Posted On: Nov 26, 2023
Amazon Detective now integrates with Amazon Security Lake, enabling security analysts to query and retrieve logs stored in Security Lake. You can use this integration to get additional information from AWS CloudTrail logs and Amazon Virtual Private Cloud (Amazon VPC) Flow Logs stored in Security Lake while conducting security investigations in Detective.
Amazon Detective is a managed security service that simplifies the investigation process by building data aggregations, summaries, and visualizations based on security findings and activity logs. Security analysts use Detective to more quickly analyze and determine the nature and extent of possible security issues. Security Lake is a service that automatically centralizes security data from AWS environments, SaaS providers, on-premises, and other cloud sources into a purpose-built data lake. You can use Security Lake to make central log collection easier and gain a comprehensive understanding of all security events in your organization.
When deeper analysis is required, Detective provides a pre-built query in Amazon Athena focused on the timeframe and components involved. This speeds the process of retrieving relevant CloudTrail and VPC Flow Logs. Analysts can preview logs in Athena and even modify the query to fine-tune results.
You can learn more about this integration here. There are additional charges to use this integration which you can review under Detective FAQs. Support for this integration is available today for all Detective and Security Lake customers in all AWS Regions where both services are available. To learn more, visit Amazon Detective product page.