Posted On: Apr 12, 2024

Amazon Detective, a managed security service that helps analysts investigate potential security issues across AWS, has introduced a new feature to support investigating threats detected by Amazon GuardDuty's EC2 Runtime Monitoring capability. This expansion enhances Detective's ability to provide visualizations and context for investigating runtime threats targeting EC2 instances.

With this new capability, Detective simplifies the analysis process by correlating EC2 runtime findings from GuardDuty with other GuardDuty and AWS Security Hub alerts. Analysts can now leverage Detective to accelerate their security response and improve investigations for potential security issues involving their EC2 workloads. Amazon GuardDuty continuously monitors for unauthorized activity and threats across AWS accounts and services. Its recently launched EC2 Runtime Monitoring feature can detect runtime threats such as instances querying cryptocurrency IPs or connecting to Tor networks. By integrating with this feature, Detective empowers analysts to gain deeper insights and quickly investigate suspicious activities related to their EC2 instances.

To get started you can enable the new threat detection plan in the GuardDuty console, and Detective will automatically ingest the findings into your behavior graph. 

The expanded investigation capabilities are available today for all existing and new Detective accounts and in all AWS Regions where Detective is available excluding AWS GovCloud. You can start your 30-day free trial of Detective in the AWS Management console. To learn more, visit the Amazon Detective product page.