Posted On: Feb 22, 2023
Amazon Detective now supports the ability to export data from Summary page panels and search results in comma-separated values (CSV) format. You can use this new capability to export data from the Detective management console and enrich your security investigations by manipulating the data using other AWS services, third-party applications, or spreadsheet programs that support CSV import.
Detective’s Summary page has panels that can help you identify unusual activity like IAM roles with high API call volume or EC2 instances with the most traffic. You can use these panels as starting points for your security investigations and can now export data from the panels Roles and users with the most API call volume, EC2 instances with the most traffic volume, and EKS clusters with the most Kubernetes pods.
Detective’s search allows you to look for specific Amazon GuardDuty findings or entities like AWS accounts, S3 buckets, or EC2 instances. You can use search to get an overview of specific entities and review new behavior that may present risk like communicating with malicious IP addresses or multiple failed API calls. When you complete the search, Detective displays a list of matching results and you now have an Export option to download the list of results.
To learn more, you can read Export Data in the Amazon Detective User Guide. There is no additional charge for this new capability, and it’s available today for all existing and new Detective customers. Support for Data Export is available in all AWS Regions where Detective is available, including AWS GovCloud (US) Regions. You can also get started with your 30-day free trial of Detective with just a few clicks in the AWS Management console. To learn more, visit the Amazon Detective product page.