Detective

Amazon Detective streamlines the security investigation process, making it more efficient to analyze, investigate, and pinpoint the root cause of security issues or unusual activities. It automates the collection of log data from AWS resources and employs machine learning, statistical analysis, and graph theory to construct an interconnected data set. This setup greatly enhances the speed and effectiveness of security investigations.

The service eases in-depth exploration of security incidents, allowing security teams to swiftly understand and address the underlying causes of issues. Amazon Detective analyzes vast amounts of data from sources like VPC Flow Logs, AWS CloudTrail, and Amazon GuardDuty. It automatically generates a comprehensive, interactive view of resources, users, and their interactions over time. This integrated perspective provides all necessary details and context in one location, enabling teams to discern the reasons behind security findings, examine pertinent historical activities, and rapidly determine the root cause.

References

• https://aws.amazon.com/detective/

• https://cloudsecdocs.com/aws/services/logging/other/#detective