Posted On: Jun 1, 2023

Amazon Detective now supports security investigations for Amazon GuardDuty EKS Runtime Monitoring, GuardDuty RDS Protection, and Lambda Protection. GuardDuty and Detective are part of a broad set of fully managed AWS security services that help customers identify potential security risks, so they can respond quickly, freeing security teams to focus on tasks with the highest value.

GuardDuty EKS Runtime Monitoring deepens threat detection inside Amazon Elastic Kubernetes Service (Amazon EKS) workloads, while GuardDuty RDS Protection helps customers protect data stored in Amazon Aurora databases, and GuardDuty Lambda Protection helps customers detect threats to serverless applications. Detective automatically collects log data from customer’s resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations that help customers analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.

To get started you can enable each protection in the GuardDuty console, and Detective will automatically include findings from these new detections into findings groups, which combine other AWS security findings to help streamline your investigations. Detective pricing is based on the volume of data ingested from GuardDuty findings along with other AWS logging services. You can review pricing on the Detective pricing page.

The expanded investigation capabilities are available today for all existing and new Detective accounts and in all AWS Regions where Detective is available, including the AWS GovCloud (US) Regions. You can start your 30-day free trial of Detective in the AWS Management console. To learn more, visit the Amazon Detective product page.