Migrating your workloads to the Cloud can be daunting,it is important that as you move them you make sure your data is secure .
Aws Detective is a resource you can use to conveniently do that;It informs you about any threat dredging down to the root cause .
Detective quickly analyses,investigates, and identifies the security issues or threats.
There is a connection and partnership between AWS Detective and Guard Duty they also work hand in hand.Detective has to be enabled before it is deployed and AWS Guard Duty too has to be enabled for at least 48 hours for the synergy to kicks in.When it is enabled it can analyze different events from different data sources.
How AWS Detective Works
Enable Amazon Detective
You enable Amazon Detective in the AWS Management Console this quickly analyzes and investigates potential security issues.
Automatically Organises data
Detective organises the data using Cloud Trail Logs
Using VPC Flow Logs
Activating Amazon Guard Duty discovery as well
Detective uses a graph analysis that create a relationship between users and resources along with an interaction with a timeline.
It isolates,aggregates and organizes data with the graph.
The graph continuously updates as new data is made available.
- Investigates a security finding Since AWS Detective work hand in hand with other AWS security services like Guard Duty and Security Hub,
clicking "investigate" on the AWS Management console bring up discoveries.
Benefits and Features of AWS Detective
Multiple data sources such as AWS VPC Flow Logs,Cloudtrail and Guard Duty investigations can be analysed at the snap of a finger by AWS Detective.
It can create a unified interactive view of resources
It can be visualized in an interactive manner as it shows the resource behaviour and interaction between them over time.
4.Without much effort while working in the AWS Management Console you can add multiple AWS account in a group and review the findings.