AWS Detective was integrated by Mindflow to enable users to automate their incident management and better protect their information system.

AWS Detective Overview

AWS Detective is an investigation service part of the AWS stack. The solution goes further than other investigation services available on AWS, such as GuardDuty, Macie, and Security Hub.

Detective helps when discovered security findings needs you to dig deeper and analyze more information to isolate the root cause and take action. Determining the root cause can be complex because it often involves collecting and combining logs from many separate data sources, using extract, transform, and load (ETL) tools or custom scripting to organize the data.

Using the solution analysts can investigate, and quickly identify the root cause of potential security issues or suspicious activities. To that end, Detective automatically collects log data from your AWS resources (Amazon Virtual Private Cloud (Amazon VPC) Flow Logs, CloudTrail logs, EKS audit logs, and GuardDuty findings) and uses machine learning, statistical analysis, and graph theory to build a coherent set of data to enable you to perform fast efficient investigations.

Then it automatically creates a unified, interactive view of your resources, users, and the interactions between them over time. Through this unified view, analysts can visualize all the details and context in one place to identify the underlying reasons for the findings, dive into relevant historical activities, and determine the root cause.

For example, a GuardDuty finding such as an unusual Console Login API call, can be investigated in Amazon Detective with details about the API call trends over time, and user login attempts on a geolocation map. Using these details you can identify the API call is legitimate or an indication of a compromised AWS resource.

AWS Detective can be managed via its console or API calls. As Mindflow integrates Detective, users can manage actions from Mindflow’s platform and automate further steps.

Benefits