Amazon Web Services has recently announced that the company’s Amazon Detective, a security service that aims to streamline the detection of security vulnerabilities across a customer’s AWS workload, has been transitioned to general availability. The Amazon Detective initial preview was originally announced in December of 2019, alongside several other new security services.
This new service accelerates the process of investigating security vulnerabilities by aggregating data from AWS CloudTrail, Amazon VPC Flow Logs, and Amazon GuardDuty into a graph model that is more easily analyzed. Amazon Detective then uses machine learning algorithms to detect abnormalities. Examples of suspicious activity that may need to be investigated include instances of compromised user credentials or unauthorized access to resources.
The announcement of general availability noted the way that customers take advantage of this data:
“Amazon Detective produces tailored visualizations to help customers answer questions like "is this an unusual API call?" or "is this spike in traffic from this instance expected?" without having to organize any data or develop, configure, or tune their own queries and algorithms... Amazon Detective’s visualizations provide the details, context, and guidance to help analysts quickly determine the nature and extent of issues identified by AWS security services like Amazon GuardDuty and AWS Security Hub.”
Pricing is based on the amount of data that the Amazon Detective pulls from the aforementioned services and is outlined in the documentation.