Posted On: Jul 24, 2020

Amazon Detective now enables you to interactively examine your Amazon Virtual Private Cloud (VPC) network flows. This new capability enables you to answer questions such as "what port or network service was in use at that time?", "were any large data transfers involved?", "was the traffic allowed by my Security Groups?". These details help security analysts investigate Amazon GuardDuty findings, examine unexpected network behavior, and identify other AWS resources that might be affected by a potential security issue.

Once enabled, Amazon Detective automatically and cost-effectively processes all VPC flow records from your enabled accounts, aggregates them by EC2 instance, and presents visual summaries and analytics about your network traffic. With the new VPC Flow details feature, you can now "drill down" into selected time periods to view the details of these flows. The details include the source and destination IPs and ports, the volume and directionality of the traffic, and whether the traffic was accepted or rejected. The interactive tabular view enables you to sort, filter, and visualize the flows to pinpoint network traffic that occurred during a specific time period of interest. Data is retained for 12 months, allowing you to investigate historic network activity.

This new capability will help security and operations teams to simplify EC2 traffic analysis, validate security group permissions, and investigate EC2 instance behavior. Instead of exporting, storing, and analyzing VPC flow data into a custom or third-party tool, you can let Amazon Detective do the heavy lifting while you focus on quickly answering your investigative questions. VPC network flow details are available now in all of Detective’s supported regions and are included at no extra cost as part of your service subscription.

Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues. To get started, enable a 30-day free trial of Amazon Detective with just a few clicks in the AWS Management console. See the AWS Regions page for all the regions where Detective is available. To learn more, visit the Amazon Detective product page.