Posted On: May 18, 2023

Amazon Detective now helps provide root cause analysis for security findings from eight additional services integrated with AWS Security Hub. With this expanded capability, you can use Detective to conduct more comprehensive investigations, helping you identify resources, patterns, and the scope of potential security issues.

Security Hub simplifies security management by centralizing security findings from your AWS accounts and services. When you enable Security Hub, integrated services like AWS IAM Access Analyzer, Amazon GuardDuty, and others automatically send findings to Security Hub. Starting today you can enable AWS Security Findings as a new data source in Detective, and Detective will automatically ingest findings sent to Security Hub to build a behavior graph to help you conduct more effective investigations. The list of new data sources include findings from AWS Config, AWS Firewall Manager, AWS Health, AWS IAM Access Analyzer, Amazon Inspector, AWS IoT Device Defender, Amazon Macie, and AWS Systems Manager Patch Manager.

The first 30 days of enabling AWS Security Findings as a data source are available at no additional charge for existing Detective accounts. For new accounts, AWS Security Findings as a data source is automatically enabled and part of the 30-day free trial. You can see the estimated cost during your trial in the Detective Management Console.

Support for AWS Security Findings is available today for all Detective customers and in all AWS Regions where Detective is available, including the AWS GovCloud (US) Regions. You can start your 30-day free trial of Detective with just a few clicks in the AWS Management console. To learn more, visit the Amazon Detective product page.