In early May, Danilo Poccia, the Chief Evangelist (EMEA) at AWS, introduced new features in Amazon Detective that simplify the investigation of AWS security findings.
Amazon Detective is a powerful tool that enables users to analyze and visualize security data, helping them identify potential security issues. It gathers and analyzes events from various sources like AWS CloudTrail logs, Amazon VPC Flow Logs, Amazon GuardDuty findings, and Amazon Elastic Kubernetes Service (EKS) audit logs. By utilizing machine learning, statistical analysis, and graph theory, Detective constructs a graph model that connects the data, facilitating security investigations.
The recent update to Detective allows it to support the investigation of AWS Security Hub findings in addition to GuardDuty findings. AWS Security Hub provides a comprehensive overview of the security state in AWS environments, collecting findings from integrated AWS security services. With this enhancement, Detective can now analyze and determine the cause and impact of findings from services such as AWS Identity and Access Management (IAM) Access Analyzer, Amazon Inspector, and Amazon Macie. Support for Amazon Detective investigations of AWS Security Findings is available to both existing and new Detective customers in all AWS Regions.
Overall, the recent features introduced in Amazon Detective empower users to effectively investigate and address security findings within their AWS environments. By leveraging this powerful tool, businesses can bolster their security posture and proactively safeguard their systems and data.
Read more here.