Detective
Amazon Detective automatically collects log data from your AWS resources and uses ML, statistical analysis, and graph theory to build a dataset that you can use to conduct more efficient security investigations.
- Looking into & managing the incidents that might occur
- If you have sus activity, this tool will look into it to find out what exactly happened & which kind of actions were taken by a bad actor
- Can also do this with CloudTrail, but its not restricted to users only
Details
- Helps you explore various AWS resources to start your analysis
- users, instances, roles, etc
- explore actions taken by/on resource
- get a list of automatic findings
- Analyze findings & actions
- explore finding details (date, involved resources, etc)
- explore details for sus activities