Amazon Detective is on the Case, Aided by Machine Learning Amazon Web Services has announced Amazon Detective, a new security tool that uses machine learning and other technologies to improve sleuthing. The company announced that Amazon Detective, a new service in Preview, makes it easy to analyze and investigate, and quickly identify root causes of potential security issues. Amazon Detective automatically collects log data and uses machine learning, statistical analyses, and graph theory. This allows you to conduct faster and more efficient security investigations. [Click on the image to see a larger view.] How Amazon Detective Works (source :AWS). It will be available in select regions of AWS, including the US-East, US-West, Oregon, US-East, US-East, and US-West (Ohio), as well as the EU (Ireland) and Asia Pacific (Tokyo) previews. AWS stated that Amazon Detective can analyze trillions from multiple data sources, including AWS CloudTrail, Virtual Private Cloud (VPC), Flow Logs, and Amazon GuardDuty. It automatically creates an interactive, unified view of your resources, users, interactions, and their relationships over time. “With this unified view you can visualize all details and context in one location to identify the underlying causes for the findings, drill into relevant historical activities and quickly determine the root cause. AWS stated that the tool offers easy-to-use visualizations that can be used to answer questions such:
“Is it normal for this role have so many failed API calls?”
“Is this a sudden spike in traffic?”
You can find complete documentation here.