Posted On: Jun 13, 2023

Amazon Detective has expanded finding groups to include Amazon Inspector network reachability and software vulnerability findings alongside Amazon GuardDuty findings. The combined threats and vulnerabilities help security analysts prioritize where they should focus their time by answering questions like “was this EC2 instance compromised because of a software vulnerability?” or “did this GuardDuty finding occur because of unintended network exposure?”

Detective, GuardDuty, and Amazon Inspector are part of a broad set of fully managed AWS security services that help you identify potential security risks to respond quickly and confidently. Detective automatically collects findings from Amazon Inspector, GuardDuty, and other AWS security services like AWS Security Hub to help increase situational awareness of related security events. Using machine learning, Detective finding groups helps security professionals conduct faster investigations, identify the root cause, and leverage mappings to the MITRE ATT&CK framework to quickly run security issues to ground.

To get started using this expansion you can enable the optional data source of AWS security findings in the Detective management console. The first 30 days of enabling AWS security findings are available at no additional charge for existing Detective accounts. For new accounts, Detective will automatically enable AWS security findings as part of the 30-day free trial.

Support for this expansion is available today for all Detective customers and in all AWS Regions where Detective is available, including the AWS GovCloud (US) Regions. You can start your 30-day free trial of Detective in the AWS Management console. To learn more, visit the Amazon Detective product page.