Amazon Detective
What is it?
A service that makes it easy to analyze, investigate, and quickly identify the root cause of security issues or suspicious activities.
What is it for?
Analyze and visualize security data to identify the root cause of potential security issues or suspicious activities in your AWS environment.
Use Cases
- Security incident investigation
- Suspicious behavior analysis
- Malicious activity tracing
- Security risk assessment
- Activity auditing
- Incident response
Key Points
- Automatic Analysis: Security data processing
- Visualization: Interactive data graphs
- Integration: Compatible with GuardDuty and Security Hub
- Machine Learning: Anomaly detection
- Multi-Account: Cross-account analysis
- Historical: Extended data retention
Comparison with Manual Investigation
- Amazon Detective: Offers automated analysis, advanced visualization, and correlation of data from multiple sources.
- Manual Investigation: Slow and error-prone process, requires manual data correlation, and may miss important connections.