Amazon Detective

by Posted on

Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations.

AWS security services like Amazon GuardDuty, Amazon Macie, and AWS Security Hub as well as partner security products can be used to identify potential security issues, or findings. These services are really helpful in alerting you when something is wrong and pointing out where to go to fix it. But sometimes there might be a security finding where you need to dig a lot deeper and analyze more information to isolate the root cause and take action. Determining the root cause of security findings can be a complex process that often involves collecting and combining logs from many separate data sources, using extract, transform, and load (ETL) tools or custom scripting to organize the data, and then security analysts having to analyze the data and conduct lengthy investigations.

Amazon Detective simplifies this process by enabling your security teams to easily investigate and quickly get to the root cause of a finding. Amazon Detective can analyze trillions of events from multiple data sources such as Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail, and Amazon GuardDuty, and automatically creates a unified, interactive view of your resources, users, and the interactions between them over time. With this unified view, you can visualize all the details and context in one place to identify the underlying reasons for the findings, drill down into relevant historical activities, and quickly determine the root cause.

You can get started with Amazon Detective in just a few clicks in the AWS Console. There is no software to deploy, or data sources to enable and maintain.

Below are the cmdlets which are available with Amazon Detective
CmdletName                                      ServiceOperation                          
Approve-DTCTInvitation                             AcceptInvitation                              
Deny-DTCTInvitation                                RejectInvitation                              
Get-DTCTGraphList                                  ListGraphs                                    
Get-DTCTInvitationList                             ListInvitations                               
Get-DTCTMember                                     GetMembers                                    
Get-DTCTMemberList                                 ListMembers                                   
New-DTCTGraph                                      CreateGraph                                   
New-DTCTMember                                     CreateMembers                                 
Remove-DTCTGraph                                   DeleteGraph                                   
Remove-DTCTMember                                  DeleteMembers                                 
Remove-DTCTMembership                              DisassociateMembership                        
Start-DTCTMonitoringMember                         StartMonitoringMember                         

You can also check other AWS Services, and each services cmdlets we are providing.

Click on this Link for an Single place, where you get all the PowerShell cmdlets sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft and AWS

Published by Karthik S

Lead DevOps | Windows | AWS | Azure | Docker | Kubernetes | Jenkins

Leave a Reply

Your email address will not be published. Required fields are marked *