Amazon Detective · JSON Structure

Amazon Detective Indicator Structure

An indicator of compromise detected during an investigation

Type: object Properties: 2
ForensicsInvestigationSecurity

Indicator is a JSON Structure definition published by Amazon Detective, describing 2 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

IndicatorType IndicatorDetail

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-detective/refs/heads/main/json-structure/amazon-detective-indicator-structure.json",
  "description": "An indicator of compromise detected during an investigation",
  "type": "object",
  "properties": {
    "IndicatorType": {
      "type": "string",
      "description": "The type of indicator.",
      "enum": [
        "TTP_OBSERVED",
        "IMPOSSIBLE_TRAVEL",
        "FLAGGED_IP_ADDRESS",
        "NEW_GEOLOCATION",
        "NEW_ASO",
        "NEW_USER_AGENT",
        "RELATED_FINDING",
        "RELATED_FINDING_GROUP"
      ],
      "example": "FLAGGED_IP_ADDRESS"
    },
    "IndicatorDetail": {
      "type": "object",
      "description": "Details about the indicator of compromise."
    }
  },
  "name": "Indicator"
}