Posted On: Jan 21, 2021

Amazon Detective's resource summary home page now provides a dashboard of user and resource behavior that helps you visualize and investigate trends that may lead to security issues. For example, you can use the dashboard to highlight users making the most frequent successful or failed AWS control plane operations, determine security principals making API calls from previously unseen geographies, and identify Amazon EC2 instances producing unusual network traffic. The new resource summary home page provides interactive panels of information so that you can sort, select, and expand to identify resources of interest. Each resource comes with a behavioral profile page that allows you to review deeper insights and summaries extracted from up to 12 months of data to investigate activity such as users and IPs that have interacted with a given resource and the specific API calls made to it.

Amazon Detective's insights and visualizations are generated by continuously analyzing the CloudTrail events and VPC Flow traffic of your monitored accounts regardless of whether these logging services are enabled. The summary content is continually refreshed and provides a rolling 24-hour window of analytic results. This approach ensures that your content is always up to date and reflects recent behavioral trends. Detective's new homepage makes it easy for you to add user and resource activity monitoring to your threat detection controls. Log in to the Detective console regularly to view the latest insights.

Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues. To get started, enable a 30-day free trial of Amazon Detective with just a few clicks in the AWS Management console. See the AWS Regions page for all the regions where Detective is available. To learn more, visit the Amazon Detective product page.