Posted On: Nov 26, 2023

Amazon Detective now provides finding group summaries using generative artificial intelligence (AI) that automatically analyzes finding groups and provides insights in natural language to help you accelerate security investigations. Amazon Detective finding groups allows you to examine multiple activities related to potential security events. For example, you can analyze the root cause of high-severity Amazon GuardDuty findings using Detective finding groups. With Detective finding group summaries, you can more quickly locate and review key insights on suspicious activity identified in finding groups in natural language, making it easier to investigate and understand unusual or suspicious activities. 

Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations that enable you to conduct faster and more efficient security investigations. Detective analyzes trillions of events from multiple data sources like Amazon Virtual Private Cloud (Amazon VPC) Flow Logs, AWS CloudTrail logs, Amazon Elastic Kubernetes Service (Amazon EKS) audit logs, and findings from multiple AWS security services to create a unified, interactive view of security events. Detective also automatically groups related findings from Amazon GuardDuty and Amazon Inspector to show you combined threats and vulnerabilities to help security analysts identify and prioritize potential high severity security risks.

Amazon Detective finding group summaries is available in five commercial Regions including US East (Northern Virginia), US West (Oregon), Europe (Frankfurt), Asia Pacific (Singapore), and Asia Pacific (Tokyo).

To learn more and get started with investigations, visit: