java.lang.Object
software.amazon.awssdk.services.securityhub.model.ActorSession
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<ActorSession.Builder,ActorSession>

@Generated("software.amazon.awssdk:codegen") public final class ActorSession extends Object implements SdkPojo, Serializable, ToCopyableBuilder<ActorSession.Builder,ActorSession>

Contains information about the authenticated session used by the threat actor identified in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub CSPM, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

See Also:
  • Method Details

    • uid

      public final String uid()

      Unique identifier of the session.

      Returns:
      Unique identifier of the session.
    • mfaStatus

      public final ActorSessionMfaStatus mfaStatus()

      Indicates whether multi-factor authentication (MFA) was used for authentication during the session.

      In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.

      If the service returns an enum value that is not available in the current SDK version, mfaStatus will return ActorSessionMfaStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from mfaStatusAsString().

      Returns:
      Indicates whether multi-factor authentication (MFA) was used for authentication during the session.

      In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.

      See Also:
    • mfaStatusAsString

      public final String mfaStatusAsString()

      Indicates whether multi-factor authentication (MFA) was used for authentication during the session.

      In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.

      If the service returns an enum value that is not available in the current SDK version, mfaStatus will return ActorSessionMfaStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from mfaStatusAsString().

      Returns:
      Indicates whether multi-factor authentication (MFA) was used for authentication during the session.

      In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.

      See Also:
    • createdTime

      public final Long createdTime()

      The timestamp for when the session was created.

      In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.creationDate.

      Returns:
      The timestamp for when the session was created.

      In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.creationDate.

    • issuer

      public final String issuer()

      The issuer of the session.

      In CloudTrail, you can find this value as userIdentity.sessionContext.sessionIssuer.arn.

      Returns:
      The issuer of the session.

      In CloudTrail, you can find this value as userIdentity.sessionContext.sessionIssuer.arn.

    • toBuilder

      public ActorSession.Builder toBuilder()
      Specified by:
      toBuilder in interface ToCopyableBuilder<ActorSession.Builder,ActorSession>
    • builder

      public static ActorSession.Builder builder()
    • serializableBuilderClass

      public static Class<? extends ActorSession.Builder> serializableBuilderClass()
    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object
    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object
    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Specified by:
      equalsBySdkFields in interface SdkPojo
    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object
    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)
    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
    • sdkFieldNameToField

      public final Map<String,SdkField<?>> sdkFieldNameToField()
      Specified by:
      sdkFieldNameToField in interface SdkPojo