetMembershipAccountDetails. * *(dict) --* * **accountId** *(string) --* * **relationshipStatus** *(string) --* * **relationshipType** *(string) --* * **errors** *(list) --* The response element providing errors messages for requests to GetMembershipAccountDetails. * *(dict) --* * **accountId** *(string) --* * **error** *(string) --* * **message** *(string) --* **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n" SecurityIncidentResponse / Client / tag_resource tag_resource ************ SecurityIncidentResponse.Client.tag_resource(**kwargs) Grants permission to add a tag(s) to a designated resource. See also: AWS API Documentation **Request Syntax** response = client.tag_resource( resourceArn='string', tags={ 'string': 'string' } ) Parameters: * **resourceArn** (*string*) -- **[REQUIRED]** Required element for TagResource to identify the ARN for the resource to add a tag to. * **tags** (*dict*) -- **[REQUIRED]** Required element for ListTagsForResource to provide the content for a tag. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceeded Exception" * "SecurityIncidentResponse.Client.exceptions.AccessDeniedExceptio n" * "SecurityIncidentResponse.Client.exceptions.ValidationException" * "SecurityIncidentResponse.Client.exceptions.SecurityIncidentResp onseNotActiveException" * "SecurityIncidentResponse.Client.exceptions.InternalServerExcept ion" * "SecurityIncidentResponse.Client.exceptions.ResourceNotFoundExce ption" * "SecurityIncidentResponse.Client.exceptions.ThrottlingException" * "SecurityIncidentResponse.Client.exceptions.ConflictException" * "SecurityIncidentResponse.Client.exceptions.InvalidTokenExceptio n"