Amazon Detective

aws/security aws/service aws/ml

💡 Definition

Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations.

🔑 Key Concepts

⚙️ How it Works

When enabled, Detective automatically ingests and processes security-related data from specified AWS services. It then builds a "behavior graph" that shows all activities and interactions between accounts, users, and resources. Security analysts can then use Detective's interactive visualizations to investigate Amazon GuardDuty findings or other security alerts, quickly drilling down into related activities.

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * Amazon GuardDuty * AWS Security Hub * CloudTrail * VPC Flow Logs