Back to Catalog
Security & Compliance

Amazon Detective

"Investigate and analyze security findings to identify root causes."

What is Amazon Detective?

Amazon Detective simplifies the investigative process of security findings. It automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to visualize behavioral patterns.

Key Concepts

1. Root Cause Analysis

  • Helps answer "Who did what, where, and when?" after a security alert.
  • Digests logs from CloudTrail, VPC Flow Logs, and GuardDuty.

2. Visualizations

  • Provides interactive graphs to see relationships between IPs, Users, and Roles.
  • Helps visualize the extent of a potential breach.

Exam Tips

[!IMPORTANT] "Investigate security findings" or "Root cause analysis of security issues": The answer is Amazon Detective.

[!TIP] Think "Detective" = "Investigate". It doesn't prevent attacks (like WAF) or alert initially (like GuardDuty), it helps you understand them after they are flagged.

Common Use Cases

  • Triage: Quickly determining if a GuardDuty finding is a false positive.
  • Incident Response: Understanding the blast radius of a compromised credential.
Security Hub
Network Firewall
SWIPE ZONE
< DRAG ME >