Amazon Detective investigations for AWS Identity and Access Management (IAM) entities

Опубликовано 8 февраля 2024, 0:35

Amazon Detective supports the ability to automatically investigate AWS Identity and Access Management (IAM) entities for indicators of compromise (IoC). This capability helps security analysts determine whether IAM entities have potentially been compromised or involved in any known tactics, techniques, and procedures (TTP) from the MITRE ATT&CK framework.

Detective makes it easier to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Once enabled, Detective automatically collects log data from AWS resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations to run faster and more efficient security investigations. You can use Detective to automatically analyze IAM users and IAM roles, to quickly surface potential IoC and TTPs. Detective also uses machine learning to highlight when the indicators are anomalous and require attention. From the Detective management console or the public APIs, you can investigate IAM resources based on Amazon Resource Names (ARNs) and obtain a report that lists IoCs and TTPs for IAM entities involved in anomalous behavior.
Interested in self-paced digital training on this service? explore.skillbuilder.aws/learn...

Learn more at: go.aws/3w6ows2

Subscribe:
More AWS videos - bit.ly/2O3zS75
More AWS events videos - bit.ly/316g9t4

ABOUT AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.

#AmazonDetective #Identity andAccessManagement #IAM #IndicatorsofCompromise #IoC #TacticsTechniquesProcedures #TTP #IncidentResponse #InvestigatePotentialSecurityIssues #SecurityInvestigations #threatdetection #AWSSecurityServicesFeatureDemos #AWS #AmazonWebServices #CloudComputing