Amazon Detective
Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations.
AWS security services like Amazon GuardDuty, Amazon Macie, and AWS Security Hub as well as partner security products can be used to identify potential security issues, or findings. These services are really helpful in alerting you when something is wrong and pointing out where to go to fix it. But sometimes there might be a security finding where you need to dig a lot deeper and analyze more information to isolate the root cause and take action. Determining the root cause of security findings can be a complex process that often involves collecting and combining logs from many separate data sources, using extract, transform, and load (ETL) tools or custom scripting to organize the data, and then security analysts having to analyze the data and conduct lengthy investigations.
Amazon Detective simplifies this process by enabling your security teams to easily investigate and quickly get to the root cause of a finding. Amazon Detective can analyze trillions of events from multiple data sources such as Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and Amazon GuardDuty, and automatically creates a unified, interactive view of your resources, users, and the interactions between them over time. With this unified view, you can visualize all the details and context in one place to identify the underlying reasons for the findings, drill down into relevant historical activities, and quickly determine the root cause.
You can get started with Amazon Detective in just a few clicks in the AWS Console. There is no software to deploy, or data sources to enable and maintain.
Below are the cmdlets which are available with Amazon Detective
CmdletName | ServiceOperation |
Approve-DTCTInvitation | AcceptInvitation |
Deny-DTCTInvitation | RejectInvitation |
Get-DTCTGraphList | ListGraphs |
Get-DTCTInvitationList | ListInvitations |
Get-DTCTMember | GetMembers |
Get-DTCTMemberList | ListMembers |
New-DTCTGraph | CreateGraph |
New-DTCTMember | CreateMembers |
Remove-DTCTGraph | DeleteGraph |
Remove-DTCTMember | DeleteMembers |
Remove-DTCTMembership | DisassociateMembership |
Start-DTCTMonitoringMember | StartMonitoringMember |
You can also check other AWS Services, and each services cmdlets we are providing.