Stratos Ally

Subscribe
Subscribe
Facebook-square Instagram Linkedin Youtube X-twitter

AWS Detective  

Picture of StratosAlly

StratosAlly

Facebook-square Instagram Linkedin Youtube X-twitter
AWS Detective

AWS Detective is a security service that enables you to rapidly identify the root cause of potential security issues or suspicious activities by analyzing and investigating them. This guide will walk you through the process of enabling and configuring AWS Detective in your AWS environment.

Step 1: Prerequisites Before enabling Detective

Before enabling AWS Detective, ensure that you have the following prerequisites:

  1. An AWS account with a proper IAM user with specific privileges
  2. AWS CloudTrail and Amazon VPC Flow Logs enabled in your account.

Step 2: Enable AWS Detective

  1. Sign in to the AWS Management Console: Navigate to the AWS Management Console and log in with your credentials.
    • Access AWS Detective: In the AWS Management Console, type “Detective” in the search bar and select “Amazon Detective” from the dropdown list. Now Click on the “Get started” button on the AWS Detective home.  You will see an option to enable AWS Detective. Click on the “Enable Detective” button.  Review the details and permissions required, then confirm by clicking “Enable Detective.”

AWS Detective will begin to ingest data from your AWS resources. This process can take some time to complete.

Step 3: Configure AWS Detective

  1. View and Analyze Data:
    • Once AWS Detective is enabled, it will start analyzing data from AWS CloudTrail, Amazon VPC Flow Logs, and Amazon GuardDuty findings.
    • Navigate to the “Overview” tab to see the summary of your data and findings.
  2. Enable GuardDuty Findings: If you haven’t already, enable Amazon GuardDuty to allow AWS Detective to use its findings for deeper insights.
    • Go to the Amazon GuardDuty console.
    • Click on “Get Started” and follow the prompts to enable GuardDuty in your account.
  3. Review Findings:
    • Navigate to the “Findings” tab to review security findings.
    • Each finding will have detailed information, including the resources involved and the timeline of events.
  4. Use the Graphical Interface:
    • AWS Detective provides a graphical representation of your resources and their interactions.
    • Use the “Graph” tab to visualize relationships and investigate suspicious activities.

Step 4: Investigate Issues

  1. Drill Down into Details:
    • Select a finding or a resource node in the graph to drill down into the details.
    • Use the timeline and resource interaction views to understand the sequence of events leading up to the issue.
  2. Generate Insights:
    • AWS Detective provides insights into potential security issues. Review these insights to identify patterns or common issues.
  3. Collaborate with Your Team:
    • Use the “Collaborate” features to share findings and insights with your security team.
    • Document your findings and follow up with necessary actions to mitigate the identified issues.

more Related articles

READ ALL