Published: May 22, 2023
Last week, Amazon Web Services (AWS) announced that its Amazon Detective service is getting a new integration with AWS Security Hub. The new feature allows organizations to quickly and efficiently investigate AWS security issues.
Amazon Detective is a service that enables organizations to investigate security issues and suspicious activities in their AWS resources and accounts. The security service collects log data from Amazon GuardDuty, Amazon CloudTrail, Amazon Virtual Private Cloud (VPC) Flow Logs, and other AWS services. Amazon Detective uses AI to create visualizations that provide detailed insights into security incidents.
With this release, security teams can use Amazon Detective to find the root cause and impact of findings coming from both GuardDuty and Security Hub. The list of new data sources includes Amazon Macie, Amazon Inspector, and AWS Identity and Access Management (IAM) Access Analyzer.
To get started, customers will need to head over to the Detective Management Console in order to configure AWS Security Findings investigations. From there, click Settings >> General >> Edit to enable Detective for AWS Security Findings. The feature will analyze relevant data to detect connections between log events and activities.
Amazon Detective investigation support is accessible to both new and existing customers in AWS Regions where the service is currently available. This release aims to help IT admins to detect potential security threats and vulnerabilities in their corporate networks. The pricing depends on how much data the service ingests from AWS resources. If you’re interested, you can sign up for a 30-day free trial of Amazon Detective today.
As of this writing, the Findings groups section of the Detective console doesn’t show Security Hub’s investigations. Going forward, the company plans to add support for the new AWS security services integrations in Finding groups. However, there is no ETA on when this capability will be available for customers.