AWS Detective adds new Capabilities

AWS Detective adds four new capabilities to save time and strengthen your security operations.

First feature is, Detective investigations for IAM that helps to investigate AWS IAM objects, such as users and roles, for indicators of compromise to determine potential involvement in known tactics from the MITRE ATT&CK framework. These automatic investigations are available in the Detective section of the AWS Management Console and through a new API to automate your analysis or incident response or to send these findings to other systems, such as AWS Security Hub 

The second feature is, Detective finding group summaries uses generative AI to enrich its investigations. It automatically analyzes finding groups and provides insights in natural language to accelerate security investigations. It provides a plain language title based on the analysis of the finding group with relevant summarized insights, such as describing the activity that initiated the event and its impact, if any. Finding group summaries handles the heavy lifting of analyzing the finding group built across multiple AWS data sources, making it easier and faster to investigate unusual or suspicious activity.

In addition to these two new capabilities that Detective adds:

• Detective now supports security investigations for threats detected by Amazon GuardDuty ECS Runtime Monitoring.
• Detective now integrates with Amazon Security Lake, enabling security analysts to query and retrieve logs stored in Security Lake.

Amazon Detective makes it easier to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities. Detective uses machine learning (ML), statistical analysis, and graph theory to help you visualize and conduct faster and more efficient security investigations.

Detective automatically collects log data and events from sources like AWS CloudTrail logs, Amazon VPC Flow Logs, Amazon GuardDuty findings,Amazon EKS audit logs,AWS security findings. Detective maintains up to a year of aggregated data for analysis and investigations

These capabilities are now available to all AWS customers.

Detective investigations for IAM is available in all AWS Regions where Detective is available. Finding group summaries is available in five AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore, Tokyo), and Europe (Frankfurt).

Learn all the details about Amazon Detective and get started today.