Posted On: Nov 26, 2023

Amazon Detective now supports security investigations for threats detected by Amazon GuardDuty Elastic Container Service (ECS) Runtime Monitoring. Amazon Detective now provides enhanced visualizations and additional context for detections on ECS. You can use the new runtime threat detections from GuardDuty and the investigative capabilities from Detective to improve your detection and response for potential threats to your container workloads.

Detective is a managed security service designed to help security analysts investigate potential security issues across AWS accounts and workloads. Detective simplifies the process of analyzing security findings, making it easier to identify the extent of malicious activity and its root cause. GuardDuty is a threat detection service that continuously monitors your AWS environment for malicious activity and unauthorized access. GuardDuty now supports threat detection for runtime events in Amazon ECS, including serverless workloads on AWS Fargate. Detective supports the investigation of these new detections, including correlations with other findings into finding groups, graph visualizations, and other summaries for faster security investigations.

To get started you can enable the new threat detection plan in the GuardDuty console, and Detective will automatically ingest the findings into your behavior graph. 

The expanded investigation capabilities are available today for all existing and new Detective accounts and in all AWS Regions where Detective is available, except the AWS GovCloud (US) Regions. You can start your 30-day free trial of Detective in the AWS Management console. To learn more, visit the Amazon Detective product page.

Dec 19, 2023: Updating What's New Post removing GovCloud region support as it was improperly added to this to release.