- Projects/
- AWS DevOps Pro Certification/
- 2: Configuration Mgmt / Infrastructure as Code/
- 3: Containers and More/
6: AWS Detective
·1 min
What’s Detective?
- Helps analyze/investigate root cause of security findings
- Helps dig deeper into suspicious activity
- Analyze data up to a year old
- Collects log data from all over
- Uses ML, stats, and graph theory to assess stuff
What does it interact with?
- GuardDuty
- Security Hub
What does it look at?
- Login attempts
- API calls
- VPC flow logs
- EKS audit logs
- Network traffic
- Findings detected by GuardDuty
Do I need to enable GuardDuty first?
- Yes, two days before you can hope to use Detective
How does Detective work at scale?
- You can have up to 1200 accounts
- AWS orgs can integrate with detective
- Admin account can centrally manage detective behavior graph DB