Posted On: Oct 7, 2022
HAQM Detective has improved it’s search capability by adding support for case insensitivity with security findings and entities. You can now conduct security investigations without having to search for exact upper or lowercase characters. For example, if you wanted to search for “Admin” or “admin” logins, you can use either term to show results for all admin logins across data sources that store text such as AWS CloudTrail, HAQM GuardDuty findings, and HAQM EKS audit logs.
By adding support for case insensitivity, Detective makes it quicker to investigate potential security issues across your AWS workloads by only having to conduct one search that matches characters regardless of case. You do not need to do anything to take advantage of this new functionality. All Detective searches will now support case insensitivity by default. Combined with wildcard support released earlier this year, Detective makes searching easier to identify suspicious activity.
The improved search support is available today in all AWS Regions that support Detective. To learn more, see the HAQM Detective User Guide. To get started with HAQM Detective, go to the AWS Management Console and select HAQM Detective to begin your 30-day free trial.