Glossary

Amazon Detective

Amazon Detective is a security service offered by Amazon Web Services (AWS). It uses machine learning and graph theory to help customers investigate and identify the root cause of security issues within their AWS accounts.

Detective allows customers to visualize their AWS resource relationships and activity, enabling them to quickly understand how resources are related and identify unusual activity. It provides access to event data from multiple AWS services, including AWS CloudTrail, Amazon GuardDuty, Amazon VPC Flow Logs, and Amazon S3 Access Logs. This data is analyzed using machine learning algorithms to identify patterns that may indicate security issues.

To use Detective, customers simply create an investigation and provide a resource or event to investigate. Detective then automatically collects relevant data from across the customer's AWS environment, analyzes it using machine learning algorithms, and presents a visual graph of the relationships and activity surrounding the resource or event. Customers can then use this information to understand the root cause of security issues and take appropriate action.

One of the key benefits of Detective is its ability to reduce the time it takes to investigate and resolve security issues. By automating the process of collecting and analyzing data, Detective helps customers to quickly identify the root cause of security issues and take corrective action. This can help customers to minimize the impact of security incidents and prevent future issues from occurring.