Skip to main content
  1. Projects/
  2. AWS DevOps Pro Certification/
  3. 2: Configuration Mgmt / Infrastructure as Code/
  4. 3: Containers and More/

6: AWS Detective

·1 min

What’s Detective?

  • Helps analyze/investigate root cause of security findings
  • Helps dig deeper into suspicious activity
  • Analyze data up to a year old
  • Collects log data from all over
    • Uses ML, stats, and graph theory to assess stuff

What does it interact with?

  • GuardDuty
  • Security Hub

What does it look at?

  • Login attempts
  • API calls
  • VPC flow logs
  • EKS audit logs
  • Network traffic
  • Findings detected by GuardDuty

Do I need to enable GuardDuty first?

  • Yes, two days before you can hope to use Detective

How does Detective work at scale?

  • You can have up to 1200 accounts
  • AWS orgs can integrate with detective
  • Admin account can centrally manage detective behavior graph DB