AWSIAMAccessAnalyzer SOAR Integration

This document details the tools provided by the AWSIAMAccessAnalyzer SOAR integration.

Tools

awsiam_access_analyzer_scan_resources

Scan resources using AWS IAM Access Analyzer.

Parameters:

  • case_id (str, required): The ID of the case.

  • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

  • resource_ar_ns (str, required): Specify a comma-separated list of resource ARNs that need to be scanned.

  • target_entities (List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.

  • scope (str, optional, default=“All entities”): Defines the scope for the action.

awsiam_access_analyzer_ping

Test connectivity to AWS IAM Access Analyzer with parameters provided at the integration configuration page on Marketplace tab.

Parameters:

  • case_id (str, required): The ID of the case.

  • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

  • target_entities (List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.

  • scope (str, optional, default=“All entities”): Defines the scope for the action.

awsiam_access_analyzer_archive_finding

Archive finding in AWS IAM Access Analyzer

Parameters:

  • case_id (str, required): The ID of the case.

  • alert_group_identifiers (List[str], required): Identifiers for the alert groups.

  • finding_id (str, required): Specify ID of the finding that you want to archive.

  • target_entities (List[TargetEntity], optional, default=[]): Optional list of specific target entities (Identifier, EntityType) to run the action on.

  • scope (str, optional, default=“All entities”): Defines the scope for the action.