Posted On: Mar 1, 2023

Amazon Detective finding groups now include a dynamic visual representation of the behavior graph of Detective to emphasize the relationships between security findings and the associated entities within a finding group. This addition makes it easier for customers to triage potential security issues with at-a-glance visuals that include finding types, severity levels, associated account(s), and linkages within the Detective behavioral graph that can be used to investigate related activity within a finding group.

Detective finding groups consist of related Amazon GuardDuty findings and include severity, affected AWS accounts, and resources to help you reduce the amount of time you spend investigating individual findings and make it easier to understand the scope of a potential attack. Detective finding groups use the Detective visualization as a starting point for your most critical security investigations within the finding group profile page. The Detective visualization supports multiple layouts that can aide you in the identification of anomalous behavior by visual inspection of trends, outliers, and patterns of behavior. From this panel, you can also manually rearrange the findings and entities to better understand their interconnectedness, select items to see more details, and more quickly assess the makeup of the finding group. This visualization also allows you to view what resource types are more prevalent in this finding group by leveraging the graph database.

To learn more, you can read about Detective Visualization in the Amazon Detective User Guide. There is no additional charge for this new capability, and it’s available today for all existing and new Detective customers. Support for Visualization is available in all AWS Regions where Detective is available, including the AWS GovCloud (US) Regions. You can also get started with your 30-day free trial of Detective with just a few clicks in the AWS Management console. To learn more, visit the Amazon Detective product page.