Amazon Detective Skill
amazonaws-com-detective
Endpoints
| Method | Path | Description |
|---|---|---|
PUT | /invitation | |
POST | /graph/datasources/get | Accepts an invitation for the member account to contribute data to a behavior graph. This operation can only be called by an invited member account. The request provides the ARN o... |
POST | /membership/datasources/get | Gets data source package information for the behavior graph. |
POST | /graph | Gets information on the data source package history for an account. |
POST | /graph/members | Creates a new behavior graph for the calling account, and sets that account as the administrator account. This operation is called by the account that is enabling Detective. The o... |
POST | /graph/removal | CreateMembers is used to send invitations to accounts. For the organization behavior graph, the Detective administrator account uses CreateMembers to enable organization accounts... |
POST | /graph/members/removal | Disables the specified behavior graph and queues it to be deleted. This operation removes the behavior graph from each member account's list of behavior graphs. DeleteGraph can on... |
POST | /orgs/describeOrganizationConfiguration | Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. This operation can only be called by the admin... |
POST | /orgs/disableAdminAccount | Returns information about the configuration for the organization behavior graph. Currently indicates whether to automatically enable new organization accounts as member accounts.... |
POST | /membership/removal | Removes the Detective administrator account in the current Region. Deletes the organization behavior graph. Can only be called by the organization management account. Removing the... |
POST | /orgs/enableAdminAccount | Removes the member account from the specified behavior graph. This operation can only be called by an invited member account that has the ENABLED status. DisassociateMembership ca... |
POST | /investigations/getInvestigation | Designates the Detective administrator account for the organization in the current Region. If the account does not have Detective enabled, then enables Detective for that account... |
POST | /graph/members/get | Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network,... |
POST | /graph/datasources/list | Returns the membership details for specified member accounts for a behavior graph. |
POST | /graphs/list | Lists data source packages in the behavior graph. |
POST | /investigations/listIndicators | Returns the list of behavior graphs that the calling account is an administrator account of. This operation can only be called by an administrator account. Because an account can... |
POST | /investigations/listInvestigations | Gets the indicators from an investigation. You can use the information from the indicators to determine if an IAM user and/or IAM role is involved in an unusual activity that coul... |
POST | /invitations/list | Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network,... |
POST | /graph/members/list | Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by an invited member account. Open invitations are inv... |
POST | /orgs/adminAccountslist | Retrieves the list of member accounts for a behavior graph. For invited accounts, the results do not include member accounts that were removed from the behavior graph. For the org... |
GET | /tags/{ResourceArn} | Returns information about the Detective administrator account for an organization. Can only be called by the organization management account. |
POST | /invitation/removal | Returns the tag values that are assigned to a behavior graph. |
POST | /investigations/startInvestigation | Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by an invited member account that has the INVITED status. RejectInvitation... |
POST | /graph/member/monitoringstate | Detective investigations lets you investigate IAM users and IAM roles using indicators of compromise. An indicator of compromise (IOC) is an artifact observed in or on a network,... |
POST | /tags/{ResourceArn} | Sends a request to enable data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED. For valid member accounts, the status is updated as follows. If Detective en... |
DELETE | /tags/{ResourceArn} | Applies tag values to a behavior graph. |
POST | /graph/datasources/update | Removes tags from a behavior graph. |
POST | /investigations/updateInvestigationState | Starts a data source packages for the behavior graph. |
POST | /orgs/updateOrganizationConfiguration | Updates the state of an investigation. |
Install as Skill
Use this API as a Claude Code skill for instant agent access.
CLI Install
lapsh skill-install amazonaws-com-detective
Downloads and installs to ~/.claude/skills/amazonaws-com-detective/
Recent Versions (1)
2018-10-26(2026-02-13)