Posted On: Mar 1, 2022
Amazon Detective has improved search capabilities by adding support for wildcard characters and classless inter-domain routing (CIDR) notation on IP addresses. Amazon Detective helps customers conduct security investigations by distilling and organizing data from sources such as, AWS CloudTrail, Amazon VPC Flow Logs, and Amazon GuardDuty, into a graph model that summarizes resource behaviors and interactions observed across a customer’s AWS environment.
By adding support for wildcard characters and CIDR notation, you now have more flexibility in searching their Detective behavioral graph, which in turn will help customers speed up their root cause analysis for security events. You can create search strings using the wildcard character “*” to represent any entity or resource, and “?” to represent any single character as part of a targeted search term. To search a range of IP addresses, CIDR notation such as, 10.10.0.0/16, can be used to identify any IP address that starts with 10.10.
The enhanced search support is available today in all AWS Regions that support Detective. To learn more, see the Amazon Detective User Guide. Amazon Detective comes with a 30-day free trial for all new accounts to the service, and new customers can get started with a few clicks in the AWS Management Console.