DEV Community

Cover image for What is AWS Detective?
Gbemisola Esho
Gbemisola Esho

Posted on

What is AWS Detective?

Migrating your workloads to the Cloud can be daunting,it is important that as you move them you make sure your data is secure .
Aws Detective is a resource you can use to conveniently do that;It informs you about any threat dredging down to the root cause .
Detective quickly analyses,investigates, and identifies the security issues or threats.

There is a connection and partnership between AWS Detective and Guard Duty they also work hand in hand.Detective has to be enabled before it is deployed and AWS Guard Duty too has to be enabled for at least 48 hours for the synergy to kicks in.When it is enabled it can analyze different events from different data sources.

How AWS Detective Works

Image description

Enable Amazon Detective
You enable Amazon Detective in the AWS Management Console this quickly analyzes and investigates potential security issues.

Image description
After Detective is enabled it organizes the data.

Automatically Organises data

Image description
Detective uses a graph analysis that create a relationship between users and resources along with an interaction with a timeline.
It isolates,aggregates and organizes data with the graph.
The graph continuously updates as new data is made available.

  • Investigates a security finding Since AWS Detective work hand in hand with other AWS security services like Guard Duty and Security Hub,

Image description

clicking "investigate" on the AWS Management console bring up discoveries.

Benefits and Features of AWS Detective

  1. Multiple data sources such as AWS VPC Flow Logs,Cloudtrail and Guard Duty investigations can be analysed at the snap of a finger by AWS Detective.

  2. It can create a unified interactive view of resources

  3. It can be visualized in an interactive manner as it shows the resource behaviour and interaction between them over time.

4.Without much effort while working in the AWS Management Console you can add multiple AWS account in a group and review the findings.

Discussion (0)